npmpackage.info

Gathering detailed insights and metrics for uppy

Other packages similar to uppy

@uppy/utils

6.1.2

Shared utility functions for Uppy Core and plugins maintained by the Uppy team.

@uppy/core

4.4.3

Core module for the extensible JavaScript file upload widget with support for drag&drop, resumable uploads, previews, restrictions, file processing/encoding, remote providers like Instagram, Dropbox, Google Drive, S3 and more :dog:

@uppy/store-default

4.2.0

The default simple object-based store for Uppy.

@uppy/companion-client

4.4.1

Client library for communication with Companion. Intended for use in Uppy plugins.

uppy

The next open source file uploader for web browsers 🐶

4.13.4

29,603

MIT

TypeScript

149.04 kB

8,542,079 4.1

Installations

npm install uppy

Developer Guide

BETA

Typescript

No

Module System

ESM

Pull Requests

Open

15

Total

3,276

Closed

288

Merged

2,973

Issues

Open

146

Total

2,390

Closed

2,244

Releases

134

Uppy 4.13.4

uppy@4.13.4

Updated on Mar 13, 2025

Uppy 4.13.3

uppy@4.13.3

Updated on Feb 25, 2025

Uppy 4.13.2

uppy@4.13.2

Updated on Feb 03, 2025

Uppy 4.13.1

uppy@4.13.1

Updated on Jan 22, 2025

Uppy 4.13.0

uppy@4.13.0

Updated on Jan 15, 2025

Uppy 4.12.2

uppy@4.12.2

Updated on Jan 09, 2025

View All 134 releases

Contributors

430

Unable to fetch Contributors

View All 430 Contributors

Languages

TypeScript

JavaScript

SCSS

Svelte

HTML

Shell

Makefile

Dockerfile

Vue

TypeScript (71.97%)

JavaScript (22.17%)

SCSS (4.86%)

Svelte (0.28%)

HTML (0.25%)

Shell (0.25%)

Makefile (0.14%)

Dockerfile (0.05%)

Vue (0.02%)

validate.email 🚀

Verify real, reachable, and deliverable emails with instant MX records, SMTP checks, and disposable email detection.

Developer

transloadit

Download Statistics

Total Downloads

8,542,079

Last Day

752

Last Week

16,011

Last Month

74,453

Last Year

1,282,639

GitHub Statistics

MIT License

29,603 Stars

10,140 Commits

2,037 Forks

323 Watchers

72 Branches

430 Contributors

Updated on Mar 16, 2025

Bundle Size

514.13 kB

Minified

149.04 kB

Minified + Gzipped

Bundlephobia

Maintainers

Package Meta Information

Latest Version

4.13.4

Package Id

uppy@4.13.4

Unpacked Size

5.23 MB

Size

1.33 MB

File Count

Published on

Mar 13, 2025

Total Downloads

Cumulative downloads

Total Downloads

8,542,079

Last Day

-3.1%

752

Compared to previous day

Last Week

-13.2%

16,011

Compared to previous week

Last Month

-7%

74,453

Compared to previous month

Last Year

-5.4%

1,282,639

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Uppy

Uppy is a sleek, modular JavaScript file uploader that integrates seamlessly with any application. It’s fast, has a comprehensible API and lets you worry about more important problems than building a file uploader.

Fetch files from local disk, remote URLs, Google Drive, Dropbox, Box, Instagram or snap and record selfies with a camera
Preview and edit metadata with a nice interface
Upload to the final destination, optionally process/encode

Read the docs | Try Uppy

Uppy is being developed by the folks at Transloadit, a versatile API to handle any file in your app.

Tests
Deploys

Example

Code used in the above example:

1import Uppy from '@uppy/core'
2import Dashboard from '@uppy/dashboard'
3import RemoteSources from '@uppy/remote-sources'
4import ImageEditor from '@uppy/image-editor'
5import Webcam from '@uppy/webcam'
6import Tus from '@uppy/tus'
7
8const uppy = new Uppy()
9  .use(Dashboard, { trigger: '#select-files' })
10  .use(RemoteSources, { companionUrl: 'https://companion.uppy.io' })
11  .use(Webcam)
12  .use(ImageEditor)
13  .use(Tus, { endpoint: 'https://tusd.tusdemo.net/files/' })
14  .on('complete', (result) => {
15    console.log('Upload result:', result)
16  })

Try it online or read the docs for more details on how to use Uppy and its plugins.

Features

Lightweight, modular plugin-based architecture, light on dependencies :zap:
Resumable file uploads via the open tus standard, so large uploads survive network hiccups
Supports picking files from: Webcam, Dropbox, Box, Google Drive, Instagram, bypassing the user’s device where possible, syncing between servers directly via @uppy/companion
Works great with file encoding and processing backends, such as Transloadit, works great without (all you need is to roll your own Apache/Nginx/Node/FFmpeg/etc backend)
Sleek user interface :sparkles:
Optional file recovery (after a browser crash) with Golden Retriever
Speaks several languages (i18n) :earth_africa:
Built with accessibility in mind
Free for the world, forever (as in beer 🍺, pizza 🍕, and liberty 🗽)
Cute as a puppy, also accepts cat pictures :dog:

Installation

1npm install @uppy/core @uppy/dashboard @uppy/tus

Add CSS uppy.min.css, either to your HTML page’s <head> or include in JS, if your bundler of choice supports it.

Alternatively, you can also use a pre-built bundle from Transloadit’s CDN: Smart CDN. In that case Uppy will attach itself to the global window.Uppy object.

⚠️ The bundle consists of most Uppy plugins, so this method is not recommended for production, as your users will have to download all plugins when you are likely using only a few.

1<!-- 1. Add CSS to `<head>` -->
2<link
3  href="https://releases.transloadit.com/uppy/v4.13.4/uppy.min.css"
4  rel="stylesheet"
5/>
6
7<!-- 2. Initialize -->
8<div id="files-drag-drop"></div>
9<script type="module">
10  import {
11    Uppy,
12    Dashboard,
13    Tus,
14  } from 'https://releases.transloadit.com/uppy/v4.13.4/uppy.min.mjs'
15
16  const uppy = new Uppy()
17  uppy.use(Dashboard, { target: '#files-drag-drop' })
18  uppy.use(Tus, { endpoint: 'https://tusd.tusdemo.net/files/' })
19</script>

Documentation

Uppy — full list of options, methods and events
Companion — setting up and running a Companion instance, which adds support for Instagram, Dropbox, Box, Google Drive and remote URLs
React — components to integrate Uppy UI plugins with React apps
Architecture & Writing a Plugin — how to write a plugin for Uppy

Plugins

UI Elements

Dashboard — universal UI with previews, progress bars, metadata editor and all the cool stuff. Required for most UI plugins like Webcam and Instagram
Progress Bar — minimal progress bar that fills itself when upload progresses
Status Bar — more detailed progress, pause/resume/cancel buttons, percentage, speed, uploaded/total sizes (included by default with Dashboard)
Informer — send notifications like “smile” before taking a selfie or “upload failed” when all is lost (also included by default with Dashboard)

Sources

Drag & Drop — plain drag and drop area
File Input — even plainer “select files” button
Webcam — snap and record those selfies 📷
ⓒ Google Drive — import files from Google Drive
ⓒ Dropbox — import files from Dropbox
ⓒ Box — import files from Box
ⓒ Instagram — import images and videos from Instagram
ⓒ Facebook — import images and videos from Facebook
ⓒ OneDrive — import files from Microsoft OneDrive
ⓒ Import From URL — import direct URLs from anywhere on the web

The ⓒ mark means that @uppy/companion, a server-side component, is needed for a plugin to work.

Destinations

Tus — resumable uploads via the open tus standard
XHR Upload — regular uploads for any backend out there (like Apache, Nginx)
AWS S3 — plain upload to AWS S3 or compatible services
AWS S3 Multipart — S3-style “Multipart” upload to AWS or compatible services

File Processing

Transloadit — support for Transloadit’s robust file uploading and encoding backend

Miscellaneous

Golden Retriever — restores files after a browser crash, like it’s nothing
Thumbnail Generator — generates image previews (included by default with Dashboard)
Form — collects metadata from <form> right before an Uppy upload, then optionally appends results back to the form
Redux — for your emerging time traveling needs

React

React — components to integrate Uppy UI plugins with React apps
React Native — basic Uppy component for React Native with Expo

Browser Support

We aim to support recent versions of Chrome, Firefox, and Safari.

FAQ

Why not use `<input type="file">`?

Having no JavaScript beats having a lot of it, so that’s a fair question! Running an uploading & encoding business for ten years though we found that in cases, the file input leaves some to be desired:

We received complaints about broken uploads and found that resumable uploads are important, especially for big files and to be inclusive towards people on poorer connections (we also launched tus.io to attack that problem). Uppy uploads can survive network outages and browser crashes or accidental navigate-aways.
Uppy supports editing meta information before uploading.
Uppy allows cropping images before uploading.
There’s the situation where people are using their mobile devices and want to upload on the go, but they have their picture on Instagram, files in Dropbox or a plain file URL from anywhere on the open web. Uppy allows to pick files from those and push it to the destination without downloading it to your mobile device first.
Accurate upload progress reporting is an issue on many platforms.
Some file validation — size, type, number of files — can be done on the client with Uppy.
Uppy integrates webcam support, in case your users want to upload a picture/video/audio that does not exist yet :)
A larger drag and drop surface can be pleasant to work with. Some people also like that you can control the styling, language, etc.
Uppy is aware of encoding backends. Often after an upload, the server needs to rotate, detect faces, optimize for iPad, or what have you. Uppy can track progress of this and report back to the user in different ways.
Sometimes you might want your uploads to happen while you continue to interact on the same single page.

Not all apps need all these features. An <input type="file"> is fine in many situations. But these were a few things that our customers hit / asked about enough to spark us to develop Uppy.

Why is all this goodness free?

Transloadit’s team is small and we have a shared ambition to make a living from open source. By giving away projects like tus.io and Uppy, we’re hoping to advance the state of the art, make life a tiny little bit better for everyone and in doing so have rewarding jobs and get some eyes on our commercial service: a content ingestion & processing platform.

Our thinking is that if only a fraction of our open source userbase can see the appeal of hosted versions straight from the source, that could already be enough to sustain our work. So far this is working out! We’re able to dedicate 80% of our time to open source and haven’t gone bankrupt yet. :D

Does Uppy support S3 uploads?

Yes, please check out the docs for more information.

Can I use Uppy with Rails/Node.js/Go/PHP?

Yes, whatever you want on the backend will work with @uppy/xhr-upload plugin, since it only does a POST or PUT request. Here’s a PHP backend example.

If you want resumability with the Tus plugin, use one of the tus server implementations 👌🏼

And you’ll need @uppy/companion if you’d like your users to be able to pick files from Instagram, Google Drive, Dropbox or via direct URLs (with more services coming).

Contributions are welcome

Contributor’s guide in .github/CONTRIBUTING.md
Changelog to track our release progress (we aim to roll out a release every month): CHANGELOG.md

Used by

Uppy is used by: Photobox, Issuu, Law Insider, Cool Tabs, Soundoff, Scrumi, Crive and others.

Use Uppy in your project? Let us know!

Contributors

License

The MIT License.

Stable Version

4.13.4

High

8.2/10

Summary

uppy's companion module is vulnerable to Server-Side Request Forgery (SSRF)

Affected Versions

< 2.3.3

Patched Versions

2.3.3

10

Maintained

Determines if the project is "actively maintained".

10

Security-Policy

Determines if the project has published a security policy.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

10

Packaging

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

4

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

2

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 2

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bundlers.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/bundlers.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bundlers.yml:171: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/bundlers.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bundlers.yml:201: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/bundlers.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bundlers.yml:226: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/bundlers.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bundlers.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/bundlers.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bundlers.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/bundlers.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bundlers.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/bundlers.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bundlers.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/bundlers.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bundlers.yml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/bundlers.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/companion-deploy.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/companion-deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/companion-deploy.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/companion-deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/companion-deploy.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/companion-deploy.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/companion-deploy.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/companion-deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/companion-deploy.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/companion-deploy.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/companion.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/companion.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/companion.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/companion.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/companion.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/companion.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/e2e.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/e2e.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/e2e.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/e2e.yml:160: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/e2e.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:225: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/e2e.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:233: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/e2e.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:244: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/e2e.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:249: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/e2e.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/e2e.yml:286: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/e2e.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linters.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/linters.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linters.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/linters.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linters.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/linters.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linters.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/linters.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lockfile_check.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/lockfile_check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lockfile_check.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/lockfile_check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lockfile_check.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/lockfile_check.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-cdn.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/manual-cdn.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-cdn.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/manual-cdn.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/manual-cdn.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/manual-cdn.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-candidate.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/release-candidate.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-candidate.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/release-candidate.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-candidate.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/release-candidate.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/release.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/release.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/transloadit/uppy/release.yml/main?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1
Warn: containerImage not pinned by hash: Dockerfile:20: pin your Docker image by updating node:18.17.1-alpine to node:18.17.1-alpine@sha256:3482a20c97e401b56ac50ba8920cc7b5b2022bfc6aa7d4e4c231755770cf892f
Warn: containerImage not pinned by hash: Dockerfile.test:1: pin your Docker image by updating node:18.17.1-alpine to node:18.17.1-alpine@sha256:3482a20c97e401b56ac50ba8920cc7b5b2022bfc6aa7d4e4c231755770cf892f
Warn: npmCommand not pinned by hash: Dockerfile.test:14
Warn: npmCommand not pinned by hash: .github/workflows/bundlers.yml:137
Warn: npmCommand not pinned by hash: .github/workflows/bundlers.yml:188
Warn: npmCommand not pinned by hash: .github/workflows/bundlers.yml:209
Warn: npmCommand not pinned by hash: .github/workflows/bundlers.yml:234
Warn: npmCommand not pinned by hash: .github/workflows/bundlers.yml:99
Warn: downloadThenRun not pinned by hash: .github/workflows/companion-deploy.yml:87
Warn: downloadThenRun not pinned by hash: .github/workflows/e2e.yml:138
Info: 0 out of 47 GitHub-owned GitHubAction dependencies pinned
Info: 10 out of 13 third-party GitHubAction dependencies pinned
Info: 0 out of 3 containerImage dependencies pinned
Info: 0 out of 6 npmCommand dependencies pinned
Info: 0 out of 2 downloadThenRun dependencies pinned

0

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

68 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: PYSEC-2018-66 / GHSA-562c-5r94-xh97
Warn: Project is vulnerable to: PYSEC-2019-179 / GHSA-5wv5-4vpf-pj6m
Warn: Project is vulnerable to: PYSEC-2023-62 / GHSA-m2qf-hxjv-5gpq
Warn: Project is vulnerable to: GHSA-84pr-m4jr-85g5
Warn: Project is vulnerable to: PYSEC-2024-71 / GHSA-hxwh-jpp2-84pm
Warn: Project is vulnerable to: PYSEC-2020-43 / GHSA-xc3p-ff3m-f46v
Warn: Project is vulnerable to: GHSA-2g68-c3qc-8985
Warn: Project is vulnerable to: PYSEC-2020-157 / GHSA-3p3h-qghp-hvh2
Warn: Project is vulnerable to: GHSA-f9vj-2wh5-fj8j
Warn: Project is vulnerable to: PYSEC-2019-140 / GHSA-gq9m-qvpx-68hc
Warn: Project is vulnerable to: PYSEC-2017-43 / GHSA-h2fp-xgx6-xh6f
Warn: Project is vulnerable to: PYSEC-2023-221 / GHSA-hrfv-mqp8-q5rw
Warn: Project is vulnerable to: GHSA-j544-7q9p-6xp8
Warn: Project is vulnerable to: PYSEC-2023-57 / GHSA-px8h-6qxv-m22q
Warn: Project is vulnerable to: GHSA-q34m-jh98-gwm2
Warn: Project is vulnerable to: PYSEC-2023-58 / GHSA-xg9f-g7g7-2323
Warn: Project is vulnerable to: PYSEC-2022-203
Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
Warn: Project is vulnerable to: GHSA-mm7r-265w-jv6f
Warn: Project is vulnerable to: GHSA-9m4x-8w29-r78g
Warn: Project is vulnerable to: GHSA-q24h-5rq3-63j9
Warn: Project is vulnerable to: GHSA-r5fx-8r73-v86c
Warn: Project is vulnerable to: GHSA-28hp-fgcr-2r4h
Warn: Project is vulnerable to: GHSA-89mq-4x47-5v83
Warn: Project is vulnerable to: GHSA-5cp4-xmrw-59wf
Warn: Project is vulnerable to: GHSA-mhp6-pxh8-r675
Warn: Project is vulnerable to: GHSA-2qqx-w9hr-q5gx
Warn: Project is vulnerable to: GHSA-2vrf-hf26-jrp5
Warn: Project is vulnerable to: GHSA-mqm9-c95h-x2p6
Warn: Project is vulnerable to: GHSA-prc3-vjfx-vhm9
Warn: Project is vulnerable to: GHSA-qwqh-hm9m-p5hr
Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6
Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-9vvw-cc9w-f27h
Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
Warn: Project is vulnerable to: GHSA-wm7h-9275-46v2
Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
Warn: Project is vulnerable to: GHSA-mph8-6787-r8hw
Warn: Project is vulnerable to: GHSA-7mhc-prgv-r3q4
Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj
Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-w9mr-4mfr-499f
Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7
Warn: Project is vulnerable to: GHSA-3g92-w8c5-73pq
Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975
Warn: Project is vulnerable to: GHSA-x8rq-rc7x-5fg5
Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986 / GHSA-64vr-g452-qvp3
Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc

Score

4.1

/10

Last Scanned on 2025-03-10

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to uppy

uppy

Installations

Developer Guide

No

ESM

Pull Requests

15

3,276

288

2,973

Issues

146

2,390

2,244

Releases

Contributors

Unable to fetch Contributors

Languages

validate.email 🚀

Developer

Download Statistics

GitHub Statistics

Bundle Size

514.13 kB

149.04 kB

Maintainers

Package Meta Information

Total Downloads

8,542,079

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Uppy

Example

Features

Installation

Documentation

Plugins

UI Elements

Sources

Destinations

File Processing

Miscellaneous

React

Browser Support

FAQ

Why not use <input type="file">?

Why is all this goodness free?

Does Uppy support S3 uploads?

Can I use Uppy with Rails/Node.js/Go/PHP?

Contributions are welcome

Used by

Contributors

License

Stable Version

4.13.4

High

10

10

10

10

10

4

2

0

0

0

0

0

0

4.1

/10

Why not use `<input type="file">`?