Public scan corpus
What we found scanning OSS
Every entry below is a real pqc-audit run
against a public repository. Findings are informational:
RSA-2048 and P-256 are still secure today; the issue is harvest-now-decrypt-later
and NIST's 2030 deprecation deadline. See the methodology.
- Repos scanned
- 12
- Total scans
- 12
- Total findings
- 714
| Repository | Lang | ★ | Files | Shor | Grover | Total | Scanned |
|---|---|---|---|---|---|---|---|
| pyca/cryptography cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. | Python | 7.6k | 1.5k | 71 | 399 | 470 | 19d ago |
| openssh/openssh-portable Portable OpenSSH | C | 3.8k | 429 | 78 | 37 | 115 | 19d ago |
| paramiko/paramiko The leading native Python SSHv2 protocol library. | Python | 9.7k | 116 | 21 | 32 | 53 | 19d ago |
| panva/jose JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes | TypeScript | 7.6k | 143 | 30 | 3 | 33 | 19d ago |
| nodejs/undici An HTTP/1.1 client, written from scratch for Node.js | JavaScript | 7.5k | 682 | 0 | 20 | 20 | 19d ago |
| auth0/node-jsonwebtoken JsonWebToken implementation for node.js http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html | JavaScript | 18.2k | 74 | 13 | 0 | 13 | 19d ago |
| psf/requests A simple, yet elegant, HTTP library. | Python | 54.0k | 57 | 0 | 5 | 5 | 19d ago |
| urllib3/urllib3 urllib3 is a user-friendly HTTP client library for Python | Python | 4.0k | 105 | 2 | 0 | 2 | 19d ago |
| pallets/itsdangerous Safely pass trusted data to untrusted environments and back. | Python | 3.1k | 24 | 0 | 2 | 2 | 19d ago |
| axios/axios Promise based HTTP client for the browser and node.js | JavaScript | 109.0k | 247 | 1 | 0 | 1 | 19d ago |
| pyca/pynacl Python binding to the Networking and Cryptography (NaCl) library | C | 1.2k | 447 | 0 | 0 | 0 | 19d ago |
| expressjs/session Simple session middleware for Express | JavaScript | 6.4k | 19 | 0 | 0 | 0 | 19d ago |