npmpackage.info

Gathering detailed insights and metrics for underscore

Other packages similar to underscore

camelcase

8.0.0

Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`

underscore.string

3.3.6

String manipulation extensions for Underscore.js javascript library.

@types/underscore

1.13.0

TypeScript definitions for underscore

object.assign

4.1.7

ES6 spec-compliant Object.assign shim. From https://github.com/es-shims/es6-shim

Gathering detailed insights and metrics for underscore

underscore

JavaScript's utility _ belt

1.13.7

27,395

MIT

JavaScript

8.22 kB

3,787,827,968 4.9

Installations

npm install underscore

Developer Guide

BETA

Typescript

No

Module System

CommonJS, ESM

Node Version

16.20.2

NPM Version

8.19.4 Score

99.5

Supply Chain

82.8

Quality

79.2

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

22

Total

1,563

Closed

795

Merged

746

Issues

Open

30

Total

1,426

Closed

1,396

Releases

Unable to fetch releases

Languages

JavaScript

HTML

JavaScript (65.73%)

HTML (34.27%)

Developer

jashkenas

Download Statistics

Total Downloads

3,787,827,968

Last Day

811,978

Last Week

13,663,830

Last Month

59,454,431

Last Year

659,118,844

GitHub Statistics

MIT License

27,395 Stars

2,853 Commits

5,496 Forks

839 Watchers

7 Branches

283 Contributors

Updated on Jun 21, 2025

Bundle Size

29.83 kB

Minified

8.22 kB

Minified + Gzipped

Bundlephobia

Maintainers

View All 283 Contributors

Package Meta Information

Latest Version

1.13.7

Package Id

underscore@1.13.7

Unpacked Size

885.07 kB

Size

212.30 kB

File Count

507

NPM Version

8.19.4

Node Version

16.20.2

Published on

Jul 24, 2024

Total Downloads

Cumulative downloads

Total Downloads

3,787,827,968

Last Day

-1%

811,978

Compared to previous day

Last Week

-7.7%

13,663,830

Compared to previous week

Last Month

0.1%

59,454,431

Compared to previous month

Last Year

4.7%

659,118,844

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

coveralls cpy-cli docco eslint eslint-plugin-import glob gzip-size-cli husky karma karma-qunit karma-sauce-launcher nyc patch-package pretty-bytes-cli qunit rollup terser

                   __
                  /\ \                                                         __
 __  __    ___    \_\ \     __   _ __   ____    ___    ___   _ __    __       /\_\    ____
/\ \/\ \ /' _ `\  /'_  \  /'__`\/\  __\/ ,__\  / ___\ / __`\/\  __\/'__`\     \/\ \  /',__\
\ \ \_\ \/\ \/\ \/\ \ \ \/\  __/\ \ \//\__, `\/\ \__//\ \ \ \ \ \//\  __/  __  \ \ \/\__, `\
 \ \____/\ \_\ \_\ \___,_\ \____\\ \_\\/\____/\ \____\ \____/\ \_\\ \____\/\_\ _\ \ \/\____/
  \/___/  \/_/\/_/\/__,_ /\/____/ \/_/ \/___/  \/____/\/___/  \/_/ \/____/\/_//\ \_\ \/___/
                                                                              \ \____/
                                                                               \/___/

Underscore.js is a utility-belt library for JavaScript that provides support for the usual functional suspects (each, map, reduce, filter...) without extending any core JavaScript objects.

For Docs, License, Tests, and pre-packed downloads, see: https://underscorejs.org

For support and questions, please consult our security policy, the gitter channel or stackoverflow

Underscore is an open-sourced component of DocumentCloud: https://github.com/documentcloud

Many thanks to our contributors: https://github.com/jashkenas/underscore/contributors

You can support the project by donating on Patreon. Enterprise coverage is available as part of the Tidelift Subscription.

This project adheres to a code of conduct. By participating, you are expected to uphold this code.

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Security-Policy

Determines if the project has published a security policy.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

9

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

8

SAST

Determines if the project uses static code analysis.

4

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

1

Maintained

Determines if the project is "actively maintained".

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

45 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
Warn: Project is vulnerable to: GHSA-j4f2-536g-r55m
Warn: Project is vulnerable to: GHSA-r7qp-cfhv-p84w
Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
Warn: Project is vulnerable to: GHSA-7x7c-qm48-pq9c
Warn: Project is vulnerable to: GHSA-rc3x-jf5g-xvc5
Warn: Project is vulnerable to: GHSA-82v2-mx6x-wq7q
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m
Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-6fx8-h7jm-663j
Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx
Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch
Warn: Project is vulnerable to: GHSA-fxwf-4rqh-v8g3
Warn: Project is vulnerable to: GHSA-25hc-qcg6-38wj
Warn: Project is vulnerable to: GHSA-xfhh-g9f5-x4m4
Warn: Project is vulnerable to: GHSA-qm95-pgcg-qqfq
Warn: Project is vulnerable to: GHSA-cqmj-92xf-r6r9
Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx
Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
Warn: Project is vulnerable to: GHSA-fhg7-m89q-25r3
Warn: Project is vulnerable to: GHSA-mgfv-m47x-4wqp
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Warn: Project is vulnerable to: GHSA-72mh-269x-7mh5
Warn: Project is vulnerable to: GHSA-h4j5-c7cj-74xg

Score

4.9

/10

Last Scanned on 2025-06-16

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

underscore - 1.13.7 | npmpackage.info