mavenjose4jnimbus-jose-jwt

How do i tell which repository/artifact on mvnrepository.com is more widely adopted? nimbus-jose-jwt vs jose4j


I am trying to figure out whether i should pick(based on the adoption):

-nimbus-jose-jwt - Used By 279 artifacts OR
-jose4j - Used by 655 artifacts

I found that jose4j 's author, Brian Campbell, is active, based on the commits, it has the features that i need i.e support for JWE and it works well, but what i don't like is this:

enter image description here

So, are developers picking jose4j, is it a good choice(am i being paranoid?) or should i move to nimbus(the Used By artifacts is more for nimbus, does it mean it s more widely adopted?)


Solution

  • Looks like that vulnerability is in Logback, which is a dependency that's only used in the unit tests (further down that page you screenshotted shows the different dependency categorizations).

    I need get that updated, obviously, but it doesn't impact the library itslef.