npmpackage.info

Gathering detailed insights and metrics for lodash

Other packages similar to lodash

@types/lodash

4.17.20

TypeScript definitions for lodash

lodash-es

4.17.21

Lodash exported as ES modules.

lodash.debounce

4.0.8

The lodash method `_.debounce` exported as a module.

lodash.uniq

4.5.0

The lodash method `_.uniq` exported as a module.

Gathering detailed insights and metrics for lodash

lodash - 4.17.21 | npmpackage.info

lodash

A modern JavaScript utility library delivering modularity, performance, & extras.

4.17.21

60,720

NOASSERTION

JavaScript

16,027,866,006 4.2

Installations

npm install lodash

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Node Version

14.15.5

NPM Version

6.14.11 Score

99.6

Supply Chain

85.1

Quality

79.9

Maintenance

100

Vulnerability

99.6

License

Pull Requests

Open

32

Total

1,448

Closed

835

Merged

581

Issues

Open

82

Total

4,310

Closed

4,228

Releases

4.0.0

Updated on Jan 12, 2016

3.0.0

Updated on Jan 26, 2015

View All 2 releases

Languages

JavaScript

HTML

EJS

JavaScript (97.22%)

HTML (2.24%)

EJS (0.53%)

Developer

lodash

Download Statistics

Total Downloads

16,027,866,006

Last Day

12,255,551

Last Week

75,365,620

Last Month

370,353,286

Last Year

3,090,773,307

GitHub Statistics

NOASSERTION License

60,720 Stars

7,666 Commits

7,064 Forks

819 Watchers

7 Branches

300 Contributors

Updated on Jul 11, 2025

Maintainers

View All 300 Contributors

Package Meta Information

Latest Version

4.17.21

Package Id

lodash@4.17.21

Size

311.49 kB

NPM Version

6.14.11

Node Version

14.15.5

Published on

Feb 20, 2021

Total Downloads

Cumulative downloads

Total Downloads

16,027,866,006

Last Day

-2.3%

12,255,551

Compared to previous day

Last Week

-12.1%

75,365,620

Compared to previous week

Last Month

20.6%

370,353,286

Compared to previous month

Last Year

22.2%

3,090,773,307

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

No dependencies detected.

lodash v4.17.21

The Lodash library exported as Node.js modules.

Installation

Using npm:

1$ npm i -g npm
2$ npm i --save lodash

In Node.js:

1// Load the full build.
2var _ = require('lodash');
3// Load the core build.
4var _ = require('lodash/core');
5// Load the FP build for immutable auto-curried iteratee-first data-last methods.
6var fp = require('lodash/fp');
7
8// Load method categories.
9var array = require('lodash/array');
10var object = require('lodash/fp/object');
11
12// Cherry-pick methods for smaller browserify/rollup/webpack bundles.
13var at = require('lodash/at');
14var curryN = require('lodash/fp/curryN');

See the package source for more details.

Note:
Install n_ for Lodash use in the Node.js < 6 REPL.

Support

Tested in Chrome 74-75, Firefox 66-67, IE 11, Edge 18, Safari 11-12, & Node.js 8-12.
Automated browser & CI test runs are available.

Critical

9.1/10

Summary

Prototype Pollution in lodash

Affected Versions

< 4.17.12

Patched Versions

4.17.12

High

7.2/10

Summary

Command Injection in lodash

Affected Versions

< 4.17.21

Patched Versions

4.17.21

High

0/10

Summary

Prototype Pollution in lodash

Affected Versions

< 4.17.11

Patched Versions

4.17.11

High

7.4/10

Summary

Prototype Pollution in lodash

Affected Versions

>= 3.7.0, < 4.17.19

Patched Versions

4.17.19

Moderate

6.5/10

Summary

Prototype Pollution in lodash

Affected Versions

< 4.17.5

Patched Versions

4.17.5

Moderate

5.3/10

Summary

Regular Expression Denial of Service (ReDoS) in lodash

Affected Versions

< 4.17.21

Patched Versions

4.17.21

Moderate

0/10

Summary

Regular Expression Denial of Service (ReDoS) in lodash

Affected Versions

< 4.17.11

Patched Versions

4.17.11

10

Security-Policy

Determines if the project has published a security policy.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Fuzzing

Determines if the project uses fuzzing.

9

License

Determines if the project has defined a license.

2

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

92 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-pp7h-53gx-mx7r
Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx
Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-p28h-cc7q-c4fg
Warn: Project is vulnerable to: GHSA-jxfh-8wgv-vfr2
Warn: Project is vulnerable to: GHSA-m8gw-hjpr-rjv7
Warn: Project is vulnerable to: GHSA-jc84-3g44-wf2q
Warn: Project is vulnerable to: GHSA-qrmc-fj45-qfc2
Warn: Project is vulnerable to: GHSA-8r6j-v8pm-fqw3
Warn: Project is vulnerable to: MAL-2023-462
Warn: Project is vulnerable to: GHSA-w457-6q6x-cgp9
Warn: Project is vulnerable to: GHSA-62gr-4qp9-h98f
Warn: Project is vulnerable to: GHSA-f52g-6jhx-586p
Warn: Project is vulnerable to: GHSA-2cf5-4w76-r9qv
Warn: Project is vulnerable to: GHSA-3cqr-58rm-57f8
Warn: Project is vulnerable to: GHSA-g9r4-xpmj-mj65
Warn: Project is vulnerable to: GHSA-q2c6-c6pm-g3gh
Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44
Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988
Warn: Project is vulnerable to: GHSA-jcpv-g9rr-qxrc
Warn: Project is vulnerable to: GHSA-44pw-h2cw-w3vq
Warn: Project is vulnerable to: GHSA-jp4x-w63m-7wgm
Warn: Project is vulnerable to: GHSA-c429-5p7v-vgjp
Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
Warn: Project is vulnerable to: GHSA-x55w-vjjp-222r
Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
Warn: Project is vulnerable to: GHSA-gxr4-xjj5-5px2
Warn: Project is vulnerable to: GHSA-jpcq-cgw6-v4j6
Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546
Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx
Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
Warn: Project is vulnerable to: GHSA-282f-qqgm-c34q
Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp
Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
Warn: Project is vulnerable to: GHSA-fvqr-27wr-82fm
Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574
Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm
Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-wrvr-8mpx-r7pp
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
Warn: Project is vulnerable to: GHSA-g6ww-v8xp-vmwg
Warn: Project is vulnerable to: GHSA-gqgv-6jq5-jjj9
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-7xfp-9c55-5vqj
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-x3m3-4wpv-5vgc
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw
Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc
Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-xc7v-wxcw-j472
Warn: Project is vulnerable to: GHSA-cf4h-3jhx-xvhq
Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Warn: Project is vulnerable to: GHSA-832h-xg76-4gv6
Warn: Project is vulnerable to: GHSA-9vvw-cc9w-f27h
Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
Warn: Project is vulnerable to: GHSA-hr2v-3952-633q
Warn: Project is vulnerable to: GHSA-536q-8gxx-m782
Warn: Project is vulnerable to: GHSA-9q64-mpxx-87fg
Warn: Project is vulnerable to: GHSA-xf7w-r453-m56c
Warn: Project is vulnerable to: GHSA-q42p-pg8m-cqh6
Warn: Project is vulnerable to: GHSA-4hpf-3wq7-5rpr
Warn: Project is vulnerable to: GHSA-f522-ffg8-j8r6
Warn: Project is vulnerable to: GHSA-6c3j-c64m-qhgq
Warn: Project is vulnerable to: GHSA-2m96-9w4j-wgv7
Warn: Project is vulnerable to: GHSA-h726-x36v-rx45
Warn: Project is vulnerable to: GHSA-w9mr-4mfr-499f
Warn: Project is vulnerable to: GHSA-6g33-f262-xjp4
Warn: Project is vulnerable to: GHSA-2m39-62fm-q8r3
Warn: Project is vulnerable to: GHSA-mf6x-7mm4-x2g7
Warn: Project is vulnerable to: GHSA-j44m-qm6p-hp7m
Warn: Project is vulnerable to: GHSA-g7q5-pjjr-gqvp

Score

4.2

/10

Last Scanned on 2025-06-30

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More