npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

elizaos-plugin-quantumscan

v1.0.4

Published

ElizaOS plugin — post-quantum cryptography vulnerability scanning for GitHub, GitLab, and Bitbucket repositories

Readme

elizaos-plugin-quantumscan

ElizaOS plugin for post-quantum cryptography (PQC) vulnerability scanning. Scans GitHub, GitLab, and Bitbucket repositories for quantum-vulnerable cryptographic algorithms and returns actionable migration guidance aligned to NIST FIPS 203/204/205.

Installation

elizaos plugins add elizaos-plugin-quantumscan

Or manually:

npm install elizaos-plugin-quantumscan

Usage

Register the plugin in your agent character file:

import { quantumscanPlugin } from "elizaos-plugin-quantumscan";

export const character = {
  name: "MyAgent",
  plugins: [quantumscanPlugin],
  // ...
};

Once loaded, the agent understands natural language commands like:

  • "Scan https://github.com/owner/repo for quantum vulnerabilities"
  • "Is github.com/aave/aave-v3-core quantum-safe?"
  • "Get result for scan abc-123"
  • "Is ECDSA quantum safe?"
  • "Check if RSA-2048 is post-quantum resistant"

Actions

SCAN_REPOSITORY

Submits a repository for PQC vulnerability scanning. Returns a scan ID.

Triggers: Messages containing GitHub, GitLab, or Bitbucket URLs with scan intent.

Returns: Scan ID + status URL. Use GET_SCAN_RESULT to retrieve results (~60 seconds).

GET_SCAN_RESULT

Retrieves results for a previously submitted scan.

Triggers: Messages containing a scan UUID, or phrases like "get scan result", "scan status".

Returns: Risk score (0–100), vulnerable algorithm list, CBOM summary, report URL.

CHECK_PQC_RISK

Instant local check — no scan needed. Assesses whether a named cryptographic algorithm is quantum-vulnerable.

Triggers: Messages mentioning algorithm names (ECDSA, RSA, AES, SHA, ML-DSA, etc.) with risk intent.

Returns: Vulnerability status + recommended post-quantum migration target.

Environment Variables

| Variable | Required | Description | |---|---|---| | QUANTUMSCAN_API_KEY | No | API key for authenticated scans (free anonymous scans also available) | | QUANTUMSCAN_API_URL | No | Custom API base URL (default: https://quantumscan.io) |

Vulnerable Algorithms Detected

| Algorithm | Quantum Risk | Migration Target | |---|---|---| | ECDSA / ECDH | HIGH (Shor's) | ML-DSA-65 (NIST FIPS 204) | | RSA (any size) | HIGH (Shor's) | ML-KEM-768 (NIST FIPS 203) | | Ed25519 / X25519 | HIGH (Shor's) | ML-DSA-44 or ML-KEM-768 | | DH / DHE | HIGH (Shor's) | ML-KEM-768 | | AES-128 | MEDIUM (Grover's) | AES-256 | | SHA-1 / MD5 | CRITICAL (classical) | SHA-256+ | | BLS12-381 | HIGH (pairing) | SLH-DSA-SHA2-128s |

Output Format

Results include an EIP-7789 CBOM (Cryptography Bill of Materials) in CycloneDX 1.6 format listing all detected cryptographic components and their post-quantum migration status.

Links

License

MIT