npmpackage.info

Gathering detailed insights and metrics for jszip

Other packages similar to jszip

jszip-utils

0.1.0

A collection of cross-browser utilities to go along with JSZip.

@types/jszip

3.4.1

Type definitions for JSZip from https://www.github.com/DefinitelyTyped/DefinitelyTyped

fflate

0.8.2

High performance (de)compression in an 8kB package

@progress/jszip-esm

1.0.4

JSZip fork with bundler-friendly packaging

Gathering detailed insights and metrics for jszip

jszip

Create, read and edit .zip files with Javascript

3.10.1

10,087

NOASSERTION

JavaScript

744.14 kB

Installations

npm install jszip

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS, UMD

Node Version

14.19.3

NPM Version

6.14.17 Score

96.7

Supply Chain

79.6

Quality

74.6

Maintenance

100

Vulnerability

80.6

License

Pull Requests

Open

39

Total

245

Closed

37

Merged

169

Issues

Open

369

Total

705

Closed

336

Releases

Unable to fetch releases

Languages

JavaScript

HTML

JavaScript (97.35%)

HTML (2.65%)

Developer

Stuk

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

NOASSERTION License

10,087 Stars

738 Commits

1,316 Forks

130 Watchers

7 Branches

54 Contributors

Updated on Jul 15, 2025

Maintainers

View All 54 Contributors

Package Meta Information

Latest Version

3.10.1

Package Id

jszip@3.10.1

Unpacked Size

744.14 kB

Size

190.51 kB

File Count

NPM Version

6.14.17

Node Version

14.19.3

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

lie pako readable-stream setimmediate

Dev Dependencies

benchmark browserify eslint grunt grunt-browserify grunt-cli grunt-contrib-uglify http-server jszip-utils package-json-versionify playwright qunit tmp typescript

JSZip

A library for creating, reading and editing .zip files with JavaScript, with a lovely and simple API.

See https://stuk.github.io/jszip for all the documentation.

1const zip = new JSZip();
2
3zip.file("Hello.txt", "Hello World\n");
4
5const img = zip.folder("images");
6img.file("smile.gif", imgData, {base64: true});
7
8zip.generateAsync({type:"blob"}).then(function(content) {
9    // see FileSaver.js
10    saveAs(content, "example.zip");
11});
12
13/*
14Results in a zip containing
15Hello.txt
16images/
17    smile.gif
18*/

License

JSZip is dual-licensed. You may use it under the MIT license or the GPLv3 license. See LICENSE.markdown.

Moderate

7.3/10

Summary

JSZip contains Path Traversal via loadAsync

Affected Versions

< 3.8.0

Patched Versions

3.8.0

Moderate

5.3/10

Summary

jszip Vulnerable to Prototype Pollution

Affected Versions

< 2.7.0

Patched Versions

2.7.0

Moderate

5.3/10

Summary

jszip Vulnerable to Prototype Pollution

Affected Versions

>= 3.0.0, < 3.7.0

Patched Versions

3.7.0

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

9

License

Determines if the project has defined a license.

4

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

2

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

58 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx
Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
Warn: Project is vulnerable to: GHSA-hc9w-4p87-j549
Warn: Project is vulnerable to: GHSA-wg6g-ppvx-927h
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-vh7m-p724-62c2
Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w
Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh
Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q
Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c
Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
Warn: Project is vulnerable to: GHSA-8r6j-v8pm-fqw3
Warn: Project is vulnerable to: MAL-2023-462
Warn: Project is vulnerable to: GHSA-957j-59c2-j692
Warn: Project is vulnerable to: GHSA-m5pj-vjjf-4m3h
Warn: Project is vulnerable to: GHSA-j383-35pm-c5h4
Warn: Project is vulnerable to: GHSA-rm36-94g8-835r
Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546
Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx
Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
Warn: Project is vulnerable to: GHSA-fvqr-27wr-82fm
Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574
Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm
Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-hxm2-r34f-qmc5
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6
Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-6g33-f262-xjp4
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7
Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw
Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc
Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-cf4h-3jhx-xvhq
Warn: Project is vulnerable to: GHSA-v2p6-4mp7-3r9v
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7

Score

3

/10

Last Scanned on 2025-07-14

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

jszip - 3.10.1 | npmpackage.info