{"package":"fast-jwt","ecosystem":"npm","latest_version":"6.2.2","description":"Fast JSON Web Token implementation","license":"Apache-2.0","homepage":"https://github.com/nearform/fast-jwt","repository":"https://github.com/nearform/fast-jwt","downloads_weekly":844350,"health":{"score":82,"risk":"low","breakdown":{"maintenance":25,"popularity":14,"security":23,"maturity":15,"community":5},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":0,"medium":1,"low":0,"details":[{"vuln_id":"CVE-2026-35042","severity":"medium","summary":"fast-jwt accepts unknown `crit` header extensions (RFC 7515 violation)","affected_versions":">=0","fixed_version":null,"source":"osv","published_at":"2026-04-03T22:01:25Z","in_kev":false,"epss_prob":0.0002,"epss_percentile":0.05282,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"6.2.2","total_count":64,"recent":["3.3.2","3.3.3","4.0.0","4.0.1","4.0.2","4.0.3","4.0.5","4.0.6","5.0.0","5.0.1","5.0.2","5.0.5","5.0.6","6.0.0","6.0.1","6.0.2","6.1.0","6.2.0","6.2.1","6.2.2"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":7,"first_published":"2020-06-23T09:14:07.095Z","last_published":"2026-04-10T08:59:28.615Z","dependencies_count":5,"dependencies":["@lukeed/ms","asn1.js","ecdsa-sig-formatter","mnemonist","safe-regex2"]},"bundle":null,"typescript":{"score":10,"has_types":true,"types_source":"bundled","types_package":null},"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"recommendation":{"action":"safe_to_use","issues":[],"use_version":"6.2.2","version_hint":null,"summary":"fast-jwt@6.2.2 is safe to use (health: 82/100)"},"requested_version":null,"_cache":"miss","_response_ms":789,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false}}