Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

fast-jwt

Ecosystem:
npm
Package URL:
pkg:npm/fast-jwt
Total PRs:
52 Dependabot PRs
Latest PR:
about 1 month ago
Unique Repositories:
43 repositories
Unique Repos (30 days):
3 repositories
Security Advisories
fast-jwt has a ReDoS when using RegExp in allowed* leading to CPU exhaustion during token verification
GHSA-cjw9-ghj4-fwxf CVE-2026-35041 MODERATE published 2 months ago • updated about 1 month ago
## ⚠️ IMPORTANT CLARIFICATIONS ### Affected Configurations This vulnerability ONLY affects applications that: - Use RegExp objects (not stri...
JWT Algorithm Confusion
GHSA-c2ff-88x2-x9pg CVE-2023-48223 MODERATE published over 2 years ago • updated about 2 months ago
### Summary The fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. ### Details The 'publicKeyPemMatcher'...
fast-jwt accepts unknown `crit` header extensions (RFC 7515 violation)
GHSA-hm7r-c7qw-ghp6 CVE-2026-35042 HIGH published 3 months ago • updated 6 days ago
## Summary `fast-jwt` does not validate the `crit` (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a `crit` arr...
fast-jwt: Incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key
GHSA-mvf2-f6gm-w987 CVE-2026-34950 CRITICAL published 3 months ago • updated 6 days ago
### Summary The fix for GHSA-c2ff-88x2-x9pg (CVE-2023-48223) is incomplete. The publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ ancho...
fast-jwt: Stateful RegExp (/g or /y) causes non-deterministic allowed-claim validation (logical DoS)
GHSA-3j8v-cgw4-2g6q CVE-2026-35040 MODERATE published 2 months ago • updated 23 days ago
## Impact Using certain modifiers on RegExp objects in the allowedAud, allowedIss, allowedSub, allowedJti, or allowedNonce options in verify funct...
View all 8 advisories
Recent PRs
RSS Feed
chore(deps): bump fast-jwt from 6.2.2 to 6.2.4

arediss/Oscarr #183

6.2.2 → 6.2.4 Patch PR
Closed about 1 month ago 1 comment
arediss
Bump fast-jwt from 6.2.2 to 6.2.4

Unwrenchable/effective-engine #30

6.2.2 → 6.2.4 Patch PR
Open about 1 month ago 1 comment
Unwrenchable
build(deps): bump fast-jwt from 6.2.2 to 6.2.4 in /backend in the npm_and_yarn group across 1 directory

FalkorDB/falkordb-dbaas #811

6.2.2 → 6.2.4 Patch PR
Closed about 1 month ago 1 comment
FalkorDB
chore(deps): bump fast-jwt from 6.1.0 to 6.2.2

Tony133/fastify-api-boilerplate-jwt #2244

6.1.0 → 6.2.2 Minor PR
Open 2 months ago 1 comment
Tony133
chore(deps): bump fast-jwt from 6.1.0 to 6.2.1

ozziest/rawfeed.social #96

6.1.0 → 6.2.1 Minor PR
Closed 2 months ago 1 comment
ozziest
build(deps): bump the npm_and_yarn group across 2 directories with 4 updates

FalkorDB/falkordb-dbaas #677

6.1.0 → 6.2.1 Minor PR
Closed 2 months ago 1 comment
FalkorDB
Bump the npm_and_yarn group across 6 directories with 27 updates

dporkka/dittofeed-customer-engagement #4

2.2.2 → 6.2.0 Major PR
Closed 2 months ago 1 comment
dporkka
chore(deps): bump the npm_and_yarn group across 5 directories with 19 updates

trizist/platformatic #29

5.0.6 → 6.2.0 Major PR
Closed 2 months ago 1 comment
trizist
build(deps): bump fast-jwt from 6.1.0 to 6.2.0

mpc-ou/discord-bot #15

6.1.0 → 6.2.0 Minor PR
Closed 2 months ago 1 comment
mpc-ou
chore(deps): bump fast-jwt from 6.1.0 to 6.2.0

Polyteknikkojen-Kuoro/ilmomasiina #3

6.1.0 → 6.2.0 Minor PR
Closed 2 months ago 1 comment
Polyteknikkojen-Kuoro
Bump fast-jwt from 6.1.0 to 6.2.0 in /kingstar_intelligence/backend

Johnatan-boot/Portal-intranet-kingstar #12

6.1.0 → 6.2.0 Minor PR
Open 2 months ago 1 comment
Johnatan-boot
Bump fast-jwt and @fastify/jwt

DouglasPortoo/GymPass-style-app-SOLID-API #17

3.3.2 → 6.2.0 Major PR
Closed 2 months ago 1 comment
DouglasPortoo
Bump the npm_and_yarn group across 3 directories with 29 updates

dporkka/dittofeed-customer-engagement #2

2.2.2 → 6.1.0 Major PR
Closed 3 months ago 1 comment
dporkka
Bump fast-jwt and platformatic

ruheni/platformatic-prisma-reproduction #13

removed Removal PR
Closed 3 months ago 1 comment
ruheni
Bump fast-jwt and sst

Dustin4444/docs-4 #21

removed Removal PR
Open 3 months ago 1 comment
Dustin4444
Bump fast-jwt and @fastify/jwt

DouglasPortoo/GymPass-style-app-SOLID-API #8

3.3.2 → 6.1.0 Major PR
Closed 4 months ago 1 comment
DouglasPortoo
chore(deps): bump the npm_and_yarn group across 2 directories with 4 updates

japperJ/v2test #1

4.0.5 → 6.1.0 Major PR
Closed 4 months ago 1 comment
japperJ
Bump the npm_and_yarn group across 2 directories with 2 updates

gkeferstein/campus.mojo #1

4.0.5 → 6.1.0 Major PR
Open 6 months ago 2 comments
gkeferstein
Bump the npm_and_yarn group across 2 directories with 6 updates

khulnasoft/pkg.khulnasoft.com #2

4.0.5 → 5.0.6 Major PR
Closed 8 months ago 2 comments
khulnasoft
chore(deps): bump fast-jwt and @fastify/jwt

Rassis7/ollo-link-shortener #30

4.0.5 → 6.0.2 Major PR
Open 9 months ago
Rassis7
Bump fast-jwt and @fastify/jwt

idylicaro/ignite-nodejs-03-api-solid-nodejs #3

2.2.0 → 6.0.2 Major PR
Open 9 months ago
idylicaro
Bump fast-jwt and @fastify/jwt

Digital-Clipboard/marketing-agent #1

4.0.5 → 6.0.2 Major PR
Open 9 months ago
Digital-Clipboard
chore(deps): bump the npm_and_yarn group across 2 directories with 5 updates

thegoodeth/pkg.pr.new #2

4.0.6 → 5.0.6 Major PR
Open 9 months ago 2 comments
thegoodeth
Bump the npm_and_yarn group across 2 directories with 5 updates

gitworkflows/pkg.gitworkflows.github.io #1

4.0.6 → 5.0.6 Major PR
Open 10 months ago
gitworkflows
Bump fast-jwt from 3.0.0 to 6.0.2 in /backend

dsp-testing/dependabot-multi-directory-test #81

3.0.0 → 6.0.2 Major PR
Open 10 months ago
dsp-testing
Bump the npm_and_yarn group across 1 directory with 19 updates

wmitrus/fastify-starter-standard #8

1.5.4 → 6.0.2 Major PR
Open 10 months ago
wmitrus
Bump fast-jwt and @fastify/jwt

wmitrus/fastify-starter-standard #3

1.5.4 → 6.0.2 Major PR
Open 10 months ago
wmitrus
chore(deps): bump the npm_and_yarn group across 1 directory with 17 updates

offsoc/flat-server #2

2.1.0 → 5.0.6 Major PR
Open 10 months ago
offsoc
build(deps): bump the npm_and_yarn group across 1 directory with 2 updates

ulm0/leelo #2

4.0.5 → 5.0.6 Major PR
Closed 10 months ago 1 comment
ulm0
build(deps): bump the npm_and_yarn group across 1 directory with 6 updates

ulm0/leelo #1

4.0.5 → 5.0.6 Major PR
Open 11 months ago 3 comments
ulm0
Bump fast-jwt and @fastify/jwt

emanuel-o-dev/legotech-back #3

2.2.3 → 5.0.6 Major PR
Merged 11 months ago
emanuel-o-dev
Bump the npm_and_yarn group across 1 directory with 2 updates

thoangdev/testflux #1

3.3.3 → 5.0.6 Major PR
Open 11 months ago
thoangdev
chore(deps): bump the npm_and_yarn group with 5 updates

WorksLocally/ticketsbot #12

5.0.5 → 5.0.6 Patch PR
Open 11 months ago
WorksLocally
npm(deps): bump fast-jwt from 3.3.1 to 3.3.3

phazonoverload/boardgame-stats #1

3.3.1 → 3.3.3 Patch PR
Open 12 months ago 1 comment
phazonoverload
build(deps): bump the npm_and_yarn group across 1 directory with 7 updates

StraySignal/skymoth #11

5.0.5 → 5.0.6 Patch PR
Open 12 months ago
StraySignal
chore(deps): bump fast-jwt from 5.0.5 to 5.0.6

WorksLocally/tickets-bot #3

5.0.5 → 5.0.6 Patch PR
Open 12 months ago
WorksLocally
Bump fast-jwt from 5.0.2 to 5.0.6

sodazone/ocelloids-services #144

5.0.2 → 5.0.6 Patch PR
Open about 1 year ago
sodazone
Bump fast-jwt and @jsprismarine/prismarine

vincss/mcsleepingserverstarter #302

5.0.0 → 6.0.1 Major PR
Closed about 1 year ago 1 comment
vincss
build(deps): bump fast-jwt from 6.0.1 to 6.0.2 in /server

qoomon/actions--access-token #486

6.0.1 → 6.0.2 Patch PR
Merged about 1 year ago
qoomon
Bump fast-jwt and @fastify/jwt

Complete-Arbitration-Mesh/CAM-PROTOCOL #19

4.0.5 → 5.0.6 Major PR
Merged about 1 year ago
Complete-Arbitration-Mesh
chore(deps): bump fast-jwt from 6.0.1 to 6.0.2

kaka-ng/fastify-plugins #416

6.0.1 → 6.0.2 Patch PR
Merged about 1 year ago
kaka-ng
build(deps): bump fast-jwt from 5.0.6 to 6.0.2

ConduitPlatform/Conduit #1347

5.0.6 → 6.0.2 Major PR
Open about 1 year ago
ConduitPlatform
Bump fast-jwt and @fastify/jwt in /fullstack-task-manager

guyunxiang/Shawn-Monorepo-Showcase #6

1.7.2 → 5.0.6 Major PR
Open about 1 year ago
guyunxiang
Bump fast-jwt and @fastify/jwt

FemboyFans/Reports #1

4.0.3 → 5.0.6 Major PR
Merged about 1 year ago
FemboyFans
build(deps): bump fast-jwt from 5.0.6 to 6.0.1

ConduitPlatform/Conduit #1312

5.0.6 → 6.0.1 Major PR
Closed about 1 year ago 1 comment
ConduitPlatform
chore(deps-dev): bump fast-jwt from 4.0.5 to 5.0.6

khulnasoft-lab/pkg.khulnasoft.com #1

4.0.5 → 5.0.6 Major PR
Open about 1 year ago 4 comments
khulnasoft-lab
chore(deps): bump fast-jwt from 5.0.5 to 5.0.6

HemmeligOrg/Hemmelig.app #405

5.0.5 → 5.0.6 Patch PR
Closed over 1 year ago 2 comments
HemmeligOrg
chore(deps): bump fast-jwt from 4.0.1 to 5.0.6

fyysikkokilta/ilmomasiina #42

4.0.1 → 5.0.6 Major PR
Open over 1 year ago 1 comment
fyysikkokilta
Bump the frontend-backend group across 1 directory with 7 updates

dsp-testing/multi-directory-security-update-testing-security-then-version #66

3.0.0 → 5.0.2 Major PR
Open over 1 year ago 2 comments
dsp-testing
chore(deps): bump the npm_and_yarn group across 1 directory with 11 updates

offsoc/flat-server #1

2.1.0 → 3.3.2 Major PR
Closed almost 2 years ago 1 comment
offsoc
Package Details
Name: fast-jwt
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/fast-jwt
JSON API: View JSON
Security Advisories

8

Active advisories
CRITICAL 3
HIGH 1
MODERATE 4
View All npm Advisories
Package Information
Description:

Fast JSON Web Token implementation

Repository: https://github.com/nearform/fast-jwt
Homepage: https://github.com/nearform/fast-jwt
Latest Release: 6.0.0
about 1 year ago
Dependent Repos: 1,526
Dependent Packages: 64
Downloads: 1,313,881
Ranking: Top 0.5175% by dependent repos Top 0.3016% by downloads Top 0.4985% by dependent pkgs
PR Status
Open 26 (50.0%)
Merged 5 (9.6%)
Closed 19 (36.5%)
PR Types
Major 31 (59.6%)
Minor 6 (11.5%)
Patch 11 (21.2%)
Removal 2 (3.8%)