{"package":"github.com/dgrijalva/jwt-go","ecosystem":"go","latest_version":"v3.2.0+incompatible","description":"ARCHIVE - Golang implementation of JSON Web Tokens (JWT). This project is now maintained at:","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pkg.go.dev/github.com/dgrijalva/jwt-go","repository":"https://github.com/dgrijalva/jwt-go","downloads_weekly":10761,"health":{"score":44,"risk":"high","breakdown":{"maintenance":0,"popularity":10,"security":20,"maturity":9,"community":5},"deprecated":false,"max_score":100},"vulnerabilities":{"count":2,"critical":0,"high":1,"medium":0,"low":1,"details":[{"vuln_id":"CVE-2020-26160","severity":"high","summary":"Authorization bypass in github.com/dgrijalva/jwt-go","affected_versions":">=0.0.0-20150717181359-44718f8a89b0,<=3.2.0|<4.0.0-preview1","fixed_version":"4.0.0-preview1","source":"osv","published_at":"2021-05-18T21:08:21Z","in_kev":false,"epss_prob":0.00055,"epss_percentile":0.16928,"threat_tier":"theoretical"},{"vuln_id":"CVE-2020-26160","severity":"unknown","summary":"Authorization bypass in github.com/dgrijalva/jwt-go","affected_versions":">=0.0.0-20150717181359-44718f8a89b0|<4.0.0-preview1","fixed_version":"4.0.0-preview1","source":"osv","published_at":"2021-04-14T20:04:52Z","in_kev":false,"epss_prob":0.00055,"epss_percentile":0.16928,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v3.2.0+incompatible","total_count":14,"recent":["v1.0.2","v2.6.0+incompatible","v1.0.0","v2.5.0+incompatible","v2.1.0+incompatible","v2.0.0+incompatible","v2.3.0+incompatible","v2.4.0+incompatible","v3.0.0+incompatible","v2.2.0+incompatible","v3.1.0+incompatible","v3.2.0+incompatible","v2.7.0+incompatible","v1.0.1"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":55,"first_published":null,"last_published":"2018-03-08T23:13:08Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":2,"bugs_severity":{"high":1,"medium":1},"status_breakdown":{"open":2},"link":"/api/bugs/go/github.com/dgrijalva/jwt-go","scope":"all","details":[{"title":"Authorization bypass in github.com/dgrijalva/jwt-go","severity":"high","status":"open","affected_version":"0.0.0-20150717181359-44718f8a89b0","fixed_version":null,"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26160"},{"title":"Authorization bypass in github.com/dgrijalva/jwt-go","severity":"medium","status":"open","affected_version":"0.0.0-20150717181359-44718f8a89b0","fixed_version":null,"url":"https://github.com/dgrijalva/jwt-go/commit/ec0a89a131e3e8567adcb21254a5cd20a70ea4ab"}]},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["Moderate health score (44/100) — verify manually","1 high severity vulnerabilities"],"use_version":"v3.2.0+incompatible","version_hint":"Update to >= 4.0.0-preview1 to fix known vulnerabilities","summary":"github.com/dgrijalva/jwt-go@v3.2.0+incompatible has vulnerabilities — update to latest","alternatives":[{"name":"github.com/golang-jwt/jwt","reason":"Maintained fork after dgrijalva archived","builtin":false},{"name":"github.com/golang-jwt/jwt/v5","reason":"dgrijalva/jwt-go is abandoned - golang-jwt is the community fork","builtin":false}]},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":639,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":1,"active_contributors_12m":0,"primary_author_ratio":0.0,"owner_account_age_days":6434,"is_archived":true,"stars":10759,"alerts":["single_active_maintainer_3m","archived_repo"]},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"alternatives_link":{"url":"/api/alternatives/go/github.com/dgrijalva/jwt-go","count":2},"co_used_with":[{"package":"@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining","occurrences":7},{"package":"@nuxt/cli","occurrences":7},{"package":"@rive-app/react-canvas","occurrences":7},{"package":"Square.OkIO","occurrences":7},{"package":"ghproxy-9d2.pages.dev/gray-adeyi/paystack","occurrences":7}],"version_history_summary":{"total_versions":14,"first_release_age_days":4338,"last_release_days_ago":2976,"avg_days_between_releases":334,"release_velocity":"stale"}}