quizspot.online 53 packages

Last scanned on Oct 27 at 07:50 PM
jsonwebtoken 8.5.0 - 8.5.1VulnerableOutdated
JSON Web Token implementation (symmetric and asymmetric)
License
MIT
Footprint
8 KB
Vulnerabilities
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
Affected versions >=0 <9.0.0
jsonwebtoken unrestricted key type could lead to legacy keys usage
Affected versions >=0 <9.0.0
jsonwebtoken has insecure input validation in jwt.verify function
Affected versions >=0 <9.0.0
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
Affected versions >=0 <9.0.0
Matched Modules
Version distribution in production
66
8.5.0
66
8.5.1
4
8.2.1
4
8.2.2
4
8.4.0
3
8.2.0
elliptic 6.5.2 - 6.5.3VulnerableOutdated
EC cryptography
semver 5.7.0 - 6.3.0Outdated
The semantic version parser used by npm.
+2
npm-cli-ops
saquibkhan
fritzy
ms 2.1.2 - 2.1.3
Tiny millisecond conversion utility
+5
gdborton
matheuss
rauchg
readable-stream 3.6.0Outdated
Node.js Streams, a user-land copy of the stream library from Node.js
string_decoder 1.1.0 - 1.3.0
The string_decoder module from Node core
isarray 1.0.0 - 2.0.5
Array#isArray for older browsers
inherits 2.0.3 - 2.0.4
Browser-friendly inheritance fully compatible with standard node.js inherits()
buffer 4.6.0 - 4.9.2Outdated
Node.js Buffer API, for the browser
core-util-is 1.0.2 - 1.0.3
The `util.is*` functions introduced in Node v0.12.
base64-js 1.3.0 - 1.5.1
Base64 encoding/decoding in pure JS
events 3.0.0 - 3.3.0
Node's event emitter for all engines.
deepmerge 4.2.2Outdated
A library for deep (recursive) merging of Javascript objects
util 0.10.0 - 0.12.5
Node.js's util module for all engines
jws 3.2.1 - 4.0.0
Implementation of JSON Web Signatures
jwa 1.4.1Outdated
JWA implementation (supports all JWS algorithms)
lodash.isplainobject 4.0.6
The lodash method `_.isPlainObject` exported as a module.
minimalistic-assert 1.0.0 - 1.0.1
minimalistic-assert ===
cwmma
indutny
ecdsa-sig-formatter 1.0.10 - 1.0.11
Translate ECDSA signatures between ASN.1/DER and JOSE-style concatenation
d2l-travis-deploy
d2l-travis-deploy
buffer-equal-constant-time 1.0.0 - 1.0.1
Constant-time comparison of Buffers
lodash.isstring 4.0.1
The lodash method `_.isString` exported as a module.
sha.js 2.4.9 - 2.4.11
Streamable SHA hashes in pure javascript
dcousens
ljharb
cwmma
lodash.isboolean 3.0.1 - 3.0.3
The lodash method `_.isBoolean` exported as a module.
asn1.js 5.2.0 - 5.4.1
ASN.1 encoder and decoder
lodash.includes 4.3.0
The lodash method `_.includes` exported as a module.
hash-base 3.0.4 - 3.1.0
abstract base class for hash-streams
lodash.isnumber 3.0.1 - 3.0.3
The lodash method `_.isNumber` exported as a module.
hash.js 1.1.2 - 1.1.7
Various hash functions that could be run by both browser and node
hmac-drbg 1.0.1
Deterministic random bit generator (hmac)
des.js 1.0.1Outdated
DES implementation
pbkdf2 3.1.2
This library provides the functionality of PBKDF2 with the ability to use any supported hashing algorithm returned from crypto.getHashes()
md5.js 1.1.0 - 1.3.5
node style md5 on pure JavaScript
parse-asn1 5.1.6Outdated
utility library for parsing asn1 files for use with browserify-sign.
+2
dcousens
ljharb
cwmma
cipher-base 1.0.4
abstract base class for crypto-streams
browserify-sign 2.4.0 - 2.8.0Outdated
adds node crypto signing for browsers
+2
dcousens
ljharb
cwmma
browserify-aes 0.4.0 - 0.8.1Outdated
aes, for browserify
evp_bytestokey 1.0.3
The insecure key derivation algorithm from OpenSSL
browserify-rsa 3.0.0 - 4.0.1Outdated
RSA for browserify
+2
dcousens
ljharb
cwmma
create-ecdh 3.0.0 - 4.0.4
createECDH but browserifiable
public-encrypt 4.0.3
browserify version of publicEncrypt & privateDecrypt
+2
dcousens
ljharb
cwmma
diffie-hellman 1.1.2Outdated
pure js diffie-hellman
browserify-des 1.0.2
browserify-des ===
dcousens
ljharb
cwmma
miller-rabin 1.1.0 - 4.0.1
Miller Rabin algorithm for primality test
randomfill 1.0.0 - 1.0.4
random fill from browserify stand alone
p-is-promise 3.0.0 - 4.0.0
Check if something is a promise
unfetch 4.1.0 - 4.2.0Outdated
Bare minimum fetch polyfill in 500 bytes
@hookform/resolvers 1.1.0Outdated
React Hook Form validation resolvers: Yup, Joi, Superstruct, Zod, Vest, Class Validator, io-ts, Nope, computed-types, TypeBox, arktype and Typanion
fp-ts 2.6.6 - 2.9.5Outdated
Functional programming in TypeScript
react-query 0.0.11 - 0.0.15Outdated
Hooks for managing, caching and syncing asynchronous and remote data in React
tannerlinsley
tkdodo
vue-no-ssr 1.1.1
Vue component to wrap non SSR friendly components
egoist
rem
vue-client-only 2.0.0 - 2.1.0
Vue component to wrap non SSR friendly components
egoist
egoist
cookie-universal 2.1.0 - 2.1.5Outdated
Universal cookie plugin, perfect for SSR
vue-analytics 5.17.4 - 5.22.1
Google Analytics plugin for Vue