npmpackage.info

Gathering detailed insights and metrics for svelte

Other packages similar to svelte

@cspell/dict-svelte

1.0.7

Svelte dictionary for cspell.

prettier-plugin-svelte

3.4.0

Svelte plugin for prettier

@sveltejs/vite-plugin-svelte

6.1.0

The official [Svelte](https://svelte.dev) plugin for [Vite](https://vitejs.dev).

svelte-check

4.3.0

Svelte Code Checker Terminal Interface

Gathering detailed insights and metrics for svelte

svelte - 5.36.8 | npmpackage.info

svelte

web development for the rest of us

5.36.8

83,443

MIT

JavaScript

2.46 MB

6.2

Installations

npm install svelte

Developer Guide

BETA

Typescript

Yes

Module System

ESM

Min. Node Version

>=18

Node Version

18.20.8

NPM Version

10.8.2 Score

100

Supply Chain

35.1

Quality

97.7

Maintenance

100

Vulnerability

License

Pull Requests

Open

41

Total

7,214

Closed

1,261

Merged

5,912

Issues

Open

780

Total

8,402

Closed

7,622

Releases

495

svelte@5.36.8

Updated on Jul 18, 2025

svelte@5.36.7

Updated on Jul 17, 2025

svelte@5.36.6

Updated on Jul 17, 2025

svelte@5.36.5

Updated on Jul 17, 2025

svelte@5.36.4

Updated on Jul 16, 2025

svelte@5.36.3

Updated on Jul 16, 2025

View All 495 releases

Languages

JavaScript

Svelte

TypeScript

CSS

HTML

JavaScript (72.39%)

Svelte (21.98%)

TypeScript (3.89%)

CSS (1.28%)

HTML (0.46%)

Developer

sveltejs

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

MIT License

83,443 Stars

10,438 Commits

4,567 Forks

852 Watchers

148 Branches

791 Contributors

Updated on Jul 19, 2025

Maintainers

View All 791 Contributors

Package Meta Information

Latest Version

5.36.8

Package Id

svelte@5.36.8

Unpacked Size

2.46 MB

Size

629.75 kB

File Count

370

NPM Version

10.8.2

Node Version

18.20.8

Published on

Jul 18, 2025

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Svelte - web development for the rest of us

What is Svelte?

Svelte is a new way to build web applications. It's a compiler that takes your declarative components and converts them into efficient JavaScript that surgically updates the DOM.

Learn more at the Svelte website, or stop by the Discord chatroom.

Getting started

You can play around with Svelte in the tutorial, examples, and REPL.

When you're ready to build a full-fledge application, we recommend using SvelteKit:

1npx sv create my-app
2cd my-app
3npm install
4npm run dev

See the SvelteKit documentation to learn more.

Changelog

The Changelog for this package is available on GitHub.

Supporting Svelte

Svelte is an MIT-licensed open source project with its ongoing development made possible entirely by fantastic volunteers. If you'd like to support their efforts, please consider:

Becoming a backer on Open Collective.

Funds donated via Open Collective will be used for compensating expenses related to Svelte's development.

Moderate

5.4/10

Summary

Svelte has a potential mXSS vulnerability due to improper HTML escaping

Affected Versions

< 4.2.19

Patched Versions

4.2.19

Moderate

6.1/10

Summary

Svelte vulnerable to XSS when using objects during server-side rendering

Affected Versions

< 3.49.0

Patched Versions

3.49.0

10

Maintained

Determines if the project is "actively maintained".

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

9

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

9

SAST

Determines if the project uses static code analysis.

8

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ecosystem-ci-trigger.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/ecosystem-ci-trigger.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ecosystem-ci-trigger.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/ecosystem-ci-trigger.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ecosystem-ci-trigger.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/ecosystem-ci-trigger.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ecosystem-ci-trigger.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/ecosystem-ci-trigger.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ecosystem-ci-trigger.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/ecosystem-ci-trigger.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pkg.pr.new-comment.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/pkg.pr.new-comment.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pkg.pr.new-comment.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/pkg.pr.new-comment.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pkg.pr.new-comment.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/pkg.pr.new-comment.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pkg.pr.new.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/pkg.pr.new.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/pkg.pr.new.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/pkg.pr.new.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pkg.pr.new.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/pkg.pr.new.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pkg.pr.new.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/pkg.pr.new.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pkg.pr.new.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/pkg.pr.new.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/sveltejs/svelte/release.yml/main?enable=pin
Info: 0 out of 18 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 9 third-party GitHubAction dependencies pinned

0

Fuzzing

Determines if the project uses fuzzing.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Score

6.2

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to svelte

Other packages similar to svelte

svelte

Installations

Developer Guide

Yes

ESM

>=18

18.20.8

10.8.2

Score

Pull Requests

41

7,214

1,261

5,912

Issues

780

8,402

7,622

Releases

Languages

Developer

Download Statistics

GitHub Statistics

Maintainers

Package Meta Information

Total Downloads

NaN

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Dev Dependencies

What is Svelte?

Getting started

Changelog

Supporting Svelte

10

10

10

10

9

9

8

0

0

0

0

0

6.2

/10