Gathering detailed insights and metrics for next-auth
Gathering detailed insights and metrics for next-auth
Gathering detailed insights and metrics for next-auth
Gathering detailed insights and metrics for next-auth
npm install next-auth
Typescript
Module System
Node Version
NPM Version
@auth/azure-tables-adapter@1.7.4
Published on 16 Nov 2024
@auth/d1-adapter@1.7.4
Published on 16 Nov 2024
@auth/dgraph-adapter@2.7.4
Published on 16 Nov 2024
@auth/drizzle-adapter@1.7.4
Published on 16 Nov 2024
@auth/dynamodb-adapter@2.7.4
Published on 16 Nov 2024
@auth/edgedb-adapter@1.7.4
Published on 16 Nov 2024
Updated on 05 Dec 2024
Minified
Minified + Gzipped
TypeScript (93.34%)
JavaScript (2.74%)
CSS (1.34%)
Shell (0.96%)
Svelte (0.95%)
PLpgSQL (0.26%)
Pug (0.25%)
Dockerfile (0.12%)
HTML (0.04%)
Cumulative downloads
Total Downloads
Last day
-5.3%
Compared to previous day
Last week
-7.5%
Compared to previous week
Last month
9.1%
Compared to previous month
Last year
86.7%
Compared to previous year
5
39
Authentication for the Web.
Open Source. Full Stack. Own Your Data.
Auth.js is a set of open-source packages that are built on standard Web APIs for authentication in modern applications with any framework on any platform in any JS runtime.
Need help? See authjs.dev for the documentation, or join our community on Discord .
Sponsored Looking for a hosted alternative? Use Clerk →
Auth.js can be used with or without a database.
Advanced configuration allows you to define your routines to handle controlling what accounts are allowed to sign in, for encoding and decoding JSON Web Tokens and to set custom cookie security policies and session properties, so you can control who can sign in and how often sessions have to be re-validated.
Auth.js libraries are written with type safety in mind. Check out the docs for more information.
If you think you have found a vulnerability (or are not sure) in Auth.js or any of the related packages (i.e. Adapters), we ask you to read our Security Policy to reach out responsibly. Please do not open Pull Requests/Issues/Discussions before consulting with us.
Auth.js is made possible thanks to all of its contributors.
We have an OpenCollective for companies and individuals looking to contribute financially to the project!
Clerk
💵
|
Auth0
💵
|
FusionAuth
💵
|
Stytch
💵
|
Prisma
💵
|
Neon
💵
|
Beyond Identity
💵
|
Lowdefy
💵
|
Descope
💵
|
Badass Courses
💵
|
Encore
💵
|
Sent.dm
💵
|
Arcjet
💵
|
Route4Me
💵
|
Netlight
☁️
|
Checkly
☁️
|
superblog
☁️
|
Vercel
☁️
|
We're open to all community contributions! If you'd like to contribute in any way, please first read our Contributing Guide.
[!NOTE] The Auth.js/NextAuth.js project is not provided by, nor otherwise affiliated with Vercel Inc. or its subsidiaries. Any contributions to this project by individuals affiliated with Vercel are made in their personal capacity.
ISC
Stable Version
2
9.1/10
Summary
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
Affected Versions
< 3.29.10
Patched Versions
3.29.10
9.1/10
Summary
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
Affected Versions
>= 4.0.0, < 4.10.3
Patched Versions
4.10.3
5
8.1/10
Summary
Missing proper state, nonce and PKCE checks for OAuth authentication
Affected Versions
< 4.20.1
Patched Versions
4.20.1
7.1/10
Summary
Improper handling of email input
Affected Versions
>= 4.0.0, < 4.9.0
Patched Versions
4.9.0
7.1/10
Summary
Improper handling of email input
Affected Versions
< 3.29.8
Patched Versions
3.29.8
7.5/10
Summary
Improper Handling of `callbackUrl` parameter in next-auth
Affected Versions
>= 4.0.0, < 4.5.0
Patched Versions
4.5.0
7.5/10
Summary
Improper Handling of `callbackUrl` parameter in next-auth
Affected Versions
< 3.29.5
Patched Versions
3.29.5
5
5.3/10
Summary
Possible user mocking that bypasses basic authentication
Affected Versions
< 4.24.5
Patched Versions
4.24.5
6.1/10
Summary
URL Redirection to Untrusted Site ('Open Redirect') in next-auth
Affected Versions
>= 4.0.0, < 4.3.3
Patched Versions
4.3.3
6.1/10
Summary
URL Redirection to Untrusted Site ('Open Redirect') in next-auth
Affected Versions
< 3.29.3
Patched Versions
3.29.3
6.1/10
Summary
NextAuth.js default redirect callback vulnerable to open redirects
Affected Versions
>= 4.0.0, < 4.3.2
Patched Versions
4.3.2
6.1/10
Summary
NextAuth.js default redirect callback vulnerable to open redirects
Affected Versions
< 3.29.2
Patched Versions
3.29.2
3
3.3/10
Summary
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
Affected Versions
>= 4.0.0, < 4.10.2
Patched Versions
4.10.2
3.3/10
Summary
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
Affected Versions
< 3.29.9
Patched Versions
3.29.9
0/10
Summary
Token verification bug in next-auth
Affected Versions
< 3.3.0
Patched Versions
3.3.0
Reason
30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
Reason
security policy file detected
Details
Reason
SAST tool detected but not run on all commits
Details
Reason
Found 15/28 approved changesets -- score normalized to 5
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Reason
50 existing vulnerabilities detected
Details
Score
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More