auth0/node-jsonwebtoken

Escaneado el 20 jun 2026

Puntuación de riesgo/ 100

Riesgo bajo

Resumen

The node-jsonwebtoken library contains 51 high-severity quantum-vulnerable cryptographic operations and 6 critical-severity weak RSA key instances. However, all identified findings are located exclusively in test files rather than production code, significantly reducing immediate business risk. The library will require migration to post-quantum algorithms (ML-DSA, SLH-DSA) to maintain long-term cryptographic security.

Crítico

Alto

Medio

Bajo

Hallazgos principales

CríticoRSA key ≤ 2048 bits

test/rsa-public-key.tests.js:29

Evidencia

const { privateKey } = generateKeyPairSync('rsa', { modulusLength: 1024 });

CríticoRSA key ≤ 2048 bits

test/rsa-public-key.tests.js:19

Evidencia

const { privateKey } = generateKeyPairSync('rsa', { modulusLength: 1024 });

CríticoRSA key ≤ 2048 bits

test/async_sign.tests.js:64

Evidencia

const { privateKey } = generateKeyPairSync('rsa', { modulusLength: 1024 });

CríticoRSA key ≤ 2048 bits
test/jwt.malicious.tests.js:19
Evidencia
```
} = crypto.generateKeyPairSync('rsa', {modulusLength: 2048});
```

CríticoRSA key ≤ 2048 bits

test/async_sign.tests.js:73

Evidencia

const { privateKey } = generateKeyPairSync('rsa', { modulusLength: 1024 });

+ 52 hallazgos más en el reporte completo

Escanea tu propio repositorio

Gratis. Resultados en ~90 segundos. CBOM + PDF DORA/NIS2 incluidos.

Iniciar un escaneo gratis