Gathering detailed insights and metrics for npm
Gathering detailed insights and metrics for npm
Installations
npm install npmDeveloper Guide
BETA
Typescript
No
Module System
CommonJS, ESM
Min. Node Version
^20.17.0 || >=22.9.0
Node Version
22.16.0
NPM Version
11.4.2
Releases
807
libnpmpack: v8.0.1
libnpmpack-v8.0.1
Updated on Jun 25, 2025
libnpmfund: v6.0.1
libnpmfund-v6.0.1
Updated on Jun 25, 2025
libnpmexec: v9.0.1
libnpmexec-v9.0.1
Updated on Jun 25, 2025
libnpmdiff: v7.0.1
libnpmdiff-v7.0.1
Updated on Jun 25, 2025
arborist: v8.0.1
arborist-v8.0.1
Updated on Jun 25, 2025
v10.9.3
v10.9.3
Updated on Jun 25, 2025
Languages
5
JavaScript
Handlebars
Shell
PowerShell
Batchfile
JavaScript (99.7%)
Handlebars (0.19%)
Shell (0.08%)
PowerShell (0.02%)
Batchfile (0.01%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
NOASSERTION License
8,978 Stars
12,812 Commits
3,508 Forks
220 Watchers
43 Branches
926 Contributors
Updated on Jul 12, 2025
Maintainers
6
Package Meta Information
Latest Version
11.4.2
Package Id
npm@11.4.2
Unpacked Size
11.27 MB
Size
2.64 MB
File Count
2,274
NPM Version
11.4.2
Node Version
22.16.0
Published on
Jun 12, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
66
msinitarglobnoptreadssriarchychalkp-mapwhichabbrevpacotesemvercacacheci-infois-cidrminipassnode-gypproc-loglibnpmorgminimatchtreeverse@npmcli/fslibnpmdifflibnpmexeclibnpmfundlibnpmpacklibnpmteamtext-tablecli-columnsfs-minipassgraceful-fsnpm-profilelibnpmaccesslibnpmsearch@sigstore/tuflibnpmpublishlibnpmversion@npmcli/config@npmcli/redactsupports-colorhosted-git-infonpm-package-argqrcode-terminal@npmcli/arboristnpm-audit-reportinit-package-jsonmake-fetch-happenminipass-pipelinenpm-pick-manifestnpm-user-validate@npmcli/run-scriptnpm-install-checksnpm-registry-fetchtiny-relative-datefastest-levenshteinparse-conflict-json@npmcli/package-json@npmcli/promise-spawnspdx-expression-parse@npmcli/map-workspacesnormalize-package-datavalidate-npm-package-name@isaacs/string-locale-comparejson-parse-even-better-errors
npm - a JavaScript package manager
Requirements
You should be running a currently supported version of Node.js to run npm. For a list of which versions of Node.js are currently supported, please see the Node.js releases page.
Installation
npm comes bundled with node, & most third-party distributions, by default. Officially supported downloads/distributions can be found at: nodejs.org/en/download
Direct Download
You can download & install npm directly from npmjs.com using our custom install.sh script:
1curl -qL https://www.npmjs.com/install.sh | sh
Node Version Managers
If you're looking to manage multiple versions of Node.js &/or npm, consider using a node version manager
Usage
1npm <command>
Links & Resources
- Documentation - Official docs & how-tos for all things npm
- Note: you can also search docs locally with
npm help-search <query>
- Note: you can also search docs locally with
- Bug Tracker - Search or submit bugs against the CLI
- Roadmap - Track & follow along with our public roadmap
- Community Feedback and Discussions - Contribute ideas & discussion around the npm registry, website & CLI
- RFCs - Contribute ideas & specifications for the API/design of the npm CLI
- Service Status - Monitor the current status & see incident reports for the website & registry
- Project Status - See the health of all our maintained OSS projects in one view
- Events Calendar - Keep track of our Open RFC calls, releases, meetups, conferences & more
- Support - Experiencing problems with the npm website or registry? File a ticket here
Acknowledgments
npmis configured to use the npm Public Registry at https://registry.npmjs.org by default; Usage of this registry is subject to Terms of Use available at https://npmjs.com/policies/terms- You can configure
npmto use any other compatible registry you prefer. You can read more about configuring third-party registries here
FAQ on Branding
Is it "npm" or "NPM" or "Npm"?
npm should never be capitalized unless it is being displayed in a location that is customarily all-capitals (ex. titles on man pages).
Is "npm" an acronym for "Node Package Manager"?
Contrary to popular belief, npm is not in fact an acronym for "Node Package Manager"; It is a recursive bacronymic abbreviation for "npm is not an acronym" (if the project was named "ninaa", then it would be an acronym). The precursor to npm was actually a bash utility named "pm", which was the shortform name of "pkgmakeinst" - a bash function that installed various things on various platforms. If npm were to ever have been considered an acronym, it would be as "node pm" or, potentially "new pm".
High
7.8/10
Summary
Incorrect Permission Assignment for Critical Resource in NPM
Affected Versions
< 5.7.1
Patched Versions
5.7.1
High
7.5/10
Summary
Packing does not respect root-level ignore files in workspaces
Affected Versions
>= 7.9.0, < 8.11.0
Patched Versions
8.11.0
High
7.7/10
Summary
Arbitrary File Write in npm
Affected Versions
< 6.13.3
Patched Versions
6.13.3
High
7.7/10
Summary
npm Vulnerable to Global node_modules Binary Overwrite
Affected Versions
< 6.13.4
Patched Versions
6.13.4
High
7.7/10
Summary
npm symlink reference outside of node_modules
Affected Versions
< 6.13.3
Patched Versions
6.13.3
High
0/10
Summary
npm Token Leak in npm
Affected Versions
>= 3.0.0, <= 3.8.2
Patched Versions
3.8.3
High
0/10
Summary
npm Token Leak in npm
Affected Versions
<= 2.15.0
Patched Versions
2.15.1
Moderate
4.4/10
Summary
npm CLI exposing sensitive information through logs
Affected Versions
< 6.14.6
Patched Versions
6.14.6
Low
0/10
Summary
Local Privilege Escalation in npm
Affected Versions
< 1.3.3
Patched Versions
1.3.3
Reason
all changesets reviewed
Reason
30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 28 commits out of 30 are checked with a SAST tool
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:26
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:27
- Info: topLevel 'contents' permission set to 'read': .github/workflows/audit.yml:12
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci-libnpmaccess.yml:21
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci-libnpmdiff.yml:21
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci-libnpmexec.yml:21
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci-libnpmfund.yml:21
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci-libnpmorg.yml:21
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci-libnpmpack.yml:21
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci-libnpmpublish.yml:21
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci-libnpmsearch.yml:21
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci-libnpmteam.yml:21
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci-libnpmversion.yml:21
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci-npmcli-arborist.yml:21
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci-npmcli-config.yml:21
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci-npmcli-docs.yml:21
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci-npmcli-mock-globals.yml:21
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci-npmcli-mock-registry.yml:21
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci-npmcli-smoke-tests.yml:21
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci-release.yml:22
- Warn: topLevel 'checks' permission set to 'write': .github/workflows/ci-release.yml:23
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:29
- Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:19
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/create-node-pr.yml:20
- Warn: no topLevel permission defined: .github/workflows/node-integration.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/pull-request.yml:14
- Info: topLevel 'contents' permission set to 'read': .github/workflows/release-integration.yml:20
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:12
- Warn: topLevel 'checks' permission set to 'write': .github/workflows/release.yml:14
- Info: no jobLevel write permissions found
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/audit.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/audit.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/audit.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmaccess.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmaccess.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmaccess.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmaccess.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmaccess.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmaccess.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmaccess.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmaccess.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmdiff.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmdiff.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmdiff.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmdiff.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmdiff.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmdiff.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmdiff.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmdiff.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmexec.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmexec.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmexec.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmexec.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmexec.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmexec.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmexec.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmexec.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmfund.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmfund.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmfund.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmfund.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmfund.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmfund.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmfund.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmfund.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmorg.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmorg.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmorg.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmorg.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmorg.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmorg.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmorg.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmorg.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmpack.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmpack.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmpack.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmpack.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmpack.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmpack.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmpack.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmpack.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmpublish.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmpublish.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmpublish.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmpublish.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmpublish.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmpublish.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmpublish.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmpublish.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmsearch.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmsearch.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmsearch.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmsearch.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmsearch.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmsearch.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmsearch.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmsearch.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmteam.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmteam.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmteam.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmteam.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmteam.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmteam.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmteam.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmteam.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmversion.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmversion.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmversion.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmversion.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmversion.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmversion.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-libnpmversion.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-libnpmversion.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-arborist.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-arborist.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-arborist.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-arborist.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-arborist.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-arborist.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-arborist.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-arborist.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-config.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-config.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-config.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-config.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-config.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-config.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-config.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-config.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-docs.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-docs.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-docs.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-docs.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-docs.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-docs.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-docs.yml:94: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-docs.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-docs.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-docs.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-docs.yml:132: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-docs.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-mock-globals.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-mock-globals.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-mock-globals.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-mock-globals.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-mock-globals.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-mock-globals.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-mock-globals.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-mock-globals.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-mock-registry.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-mock-registry.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-mock-registry.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-mock-registry.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-mock-registry.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-mock-registry.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-mock-registry.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-mock-registry.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-smoke-tests.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-smoke-tests.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-smoke-tests.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-smoke-tests.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-smoke-tests.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-smoke-tests.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-npmcli-smoke-tests.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-npmcli-smoke-tests.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:238: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-release.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:254: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-release.yml/latest?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:267: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-release.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-release.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-release.yml/latest?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-release.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-release.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-release.yml/latest?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-release.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:177: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-release.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-release.yml:193: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-release.yml/latest?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci-release.yml:206: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci-release.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:107: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:133: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:181: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci.yml/latest?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:194: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:214: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:230: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci.yml/latest?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:243: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:258: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:264: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci.yml/latest?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:275: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci.yml/latest?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:277: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/ci.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/codeql-analysis.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/codeql-analysis.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/codeql-analysis.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-node-pr.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/create-node-pr.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-node-pr.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/create-node-pr.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-node-pr.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/create-node-pr.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node-integration.yml:364: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/node-integration.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node-integration.yml:379: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/node-integration.yml/latest?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/node-integration.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/node-integration.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node-integration.yml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/node-integration.yml/latest?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/node-integration.yml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/node-integration.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node-integration.yml:159: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/node-integration.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node-integration.yml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/node-integration.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node-integration.yml:193: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/node-integration.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node-integration.yml:251: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/node-integration.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/pull-request.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/pull-request.yml/latest?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:198: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/release.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:217: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/release.yml/latest?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:235: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/release.yml/latest?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:269: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/release.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:278: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/release.yml/latest?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:298: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/release.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/release.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/release.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/release.yml/latest?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/release.yml/latest?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/release.yml/latest?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/release.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/release.yml/latest?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/release.yml/latest?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/release.yml/latest?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/npm/cli/release.yml/latest?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/node-integration.yml:248
- Warn: npmCommand not pinned by hash: .github/workflows/node-integration.yml:410
- Info: 0 out of 110 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 19 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
113 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
- Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj
- Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-566m-qj78-rww5
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-rf66-hmqf-q3fc
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-hgqx-r2hp-jr38
- Warn: Project is vulnerable to: GHSA-v65r-p3vv-jjfv
- Warn: Project is vulnerable to: GHSA-v626-r774-j7f8
- Warn: Project is vulnerable to: GHSA-438c-3975-5x3f
- Warn: Project is vulnerable to: GHSA-9hcv-j9pv-qmph
- Warn: Project is vulnerable to: GHSA-w9jx-4g6g-rp7x
- Warn: Project is vulnerable to: GHSA-5359-pvf2-pw78
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
- Warn: Project is vulnerable to: GHSA-m95q-7qp3-xv42
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-q42p-pg8m-cqh6
- Warn: Project is vulnerable to: GHSA-w457-6q6x-cgp9
- Warn: Project is vulnerable to: GHSA-62gr-4qp9-h98f
- Warn: Project is vulnerable to: GHSA-f52g-6jhx-586p
- Warn: Project is vulnerable to: GHSA-2cf5-4w76-r9qv
- Warn: Project is vulnerable to: GHSA-3cqr-58rm-57f8
- Warn: Project is vulnerable to: GHSA-g9r4-xpmj-mj65
- Warn: Project is vulnerable to: GHSA-q2c6-c6pm-g3gh
- Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44
- Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988
- Warn: Project is vulnerable to: GHSA-c429-5p7v-vgjp
- Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
- Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m
- Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37
- Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp
- Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574
- Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm
- Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-fhjf-83wg-r2j9
- Warn: Project is vulnerable to: GHSA-w7rc-rwvf-8q5r
- Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
- Warn: Project is vulnerable to: GHSA-86mr-6m89-vgj3
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-f3vw-587g-r29g
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-4g88-fppr-53pp
- Warn: Project is vulnerable to: GHSA-4jqc-8m5r-9rpr
- Warn: Project is vulnerable to: GHSA-2mvq-xp48-4c77
- Warn: Project is vulnerable to: GHSA-5854-jvxx-2cg9
- Warn: Project is vulnerable to: GHSA-g64q-3vg8-8f93
- Warn: Project is vulnerable to: GHSA-3jfq-g458-7qm9
- Warn: Project is vulnerable to: GHSA-r628-mhmh-qjhw
- Warn: Project is vulnerable to: GHSA-9r2w-394v-53qc
- Warn: Project is vulnerable to: GHSA-5955-9wpr-37jh
- Warn: Project is vulnerable to: GHSA-qq89-hq3f-393p
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
- Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw
- Warn: Project is vulnerable to: GHSA-h6ch-v84p-w6p9
- Warn: Project is vulnerable to: GHSA-8r6j-v8pm-fqw3
- Warn: Project is vulnerable to: MAL-2023-462
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-6chw-6frg-f759
- Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546
- Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx
- Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx
- Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4
- Warn: Project is vulnerable to: GHSA-9vvw-cc9w-f27h
- Warn: Project is vulnerable to: GHSA-fvqr-27wr-82fm
- Warn: Project is vulnerable to: GHSA-6g33-f262-xjp4
- Warn: Project is vulnerable to: GHSA-662x-fhqg-9p8v
- Warn: Project is vulnerable to: GHSA-394c-5j6w-4xmx
- Warn: Project is vulnerable to: GHSA-78cj-fxph-m83p
- Warn: Project is vulnerable to: GHSA-fhg7-m89q-25r3
- Warn: Project is vulnerable to: MAL-2025-181
- Warn: Project is vulnerable to: GHSA-2mhh-w6q8-5hxw
- Warn: Project is vulnerable to: GHSA-6663-c963-2gqg
- Warn: Project is vulnerable to: GHSA-5v72-xg48-5rpm
Score
6.1
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More