Keycloak can handle all that.

https://www.keycloak.org/

It's rarely a problem of nefarious intent, while often a problem of mental models that don't match reality.

Seek to expose and challenge your own mental model first and many challenging differences will be difussed.

Vulnerability is in socket.io-file. Package is downloaded about 500 times a week. The more popular socket.io is not dependant.

Netwalker and Ryuk use similar tools and tactics. Most all of them are doing the same. https://thedfirreport.com/2020/10/08/ryuks-return/