npmpackage.info

Gathering detailed insights and metrics for sharp

Other packages similar to sharp

@img/sharp-linux-x64

0.34.3

Prebuilt sharp for use with Linux (glibc) x64

@img/sharp-libvips-linux-x64

1.2.0

Prebuilt libvips and dependencies for use with sharp on Linux (glibc) x64

@img/sharp-linuxmusl-x64

0.34.3

Prebuilt sharp for use with Linux (musl) x64

@img/sharp-libvips-linuxmusl-x64

1.2.0

Prebuilt libvips and dependencies for use with sharp on Linux (musl) x64

Gathering detailed insights and metrics for sharp

sharp - 0.34.3 | npmpackage.info

sharp

High performance Node.js image processing, the fastest module to resize JPEG, PNG, WebP, AVIF and TIFF images. Uses the libvips library.

0.34.3

30,808

Apache-2.0

JavaScript

521.17 kB

6.7

Installations

npm install sharp

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS

Min. Node Version

^18.17.0 || ^20.3.0 || >=21.0.0

Node Version

22.14.0

NPM Version

10.9.2 Pull Requests

Open

0

Total

443

Closed

142

Merged

301

Issues

Open

113

Total

3,967

Closed

3,854

Releases

v0.34.3

Updated on Jul 10, 2025

v0.34.3-rc.1

Updated on Jul 09, 2025

v0.34.3-rc.0

Updated on Jun 14, 2025

v0.34.2

Updated on May 20, 2025

v0.34.2-rc.0

Updated on May 14, 2025

v0.34.1

Updated on Apr 07, 2025

View All 97 releases

Languages

JavaScript

C++

TypeScript

Python

Shell

Dockerfile

JavaScript (76.78%)

C++ (19.77%)

TypeScript (2.04%)

Python (1.15%)

Shell (0.11%)

Dockerfile (0.08%)

C (0.07%)

Developer

lovell

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

Apache-2.0 License

30,808 Stars

2,260 Commits

1,350 Forks

231 Watchers

2 Branches

218 Contributors

Updated on Jul 14, 2025

Sponsor this package

https://opencollective.com/libvips

Maintainers

View All 218 Contributors

Package Meta Information

Latest Version

0.34.3

Package Id

sharp@0.34.3

Unpacked Size

521.17 kB

Size

116.94 kB

File Count

NPM Version

10.9.2

Node Version

22.14.0

Published on

Jul 10, 2025

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

color detect-libc semver

Dev Dependencies

Optional Dependencies

sharp

The typical use case for this high speed Node-API module is to convert large images in common formats to smaller, web-friendly JPEG, PNG, WebP, GIF and AVIF images of varying dimensions.

It can be used with all JavaScript runtimes that provide support for Node-API v9, including Node.js (^18.17.0 or >= 20.3.0), Deno and Bun.

Resizing an image is typically 4x-5x faster than using the quickest ImageMagick and GraphicsMagick settings due to its use of libvips.

Colour spaces, embedded ICC profiles and alpha transparency channels are all handled correctly. Lanczos resampling ensures quality is not sacrificed for speed.

As well as image resizing, operations such as rotation, extraction, compositing and gamma correction are available.

Most modern macOS, Windows and Linux systems do not require any additional install or runtime dependencies.

Documentation

Visit sharp.pixelplumbing.com for complete installation instructions, API documentation, benchmark tests and changelog.

Examples

1npm install sharp

1const sharp = require('sharp');

Callback

1sharp(inputBuffer)
2  .resize(320, 240)
3  .toFile('output.webp', (err, info) => { ... });

Promise

1sharp('input.jpg')
2  .rotate()
3  .resize(200)
4  .jpeg({ mozjpeg: true })
5  .toBuffer()
6  .then( data => { ... })
7  .catch( err => { ... });

Async/await

1const semiTransparentRedPng = await sharp({
2  create: {
3    width: 48,
4    height: 48,
5    channels: 4,
6    background: { r: 255, g: 0, b: 0, alpha: 0.5 }
7  }
8})
9  .png()
10  .toBuffer();

Stream

1const roundedCorners = Buffer.from(
2  '<svg><rect x="0" y="0" width="200" height="200" rx="50" ry="50"/></svg>'
3);
4
5const roundedCornerResizer =
6  sharp()
7    .resize(200, 200)
8    .composite([{
9      input: roundedCorners,
10      blend: 'dest-in'
11    }])
12    .png();
13
14readableStream
15  .pipe(roundedCornerResizer)
16  .pipe(writableStream);

Contributing

A guide for contributors covers reporting bugs, requesting features and submitting code changes.

Licensing

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

High

7.8/10

Summary

sharp vulnerability in libwebp dependency CVE-2023-4863

Affected Versions

< 0.32.6

Patched Versions

0.32.6

Moderate

6.5/10

Summary

sharp vulnerable to Command Injection in post-installation over build environment

Affected Versions

< 0.30.5

Patched Versions

0.30.5

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Maintained

Determines if the project is "actively maintained".

10

Security-Policy

Determines if the project has published a security policy.

10

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

10

License

Determines if the project has defined a license.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Fuzzing

Determines if the project uses fuzzing.

1

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Signed-Releases

Determines if the project cryptographically signs release artifacts.

0

SAST

Determines if the project uses static code analysis.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/lovell/sharp/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:153: update your workflow using https://app.stepsecurity.io/secureworkflow/lovell/sharp/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/lovell/sharp/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:165: update your workflow using https://app.stepsecurity.io/secureworkflow/lovell/sharp/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:202: update your workflow using https://app.stepsecurity.io/secureworkflow/lovell/sharp/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:210: update your workflow using https://app.stepsecurity.io/secureworkflow/lovell/sharp/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:248: update your workflow using https://app.stepsecurity.io/secureworkflow/lovell/sharp/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:249: update your workflow using https://app.stepsecurity.io/secureworkflow/lovell/sharp/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:262: update your workflow using https://app.stepsecurity.io/secureworkflow/lovell/sharp/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:275: update your workflow using https://app.stepsecurity.io/secureworkflow/lovell/sharp/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:279: update your workflow using https://app.stepsecurity.io/secureworkflow/lovell/sharp/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:295: update your workflow using https://app.stepsecurity.io/secureworkflow/lovell/sharp/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:311: update your workflow using https://app.stepsecurity.io/secureworkflow/lovell/sharp/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:312: update your workflow using https://app.stepsecurity.io/secureworkflow/lovell/sharp/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:319: update your workflow using https://app.stepsecurity.io/secureworkflow/lovell/sharp/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/lovell/sharp/npm.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/npm.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/lovell/sharp/npm.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/npm.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/lovell/sharp/npm.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/npm.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/lovell/sharp/npm.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/lovell/sharp/npm.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/npm.yml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/lovell/sharp/npm.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/npm.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/lovell/sharp/npm.yml/main?enable=pin
Warn: containerImage not pinned by hash: test/bench/Dockerfile:1: pin your Docker image by updating ubuntu:25.04 to ubuntu:25.04@sha256:1b22f90d817e4616488d5cfe2f56d8f0262e96d6d6cc06794844c32328e9264c
Warn: npmCommand not pinned by hash: test/bench/Dockerfile:18
Warn: npmCommand not pinned by hash: test/bench/Dockerfile:21
Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:205
Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:160
Warn: npmCommand not pinned by hash: .github/workflows/npm.yml:147
Info: 0 out of 15 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 7 third-party GitHubAction dependencies pinned
Info: 0 out of 1 containerImage dependencies pinned
Info: 0 out of 5 npmCommand dependencies pinned

Score

6.7

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More