CryptoServe Census

The State of Cryptography

Real-time analysis of cryptographic library adoption across 11 package ecosystems

0:1weak crypto downloads for every 1 PQC download
1.2M
Projects Scanned
412.7M
Downloads / Month
4,892
Crypto CVEs
11
Ecosystems
362
Crypto Libraries

NIST Post-Quantum Deadlines

NIST IR 8547 transition deadlines for quantum-vulnerable public-key algorithms

0
Days until 2030
Deprecate quantum-vulnerable asymmetric crypto
3
Years
10
Months
16
Days

NIST targets deprecation of quantum-vulnerable public-key algorithms (RSA, ECDSA, ECDH, DSA) by this date. Symmetric ciphers (AES) and hash functions (SHA-2, SHA-3) are unaffected.

Click for details
0
Days until 2035
Disallow quantum-vulnerable asymmetric crypto
8
Years
10
Months
16
Days

Quantum-vulnerable public-key algorithms must be fully replaced. Symmetric crypto (AES-128/256) and hash functions remain approved.

Click for details
How we classify
Weak
Modern
PQC
Weak / Deprecated

Algorithms with known cryptanalytic breaks (MD5, SHA-1, DES, RC4, Blowfish) or unmaintained implementations with known CVEs. These should be replaced regardless of quantum computing timelines.

e.g. MD5, SHA-1, DES, 3DES, RC4, Blowfish

Modern / Current-Gen

Actively maintained cryptographic libraries using current-generation algorithms. Includes both quantum-safe symmetric crypto (AES-256, SHA-256, ChaCha20) and quantum-vulnerable asymmetric crypto (RSA, ECDSA, Ed25519). The asymmetric algorithms in this tier are targets for NIST's 2030/2035 PQC transition.

e.g. AES-GCM, SHA-256, ECDSA, Ed25519, Argon2, bcrypt

Post-Quantum

Implementations of NIST-standardized post-quantum algorithms (ML-KEM, ML-DSA, SLH-DSA) that resist both classical and quantum attacks. These are the replacements for RSA and ECDSA mandated by NIST IR 8547.

e.g. ML-KEM (Kyber), ML-DSA (Dilithium), SLH-DSA (SPHINCS+)

Note: The "Modern" tier includes both quantum-safe symmetric crypto (AES-256, SHA-256) and quantum-vulnerable asymmetric crypto (RSA, ECDSA). The NIST 2030/2035 deadlines apply only to the asymmetric algorithms. Symmetric crypto and hashes remain approved beyond 2035.

Weak / Deprecated
Broken or deprecated algorithms (MD5, SHA-1, DES, 3DES, RC4, Blowfish)
0
downloads / month
36.1% of total
Top packages
commons-codec:commons-codec32.1M
crypto-js28.5M
node-forge18.2M
org.jasypt:jasypt8.9M
crypto/md55.2M
+10 more packages
Click for top packages
Modern / Current-Gen
Current-generation, maintained implementations (AES-GCM, SHA-256, ECDSA, Ed25519, Argon2, bcrypt)
0
downloads / month
63.8% of total
Top packages
golang.org/x/crypto45.2M
crypto/tls38.1M
org.bouncycastle:bcprov-jdk18on28.4M
crypto/aes22.8M
crypto/sha25618.4M
+33 more packages
Click for top packages
Post-Quantum
Quantum-resistant per NIST FIPS 203/204/205 (ML-KEM (Kyber), ML-DSA (Dilithium), SLH-DSA (SPHINCS+))
0
downloads / month
0.1% of total
Top packages
org.bouncycastle:bcpqc-jdk18on290.0K
github.com/cloudflare/circl180.0K
@noble/post-quantum42.0K
liboqs-python12.0K
pqcrypto12.0K
+3 more packages
Click for top packages

Crypto Health by Ecosystem

Of 57.9K projects using cryptography, here is where they stand today - click an ecosystem for details

17.8K
projects using vulnerable crypto
30.7%
of crypto-using projects
39.7K
secured but not PQC ready
68.6%
of crypto-using projects
429
PQC ready
0.7%
of crypto-using projects
All Ecosystems Combined
30.7%
68.6%
Vulnerable
Secured (not PQC)
PQC Ready
Go Modules
16.0K projects22.6% vulnerable
Maven Central
14.0K projects54.5% vulnerable
npm
11.6K projects22.6% vulnerable
crates.io
8.0K projects40.0% vulnerable
PyPI
4.8K projects5.9% vulnerable
NuGet
2.0K projects11.3% vulnerable
Packagist
1.2K projects15.7% vulnerable
RubyGems
800 projects40.0% vulnerable
pub.dev
401 projects34.9% vulnerable
Hex
400 projects21.3% vulnerable
CocoaPods
343 projects27.7% vulnerable
The PQC Gap

Download volume by cryptographic tier - click a segment for details

Weak 36.1%
Modern 63.8%

PQC Migration Projection

Projected PQC adoption under three growth scenarios with NIST deadline markers

Current PQC Share
0.3680%
of weak + PQC downloads
Required Growth (2030)
11.3%/mo
to reach 50% by NIST deadline
Required Growth (2035)
4.7%/mo
to reach 50% by full disallowance
Conservative
5%/mo growth
50% by ~2034 (101 months)
2030: MISSES2035: MEETS
Moderate
15%/mo growth
50% by ~2029 (36 months)
2030: MEETS2035: MEETS
Accelerated
30%/mo growth
50% by ~2027 (19 months)
2030: MEETS2035: MEETS

Migration Paths

Total gap: 57.2M downloads/mo

Weak packages paired with recommended replacements, sorted by migration gap - click for details

crypto-jsto@noble/ciphers
28.5M
3.8M
Migration gap: 24.7M
commons-codec:commons-codectocom.google.crypto.tink:tink
32.1M
14.2M
Migration gap: 17.9M
node-forgeto@noble/ciphers
18.2M
3.8M
Migration gap: 14.4M
cryptotowebcrypto
240.0K
78.0K
Migration gap: 162.0K
ciphertoplug_crypto
85.0K
120.0K
digesttoopenssl
480.0K
580.0K
crypto_darttopointycastle
65.0K
185.0K
OpenSSL-UniversaltoCryptoSwift
180.0K
320.0K

Ecosystem Breakdown

Cryptographic library adoption across 11 ecosystems - hover slices, click for packages

npm
126.3M
crypto-js
28.5M
node-forge
18.2M
jose
16.8M
elliptic
12.4M
hash.js
11.9M
@noble/hashes
8.2M
@noble/curves
7.1M
md5
4.8M
PyPI
30.5M
cryptography
10.2M
pycryptodome
5.8M
bcrypt
3.2M
pycrypto
2.9M
pynacl
2.4M
argon2-cffi
1.8M
ecdsa
890.0K
simple-crypt
34.0K
Go Modules
101.2M
golang.org/x/crypto
45.2M
crypto/tls
38.1M
crypto/aes
22.8M
crypto/sha256
18.4M
crypto/ecdsa
12.1M
crypto/ed25519
9.8M
crypto/rsa
8.9M
crypto/md5
5.2M
Maven Central
120.9M
commons-codec:commons-codec
32.1M
org.bouncycastle:bcprov-jdk18on
28.4M
com.google.crypto.tink:tink
14.2M
io.jsonwebtoken:jjwt-api
12.8M
com.nimbusds:nimbus-jose-jwt
11.4M
org.jasypt:jasypt
8.9M
org.mindrot:jbcrypt
6.2M
org.conscrypt:conscrypt-openjdk
4.8M
crates.io
33.7M
ring
8.4M
rustls
6.2M
sha2
5.1M
md-5
4.2M
sha-1
3.6M
aes-gcm
3.2M
ed25519-dalek
2.8M
chacha20poly1305
2.4M
Packagist
12.8M
phpseclib/phpseclib
3.2M
defuse/php-encryption
1.8M
firebase/php-jwt
1.4M
lcobucci/jwt
1.2M
paragonie/sodium_compat
980.0K
namshi/jose
620.0K
phpseclib/mcrypt_compat
340.0K
laminas/laminas-crypt
280.0K
NuGet
21.0M
System.IdentityModel.Tokens.Jwt
4.2M
BouncyCastle.Cryptography
2.8M
Portable.BouncyCastle
1.8M
BCrypt.Net-Next
1.4M
Microsoft.IdentityModel.JsonWebTokens
1.2M
Microsoft.Owin.Security.Jwt
920.0K
NSec.Cryptography
380.0K
Konscious.Security.Cryptography.Argon2
280.0K
RubyGems
2.5M
openssl
580.0K
digest
480.0K
bcrypt
420.0K
jwt
210.0K
rbnacl
185.0K
net-ssh
165.0K
argon2
78.0K
gibberish
42.0K
Hex
1.0M
comeonin
280.0K
bcrypt_elixir
210.0K
jose
165.0K
plug_crypto
120.0K
cipher
85.0K
argon2_elixir
68.0K
joken
45.0K
pqclean
150
pub.dev
990.4K
crypto
240.0K
pointycastle
185.0K
cryptography
120.0K
encrypt
95.0K
webcrypto
78.0K
crypto_dart
65.0K
dart_jsonwebtoken
52.0K
hashlib
48.0K
CocoaPods
800.1K
CryptoSwift
320.0K
OpenSSL-Universal
180.0K
Sodium
85.0K
RNCryptor
62.0K
AESCrypt-ObjC
52.0K
JOSESwift
38.0K
themis
15.0K
liboqs
100

Ecosystem Readiness Radar

Modern + PQC adoption percentage across all 11 ecosystems

91.7%Go Modules
86%Hex
68.7%pub.dev
68.2%Maven Central
67.7%NuGet
67.2%Packagist
66.7%RubyGems
65%CocoaPods
61.9%crates.io
43.8%PyPI
42.9%npm

Top Packages by Downloads

Click a bar for details - filter by tier

Project Crypto Exposure

Which popular open source projects depend on weak cryptography?

Open source projects analyzed across 11 ecosystems
1,221,754
projects scanned for cryptographic dependencies
1.5%
Use Weak Crypto
Depends on broken or deprecated crypto (MD5, SHA-1, DES, RC4)
98.5%
Modern Only
Uses only current-generation crypto with no weak dependencies
0.0%
PQC Ready
Has at least one post-quantum dependency (ML-KEM, ML-DSA, or SLH-DSA)
ProjectDownloads/moPostureCrypto DepsWeak / Modern / PQC
react
npm
62.0MNo Crypto
>
lodash
npm
52.0MNo Crypto
>
axios
npm
48.2MNo Crypto
>
requests
PyPI
42.0MModern
1M
>
express
npm
34.2MWeak
2W
>
webpack
npm
28.4MMixed
1W
>
next
npm
22.1MModern
2M
>
spring-boot
Maven Central
18.4MMixed
1W1M
>
jsonwebtoken
npm
18.4MMixed
1W1M
>
django
PyPI
12.8MModern
2M
>
tokio-rs/tokio
crates.io
12.6MNo Crypto
>
fastapi
PyPI
9.2MModern
2M
>
flask
PyPI
8.4MModern
1M
>
hyper-rs/hyper
crates.io
8.2MModern
2M
>
apache/kafka
Maven Central
6.8MMixed
1W1M
>
laravel/framework
Packagist
6.2MModern
2M
>
gin-gonic/gin
Go Modules
4.2MMixed
1W1M
>
actix/actix-web
crates.io
3.4MModern
2M
>
IdentityServer4
NuGet
3.4MModern
2M
>
symfony/security-bundle
Packagist
2.8MMixed
1W1M
>

Research Insights

Analytical findings and PQC readiness assessment - click findings for details

Risk Metrics
Exposure Index
148.9M
weak downloads/mo
Annual Exposure
1.8B
estimated/yr
CVE Density
11.85
per 1M downloads
Migration Urgency
HIGH
13.79% critical advisories
NIST 2030 Deadline
1,411
days remaining (3.9 yrs)
PQC Adoption
0.13%
of crypto downloads
Weak:PQC Ratio
271:1
weak per PQC download
Packages Tracked
362+
across 11 ecosystems
QRAMM Alignment
CVI
Visibility & Inventory
Ecosystem Health Scores
Go Modules
93.58.32%
Hex
86.114.01%
Maven Central
70.631.76%
NuGet
69.832.31%
pub.dev
69.131.3%
Packagist
67.332.81%
RubyGems
66.833.33%
CocoaPods
65.135%
crates.io
62.438.12%
PyPI
44.356.19%
npm
43.357.06%
Score (0-100)Weak %
PQC Readiness Assessment
0/ 100
Grade: C
PQC Readiness Score
ITRPQC Adoption Rate
3/100 (30%)
CVIWeak Crypto Decline
64/100 (25%)
DPEModern Crypto Strength
100/100 (20%)
CVIVulnerability Density
51/100 (15%)
ITRAlternative Coverage
70/100 (10%)
Aligned toQRAMMdimensions:CVISGRMDPEITR
Critical Findings
CRITICAL

Downloads using deprecated cryptography

36.1%

36.1% of all tracked cryptographic package downloads (148.9M/month) rely on weak or deprecated algorithms including MD5, SHA-1, DES, RC4, and unmaintained libraries.

CRITICAL

NIST 2030 PQC migration deadline

3 yrs, 316 days

1,411 days (3 yrs, 316 days) remain until NIST targets deprecation of RSA, ECDSA, and other quantum-vulnerable algorithms. Organizations should have migration plans finalized and implementation underway well before this date to account for testing and validation cycles.

CRITICAL

Annual supply chain exposure to weak cryptography

~1.8B/year

Extrapolating monthly weak crypto downloads to annual: ~1.8B package installations per year incorporate deprecated cryptographic primitives (MD5, SHA-1, DES, RC4, unmaintained libraries). Note: download counts include CI/CD and transitive dependencies and may overstate direct application usage.

High Priority
HIGH

Weak-to-PQC download ratio

271:1

For every 1 post-quantum crypto download, there are 271 downloads of weak/deprecated cryptographic packages. Note: PQC replaces quantum-vulnerable public-key algorithms (RSA, ECDSA), not symmetric crypto or hashes. This ratio indicates how far behind PQC adoption trails legacy usage.

HIGH

PQC adoption critically low before NIST deadline

0.1300%

Post-quantum cryptography accounts for only 0.1300% of tracked downloads, with 1,411 days remaining until the NIST 2030 deprecation deadline. At current adoption rates, the ecosystem is not on track for a timely transition.

HIGH

Cryptographic CVE density across ecosystems

11.85 per 1M

4,892 crypto-related CVEs mapped across 412.7M monthly downloads yields a density of 11.85 CVEs per million downloads. Each vulnerability in a widely-used package multiplies exposure across dependent applications.

HIGH

Security advisory severity distribution

87 total

Of 87 crypto-related GitHub advisories: 12 critical (13.8%), 31 high (35.6%), 28 medium, 16 low. Critical and high severity advisories require immediate attention in dependency audits.

Additional Findings
MEDIUM

Single package concentration in weak crypto

21.6% of weak

commons-codec:commons-codec accounts for 21.6% of all weak crypto downloads (32.1M/month). Migrating this single dependency away from deprecated algorithms would substantially reduce ecosystem exposure.

MEDIUM

npm has higher weak crypto usage than PyPI

57.1%

npm weak crypto: 57.1% of downloads. PyPI weak crypto: 56.2% of downloads. npm shows a higher concentration of deprecated cryptographic libraries, indicating a greater need for migration tooling and awareness in that ecosystem.

INFO

Leading modern cryptography package

45.2M/mo

golang.org/x/crypto leads modern crypto adoption with 45.2M/month (17.2% of modern tier). Modern packages provide audited, constant-time implementations but still require future PQC migration for quantum-vulnerable algorithms like ECDSA and RSA.

Quantum Threat & Migration

Algorithm vulnerability timeline, PQC implementation availability, and recommended actions

AlgorithmEst. Quantum Break
RSA-2048CRITICAL
NIST deprecation by 2030
ECDSA P-256CRITICAL
NIST deprecation by 2030
AES-128LOW
No practical quantum threat; CNSA 2.0 recommends AES-256 for defense systems
AES-256SAFE
N/A -- quantum-resistant at current key sizes
SHA-256SAFE
N/A -- not considered quantum-vulnerable by NIST
ML-KEM (Kyber)SAFE
N/A
ChaCha20-Poly1305SAFE
N/A -- quantum-resistant at current key sizes

Vulnerability Landscape

Click rows and bars for detailed breakdowns

NVD CVEs by Category
4,892 total
CWEDescriptionCount
CWE-327Use of a Broken or Risky Cryptographic Algorithm2,841
CWE-326Inadequate Encryption Strength1,523
CWE-328Use of Weak Hash528

Click a row for details

GitHub Advisories by Severity
87 total

Click an arc or badge for details

By Ecosystem
npm
40
PyPI
30
Go Modules
11
Maven Central
6

HTML: Self-contained report with Chart.js visualizations | JSON: Raw data for researchers (CORS-enabled API)

Find Weak Crypto in Your Code

CryptoServe scans your codebase for vulnerable cryptographic implementations and generates a migration plan

Scan your project for weak cryptography
Generate a Cryptographic Bill of Materials
Run the global crypto adoption census

View on GitHub