npmpackage.info

Gathering detailed insights and metrics for @auth/core

Other packages similar to @auth/core

@azure/core-auth

1.9.0

Provides low-level interfaces and helper methods for authentication in Azure SDK

@edgedb/auth-core

0.3.1

This package has been renamed to @gel/auth-core. Please update your dependencies.

@gel/auth-core

0.3.1

Core helper library for the Gel Auth extension

@particle-network/auth-core

2.0.6

## Start

Gathering detailed insights and metrics for @auth/core

@auth/core - 0.40.0 | npmpackage.info

@auth/core

Authentication for the Web.

0.40.0

27,085

ISC

TypeScript

44.63 kB

32,672,446 5.7

Installations

npm install @auth/core

Developer Guide

BETA

Typescript

Yes

Module System

ESM

Node Version

18.20.8

NPM Version

10.8.2 Score

96.2

Supply Chain

73.7

Quality

90.9

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

141

Total

3,245

Closed

882

Merged

2,222

Issues

Open

351

Total

4,949

Closed

4,598

Releases

1,757

next-auth@5.0.0-beta.29

Updated on Jun 28, 2025

@auth/azure-tables-adapter@1.10.0

Updated on Jun 22, 2025

@auth/d1-adapter@1.10.0

Updated on Jun 22, 2025

@auth/dgraph-adapter@2.10.0

Updated on Jun 22, 2025

@auth/drizzle-adapter@1.10.0

Updated on Jun 22, 2025

@auth/dynamodb-adapter@2.10.0

Updated on Jun 22, 2025

View All 1,757 releases

Languages

TypeScript

JavaScript

CSS

Shell

Svelte

PLpgSQL

Pug

Dockerfile

HTML

TypeScript (93.46%)

JavaScript (2.65%)

CSS (1.34%)

Shell (0.99%)

Svelte (0.92%)

PLpgSQL (0.25%)

Pug (0.24%)

Dockerfile (0.11%)

HTML (0.04%)

Developer

nextauthjs

Download Statistics

Total Downloads

32,672,446

Last Day

53,969

Last Week

748,639

Last Month

3,159,787

Last Year

26,451,208

GitHub Statistics

ISC License

27,085 Stars

3,914 Commits

3,883 Forks

109 Watchers

79 Branches

902 Contributors

Updated on Jul 08, 2025

Bundle Size

146.76 kB

Minified

44.63 kB

Minified + Gzipped

Bundlephobia

Maintainers

View All 902 Contributors

Package Meta Information

Latest Version

0.40.0

Package Id

@auth/core@0.40.0

Unpacked Size

1.79 MB

Size

332.89 kB

File Count

600

NPM Version

10.8.2

Node Version

18.20.8

Published on

Jun 22, 2025

Total Downloads

Cumulative downloads

Total Downloads

32,672,446

Last Day

1.2%

53,969

Compared to previous day

Last Week

-4%

748,639

Compared to previous week

Last Month

-0.9%

3,159,787

Compared to previous month

Last Year

335.5%

26,451,208

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Auth.js core library

Authentication for the Web.

Check out the documentation at authjs.dev.

No vulnerabilities found.

10

Maintained

Determines if the project is "actively maintained".

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

10

Security-Policy

Determines if the project has published a security policy.

9

SAST

Determines if the project uses static code analysis.

6

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/broken-link-checker.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/broken-link-checker.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/broken-link-checker.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/broken-link-checker.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/broken-link-checker.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/broken-link-checker.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-labeler.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/pr-labeler.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:149: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:172: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:174: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:195: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:211: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:213: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:215: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-examples.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/sync-examples.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-examples.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/sync-examples.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/triage.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/nextauthjs/next-auth/triage.yml/main?enable=pin
Warn: containerImage not pinned by hash: apps/examples/nextjs/Dockerfile:2
Warn: containerImage not pinned by hash: apps/examples/nextjs/Dockerfile:5
Warn: containerImage not pinned by hash: apps/examples/nextjs/Dockerfile:15
Warn: containerImage not pinned by hash: apps/examples/nextjs/Dockerfile:28
Info: 0 out of 16 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 9 third-party GitHubAction dependencies pinned
Info: 0 out of 4 containerImage dependencies pinned

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

78 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-6g33-8w2q-4hxv
Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-3787-6prv-h9w3
Warn: Project is vulnerable to: GHSA-9qxr-qj54-h672
Warn: Project is vulnerable to: GHSA-m4v8-wqvr-p9f7
Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975
Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3
Warn: Project is vulnerable to: GHSA-mgfv-m47x-4wqp
Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
Warn: Project is vulnerable to: GHSA-g77x-44xx-532m
Warn: Project is vulnerable to: GHSA-gp8f-8m3g-qvj9
Warn: Project is vulnerable to: GHSA-7gfc-8cq8-jh5f
Warn: Project is vulnerable to: GHSA-7m27-7ghc-44w9
Warn: Project is vulnerable to: GHSA-qpjv-v59x-3qc4
Warn: Project is vulnerable to: GHSA-f82v-jwr5-mffw
Warn: Project is vulnerable to: GHSA-3h52-269p-cp9r
Warn: Project is vulnerable to: GHSA-f7f6-9jq7-3rqj
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v
Warn: Project is vulnerable to: GHSA-cchq-frgv-rjh5
Warn: Project is vulnerable to: GHSA-g644-9gfx-q4q4
Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
Warn: Project is vulnerable to: GHSA-3qxh-p7jc-5xh6
Warn: Project is vulnerable to: GHSA-6q87-84jw-cjhp
Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
Warn: Project is vulnerable to: GHSA-x574-m823-4x7w
Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8
Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x
Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4
Warn: Project is vulnerable to: GHSA-859w-5945-r5v3
Warn: Project is vulnerable to: GHSA-m5vv-6r4h-3vj9
Warn: Project is vulnerable to: GHSA-8r88-6cj9-9fh5
Warn: Project is vulnerable to: GHSA-mh2x-fcqh-fmqv
Warn: Project is vulnerable to: GHSA-rjjv-87mx-6x3h
Warn: Project is vulnerable to: GHSA-fg4m-w35q-vfg2
Warn: Project is vulnerable to: GHSA-vhxf-7vqr-mrjg
Warn: Project is vulnerable to: GHSA-f6v4-cf5j-vf3w
Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
Warn: Project is vulnerable to: GHSA-75v8-2h7p-7m2m
Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
Warn: Project is vulnerable to: GHSA-8cf7-32gw-wr33
Warn: Project is vulnerable to: GHSA-hjrf-2m68-5959
Warn: Project is vulnerable to: GHSA-qwph-4952-7xr6
Warn: Project is vulnerable to: GHSA-3wc5-fcw2-2329
Warn: Project is vulnerable to: GHSA-64fm-8hw2-v72w
Warn: Project is vulnerable to: GHSA-cvr6-37gx-v8wc
Warn: Project is vulnerable to: GHSA-f98w-7cxr-ff2h
Warn: Project is vulnerable to: GHSA-cg87-wmx4-v546
Warn: Project is vulnerable to: GHSA-pmh2-wpjm-fj45
Warn: Project is vulnerable to: GHSA-r2fc-ccr8-96c4
Warn: Project is vulnerable to: GHSA-9h6g-pr28-7cqp
Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg
Warn: Project is vulnerable to: GHSA-3965-hpx2-q597
Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx
Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3
Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
Warn: Project is vulnerable to: GHSA-9crc-q9x8-hgqq
Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx

Score

5.7

/10

Last Scanned on 2025-06-30

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to @auth/core

Other packages similar to @auth/core

@auth/core

Installations

Developer Guide

Yes

ESM

18.20.8

10.8.2

Score

Pull Requests

141

3,245

882

2,222

Issues

351

4,949

4,598

Releases

Languages

Developer

Download Statistics

GitHub Statistics

Bundle Size

146.76 kB

44.63 kB

Maintainers

Package Meta Information

Total Downloads

32,672,446

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Peer Dependencies

Dev Dependencies

Auth.js core library

Authentication for the Web.

10

10

10

10

10

9

6

0

0

0

0

0

5.7

/10