How do i tell which repository/artifact on mvnrepository.com is more widely adopted? nimbus-jose-jwt vs jose4j

I am trying to figure out whether i should pick(based on the adoption):

-nimbus-jose-jwt - Used By 279 artifacts OR
-jose4j - Used by 655 artifacts

I found that jose4j 's author, Brian Campbell, is active, based on the commits, it has the features that i need i.e support for JWE and it works well, but what i don't like is this:

enter image description here

So, are developers picking jose4j, is it a good choice(am i being paranoid?) or should i move to nimbus(the Used By artifacts is more for nimbus, does it mean it s more widely adopted?)

1 Answer

Looks like that vulnerability is in Logback, which is a dependency that's only used in the unit tests (further down that page you screenshotted shows the different dependency categorizations).

I need get that updated, obviously, but it doesn't impact the library itslef.

3

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.

You Might Also Like