{"package":"pynacl","ecosystem":"conda","latest_version":"1.6.2","description":"PyNaCl is a Python binding to the Networking and Cryptography library, a crypto library with the stated goal of improving usability, security and speed.","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://github.com/pyca/pynacl","repository":"https://github.com/pyca/pynacl","downloads_weekly":43959,"health":{"score":67,"risk":"moderate","breakdown":{"maintenance":20,"popularity":10,"security":23,"maturity":12,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":0,"medium":1,"low":0,"details":[{"vuln_id":"CVE-2025-69277","severity":"medium","summary":"libsodium has Incomplete List of Disallowed Inputs","affected_versions":">=2,<2.5.0|<1.24.0|<1.6.2|<3.6.1|=v2.0.1|=v2.1.0|=v2.2.0|=v2.3.0|=v2.3.1|=v2.4.0|=v0.1.0|=v0.1.1|=v0.2.0|=v0.2.1|=v0.2.2|=v0.3.0|=v0.3.1|=v0.4.0|=v0.5.0|=v0.6.0|=v0.7.0|=v0.8.0|=v0.8.1|=v1.0.0|=v1.0.1|=v1.1.0|=v1.10.0|=v1.10.1|=v1.11.0|=v1.11.1|=v1.11.2|=v1.11.3|=v1.11.4|=v1.12.0|=v1.12.1|=v1.12.2|=v1.13.0|=v1.14.0|=v1.15.0|=v1.15.1|=v1.15.2|=v1.15.3|=v1.15.4|=v1.16.0|=v1.16.1|=v1.17.0|=v1.17.1|=v1.18.0|=v1.18.1|=v1.19.0|=v1.2.0|=v1.20.0|=v1.20.1|=v1.21.0|=v1.21.1|=v1.21.2|=v1.22.0|=v1.23.0|=v1.3.0|=v1.3.1|=v1.4.0|=v1.5.0|=v1.5.1|=v1.5.2|=v1.5.3|=v1.5.4|=v1.5.5|=v1.5.6|=v1.6.0|=v1.6.1|=v1.6.2|=v1.6.3|=v1.6.4|=v1.6.5|=v1.6.6|=v1.7.0|=v1.8.0|=v1.8.1|=v1.9.0|=v1.9.1|=v1.9.2|=v1.9.3|=v1.9.4|=0.1.0|=0.2.0|=0.2.1|=0.2.2|=0.2.3|=0.3.0|=1.0|=1.0.1|=1.1.0|=1.1.1|=1.1.2|=1.2.0|=1.2.1|=1.3.0|=1.4.0|=1.5.0|=1.6.0|=1.6.1|=0.1.0|=0.1.0a1|=0.1.1|=0.2.0|=1.0.0|=1.0.1|=1.1.0|=1.1.1|=1.2.0|=1.3.0|=1.3.1|=1.3.2|=2.0.0|=2.0.0a1|=2.0.1|=2.1.0|=2.1.1|=2.1.2|=2.2.0|=2.2.1|=3.0.0|=3.0.1|=3.1.0|=3.1.0b1|=3.1.0b2|=3.2.0|=3.2.1|=3.2.3|=3.3.0|=3.4.0|=3.5.1|=3.6.0","fixed_version":"3.6.1","source":"osv","published_at":"2025-12-31T06:30:18Z","in_kev":false,"epss_prob":7e-05,"epss_percentile":0.00662,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"1.6.2","total_count":8,"recent":["1.0.1","1.1.2","1.3.0","1.4.0","1.5.0","1.6.0","1.6.1","1.6.2"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":"2020-09-28 12:12:09.358000+00:00","last_published":"2026-02-27 05:58:35.927000+00:00","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"1.6.2","version_hint":"Update to >= 3.6.1 to fix known vulnerabilities","summary":"pynacl@1.6.2 is safe to use (health: 67/100)"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":3,"active_contributors_12m":8,"primary_author_ratio":0.39285714285714285,"owner_account_age_days":4586,"is_archived":false,"stars":1193,"alerts":[]},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":8,"first_release_age_days":2039,"last_release_days_ago":61,"avg_days_between_releases":291,"release_velocity":"active"},"popularity_warning":{"this_ecosystem_downloads":43959,"more_popular_in":{"ecosystem":"pypi","downloads_weekly":51546640},"hint":"This is the conda package 'pynacl' (43,959 dl/week). A much more popular package with the same name exists in pypi (51,546,640 dl/week). Confirm you queried the right ecosystem."}}