{"package":"jwcrypto","ecosystem":"pypi","latest_version":"1.5.7","description":"Implementation of JOSE Web standards","license":"LGPL-3.0-or-later","homepage":"https://github.com/latchset/jwcrypto","repository":"https://github.com/latchset/jwcrypto","downloads_weekly":4963682,"health":{"score":77,"risk":"moderate","breakdown":{"maintenance":25,"popularity":17,"security":23,"maturity":12,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":0,"medium":1,"low":0,"details":[{"vuln_id":"CVE-2026-39373","severity":"medium","summary":"JWCrypto: JWE ZIP decompression bomb","affected_versions":">=0","fixed_version":null,"source":"osv","published_at":"2026-04-08T00:16:14Z","in_kev":false,"epss_prob":0.00071,"epss_percentile":0.21571,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"1.5.7","total_count":28,"recent":["0.6.0","0.7","0.8","0.9","0.9.1","1.0","1.2","1.3","1.3.1","1.4","1.4.1","1.4.2","1.5.0","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.5.6","1.5.7"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2026-04-07T00:35:35.085989Z","dependencies_count":2,"dependencies":["cryptography>=3.4","typing_extensions>=4.5.0"]},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"recommendation":{"action":"safe_to_use","issues":[],"use_version":"1.5.7","version_hint":null,"summary":"jwcrypto@1.5.7 is safe to use (health: 77/100)"},"requested_version":null,"_cache":"miss","_response_ms":460,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false}}