Installations
npm install mobx-react
Developer Guide
Typescript
Yes
Module System
CommonJS
Node Version
22.11.0
NPM Version
10.9.0
Score
88.9
Supply Chain
98.4
Quality
87
Maintenance
100
Vulnerability
100
License
Releases
mobx-react@9.2.0
Published on 11 Dec 2024
mobx-react-lite@4.1.0
Published on 11 Dec 2024
eslint-plugin-mobx@0.0.13
Published on 21 Oct 2024
eslint-plugin-mobx@0.0.12
Published on 20 Oct 2024
mobx@6.13.5
Published on 16 Oct 2024
mobx@6.13.4
Published on 15 Oct 2024
Contributors
Languages
TypeScript (54.82%)
JavaScript (42.83%)
HTML (2.05%)
CSS (0.29%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
27,642 Stars
3,318 Commits
1,775 Forks
341 Watching
31 Branches
337 Contributors
Bundle Size
15.83 kB
Minified
5.31 kB
Minified + Gzipped
Sponsor this package
Package Meta Information
Latest Version
9.2.0
Package Id
mobx-react@9.2.0
Unpacked Size
634.46 kB
Size
165.86 kB
File Count
47
NPM Version
10.9.0
Node Version
22.11.0
Publised On
11 Dec 2024
Total Downloads
Cumulative downloads
Total Downloads
0
Last day
0%
0
Compared to previous day
Last week
0%
0
Compared to previous week
Last month
0%
0
Compared to previous month
Last year
0%
0
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
3
mobx-react
Package with React component wrapper for combining React with MobX.
Exports the observer
decorator and other utilities.
For documentation, see the MobX project.
This package supports both React and React Native.
Compatibility matrix
Only the latest version is actively maintained. If you're missing a fix or a feature in older version, consider upgrading or using patch-package
NPM Version | Support MobX version | Supported React versions | Added support for: |
---|---|---|---|
v9 | 6.* | >16.8 | Hooks, React 18.2 in strict mode |
v7 | 6.* | >16.8 < 18.2 | Hooks |
v6 | 4.* / 5.* | >16.8 <17 | Hooks |
v5 | 4.* / 5.* | >0.13 <17 | No, but it is possible to use <Observer> sections inside hook based components |
mobx-react 6 / 7 is a repackage of the smaller mobx-react-lite package + following features from the mobx-react@5
package added:
- Support for class based components for
observer
and@observer
Provider / inject
to pass stores around (but consider to useReact.createContext
instead)PropTypes
to describe observable based property checkers (but consider to use TypeScript instead)- The
disposeOnUnmount
utility / decorator to easily clean up resources such as reactions created in your class based components.
Installation
npm install mobx-react --save
Or CDN: https://unpkg.com/mobx-react (UMD namespace: mobxReact
)
1import { observer } from "mobx-react"
This package provides the bindings for MobX and React. See the official documentation for how to get started.
For greenfield projects you might want to consider to use mobx-react-lite, if you intend to only use function based components. React.createContext
can be used to pass stores around.
API documentation
Please check mobx.js.org for the general documentation. The documentation below highlights some specifics.
observer(component)
Function (and decorator) that converts a React component definition, React component class, or stand-alone render function, into a reactive component. A converted component will track which observables are used by its effective render
and automatically re-render the component when one of these values changes.
Functional Components
React.memo
is automatically applied to functional components provided to observer
. observer
does not accept a functional component already wrapped in React.memo
, or an observer
, in order to avoid consequences that might arise as a result of wrapping it twice.
Class Components
shouldComponentUpdate
is not supported. As such, it is recommended that class components extend React.PureComponent
. The observer
will automatically patch non-pure class components with an internal implementation of React.PureComponent
if necessary.
Extending observer
class components is not supported. Always apply observer
only on the last class in the inheritance chain.
See the MobX documentation for more details.
1import { observer } from "mobx-react" 2 3// ---- ES6 syntax ---- 4const TodoView = observer( 5 class TodoView extends React.Component { 6 render() { 7 return <div>{this.props.todo.title}</div> 8 } 9 } 10) 11 12// ---- ESNext syntax with decorator syntax enabled ---- 13@observer 14class TodoView extends React.Component { 15 render() { 16 return <div>{this.props.todo.title}</div> 17 } 18} 19 20// ---- or just use function components: ---- 21const TodoView = observer(({ todo }) => <div>{todo.title}</div>)
Note on using props and state in derivations
mobx-react
version 6 and lower would automatically turn this.state
and this.props
into observables.
This has the benefit that computed properties and reactions were able to observe those.
However, since this pattern is fundamentally incompatible with StrictMode
in React 18.2 and higher, this behavior has been removed in React 18.
As a result, we recommend to no longer mark properties as @computed
in observer components if they depend on this.state
or this.props
.
1@observer 2class Doubler extends React.Component<{ counter: number }> { 3 @computed // BROKEN! <-- @computed should be removed in mobx-react > 7 4 get doubleValue() { 5 // Changes to this.props will no longer be detected properly, to fix it, 6 // remove the @computed annotation. 7 return this.props * 2 8 } 9 10 render() { 11 return <div>{this.doubleValue}</div> 12 } 13}
Similarly, reactions will no longer respond to this.state
/ this.props
. This can be overcome by creating an observable copy:
1@observer 2class Alerter extends React.Component<{ counter: number }> { 3 @observable observableCounter: number 4 reactionDisposer 5 6 constructor(props) { 7 this.observableCounter = counter 8 } 9 10 componentDidMount() { 11 // set up a reaction, by observing the observable, 12 // rather than the prop which is non-reactive: 13 this.reactionDisposer = autorun(() => { 14 if (this.observableCounter > 10) { 15 alert("Reached 10!") 16 } 17 }) 18 } 19 20 componentDidUpdate() { 21 // sync the observable from props 22 this.observableCounter = this.props.counter 23 } 24 25 componentWillUnmount() { 26 this.reactionDisposer() 27 } 28 29 render() { 30 return <div>{this.props.counter}</div> 31 } 32}
MobX-react will try to detect cases where this.props
, this.state
or this.context
are used by any other derivation than the render
method of the owning component and throw.
This is to make sure that neither computed properties, nor reactions, nor other components accidentally rely on those fields to be reactive.
This includes cases where a render callback is passed to a child, that will read from the props or state of a parent component.
As a result, passing a function that might later read a property of a parent in a reactive context will throw as well.
Instead, when using a callback function that is being passed to an observer
based child, the capture should be captured locally first:
1@observer 2class ChildWrapper extends React.Component<{ counter: number }> { 3 render() { 4 // Collapsible is an observer component that should respond to this.counter, 5 // if it is expanded 6 7 // BAD: 8 return <Collapsible onRenderContent={() => <h1>{this.props.counter}</h1>} /> 9 10 // GOOD: (causes to pass down a fresh callback whenever counter changes, 11 // that doesn't depend on its parents props) 12 const counter = this.props.counter 13 return <Collapsible onRenderContent={() => <h1>{counter}</h1>} /> 14 } 15}
Observer
Observer
is a React component, which applies observer
to an anonymous region in your component.
It takes as children a single, argumentless function which should return exactly one React component.
The rendering in the function will be tracked and automatically re-rendered when needed.
This can come in handy when needing to pass render function to external components (for example the React Native listview), or if you
dislike the observer
decorator / function.
1class App extends React.Component { 2 render() { 3 return ( 4 <div> 5 {this.props.person.name} 6 <Observer>{() => <div>{this.props.person.name}</div>}</Observer> 7 </div> 8 ) 9 } 10} 11 12const person = observable({ name: "John" }) 13 14ReactDOM.render(<App person={person} />, document.body) 15person.name = "Mike" // will cause the Observer region to re-render
In case you are a fan of render props, you can use that instead of children. Be advised, that you cannot use both approaches at once, children have a precedence. Example
1class App extends React.Component { 2 render() { 3 return ( 4 <div> 5 {this.props.person.name} 6 <Observer render={() => <div>{this.props.person.name}</div>} /> 7 </div> 8 ) 9 } 10} 11 12const person = observable({ name: "John" }) 13 14ReactDOM.render(<App person={person} />, document.body) 15person.name = "Mike" // will cause the Observer region to re-render
useLocalObservable
hook
Local observable state can be introduced by using the useLocalObservable
hook, that runs once to create an observable store. A quick example would be:
1import { useLocalObservable, Observer } from "mobx-react-lite" 2 3const Todo = () => { 4 const todo = useLocalObservable(() => ({ 5 title: "Test", 6 done: true, 7 toggle() { 8 this.done = !this.done 9 } 10 })) 11 12 return ( 13 <Observer> 14 {() => ( 15 <h1 onClick={todo.toggle}> 16 {todo.title} {todo.done ? "[DONE]" : "[TODO]"} 17 </h1> 18 )} 19 </Observer> 20 ) 21}
When using useLocalObservable
, all properties of the returned object will be made observable automatically, getters will be turned into computed properties, and methods will be bound to the store and apply mobx transactions automatically. If new class instances are returned from the initializer, they will be kept as is.
It is important to realize that the store is created only once! It is not possible to specify dependencies to force re-creation, nor should you directly be referring to props for the initializer function, as changes in those won't propagate.
Instead, if your store needs to refer to props (or useState
based local state), the useLocalObservable
should be combined with the useAsObservableSource
hook, see below.
Note that in many cases it is possible to extract the initializer function to a function outside the component definition. Which makes it possible to test the store itself in a more straight-forward manner, and avoids creating the initializer closure on each re-render.
Note: using useLocalObservable
is mostly beneficial for really complex local state, or to obtain more uniform code base. Note that using a local store might conflict with future React features like concurrent rendering.
Server Side Rendering with enableStaticRendering
When using server side rendering, normal lifecycle hooks of React components are not fired, as the components are rendered only once.
Since components are never unmounted, observer
components would in this case leak memory when being rendered server side.
To avoid leaking memory, call enableStaticRendering(true)
when using server side rendering.
1import { enableStaticRendering } from "mobx-react" 2 3enableStaticRendering(true)
This makes sure the component won't try to react to any future data changes.
Which components should be marked with observer
?
The simple rule of thumb is: all components that render observable data. If you don't want to mark a component as observer, for example to reduce the dependencies of a generic component package, make sure you only pass it plain data.
Enabling decorators (optional)
Decorators are currently a stage-2 ESNext feature. How to enable them is documented here.
Should I still use smart and dumb components?
See this thread.
TL;DR: the conceptual distinction makes a lot of sense when using MobX as well, but use observer
on all components.
PropTypes
MobX-react provides the following additional PropTypes
which can be used to validate against MobX structures:
observableArray
observableArrayOf(React.PropTypes.number)
observableMap
observableObject
arrayOrObservableArray
arrayOrObservableArrayOf(React.PropTypes.number)
objectOrObservableObject
Use import { PropTypes } from "mobx-react"
to import them, then use for example PropTypes.observableArray
Provider
and inject
Note: usually there is no need anymore to use Provider
/ inject
in new code bases; most of its features are now covered by React.createContext
.
Provider
is a component that can pass stores (or other stuff) using React's context mechanism to child components.
This is useful if you have things that you don't want to pass through multiple layers of components explicitly.
inject
can be used to pick up those stores. It is a higher order component that takes a list of strings and makes those stores available to the wrapped component.
Example (based on the official context docs):
1@inject("color") 2@observer 3class Button extends React.Component { 4 render() { 5 return <button style={{ background: this.props.color }}>{this.props.children}</button> 6 } 7} 8 9class Message extends React.Component { 10 render() { 11 return ( 12 <div> 13 {this.props.text} <Button>Delete</Button> 14 </div> 15 ) 16 } 17} 18 19class MessageList extends React.Component { 20 render() { 21 const children = this.props.messages.map(message => <Message text={message.text} />) 22 return ( 23 <Provider color="red"> 24 <div>{children}</div> 25 </Provider> 26 ) 27 } 28}
Notes:
- It is possible to read the stores provided by
Provider
usingReact.useContext
, by using theMobXProviderContext
context that can be imported frommobx-react
. - If a component asks for a store and receives a store via a property with the same name, the property takes precedence. Use this to your advantage when testing!
- When using both
@inject
and@observer
, make sure to apply them in the correct order:observer
should be the inner decorator,inject
the outer. There might be additional decorators in between. - The original component wrapped by
inject
is available as thewrappedComponent
property of the created higher order component.
"The set of provided stores has changed" error
Values provided through Provider
should be final. Make sure that if you put things in context
that might change over time, that they are @observable
or provide some other means to listen to changes, like callbacks. However, if your stores will change over time, like an observable value of another store, MobX will throw an error.
This restriction exists mainly for legacy reasons. If you have a scenario where you need to modify the set of stores, please leave a comment about it in this issue https://github.com/mobxjs/mobx-react/issues/745. Or a preferred way is to use React Context directly which does not have this restriction.
Inject as function
The above example in ES5 would start like:
1var Button = inject("color")( 2 observer( 3 class Button extends Component { 4 /* ... etc ... */ 5 } 6 ) 7)
A functional stateless component would look like:
1var Button = inject("color")( 2 observer(({ color }) => { 3 /* ... etc ... */ 4 }) 5)
Customizing inject
Instead of passing a list of store names, it is also possible to create a custom mapper function and pass it to inject. The mapper function receives all stores as argument, the properties with which the components are invoked and the context, and should produce a new set of properties, that are mapped into the original:
mapperFunction: (allStores, props, context) => additionalProps
Since version 4.0 the mapperFunction
itself is tracked as well, so it is possible to do things like:
1const NameDisplayer = ({ name }) => <h1>{name}</h1> 2 3const UserNameDisplayer = inject(stores => ({ 4 name: stores.userStore.name 5}))(NameDisplayer) 6 7const user = mobx.observable({ 8 name: "Noa" 9}) 10 11const App = () => ( 12 <Provider userStore={user}> 13 <UserNameDisplayer /> 14 </Provider> 15) 16 17ReactDOM.render(<App />, document.body)
N.B. note that in this specific case neither NameDisplayer
nor UserNameDisplayer
needs to be decorated with observer
, since the observable dereferencing is done in the mapper function
Using PropTypes
and defaultProps
and other static properties in combination with inject
Inject wraps a new component around the component you pass into it. This means that assigning a static property to the resulting component, will be applied to the HoC, and not to the original component. So if you take the following example:
1const UserName = inject("userStore")(({ userStore, bold }) => someRendering()) 2 3UserName.propTypes = { 4 bold: PropTypes.boolean.isRequired, 5 userStore: PropTypes.object.isRequired // will always fail 6}
The above propTypes are incorrect, bold
needs to be provided by the caller of the UserName
component and is checked by React.
However, userStore
does not need to be required! Although it is required for the original stateless function component, it is not
required for the resulting inject component. After all, the whole point of that component is to provide that userStore
itself.
So if you want to make assertions on the data that is being injected (either stores or data resulting from a mapper function), the propTypes
should be defined on the wrapped component. Which is available through the static property wrappedComponent
on the inject component:
1const UserName = inject("userStore")(({ userStore, bold }) => someRendering()) 2 3UserName.propTypes = { 4 bold: PropTypes.boolean.isRequired // could be defined either here ... 5} 6 7UserName.wrappedComponent.propTypes = { 8 // ... or here 9 userStore: PropTypes.object.isRequired // correct 10}
The same principle applies to defaultProps
and other static React properties.
Note that it is not allowed to redefine contextTypes
on inject
components (but is possible to define it on wrappedComponent
)
Finally, mobx-react will automatically move non React related static properties from wrappedComponent to the inject component so that all static fields are
actually available to the outside world without needing .wrappedComponent
.
Strongly typing inject
With TypeScript
inject
also accepts a function ((allStores, nextProps, nextContext) => additionalProps
) that can be used to pick all the desired stores from the available stores like this.
The additionalProps
will be merged into the original nextProps
before being provided to the next component.
1import { IUserStore } from "myStore" 2 3@inject(allStores => ({ 4 userStore: allStores.userStore as IUserStore 5})) 6class MyComponent extends React.Component<{ userStore?: IUserStore; otherProp: number }, {}> { 7 /* etc */ 8}
Make sure to mark userStore
as an optional property. It should not (necessarily) be passed in by parent components at all!
Note: If you have strict null checking enabled, you could muffle the nullable type by using the !
operator:
public render() {
const {a, b} = this.store!
// ...
}
Testing store injection
It is allowed to pass any declared store in directly as a property as well. This makes it easy to set up individual component tests without a provider.
So if you have in your app something like:
1<Provider profile={profile}> 2 <Person age={"30"} /> 3</Provider>
In your test you can easily test the Person
component by passing the necessary store as prop directly:
const profile = new Profile()
const mountedComponent = mount(
<Person age={'30'} profile={profile} />
)
Bear in mind that using shallow rendering won't provide any useful results when testing injected components; only the injector will be rendered.
To test with shallow rendering, instantiate the wrappedComponent
instead: shallow(<Person.wrappedComponent />)
disposeOnUnmount(componentInstance, propertyKey | function | function[])
Function (and decorator) that makes sure a function (usually a disposer such as the ones returned by reaction
, autorun
, etc.) is automatically executed as part of the componentWillUnmount lifecycle event.
1import { disposeOnUnmount } from "mobx-react" 2 3class SomeComponent extends React.Component { 4 // decorator version 5 @disposeOnUnmount 6 someReactionDisposer = reaction(...) 7 8 // decorator version with arrays 9 @disposeOnUnmount 10 someReactionDisposers = [ 11 reaction(...), 12 reaction(...) 13 ] 14 15 16 // function version over properties 17 someReactionDisposer = disposeOnUnmount(this, reaction(...)) 18 19 // function version inside methods 20 componentDidMount() { 21 // single function 22 disposeOnUnmount(this, reaction(...)) 23 24 // or function array 25 disposeOnUnmount(this, [ 26 reaction(...), 27 reaction(...) 28 ]) 29 } 30}
DevTools
mobx-react@6
and higher are no longer compatible with the mobx-react-devtools.
That is, the MobX react devtools will no longer show render timings or dependency trees of the component.
The reason is that the standard React devtools are also capable of highlighting re-rendering components.
And the dependency tree of a component can now be inspected by the standard devtools as well, as shown in the image below:
FAQ
Should I use observer
for each component?
You should use observer
on every component that displays observable data.
Even the small ones. observer
allows components to render independently from their parent and in general this means that
the more you use observer
, the better the performance become.
The overhead of observer
itself is negligible.
See also Do child components need @observer
?
I see React warnings about forceUpdate
/ setState
from React
The following warning will appear if you trigger a re-rendering between instantiating and rendering a component:
Warning: forceUpdate(...): Cannot update during an existing state transition (such as within `render`). Render methods should be a pure function of props and state.`
-- or --
Warning: setState(...): Cannot update during an existing state transition (such as within `render` or another component's constructor). Render methods should be a pure function of props and state; constructor side-effects are an anti-pattern, but can be moved to `componentWillMount`.
Usually this means that (another) component is trying to modify observables used by this components in their constructor
or getInitialState
methods.
This violates the React Lifecycle, componentWillMount
should be used instead if state needs to be modified before mounting.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
20 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
- Info: Found text in security policy: SECURITY.md:1
Reason
Found 13/18 approved changesets -- score normalized to 7
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/build_and_test.yml:1
- Warn: no topLevel permission defined: .github/workflows/coveralls.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/mobxjs/mobx/build_and_test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_and_test.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/mobxjs/mobx/build_and_test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coveralls.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/mobxjs/mobx/coveralls.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/coveralls.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/mobxjs/mobx/coveralls.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/coveralls.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/mobxjs/mobx/coveralls.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/mobxjs/mobx/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/mobxjs/mobx/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/mobxjs/mobx/release.yml/main?enable=pin
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 28 are checked with a SAST tool
Reason
98 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m / GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
- Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25
- Warn: Project is vulnerable to: GHSA-pp7h-53gx-mx7r
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-257v-vj4p-3w2h
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-qgfr-5hqp-vrw9
- Warn: Project is vulnerable to: GHSA-ff7x-qrg7-qggm
- Warn: Project is vulnerable to: GHSA-6h5x-7c5m-7cr7
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-8r6j-v8pm-fqw3
- Warn: Project is vulnerable to: MAL-2023-462
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-vfrc-7r7c-w9mx
- Warn: Project is vulnerable to: GHSA-7wwv-vh3v-89cq
- Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
- Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
- Warn: Project is vulnerable to: GHSA-7r28-3m3f-r2pr
- Warn: Project is vulnerable to: GHSA-r8j5-h5cx-65gg
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp
- Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
- Warn: Project is vulnerable to: GHSA-hwj9-h5mp-3pm3
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-wvhm-4hhf-97x9
- Warn: Project is vulnerable to: GHSA-h4hr-7fg3-h35w
- Warn: Project is vulnerable to: GHSA-gj77-59wh-66hg
- Warn: Project is vulnerable to: GHSA-hqhp-5p83-hx96
- Warn: Project is vulnerable to: GHSA-3949-f494-cm99
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-5q6m-3h65-w53x
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx
- Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-jv35-xqg7-f92r
- Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7
- Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
- Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
- Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
- Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw
- Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc
- Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
- Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-9m6j-fcg5-2442
- Warn: Project is vulnerable to: GHSA-hh27-ffr2-f2jc
- Warn: Project is vulnerable to: GHSA-rqff-837h-mm52
- Warn: Project is vulnerable to: GHSA-8v38-pw62-9cw2
- Warn: Project is vulnerable to: GHSA-hgjh-723h-mx2j
- Warn: Project is vulnerable to: GHSA-jf5r-8hm2-f872
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
- Warn: Project is vulnerable to: GHSA-g78m-2chm-r7qv
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-7q7g-4xm8-89cq
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546
- Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx
- Warn: Project is vulnerable to: GHSA-wrvr-8mpx-r7pp
- Warn: Project is vulnerable to: GHSA-3j8f-xvm3-ffx4
- Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2
- Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v
Score
5.1
/10
Last Scanned on 2024-12-16
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More