Skip to content
QuantumScanPublic scan report

Repository

NixOS/nixpkgs

Scanned on Jun 20, 2026

12

Risk score/ 100

Clean

Summary

The repository contains 16 critical findings related to MD5 usage, all concentrated in a single LibreOffice package management script. These findings represent checksum verification for upstream dependencies rather than cryptographic security primitives. The risk to quantum resistance is minimal as this is build-time infrastructure code, not runtime cryptography.

Critical

16

High

0

Medium

0

Low

0

Top findings

  • CriticalMD5

    pkgs/applications/office/libreoffice/generate-libreoffice-srcs.py:25

    SHA3-256 or SHA-256

    Raw evidence
    md5 = x['md5']
  • CriticalMD5

    pkgs/applications/office/libreoffice/generate-libreoffice-srcs.py:31

    SHA3-256 or SHA-256

    Raw evidence
    hash = md5
  • CriticalMD5

    pkgs/applications/office/libreoffice/generate-libreoffice-srcs.py:32

    SHA3-256 or SHA-256

    Raw evidence
    hashtype = 'md5'
  • CriticalMD5

    pkgs/applications/office/libreoffice/generate-libreoffice-srcs.py:48

    SHA3-256 or SHA-256

    Raw evidence
    print('    md5 = "{}";'.format(md5))
  • CriticalMD5

    pkgs/applications/office/libreoffice/generate-libreoffice-srcs.py:49

    SHA3-256 or SHA-256

    Raw evidence
    print('    md5name = "{}-{}";'.format(md5 or upstream_sha256,tarball))

+ 11 more findings in the full report

Scan your own repository

Free. Results in ~90 seconds. CBOM + DORA/NIS2 PDF included.

Start a free scan