{"package":"pyjwt","ecosystem":"pypi","latest_version":"2.12.1","description":"JSON Web Token implementation in Python","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pypi.org/project/PyJWT/","repository":"https://github.com/jpadilla/pyjwt","downloads_weekly":132056765,"health":{"score":80,"risk":"low","breakdown":{"maintenance":20,"popularity":20,"security":25,"maturity":15,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":0,"critical":0,"high":0,"medium":0,"low":0,"details":[]},"versions":{"latest":"2.12.1","total_count":54,"recent":["1.7.0","1.7.1","2.0.0a1","2.0.0a2","2.0.0","2.0.1","2.1.0","2.2.0","2.3.0","2.4.0","2.5.0","2.6.0","2.7.0","2.8.0","2.9.0","2.10.0","2.10.1","2.11.0","2.12.0","2.12.1"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2026-03-13T19:27:35.677841Z","dependencies_count":14,"dependencies":["typing_extensions>=4.0; python_version < \"3.11\"","cryptography>=3.4.0; extra == \"crypto\"","coverage[toml]==7.10.7; extra == \"dev\"","cryptography>=3.4.0; extra == \"dev\"","pre-commit; extra == \"dev\"","pytest<9.0.0,>=8.4.2; extra == \"dev\"","sphinx; extra == \"dev\"","sphinx-rtd-theme; extra == \"dev\"","zope.interface; extra == \"dev\"","sphinx; extra == \"docs\"","sphinx-rtd-theme; extra == \"docs\"","zope.interface; extra == \"docs\"","coverage[toml]==7.10.7; extra == \"tests\"","pytest<9.0.0,>=8.4.2; extra == \"tests\""]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":4,"bugs_severity":{"high":2,"medium":2},"status_breakdown":{"fixed":4},"link":"/api/bugs/pypi/pyjwt?version=2.12.1","scope":"version","details":[{"title":"PyJWT vulnerable to key confusion attacks","severity":"high","status":"fixed","affected_version":null,"fixed_version":"1.5.1","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-11424"},{"title":"PyJWT accepts unknown `crit` header extensions","severity":"high","status":"fixed","affected_version":null,"fixed_version":"2.12.0","url":"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f"},{"title":"PYSEC-2022-202: advisory","severity":"medium","status":"fixed","affected_version":null,"fixed_version":"9c528670c455b8d948aff95ed50e22940d1ad3fc","url":"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24"},{"title":"PYSEC-2017-24: advisory","severity":"medium","status":"fixed","affected_version":null,"fixed_version":"1.5.1","url":"https://github.com/jpadilla/pyjwt/pull/277"}]},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"2.12.1","version_hint":null,"summary":"pyjwt@2.12.1 is safe to use (health: 80/100)"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":809,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":7,"active_contributors_12m":14,"primary_author_ratio":0.26865671641791045,"owner_account_age_days":6193,"is_archived":false,"stars":5644,"alerts":[]},"malicious":{"is_malicious":false},"scorecard":{"available":true,"score":7.8,"tier":"strong"},"quality":{"available":true,"criticality_score":0.525,"criticality_tier":"high","velocity_pct":-3.3,"velocity_trend":"stable","publish_security":"api_token"},"co_used_with":[{"package":"fastparquet","occurrences":5}],"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":47,"avg_days_between_releases":null,"release_velocity":"active"}}