auth0/node-jwks-rsa

Escaneado el 19 jun 2026

Puntuación de riesgo/ 100

Riesgo alto

Resumen

This JWKS-RSA library relies entirely on quantum-vulnerable algorithms (RSA, ECDSA, EdDSA) for JWT signature verification, which is core to its authentication functionality. All supported algorithms are vulnerable to quantum attacks using Shor's algorithm, putting any authentication system using this library at risk once quantum computers become viable.

Crítico

Alto

Medio

Bajo

Hallazgos principales

AltoECDSA
src/integrations/config.js:10
ML-DSA (CRYSTALS-Dilithium) or SLH-DSA (SPHINCS+)
Evidencia
```
'ES512',
```
AltoEd25519 / EdDSA
src/integrations/config.js:11
ML-DSA (CRYSTALS-Dilithium) or SLH-DSA
Evidencia
```
'EdDSA'
```
AltoJWT quantum-vulnerable algorithm
tests/mocks/tokens.js:4
HS256 (symmetric) or post-quantum signature schemes
Evidencia
```
return jwt.sign(payload, key, { noTimestamp: true, algorithm: 'RS256', header: { alg: 'RS256', kid } });
```
Altosecp256k1 (Bitcoin curve)
tests/utils.tests.js:12
Evidencia
```
crv: 'secp256k1',
```
AltoRSA
src/integrations/koa.js:20
ML-KEM (CRYSTALS-Kyber) for key encapsulation
Evidencia
```
resolve(key.publicKey || key.rsaPublicKey);
```

+ 20 hallazgos más en el reporte completo

Escanea tu propio repositorio

Gratis. Resultados en ~90 segundos. CBOM + PDF DORA/NIS2 incluidos.

Iniciar un escaneo gratis