npmpackage.info

Gathering detailed insights and metrics for browserslist

Other packages similar to browserslist

update-browserslist-db

1.1.3

CLI tool to update caniuse-lite to refresh target browsers from Browserslist config

electron-to-chromium

1.5.179

Provides a list of electron-to-chromium version mappings

caniuse-api

3.0.0

request the caniuse data to check browsers compatibilities

@types/browserslist

4.15.4

Stub TypeScript definitions entry for browserslist, which provides its own types definitions

Gathering detailed insights and metrics for browserslist

browserslist - 4.25.1 | npmpackage.info

browserslist

🦔 Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-preset-env

4.25.1

13,325

MIT

JavaScript

18.16 kB

11,834,700,625 4.5

Installations

npm install browserslist

Developer Guide

BETA

Typescript

Yes

Module System

UMD

Min. Node Version

^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7

Node Version

22.16.0

NPM Version

10.9.2 Score

96.1

Supply Chain

Quality

87.7

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

5

Total

301

Closed

51

Merged

245

Issues

Open

40

Total

532

Closed

492

Releases

4.25.1

Updated on Jun 25, 2025

4.25.0

Updated on May 29, 2025

4.24.5

Updated on May 02, 2025

4.24.4

Updated on Jan 08, 2025

4.24.3

Updated on Dec 13, 2024

4.24.2

Updated on Oct 21, 2024

View All 12 releases

Languages

JavaScript

JavaScript (100%)

Developer

browserslist

Download Statistics

Total Downloads

11,834,700,625

Last Day

3,875,057

Last Week

65,034,195

Last Month

282,215,669

Last Year

2,809,738,748

GitHub Statistics

MIT License

13,325 Stars

1,469 Commits

741 Forks

135 Watchers

3 Branches

180 Contributors

Updated on Jul 06, 2025

Bundle Size

79.99 kB

Minified

18.16 kB

Minified + Gzipped

Bundlephobia

Sponsor this package

https://opencollective.com/browserslist https://tidelift.com/funding/github/npm/browserslist https://github.com/sponsors/ai

Maintainers

View All 180 Contributors

Package Meta Information

Latest Version

4.25.1

Package Id

browserslist@4.25.1

Unpacked Size

63.93 kB

Size

16.00 kB

File Count

NPM Version

10.9.2

Node Version

22.16.0

Published on

Jun 25, 2025

Total Downloads

Cumulative downloads

Total Downloads

11,834,700,625

Last Day

-8.3%

3,875,057

Compared to previous day

Last Week

-7.7%

65,034,195

Compared to previous week

Last Month

6.2%

282,215,669

Compared to previous month

Last Year

22.5%

2,809,738,748

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

caniuse-lite electron-to-chromium node-releases update-browserslist-db

Browserslist

The config to share target browsers and Node.js versions between different front-end tools. It is used in:

All tools will find target browsers automatically, when you add the following to package.json:

1  "browserslist": [
2    "defaults and fully supports es6-module",
3    "maintained node versions"
4  ]

Or in .browserslistrc config:

1# Browsers that we support
2
3defaults and fully supports es6-module
4maintained node versions

Developers set their version lists using queries like last 2 versions to be free from updating versions manually. Browserslist will use caniuse-lite with Can I Use data for this queries.

You can check how config works at our playground: browsersl.ist

Docs

Read full docs here.

Moderate

5.3/10

Summary

Regular Expression Denial of Service in browserslist

Affected Versions

>= 4.0.0, < 4.16.5

Patched Versions

4.16.5

10

Maintained

Determines if the project is "actively maintained".

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

1

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/browserslist/browserslist/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/browserslist/browserslist/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/browserslist/browserslist/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/browserslist/browserslist/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/browserslist/browserslist/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/browserslist/browserslist/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/browserslist/browserslist/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/browserslist/browserslist/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/browserslist/browserslist/test.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/browserslist/browserslist/test.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/browserslist/browserslist/test.yml/main?enable=pin
Info: 0 out of 7 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 4 third-party GitHubAction dependencies pinned

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

Score

4.5

/10

Last Scanned on 2025-06-30

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More