How do i tell which repository/artifact on mvnrepository.com is more widely adopted? nimbus-jose-jwt vs jose4j

Question

I am trying to figure out whether i should pick(based on the adoption):

-nimbus-jose-jwt - Used By 279 artifacts OR
-jose4j - Used by 655 artifacts

I found that jose4j 's author, Brian Campbell, is active, based on the commits, it has the features that i need i.e support for JWE and it works well, but what i don't like is this:

So, are developers picking jose4j, is it a good choice(am i being paranoid?) or should i move to nimbus(the Used By artifacts is more for nimbus, does it mean it s more widely adopted?)

Brian Campbell · Accepted Answer · 2022-03-18T13:36:15.043

1

Looks like that vulnerability is in Logback, which is a dependency that's only used in the unit tests (further down that page you screenshotted shows the different dependency categorizations).

I need get that updated, obviously, but it doesn't impact the library itslef.

edited Mar 18 '22 at 13:36

answered Mar 18 '22 at 12:54

Brian Campbell

2,293
12
13

1

https://bitbucket.org/b_c/jose4j/issues/196/update-some-dependencies – Brian Campbell Mar 18 '22 at 13:00
Perfect Brian, thanks & cheers! – jumping_monkey Mar 21 '22 at 06:02
1

https://mvnrepository.com/artifact/org.bitbucket.b_c/jose4j/0.7.11 also – Brian Campbell Mar 21 '22 at 08:20

How do i tell which repository/artifact on mvnrepository.com is more widely adopted? nimbus-jose-jwt vs jose4j

1 Answers1