Public scan reportRepository
auth0/node-jsonwebtoken
Scanned on Jun 20, 2026
35
Risk score/ 100
Low risk
Summary
The node-jsonwebtoken library contains 51 high-severity quantum-vulnerable cryptographic operations and 6 critical-severity weak RSA key instances. However, all identified findings are located exclusively in test files rather than production code, significantly reducing immediate business risk. The library will require migration to post-quantum algorithms (ML-DSA, SLH-DSA) to maintain long-term cryptographic security.
Critical
6
High
51
Medium
0
Low
0
Top findings
- CriticalRSA key ≤ 2048 bits
test/rsa-public-key.tests.js:29
Raw evidence
const { privateKey } = generateKeyPairSync('rsa', { modulusLength: 1024 }); - CriticalRSA key ≤ 2048 bits
test/rsa-public-key.tests.js:19
Raw evidence
const { privateKey } = generateKeyPairSync('rsa', { modulusLength: 1024 }); - CriticalRSA key ≤ 2048 bits
test/async_sign.tests.js:64
Raw evidence
const { privateKey } = generateKeyPairSync('rsa', { modulusLength: 1024 }); - CriticalRSA key ≤ 2048 bits
test/jwt.malicious.tests.js:19
Raw evidence
} = crypto.generateKeyPairSync('rsa', {modulusLength: 2048}); - CriticalRSA key ≤ 2048 bits
test/async_sign.tests.js:73
Raw evidence
const { privateKey } = generateKeyPairSync('rsa', { modulusLength: 1024 });
+ 52 more findings in the full report
Scan your own repository
Free. Results in ~90 seconds. CBOM + DORA/NIS2 PDF included.