npmpackage.info

Gathering detailed insights and metrics for jszip

Other packages similar to jszip

jszip-utils

0.1.0

A collection of cross-browser utilities to go along with JSZip.

@types/jszip

3.4.1

Type definitions for JSZip from https://www.github.com/DefinitelyTyped/DefinitelyTyped

fflate

0.8.2

High performance (de)compression in an 8kB package

@progress/jszip-esm

1.0.4

JSZip fork with bundler-friendly packaging

Gathering detailed insights and metrics for jszip

jszip

Create, read and edit .zip files with Javascript

3.10.1

9,887

NOASSERTION

JavaScript

27.57 kB

1,572,843,442 2.6

Installations

npm install jszip

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS, UMD

Node Version

14.19.3

NPM Version

6.14.17 Score

96.8

Supply Chain

79.6

Quality

78.9

Maintenance

100

Vulnerability

87.6

License

Pull Requests

Open

38

Total

242

Closed

37

Merged

167

Issues

Open

384

Total

693

Closed

309

Releases

Unable to fetch releases

Contributors

Unable to fetch Contributors

View all 54 contributors

Languages

JavaScript

HTML

JavaScript (97.35%)

HTML (2.65%)

Developer

Stuk

Download Statistics

Total Downloads

1,572,843,442

Last Day

1,684,782

Last Week

7,522,282

Last Month

34,404,299

Last Year

410,914,461

GitHub Statistics

9,887 Stars

736 Commits

1,313 Forks

130 Watching

7 Branches

54 Contributors

Bundle Size

94.92 kB

Minified

27.57 kB

Minified + Gzipped

Bundlephobia

Maintainers

Package Meta Information

Latest Version

3.10.1

Package Id

jszip@3.10.1

Unpacked Size

744.14 kB

Size

190.51 kB

File Count

NPM Version

6.14.17

Node Version

14.19.3

Total Downloads

Cumulative downloads

Total Downloads

1,572,843,442

Last day

-6.8%

1,684,782

Compared to previous day

Last week

-17.1%

7,522,282

Compared to previous week

Last month

4.5%

34,404,299

Compared to previous month

Last year

24.4%

410,914,461

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

lie pako readable-stream setimmediate

Dev Dependencies

benchmark browserify eslint grunt grunt-browserify grunt-cli grunt-contrib-uglify http-server jszip-utils package-json-versionify playwright qunit tmp typescript

Versions

JSZip

A library for creating, reading and editing .zip files with JavaScript, with a lovely and simple API.

See https://stuk.github.io/jszip for all the documentation.

1const zip = new JSZip();
2
3zip.file("Hello.txt", "Hello World\n");
4
5const img = zip.folder("images");
6img.file("smile.gif", imgData, {base64: true});
7
8zip.generateAsync({type:"blob"}).then(function(content) {
9    // see FileSaver.js
10    saveAs(content, "example.zip");
11});
12
13/*
14Results in a zip containing
15Hello.txt
16images/
17    smile.gif
18*/

License

JSZip is dual-licensed. You may use it under the MIT license or the GPLv3 license. See LICENSE.markdown.

Stable Version

3.10.1

MODERATE

7.3/10

Summary

JSZip contains Path Traversal via loadAsync

Affected Versions

< 3.8.0

Patched Versions

3.8.0

MODERATE

5.3/10

Summary

jszip Vulnerable to Prototype Pollution

Affected Versions

< 2.7.0

Patched Versions

2.7.0

MODERATE

5.3/10

Summary

jszip Vulnerable to Prototype Pollution

Affected Versions

>= 3.0.0, < 3.7.0

Patched Versions

3.7.0

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

9

License

Determines if the project has defined a license.

1

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

56 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx
Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
Warn: Project is vulnerable to: GHSA-hc9w-4p87-j549
Warn: Project is vulnerable to: GHSA-wg6g-ppvx-927h
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-vh7m-p724-62c2
Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w
Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q
Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c
Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
Warn: Project is vulnerable to: GHSA-8r6j-v8pm-fqw3
Warn: Project is vulnerable to: MAL-2023-462
Warn: Project is vulnerable to: GHSA-957j-59c2-j692
Warn: Project is vulnerable to: GHSA-m5pj-vjjf-4m3h
Warn: Project is vulnerable to: GHSA-j383-35pm-c5h4
Warn: Project is vulnerable to: GHSA-rm36-94g8-835r
Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
Warn: Project is vulnerable to: GHSA-xvf7-4v9q-58w6
Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546
Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx
Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
Warn: Project is vulnerable to: GHSA-fvqr-27wr-82fm
Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574
Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm
Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-hxm2-r34f-qmc5
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-6g33-f262-xjp4
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7
Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw
Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc
Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-cf4h-3jhx-xvhq
Warn: Project is vulnerable to: GHSA-v2p6-4mp7-3r9v
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q

Score

2.6

/10

Last Scanned on 2025-01-27

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More