npmpackage.info

Gathering detailed insights and metrics for core-js

Other packages similar to core-js

core-js-compat

3.43.0

core-js compat

core-js-pure

3.43.0

Standard library

@types/core-js

2.5.8

TypeScript definitions for core-js

has-symbols

1.1.0

Determine if the JS environment has Symbol support. Supports spec, or shams.

Gathering detailed insights and metrics for core-js

core-js - 3.43.0 | npmpackage.info

core-js

Standard Library

3.43.0

25,086

MIT

JavaScript

78.84 kB

5.2

Installations

npm install core-js

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Node Version

24.1.0

NPM Version

11.4.1 Score

93.4

Supply Chain

98.7

Quality

86.7

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

10

Total

411

Closed

108

Merged

293

Issues

Open

38

Total

967

Closed

929

Releases

248

3.43.0 - 2025.06.09

v3.43.0

Updated on Jun 09, 2025

3.42.0 - 2025.04.30

v3.42.0

Updated on Apr 29, 2025

3.41.0 - 2025.03.01

v3.41.0

Updated on Mar 01, 2025

3.40.0 - 2025.01.08

v3.40.0

Updated on Jan 07, 2025

3.39.0 - 2024.10.31

v3.39.0

Updated on Oct 31, 2024

3.38.1 - 2024.08.20

v3.38.1

Updated on Aug 20, 2024

View All 248 releases

Languages

JavaScript

TypeScript

HTML

JavaScript (99.81%)

TypeScript (0.15%)

HTML (0.04%)

Developer

zloirock

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

MIT License

25,086 Stars

6,885 Commits

1,684 Forks

256 Watchers

12 Branches

131 Contributors

Updated on Jun 29, 2025

Bundle Size

258.54 kB

Minified

78.84 kB

Minified + Gzipped

Bundlephobia

Sponsor this package

https://opencollective.com/core-js

Maintainers

View All 131 Contributors

Package Meta Information

Latest Version

3.43.0

Package Id

core-js@3.43.0

Unpacked Size

1.24 MB

Size

295.33 kB

File Count

3,637

NPM Version

11.4.1

Node Version

24.1.0

Published on

Jun 09, 2025

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

No dependencies detected.

logo

I highly recommend reading this: So, what's next?

Modular standard library for JavaScript. Includes polyfills for ECMAScript up to 2023: promises, symbols, collections, iterators, typed arrays, many other features, ECMAScript proposals, some cross-platform WHATWG / W3C features and proposals like URL. You can load only required features or use it without global namespace pollution.

Raising funds

core-js isn't backed by a company, so the future of this project depends on you. Become a sponsor or a backer if you are interested in core-js: Open Collective, Patreon, Boosty, Bitcoin ( bc1qlea7544qtsmj2rayg0lthvza9fau63ux0fstcz ), Alipay.

Example of usage:

1import 'core-js/actual';
2
3Promise.resolve(42).then(it => console.log(it)); // => 42
4
5Array.from(new Set([1, 2, 3]).union(new Set([3, 4, 5]))); // => [1, 2, 3, 4, 5]
6
7[1, 2].flatMap(it => [it, it]); // => [1, 1, 2, 2]
8
9(function * (i) { while (true) yield i++; })(1)
10  .drop(1).take(5)
11  .filter(it => it % 2)
12  .map(it => it ** 2)
13  .toArray(); // => [9, 25]
14
15structuredClone(new Set([1, 2, 3])); // => new Set([1, 2, 3])

You can load only required features:

1import 'core-js/actual/promise';
2import 'core-js/actual/set';
3import 'core-js/actual/iterator';
4import 'core-js/actual/array/from';
5import 'core-js/actual/array/flat-map';
6import 'core-js/actual/structured-clone';
7
8Promise.resolve(42).then(it => console.log(it)); // => 42
9
10Array.from(new Set([1, 2, 3]).union(new Set([3, 4, 5]))); // => [1, 2, 3, 4, 5]
11
12[1, 2].flatMap(it => [it, it]); // => [1, 1, 2, 2]
13
14(function * (i) { while (true) yield i++; })(1)
15  .drop(1).take(5)
16  .filter(it => it % 2)
17  .map(it => it ** 2)
18  .toArray(); // => [9, 25]
19
20structuredClone(new Set([1, 2, 3])); // => new Set([1, 2, 3])

Or use it without global namespace pollution:

1import Promise from 'core-js-pure/actual/promise';
2import Set from 'core-js-pure/actual/set';
3import Iterator from 'core-js-pure/actual/iterator';
4import from from 'core-js-pure/actual/array/from';
5import flatMap from 'core-js-pure/actual/array/flat-map';
6import structuredClone from 'core-js-pure/actual/structured-clone';
7
8Promise.resolve(42).then(it => console.log(it)); // => 42
9
10from(new Set([1, 2, 3]).union(new Set([3, 4, 5]))); // => [1, 2, 3, 4, 5]
11
12flatMap([1, 2], it => [it, it]); // => [1, 1, 2, 2]
13
14Iterator.from(function * (i) { while (true) yield i++; }(1))
15  .drop(1).take(5)
16  .filter(it => it % 2)
17  .map(it => it ** 2)
18  .toArray(); // => [9, 25]
19
20structuredClone(new Set([1, 2, 3])); // => new Set([1, 2, 3])

It's a global version (first 2 examples), for more info see core-js documentation.

No vulnerabilities found.

10

Maintained

Determines if the project is "actively maintained".

10

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Security-Policy

Determines if the project has published a security policy.

10

License

Determines if the project has defined a license.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

4

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 4

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-deploy-pages.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/zloirock/core-js/build-and-deploy-pages.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-deploy-pages.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/zloirock/core-js/build-and-deploy-pages.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-deploy-pages.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/zloirock/core-js/build-and-deploy-pages.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-deploy-pages.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/zloirock/core-js/build-and-deploy-pages.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-deploy-pages.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/zloirock/core-js/build-and-deploy-pages.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-deploy-pages.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/zloirock/core-js/build-and-deploy-pages.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-deploy-pages.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/zloirock/core-js/build-and-deploy-pages.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-deploy-pages.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/zloirock/core-js/build-and-deploy-pages.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-deploy-pages.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/zloirock/core-js/build-and-deploy-pages.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-deploy-pages.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/zloirock/core-js/build-and-deploy-pages.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-and-deploy-pages.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/zloirock/core-js/build-and-deploy-pages.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/zloirock/core-js/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/zloirock/core-js/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/zloirock/core-js/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/zloirock/core-js/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/zloirock/core-js/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/zloirock/core-js/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/zloirock/core-js/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/zloirock/core-js/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/zloirock/core-js/ci.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/zloirock/core-js/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/zloirock/core-js/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/zloirock/core-js/ci.yml/master?enable=pin
Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:22
Info: 0 out of 22 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 1 third-party GitHubAction dependencies pinned
Info: 5 out of 5 npmCommand dependencies pinned
Info: 0 out of 1 pipCommand dependencies pinned

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Score

5.2

/10

Last Scanned on 2025-06-23

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More