Hi, node-oath seems unmaintained (https://github.com/ciaranj/node-oauth/issues/349). Its only one reverse dependency is node-passport-oauth which seems also unmaintained. While these libs could be used for security, I propose to remove them from Debian archive