NIST is deprecating RSA and ECC by 2030. Most teams have no idea where they're exposed. I built a CLI to find out.

npx postquant scan example.com grades your TLS. npx postquant analyze ./src scans your source code. Zero config, zero signup.

The interesting part: context matters. MD5 in uuid? That's a checksum, not a vulnerability. MD5 in Django's password hasher? That's real. PostQuant reads surrounding code and adjusts risk accordingly. Same algorithm, different grade.

I scanned popular open source projects. Django got a D+. Go's stdlib got an F with 161 critical findings. FastAPI, Express, and Gin scored A. Full results in the README.

Supports Python, JS/TS, Go, Java. Outputs SARIF and CBOM. MIT licensed.