npmpackage.info

Gathering detailed insights and metrics for dp-taro-css-to-react-native

dp-taro-css-to-react-native - 2.2.33 | npmpackage.info

dp-taro-css-to-react-native

开放式跨端跨框架解决方案，支持使用 React/Vue 等框架来开发微信/京东/百度/支付宝/字节跳动/ QQ 小程序/H5/React Native 等应用。 https://taro.zone/

2.2.33

36,681

NOASSERTION

TypeScript

234.72 kB

5.5

Installations

npm install dp-taro-css-to-react-native

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Node Version

16.14.2

NPM Version

8.5.0 Pull Requests

Open

85

Total

4,672

Closed

1,212

Merged

3,375

Issues

Open

1,495

Total

12,375

Closed

10,880

Releases

199

chore(release): publish 4.1.4

v4.1.4

Updated on Jul 11, 2025

chore(release): publish 4.1.3

v4.1.3

Updated on Jun 30, 2025

chore(release): publish 4.1.2

v4.1.2

Updated on Jun 05, 2025

chore(release): publish 4.1.1

v4.1.1

Updated on May 18, 2025

feat(harmony): update runtime hooks & runtime

v4.1.1-alpha.1

Updated on May 18, 2025

chore(release): publish 4.1.0

v4.1.0

Updated on May 16, 2025

View All 199 releases

Languages

TypeScript

JavaScript

SCSS

Rust

HTML

CSS

Vue

Less

Sass

Stylus

Shell

TypeScript (55.6%)

JavaScript (39.81%)

SCSS (2.3%)

Rust (1.91%)

HTML (0.19%)

CSS (0.18%)

Vue (0.01%)

Developer

NervJS

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

NOASSERTION License

36,681 Stars

14,245 Commits

4,848 Forks

689 Watchers

133 Branches

601 Contributors

Updated on Jul 12, 2025

Maintainers

View All 601 Contributors

Package Meta Information

Latest Version

2.2.33

Package Id

dp-taro-css-to-react-native@2.2.33

Unpacked Size

234.72 kB

Size

32.18 kB

File Count

NPM Version

8.5.0

Node Version

16.14.2

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

camelize css css-color-keywords css-mediaquery postcss-value-parser

Dev Dependencies

@babel/cli @babel/core @babel/preset-env babel-jest coveralls husky jest lint-staged npmpub prettier

dp-taro-css-to-react-native

fork from css-to-react-native-transform

A lightweight wrapper on top of css-to-react-native to allow valid CSS to be turned into React Native Stylesheet objects.

To keep things simple it only transforms class selectors (e.g. .myClass {}) and grouped class selectors (e.g. .myClass, .myOtherClass {}). Parsing of more complex selectors can be added as a new feature behind a feature flag (e.g. transform(css, { parseAllSelectors: true })) in the future if needed.

Example:

1.myClass {
2  font-size: 18px;
3  line-height: 24px;
4  color: red;
5}
6
7.other {
8  padding: 1rem;
9}

is transformed to:

1{
2  myClass: {
3    fontSize: 18,
4    lineHeight: 24,
5    color: "red"
6  },
7  other: {
8    paddingBottom: 16,
9    paddingLeft: 16,
10    paddingRight: 16,
11    paddingTop: 16
12  }
13}

API

Transform CSS

1import transform from "dp-taro-css-to-react-native";
2// or const transform = require("dp-taro-css-to-react-native").default;
3
4transform(`
5  .foo {
6    color: #f00;
7  }
8`);

↓ ↓ ↓ ↓ ↓ ↓

1{
2  foo: {
3    color: "#f00";
4  }
5}

CSS Modules :export block

Parsing the CSS Modules (ICSS) :export is supported. The :export is often used to share variables from CSS or from a preprocessor like Sass/Less/Stylus to Javascript:

1transform(`
2  .foo {
3    color: #f00;
4  }
5
6  :export {
7    myProp: #fff;
8  }
9`);

↓ ↓ ↓ ↓ ↓ ↓

1{
2  foo: {
3    color: "#f00";
4  },
5  myProp: "#fff";
6}

CSS Media Queries (experimental)

The API and parsed syntax for CSS Media Queries might change in the future

1transform(
2  `
3  .container {
4    background-color: #f00;
5  }
6
7  @media (orientation: landscape) {
8    .container {
9      background-color: #00f;
10    }
11  }
12`,
13  { parseMediaQueries: true },
14);

↓ ↓ ↓ ↓ ↓ ↓

1{
2  __mediaQueries: {
3    "@media (orientation: landscape)": [{
4      expressions: [
5        {
6          feature: "orientation",
7          modifier: undefined,
8          value: "landscape",
9        },
10      ],
11      inverse: false,
12      type: "all",
13    }],
14  },
15  container: {
16    backgroundColor: "#f00",
17  },
18  "@media (orientation: landscape)": {
19    container: {
20      backgroundColor: "#00f",
21    },
22  },
23}

You can also speficy a platform as the media query type ("android", "dom", "ios", "macos", "web", "windows"):

1transform(
2  `
3  .container {
4    background-color: #f00;
5  }
6
7  @media android and (orientation: landscape) {
8    .container {
9      background-color: #00f;
10    }
11  }
12`,
13  { parseMediaQueries: true },
14);

CSS Viewport Units (experimental)

When CSS Viewport Units are used, a special __viewportUnits feature flag is added to the result. This is done so that the implementation that transforms viewport units to pixels knows that the style object has viewport units inside it, and can avoid doing extra work if the style object does not contain any viewport units.

1transform(`.foo { font-size: 1vh; }`);

↓ ↓ ↓ ↓ ↓ ↓

1{
2   __viewportUnits: true,
3  foo: {
4    fontSize: "1vh";
5  }
6}

Limitations

For rem unit the root element font-size is currently set to 16 pixels. A setting needs to be implemented to allow the user to define the root element font-size.
There is also support for the box-shadow shorthand, and this converts into shadow- properties. Note that these only work on iOS.

Dependencies

This library has the following packages as dependencies:

css - CSS parser / stringifier
css-mediaquery - Parses and determines if a given CSS Media Query matches a set of values.
css-to-react-native - Convert CSS text to a React Native stylesheet object

No vulnerabilities found.

10

Maintained

Determines if the project is "actively maintained".

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Security-Policy

Determines if the project has published a security policy.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Packaging

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

9

License

Determines if the project has defined a license.

7

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/auto-review.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/auto-review.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/auto-review.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/auto-review.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-rust-binding.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/build-rust-binding.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-rust-binding.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/build-rust-binding.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-rust-binding.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/build-rust-binding.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-rust-binding.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/build-rust-binding.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-rust-binding.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/build-rust-binding.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-rust-binding.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/build-rust-binding.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-rust-binding.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/build-rust-binding.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-rust-wasm.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/build-rust-wasm.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-rust-wasm.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/build-rust-wasm.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-rust-wasm.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/build-rust-wasm.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-rust-wasm.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/build-rust-wasm.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dependabot-update-lockfile.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/dependabot-update-lockfile.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dependabot-update-lockfile.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/dependabot-update-lockfile.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-update-lockfile.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/dependabot-update-lockfile.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/nodejs.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nodejs.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/nodejs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/nodejs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/nodejs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/nodejs.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nodejs.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/nodejs.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nodejs.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/nodejs.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nodejs.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/nodejs.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nodejs.yml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/nodejs.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nodejs.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/nodejs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:156: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/nodejs.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/nodejs.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/nodejs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/nodejs.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/publish.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/publish.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:171: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:177: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:283: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/publish.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:364: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/publish.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:376: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:408: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:421: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-components-types.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/sync-components-types.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-components-types.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/sync-components-types.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-components-types.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/sync-components-types.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-components-types.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/sync-components-types.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-components-types.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/sync-components-types.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/sync-components-types.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/NervJS/taro/sync-components-types.yml/main?enable=pin
Info: 0 out of 27 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 19 third-party GitHubAction dependencies pinned

0

SAST

Determines if the project uses static code analysis.

0

Fuzzing

Determines if the project uses fuzzing.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

128 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: RUSTSEC-2021-0139
Warn: Project is vulnerable to: RUSTSEC-2021-0145 / GHSA-g98v-hv3f-hcfr
Warn: Project is vulnerable to: RUSTSEC-2024-0375
Warn: Project is vulnerable to: RUSTSEC-2020-0095
Warn: Project is vulnerable to: RUSTSEC-2024-0421 / GHSA-h97m-ww89-6jmq
Warn: Project is vulnerable to: RUSTSEC-2024-0019 / GHSA-r8w9-5wcg-vfj7
Warn: Project is vulnerable to: GHSA-4p46-pwfr-66x6
Warn: Project is vulnerable to: RUSTSEC-2025-0009
Warn: Project is vulnerable to: GHSA-c86p-w88r-qvqr
Warn: Project is vulnerable to: RUSTSEC-2024-0336 / GHSA-6g7w-8wpp-frhj
Warn: Project is vulnerable to: GHSA-rr8g-9fpq-6wmg
Warn: Project is vulnerable to: RUSTSEC-2025-0023
Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-whgm-jr23-g3j9
Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx
Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
Warn: Project is vulnerable to: GHSA-phwq-j96m-2c2q
Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh
Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
Warn: Project is vulnerable to: GHSA-6h5x-7c5m-7cr7
Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
Warn: Project is vulnerable to: GHSA-8jmw-wjr8-2x66
Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m
Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5
Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp
Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq
Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr
Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765
Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6
Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59
Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-f5xg-cfpj-2mw6
Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq
Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
Warn: Project is vulnerable to: GHSA-fhg7-m89q-25r3
Warn: Project is vulnerable to: GHSA-hgjh-723h-mx2j
Warn: Project is vulnerable to: GHSA-jf5r-8hm2-f872
Warn: Project is vulnerable to: GHSA-4w2j-2rg4-5mjw
Warn: Project is vulnerable to: GHSA-mrgp-mrhc-5jrq
Warn: Project is vulnerable to: GHSA-7jxr-cg7f-gpgv
Warn: Project is vulnerable to: GHSA-xj72-wvfv-8985
Warn: Project is vulnerable to: GHSA-ch3r-j5x3-6q2m
Warn: Project is vulnerable to: GHSA-p5gc-c584-jj6v
Warn: Project is vulnerable to: GHSA-whpj-8f3w-67p5
Warn: Project is vulnerable to: GHSA-cchq-frgv-rjh5
Warn: Project is vulnerable to: GHSA-g644-9gfx-q4q4
Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx
Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v
Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc
Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Warn: Project is vulnerable to: GHSA-c2jc-4fpr-4vhg
Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
Warn: Project is vulnerable to: GHSA-4www-5p9h-95mh
Warn: Project is vulnerable to: GHSA-9gqv-wp59-fq42
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j
Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
Warn: Project is vulnerable to: GHSA-3p22-ghq8-v749
Warn: Project is vulnerable to: GHSA-77xc-hjv8-ww97
Warn: Project is vulnerable to: GHSA-mq8j-3h7h-p8g7
Warn: Project is vulnerable to: GHSA-p2jh-44qj-pf2v
Warn: Project is vulnerable to: GHSA-p7v2-p9m8-qqg7
Warn: Project is vulnerable to: GHSA-7x97-j373-85x5
Warn: Project is vulnerable to: GHSA-7m48-wc93-9g85
Warn: Project is vulnerable to: GHSA-qqvq-6xgj-jw8g
Warn: Project is vulnerable to: GHSA-6r2x-8pq8-9489
Warn: Project is vulnerable to: GHSA-6fx8-h7jm-663j
Warn: Project is vulnerable to: GHSA-rxrc-rgv4-jpvx
Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx
Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v
Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4
Warn: Project is vulnerable to: GHSA-859w-5945-r5v3

Score

5.5

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More