Is your code quantum-safe?

Cloudflare and Google are already running hybrid post-quantum key exchange. PostQuant detects it. Is your infrastructure keeping up?

Get Started View on GitHub
$
🔐 PostQuant v0.4.0 — Quantum Readiness Scanner

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Overall Grade: D+

django/contrib/auth/hashers.py
L669: MD5 🔴 Critical — authentication

utils/uuid_helper.py
L12: MD5 🟢 Info — protocol compliance

tests/test_crypto.py
L34: SHA-1 🟢 Info — test fixture

Adjusted Risk
🔴 2 critical
🟢 4 low
🟢 2 informational

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

v0.4.0 — Now detects hybrid post-quantum key exchanges (X25519MLKEM768) via OpenSSL probing. The biggest sites are already migrating — PostQuant sees it.

Context changes everything.

uuid 220M downloads/week

Uses MD5 for RFC 4122 checksums

v0.2.0: D+ v0.4.0: A
Same algorithm.
Different context.
Different grade.
Django auth/hashers.py

Uses MD5 for password hashing

v0.2.0: D+ v0.4.0: D+

We scanned the most downloaded packages on npm and PyPI.

Package Downloads Old Grade New Grade Context
uuid 220M/wk D+ A MD5 is RFC 4122 spec compliance
boto3 1.6B/mo D+ A Content-MD5 is AWS protocol
requests 1.1B/mo D+ A Checksums, not security
express-session 3.9M/wk D+ A Session entropy, not auth
Django D+ D+ MD5 in password hashing
paramiko 128M/mo D- D- RSA/ECDSA for SSH transport
pg 20M/wk D+ D+ MD5 in PostgreSQL auth
ssh2 6.4M/wk D+ D+ DH/ECDH in key exchange
Google C+ 🟢 X25519MLKEM768
GitHub C 🔴 X25519
Stripe C+ 🔴 X25519
Cloudflare C+ 🟢 X25519MLKEM768

Google and Cloudflare negotiate hybrid PQC key exchange. Certificates are still classical — grade stays C+ until CAs support PQC.

Scanned March 4, 2026 with PostQuant v0.4.0

1

Detect

54 patterns across Python, JavaScript, Go, and Java. Finds RSA, ECDSA, DH, MD5, SHA-1, and more.

2

Assess Context

Reads surrounding code. File paths, variable names, API patterns. Is this MD5 protecting passwords or generating cache keys?

3

Grade

Letter grade A through F based on actual risk. Informational findings don't drag your score down.

The PostQuant Grading Scale

Grade Meaning Example
A No quantum-vulnerable crypto, or all findings are informational uuid, boto3, FastAPI
C+ Best classical crypto, no PQC deployed yet google.com, stripe.com
D+ Real quantum-vulnerable patterns in security-critical code Django, pg, ssh2
F Broken ciphers, legacy protocols, severe exposure TLS 1.1, DES, MD5 signatures

NIST will deprecate RSA and ECC by 2030 and disallow them by 2035. Adversaries are already harvesting encrypted data to decrypt later. PostQuant shows you what's exposed.

Hybrid PQC Detection

Detects X25519MLKEM768 and other post-quantum key exchanges via OpenSSL probing

Context-Aware Code Scanning

54 patterns across Python, JS/TS, Go, Java — understands how crypto is used

Live TLS Endpoint Scanning

Point at any domain, get a quantum readiness grade. Zero config: npx postquant scan

4 Output Formats

Terminal, JSON, SARIF 2.1.0, CycloneDX CBOM 1.6

PostQuant scans itself. Grade: A
$ npx postquant scan cloudflare.com

Overall Grade: C+

Certificate
Algorithm: ECDSA P-256 🔴 Quantum Vulnerable

Connection
Protocol: TLS 1.3 🟢 Current
Key Exchange: X25519MLKEM768 🟢 Quantum Safe
Cipher: AES-256 🟢 Quantum Safe
$ npx postquant analyze ./src

Overall Grade: D+

src/auth/login.py
L45: MD5 🔴 Critical — authentication
src/utils/cache.py
L12: MD5 🟢 Info — integrity check

Adjusted Risk: 2 critical, 1 low, 3 informational

CI/CD Integration

# .github/workflows/postquant.yml
name: PostQuant Scan
on: [push, pull_request]
jobs:
quantum-check:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- uses: actions/checkout@v4
- run: npx postquant analyze . --format sarif > postquant.sarif
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: postquant.sarif

Results appear in GitHub's Security > Code scanning alerts tab.

--format json|sarif|cbom Output format
--show-all Include low and informational findings
--no-context Raw pattern matching (v0.2.0 behavior)
--fail-grade D CI/CD threshold
--language python Filter by language
npm version GitHub stars MIT license

This is just the beginning.

Mar 2026

TLS Scanner

Live

Mar 2026

Code Scanner

Live

Mar 2026

Risk Assessment

Live

Apr 2026

Migration Playbook

In Progress

May 2026

Dashboard

Planned

Jun 2026

CI/CD Marketplace

Planned

Stay ahead of the deadline.

Get notified when new features drop. No spam.