The State of Cryptography

Cryptographic library adoption across 11 package ecosystems

0:1weak or deprecated crypto downloads for every 1 PQC downloadRatio of weak/deprecated crypto library downloads (MD5, SHA-1, DES, RC4, RSA-PKCS1) to post-quantum (ML-KEM, ML-DSA) downloads

357

Crypto Libraries Tracked

5.1B

Downloads / Month

761

Crypto CVEs

Ecosystems

2.8M+

Packages Analyzed

NIST Post-Quantum Deadlines

NIST IR 8547 transition deadlines for quantum-vulnerable public-key algorithms

Days until 2030

Deprecate quantum-vulnerable asymmetric crypto

Years

Months

Days

NIST targets deprecation of quantum-vulnerable public-key algorithms (RSA, ECDSA, ECDH, DSA) by this date. Symmetric ciphers (AES) and hash functions (SHA-2, SHA-3) are unaffected.

Click for details

Days until 2035

Disallow quantum-vulnerable asymmetric crypto

Years

Months

Days

Quantum-vulnerable public-key algorithms must be fully replaced. Symmetric crypto (AES-128/256) and hash functions remain approved.

Click for details

How we classify

WeakBroken or deprecated algorithms

ModernCurrent-generation, maintained implementations

PQCQuantum-resistant per NIST FIPS 203/204/205

Weak / Deprecated

Algorithms with known cryptanalytic breaks (MD5, SHA-1, DES, RC4, Blowfish) or unmaintained implementations with known CVEs. These should be replaced regardless of quantum computing timelines.

e.g. MD5, SHA-1, DES, 3DES, RC4, Blowfish

Modern / Current-Gen

Actively maintained cryptographic libraries using current-generation algorithms. Includes both quantum-safe symmetric crypto (AES-256, SHA-256, ChaCha20) and quantum-vulnerable asymmetric crypto (RSA, ECDSA, Ed25519). The asymmetric algorithms in this tier are targets for NIST's 2030/2035 PQC transition.

e.g. AES-GCM, SHA-256, ECDSA, Ed25519, Argon2, bcrypt

Post-Quantum

Implementations of NIST-standardized post-quantum algorithms (ML-KEM, ML-DSA, SLH-DSA) that resist both classical and quantum attacks. These are the replacements for RSA and ECDSA mandated by NIST IR 8547.

e.g. ML-KEM (Kyber), ML-DSA (Dilithium), SLH-DSA (SPHINCS+)

Note: The "Modern" tier includes both quantum-safe symmetric crypto (AES-256, SHA-256) and quantum-vulnerable asymmetric crypto (RSA, ECDSA). The NIST 2030/2035 deadlines apply only to the asymmetric algorithms. Symmetric crypto and hashes remain approved beyond 2035.

Weak / Deprecated

Broken or deprecated algorithms (MD5, SHA-1, DES, 3DES, RC4, Blowfish)

downloads / month

19.8% of total

Top packages

rsa403.3M

node-forge126.6M

crypto-js56.3M

ripemd16055.8M

des.js50.3M

Click for top packages

Modern / Current-Gen

Current-generation, maintained implementations (AES-GCM, SHA-256, ECDSA, Ed25519, Argon2, bcrypt)

downloads / month

80.1% of total

Top packages

cryptography849.1M

PyJWT426.7M

pynacl203.8M

jose194.7M

bcrypt165.9M

Click for top packages

Post-Quantum

Quantum-resistant per NIST FIPS 203/204/205 (ML-KEM (Kyber), ML-DSA (Dilithium), SLH-DSA (SPHINCS+))

downloads / month

0.1% of total

Top packages

github.com/cloudflare/circl1.6M

@noble/post-quantum205.2K

crypto/mlkem180.0K

ml-kem115.3K

ml-dsa71.1K

Click for top packages

Crypto Health by Ecosystem

Of 108.1K packages using cryptography (from 2,809,479 analyzed), here is where they stand by package count - click an ecosystem for details

21.3K

packages using vulnerable crypto

19.7%

of crypto-using packages

86.6K

secured but not PQC ready

80.1%

of crypto-using packages

188

PQC ready

0.2%

of crypto-using packages

All Ecosystems Combined

19.7%

80.1%

Vulnerable

Secured (not PQC)

PQC Ready

Go Modules

40.8K packages20.4% vulnerable

npm

25.9K packages22.0% vulnerable

crates.io

18.2K packages18.7% vulnerable

PyPI

11.2K packages6.4% vulnerable

Maven Central

4.2K packages51.6% vulnerable

NuGet

3.8K packages13.9% vulnerable

Packagist

2.3K packages16.4% vulnerable

RubyGems

1.4K packages6.0% vulnerable

CocoaPods

344 packages14.5% vulnerable

PQC Adoption Projection(measured: March 2026)

Data transparency: This chart has one real measurement (March 2026). All prior data points are mathematical estimates derived from the current snapshot, not historical measurements. Dashed lines indicate estimated values. The solid segment at the right marks the actual measured data point. Historical trend tracking begins with this census.

Measured: Weak Crypto Share

18.8%

of total downloads (March 2026)

Measured: PQC Adoption

0.050%

of total downloads (March 2026)

Dashed lines = mathematical estimates from a single snapshot. Solid dot = actual measurement. PQC adoption plotted on right axis (different scale) due to early-stage adoption levels. Historical trend data collection begins March 2026. Future census runs will add real data points.

The PQC Gap

Download volume by cryptographic tier - click a segment for details

Weak 19.8%

Modern 80.1%

PQC Migration Projection

Projected PQC adoption using logistic S-curve model (Bass diffusion) with NIST deadline markers

Current PQC Share

0.2489%

of weak + PQC downloads

Moderate Scenario at 2030

26.4%

projected PQC adoption by NIST deprecation

Moderate Scenario at 2035

59.4%

projected PQC adoption by full disallowance

Conservative

S-curve k=5%

50% by ~2109 (999 months)

2030: MISSES2035: MISSES

Moderate

S-curve k=8%

50% by ~2031 (69 months)

2030: MISSES2035: MEETS

Optimistic

S-curve k=12%

50% by ~2029 (38 months)

2030: MEETS2035: MEETS

Projections use a logistic growth model (S-curve), standard for technology adoption forecasting (Bass, 1969). Unlike compound growth models which imply unbounded exponential expansion, S-curves model realistic adoption with an inflection point and saturation ceiling. Actual adoption will depend on regulatory mandates, tooling maturity, and industry coordination.

Migration Paths

Total gap: 176.5M downloads/mo

Weak packages paired with recommended replacements, sorted by migration gap - click for details

node-forgeto@noble/ciphers

126.6M

27.2M

Migration gap: 99.4M

crypto-jsto@noble/ciphers

56.3M

27.2M

Migration gap: 29.1M

des.jsto@noble/ciphers

50.3M

27.2M

Migration gap: 23.1M

paragonie/random_compattorandom_bytes()

9.4M

Migration gap: 9.4M

Microsoft.Azure.KeyVaulttoAzure.Security.KeyVault.Keys

5.4M

Migration gap: 5.4M

Portable.BouncyCastletoBouncyCastle.Cryptography

12.8M

7.4M

Migration gap: 5.4M

org.apache.santuario:xmlsectoorg.bouncycastle:bcprov-jdk18on

3.3M

600.0K

Migration gap: 2.7M

github.com/dgrijalva/jwt-gotogithub.com/golang-jwt/jwt/v5

10.8M

9.0M

Migration gap: 1.8M

Ecosystem Breakdown

Cryptographic library adoption by download volume across 10 ecosystems - hover slices, click for packages

npm

1.5B

jose

194.7M

jsonwebtoken

144.5M

node-forge

126.6M

@noble/hashes

122.3M

tweetnacl

111.8M

sha.js

72.2M

hash.js

64.7M

crypto-js

56.3M

PyPI

2.5B

cryptography

849.1M

PyJWT

426.7M

rsa

403.3M

pynacl

203.8M

bcrypt

165.9M

paramiko

134.1M

pycryptodome

74.4M

argon2-cffi

53.5M

Go Modules(estimated)

230.7M

crypto/tls

38.0M

crypto/rand

25.0M

crypto/aes

22.0M

crypto/sha256

18.0M

crypto/ecdsa

12.0M

github.com/dgrijalva/jwt-go

10.8M

crypto/ed25519

9.8M

github.com/golang-jwt/jwt/v5

9.0M

Maven Central

173.2M

software.amazon.awssdk:kms

80.4M

com.nimbusds:nimbus-jose-jwt

14.7M

org.springframework.security:spring-security-crypto

11.5M

io.netty:netty-handler

11.4M

com.google.cloud:google-cloud-kms

8.8M

org.apache.santuario:xmlsec

3.3M

com.auth0:java-jwt

2.9M

org.conscrypt:conscrypt-openjdk

1.8M

crates.io

354.0M

rustls

35.8M

sha2

31.2M

ring

27.9M

zeroize

27.5M

subtle

26.2M

hmac

16.6M

sha1

15.9M

md-5

11.4M

Packagist(estimated)

53.0M

firebase/php-jwt

9.6M

paragonie/random_compat

9.4M

phpseclib/phpseclib

8.9M

lcobucci/jwt

6.5M

symfony/password-hasher

4.3M

paragonie/sodium_compat

4.2M

defuse/php-encryption

3.9M

namshi/jose

1.2M

NuGet(estimated)

265.7M

Microsoft.IdentityModel.Tokens

98.3M

System.IdentityModel.Tokens.Jwt

90.0M

Microsoft.AspNetCore.DataProtection

26.2M

Portable.BouncyCastle

12.8M

BouncyCastle.Cryptography

7.4M

MimeKit

7.1M

Microsoft.Azure.KeyVault

5.4M

Microsoft.Owin.Security.Jwt

1.4M

RubyGems(estimated)

18.9M

jwt

6.1M

bcrypt

3.1M

net-ssh

3.0M

rotp

1.0M

ed25519

928.6K

openssl

642.0K

gpgme

450.4K

rbnacl

279.5K

Hex(estimated)

3.0M

plug_crypto

890.9K

jose

610.1K

joken

391.5K

comeonin

312.1K

bcrypt_elixir

238.2K

guardian

116.9K

argon2_elixir

75.7K

cipher

369

pub.dev(estimated)

3.9M

pointycastle

1.9M

dart_jsonwebtoken

686.6K

encrypt

582.5K

cryptography

268.6K

jose

202.8K

basic_utils

188.5K

hashlib

38.0K

webcrypto

17.7K

Ecosystem Readiness Radar

Modern + PQC adoption percentage across all 10 ecosystems

100%Hex

100%pub.dev

96.1%RubyGems

92.1%Maven Central

90.8%Go Modules

90.6%NuGet

88.2%crates.io

82.6%PyPI

76.1%Packagist

69.7%npm

Top Packages by Downloads

Click a bar for details - filter by tier

Project Crypto Exposure

Which popular open source projects depend on weak cryptography?

2,809,479 packages analyzed across 11 ecosystems

511

top projects analyzed in detail for cryptographic dependencies

108,145 packages use cryptography: 21,332 weak (19.7%), 86,625 modern (80.1%), 188 PQC (0.17%)

Deep Scan Finding

Dependency analysis detected cryptographic usage in 108,145 packages. Deep source-level scanning (cryptoserve scan) on a sample of 20 top projects found 4x more crypto patterns -- including stdlib calls, algorithm constants, and TLS configurations invisible to dependency matching.

19.7%

Use Weak Crypto

Depends on broken or deprecated crypto (MD5, SHA-1, DES, RC4)

80.1%

Modern Only

Uses only current-generation crypto with no weak dependencies

0.2%

PQC Ready

Has at least one post-quantum dependency (ML-KEM, ML-DSA, or SLH-DSA)

Project	Downloads/mo	Posture	Crypto DepsWeak / Modern / PQC
react npm	62.0M	No Crypto		>
lodash npm	52.0M	No Crypto		>
axios npm	48.2M	No Crypto		>
requests PyPI	42.0M	Modern	1M	>
express npm	34.2M	Weak	2W	>
webpack npm	28.4M	Mixed	1W	>
next npm	22.1M	Modern	2M	>
spring-boot Maven Central	18.4M	Mixed	1W1M	>
jsonwebtoken npm	18.4M	Mixed	1W1M	>
django PyPI	12.8M	Modern	2M	>
tokio-rs/tokio crates.io	12.6M	No Crypto		>
fastapi PyPI	9.2M	Modern	2M	>
flask PyPI	8.4M	Modern	1M	>
hyper-rs/hyper crates.io	8.2M	Modern	2M	>
apache/kafka Maven Central	6.8M	Mixed	1W1M	>
laravel/framework Packagist	6.2M	Modern	2M	>
gin-gonic/gin Go Modules	4.2M	Mixed	1W1M	>
actix/actix-web crates.io	3.4M	Modern	2M	>
IdentityServer4 NuGet	3.4M	Modern	2M	>
symfony/security-bundle Packagist	2.8M	Mixed	1W1M	>

Research Insights

Analytical findings and PQC readiness assessment - click findings for details

Risk Metrics

Exposure Index

1.0B

weak downloads/mo

Annual Exposure

12.1B

estimated/yr

CVE Density

0.15

per 1M downloads

Migration Urgency

HIGH

13.79% critical advisories

NIST 2030 Deadline

1,386

days remaining (3.8 yrs)

PQC Adoption

0.05%

of crypto downloads

Weak:PQC Ratio

401:1

weak per PQC download

Packages Tracked

357+

across 11 ecosystems

QRAMM Alignment

CVI

Cryptographic Visibility & Inventory

Ecosystem Health Scores

Hex

1000.01%

pub.dev

1000%

Go Modules

99.19.24%

RubyGems

96.13.87%

Maven Central

92.17.94%

NuGet

90.69.45%

crates.io

89.111.83%

PyPI

82.617.45%

Packagist

76.123.86%

npm

69.930.27%

Score (0-100)Weak %

PQC Readiness Assessment

Weighted by actual PQC adoption. Aligned to QRAMM dimensions.

0/ 100

Grade: C

PQC Readiness Score

ITRPQC Adoption Rate

1/100 (50%)

CVIWeak Crypto Decline

80/100 (20%)

ITRPQC Library Availability

80/100 (15%)

DPEModern Crypto Strength

100/100 (10%)

CVIVulnerability Density

92/100 (5%)

Assessed against the QRAMM (Quantum Readiness Assurance Maturity Model) framework dimensions:

CVICryptographic Visibility & Inventory

SGRMStrategic Governance & Risk Management

DPEData Protection Engineering

ITRImplementation & Technical Readiness

Critical Findings

CRITICAL

PQC adoption critically low before NIST deadline

0.0500%

Post-quantum cryptography accounts for only 0.0500% of tracked downloads, with 1,386 days remaining until the NIST 2030 deprecation deadline. At current adoption rates, the ecosystem is not on track for a timely transition.

CRITICAL

NIST 2030 PQC migration deadline

3 yrs, 291 days

1,386 days (3 yrs, 291 days) remain until NIST targets deprecation of RSA, ECDSA, and other quantum-vulnerable algorithms. Organizations should have migration plans finalized and implementation underway well before this date to account for testing and validation cycles.

CRITICAL

Annual supply chain exposure to weak cryptography

~12.1B/year

Extrapolating monthly weak crypto downloads to annual: ~12.1B package installations per year incorporate deprecated cryptographic primitives (MD5, SHA-1, DES, RC4, unmaintained libraries). Note: download counts include CI/CD and transitive dependencies and may overstate direct application usage.

High Priority

HIGH

Weak-to-PQC download ratio

401:1

For every 1 post-quantum crypto download, there are 401 downloads of weak/deprecated cryptographic packages. Note: PQC replaces quantum-vulnerable public-key algorithms (RSA, ECDSA), not symmetric crypto or hashes. This ratio indicates how far behind PQC adoption trails legacy usage.

HIGH

Downloads using deprecated cryptography

19.8%

19.8% of all tracked cryptographic package downloads (1.0B/month) rely on weak or deprecated algorithms including MD5, SHA-1, DES, RC4, and unmaintained libraries.

HIGH

Security advisory severity distribution

87 total

Of 87 crypto-related GitHub advisories: 12 critical (13.8%), 31 high (35.6%), 28 medium, 16 low. Critical and high severity advisories require immediate attention in dependency audits.

Additional Findings

MEDIUM

Single package concentration in weak crypto

39.9% of weak

rsa accounts for 39.9% of all weak crypto downloads (403.3M/month). Migrating this single dependency away from deprecated algorithms would substantially reduce ecosystem exposure.

MEDIUM

npm has higher weak crypto usage than PyPI

30.3%

npm weak crypto: 30.3% of downloads. PyPI weak crypto: 17.4% of downloads. npm shows a higher concentration of deprecated cryptographic libraries, indicating a greater need for migration tooling and awareness in that ecosystem.

MEDIUM

Cryptographic CVE density across ecosystems

0.15 per 1M

761 crypto-related CVEs mapped across 5.1B monthly downloads yields a density of 0.15 CVEs per million downloads. Each vulnerability in a widely-used package multiplies exposure across dependent applications.

INFO

Leading modern cryptography package

849.1M/mo

cryptography leads modern crypto adoption with 849.1M/month (20.7% of modern tier). Modern packages provide audited, constant-time implementations but still require future PQC migration for quantum-vulnerable algorithms like ECDSA and RSA.

Quantum Threat & Migration

Algorithm vulnerability timeline, PQC implementation availability, and recommended actions

AlgorithmEst. Quantum Break

RSA-2048CRITICAL

NIST deprecation by 2030

ECDSA P-256CRITICAL

NIST deprecation by 2030

AES-128LOW

No practical quantum threat; CNSA 2.0 recommends AES-256 for defense systems

AES-256SAFE

N/A -- quantum-resistant at current key sizes

SHA-256SAFE

N/A -- not considered quantum-vulnerable by NIST

ML-KEM (Kyber)SAFE

N/A

ChaCha20-Poly1305SAFE

N/A -- quantum-resistant at current key sizes

Vulnerability Landscape

Click rows and bars for detailed breakdowns

NVD CVEs by Category

761 total

CWE	Description	Count
CWE-327	Use of a Broken or Risky Cryptographic Algorithm	419
CWE-326	Inadequate Encryption Strength	339
CWE-328	Use of Weak Hash	3

Click a row for details

GitHub Advisories by Severity

87 total

Click an arc or badge for details

By Ecosystem

npm

PyPI

Go Modules

Maven Central

HTML: Self-contained report with Chart.js visualizations | JSON: Raw data via API (CORS-enabled)

Research Dataset

Full scan dataset for independent verification. 2.8M packages across 11 ecosystems.

Scan Summary (JSON)Dataset Documentation

Find Weak Crypto in Your Code

CryptoServe scans your codebase for vulnerable cryptographic implementations and generates a migration plan

Scan your project for weak cryptography

Generate a Cryptographic Bill of Materials

Run the global crypto adoption census

View on GitHub

Data Sources

Package Downloads

npm Registry API (exact monthly), PyPI Stats API (monthly via pypistats.org, rate-limit retried), crates.io API (90-day / 3), Packagist API (monthly), NuGet search API (total / 36), RubyGems API (total / 120), Hex.pm API (90-day / 3), pub.dev score API (30-day). Go Module Proxy does not provide download statistics. Standard library usage estimated from the Go Developer Survey 2024 (golang.org/blog/survey2024-h2-results). Third-party module downloads estimated at GitHub stars multiplied by 1,000 monthly, a conservative proxy based on observed ratios in ecosystems with download data. Maven Central does not provide public download statistics. Monthly downloads estimated as version count multiplied by 50,000, based on median download-per-version ratios from Sonatype's State of the Software Supply Chain reports. CocoaPods has no public download statistics. Counts represent approximately the last 30 days of download activity for 357 cryptographic packages across 11 ecosystems. Download counts reflect package manager installs (including CI/CD pipelines and transitive dependencies) and may overstate direct application usage.

Package-Level Scan

2,809,479 packages analyzed across 11 ecosystems (npm, PyPI, Go, Maven, crates.io, Packagist, NuGet, RubyGems, Hex, pub.dev, CocoaPods) for cryptographic dependency usage. Of these, 108,145 packages use cryptography: 21,332 (19.7%) weak, 86,625 (80.1%) modern, 188 (0.17%) PQC-ready. PQC-ready packages found in npm (43), PyPI (18), Go (17), crates.io (109), and NuGet (1). Additionally, 511 top projects were analyzed in detail via dependency tree resolution. Deep source-level scanning (cryptoserve scan) on a sample of 20 top projects found 4x more crypto patterns than dependency analysis alone -- including stdlib calls, algorithm constants, and TLS configurations invisible to dependency matching.

Vulnerability Data

CVE counts from NIST NVD REST API v2.0: direct queries for CWE-326 (Inadequate Encryption Strength), CWE-327 (Broken/Risky Crypto Algorithm), and CWE-328 (Weak Hash). These are exact NVD-tagged counts, not expanded via parent CWE hierarchies. Advisory data from GitHub Advisory Database (up to 2000 most recent advisories) filtered client-side for the same CWE IDs.

Classification

Weak: Algorithms with known cryptanalytic breaks (MD5, SHA-1, DES, RC4, Blowfish) or unmaintained implementations with known CVEs. These should be replaced regardless of quantum computing timelines. (e.g. MD5, SHA-1, DES, 3DES, RC4, Blowfish).

Modern: Actively maintained cryptographic libraries using current-generation algorithms. Includes both quantum-safe symmetric crypto (AES-256, SHA-256, ChaCha20) and quantum-vulnerable asymmetric crypto (RSA, ECDSA, Ed25519). The asymmetric algorithms in this tier are targets for NIST's 2030/2035 PQC transition. (e.g. AES-GCM, SHA-256, ECDSA, Ed25519, Argon2, bcrypt).

PQC: Implementations of NIST-standardized post-quantum algorithms (ML-KEM, ML-DSA, SLH-DSA) that resist both classical and quantum attacks. These are the replacements for RSA and ECDSA mandated by NIST IR 8547. (e.g. ML-KEM (Kyber), ML-DSA (Dilithium), SLH-DSA (SPHINCS+)).

Stdlib packages providing both weak and strong algorithms are excluded to avoid inflating any tier.

NIST Deadlines

Per NIST IR 8547: 2030 deprecation and 2035 disallowance apply to quantum-vulnerable public-key algorithms (RSA, ECDSA, ECDH, DSA) only. Symmetric ciphers (AES-128/256) and hash functions (SHA-2, SHA-3) remain approved beyond 2035.

Ecosystems Covered

npm (JavaScript/TypeScript), PyPI (Python), Go Modules, Maven Central (Java/Kotlin), crates.io (Rust), Packagist (PHP), NuGet (.NET), RubyGems (Ruby), Hex (Elixir/Erlang), pub.dev (Dart/Flutter), CocoaPods (Swift/Objective-C).

Category Taxonomy

Packages are classified into 7 categories based on their primary cryptographic function:

Hashing: Hash functions (MD5, SHA-*, BLAKE, CRC)
Encryption: Symmetric ciphers and AEAD (AES, ChaCha20, DES, RC4)
KDF / Password: Key derivation and password hashing (PBKDF2, scrypt, Argon2, bcrypt)
Signing: Digital signatures and key exchange (ECDSA, EdDSA, RSA, ML-DSA)
JWT: JWT/JWS/JWE token libraries
TLS / SSH: TLS stacks, SSH, and protocol implementations
General: Multi-purpose cryptographic libraries

Migration Guidance

Weak packages are paired with recommended modern or PQC replacements based on algorithm equivalence and ecosystem compatibility. Migration targets are manually curated and verified. Gaps (weak downloads minus replacement downloads) indicate migration urgency.

Data Freshness

Census data is collected every 6 hours via automated cron jobs. Package download counts reflect the most recent 30-day window available from each registry API. GitHub enrichment data (stars, forks, activity) is collected in the same cycle. Vulnerability data from NVD and GitHub Advisory Database is refreshed on the same schedule. All timestamps are UTC.

Per-Ecosystem Data Confidence

Download counts vary in accuracy depending on each registry's API capabilities. Ecosystems marked "estimated" derive monthly rates from lifetime totals or proxy metrics.

Ecosystem	Confidence	Method
npm	HIGH	Direct 30-day download counts from registry API
PyPI	HIGH	pypistats.org API, 30-day counts
crates.io	HIGH	Direct recent-download counts from registry API
Maven Central	MODERATE	No public download API; version count x 50,000/month (Sonatype SSSSC ratios)
Go Modules	MODERATE	Stdlib from Go Developer Survey 2024; third-party: GitHub stars x 1,000/month proxy
Packagist	MODERATE	Total downloads divided by package age for monthly estimate
NuGet	MODERATE	Total downloads divided by package age for monthly estimate
Hex	MODERATE	Recent-download counts from Hex API
pub.dev	MODERATE	Popularity-score derived estimates
RubyGems	LOW	Lifetime total downloads converted to estimated monthly rate
CocoaPods	LOW	Lifetime total downloads converted to estimated monthly rate

Verify Our Data

Last updated: March 18, 2026 at 12:00 AM UTC