diff --git a/js/libs/keycloak-js/package.json b/js/libs/keycloak-js/package.json
index 89ec4ada3c..85d241a80b 100644
--- a/js/libs/keycloak-js/package.json
+++ b/js/libs/keycloak-js/package.json
@@ -78,7 +78,7 @@
     "shx": "^0.3.4"
   },
   "dependencies": {
-    "js-sha256": "^0.11.0",
+    "@noble/hashes": "^1.4.0",
     "jwt-decode": "^4.0.0"
   }
 }
diff --git a/js/libs/keycloak-js/rollup.config.ts b/js/libs/keycloak-js/rollup.config.ts
index 51817df0d5..4e4009787e 100644
--- a/js/libs/keycloak-js/rollup.config.ts
+++ b/js/libs/keycloak-js/rollup.config.ts
@@ -39,7 +39,7 @@ function defineOptions({
           file: path.join(targetDir, `${file}.mjs`),
         },
       ],
-      external: ["js-sha256", "jwt-decode"],
+      external: ["@noble/hashes", "jwt-decode"],
     },
     // Legacy Universal Module Definition, or “UMD”, with inlined dependencies.
     {
diff --git a/js/libs/keycloak-js/src/keycloak.js b/js/libs/keycloak-js/src/keycloak.js
index 5ad03f510d..f3b46164ca 100755
--- a/js/libs/keycloak-js/src/keycloak.js
+++ b/js/libs/keycloak-js/src/keycloak.js
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-import sha256 from 'js-sha256';
+import { sha256 } from '@noble/hashes/sha256';
 import { jwtDecode } from 'jwt-decode';
 
 if (typeof Promise === 'undefined') {
@@ -382,7 +382,7 @@ function Keycloak (config) {
         }
 
         // hash codeVerifier, then encode as url-safe base64 without padding
-        const hashBytes = new Uint8Array(sha256.arrayBuffer(codeVerifier));
+        const hashBytes = sha256(codeVerifier);
         const encodedHash = bytesToBase64(hashBytes)
             .replace(/\+/g, '-')
             .replace(/\//g, '_')
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index ad7b46a120..818ed2c092 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -356,9 +356,9 @@ importers:
 
   js/libs/keycloak-js:
     dependencies:
-      js-sha256:
-        specifier: ^0.11.0
-        version: 0.11.0
+      '@noble/hashes':
+        specifier: ^1.4.0
+        version: 1.4.0
       jwt-decode:
         specifier: ^4.0.0
         version: 4.0.0
@@ -1073,6 +1073,10 @@ packages:
       react: ^16.8.0 || ^17.0.0 || ^18.0.0
       react-dom: ^16.8.0 || ^17.0.0 || ^18.0.0
 
+  '@noble/hashes@1.4.0':
+    resolution: {integrity: sha512-V1JJ1WTRUqHHrOSh597hURcMqVKVGL/ea3kv0gSnEdsEZ0/+VyPghM1lMNGc00z7CIQorSvbKpuJkxvuHbvdbg==}
+    engines: {node: '>= 16'}
+
   '@nodelib/fs.scandir@2.1.5':
     resolution: {integrity: sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==}
     engines: {node: '>= 8'}
@@ -3361,9 +3365,6 @@ packages:
   jquery@3.7.1:
     resolution: {integrity: sha512-m4avr8yL8kmFN8psrbFFFmB/If14iN5o9nw/NgnnM+kybDJpRsAynV2BsfpTYrTRysYUdADVD7CkUUizgkpLfg==}
 
-  js-sha256@0.11.0:
-    resolution: {integrity: sha512-6xNlKayMZvds9h1Y1VWc0fQHQ82BxTXizWPEtEeGvmOUYpBRy4gbWroHLpzowe6xiQhHpelCQiE7HEdznyBL9Q==}
-
   js-tokens@4.0.0:
     resolution: {integrity: sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==}
 
@@ -5571,6 +5572,8 @@ snapshots:
       react: 18.3.1
       react-dom: 18.3.1(react@18.3.1)
 
+  '@noble/hashes@1.4.0': {}
+
   '@nodelib/fs.scandir@2.1.5':
     dependencies:
       '@nodelib/fs.stat': 2.0.5
@@ -8196,8 +8199,6 @@ snapshots:
 
   jquery@3.7.1: {}
 
-  js-sha256@0.11.0: {}
-
   js-tokens@4.0.0: {}
 
   js-tokens@9.0.0: {}