Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
Nothing found by this check. ✓
Packages you depend on that have known security holes (CVEs).
CVE-2019-10744 nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying propertiesCVE-2019-10744 nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying propertiesCVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codesCVE-2024-21538 CVE-2024-21538 affecting package reaper for versions less than 3.1.1-15CVE-2022-21222 css-what: ReDoS due to insecure regular expressionCVE-2022-33987 nodejs-got: missing verification of requested URLs allows redirects to UNIX socketsCVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerabilityCVE-2018-16487 lodash: Prototype pollution in utilities functionCVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep functionCVE-2021-23337 nodejs-lodash: command injection via templateCVE-2026-2950 lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypassCVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep functionCVE-2021-23337 nodejs-lodash: command injection via templateCVE-2026-4800 lodash: lodash: Arbitrary code execution via untrusted input in template importsCVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functionsCVE-2025-13465 lodash: prototype pollution in _.unset and _.omit functionsCVE-2026-2950 lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypassCVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actorCVE-2021-3803 nodejs-nth-check: inefficient regular expression complexityCVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathReCVE-2022-25883 nodejs-semver: Regular expression denial of serviceCVE-2020-7753 nodejs-trim: Regular Expression Denial of Service (ReDoS) in trim functionCVE-2020-7774 nodejs-y18n: prototype pollution vulnerabilityCVE-2020-7608 nodejs-yargs-parser: prototype pollution vulnerabilityCVE-2017-16137 nodejs-debug: Regular expression Denial of ServiceYour dependencies cross-checked against the OSV vulnerability database.
GHSA-jf85-cpcp-j695 Prototype Pollution in lodashGHSA-jf85-cpcp-j695 Prototype Pollution in lodashGHSA-93q8-gq69-wqmw Inefficient Regular Expression Complexity in chalk/ansi-regexGHSA-3xgq-45jj-v275 Regular Expression Denial of Service (ReDoS) in cross-spawnGHSA-p28h-cc7q-c4fg css-what vulnerable to ReDoS due to use of insecure regular expressionGHSA-rc47-6667-2j5j http-cache-semantics vulnerable to Regular Expression Denial of ServiceGHSA-35jh-r3h4-6jhm Command Injection in lodashGHSA-4xc9-xhrj-v574 Prototype Pollution in lodashGHSA-p6mc-m468-83gw Prototype Pollution in lodashGHSA-35jh-r3h4-6jhm Command Injection in lodashGHSA-p6mc-m468-83gw Prototype Pollution in lodashGHSA-r5fr-rjxr-66jc lodash vulnerable to Code Injection via `_.template` imports key namesGHSA-r683-j2x4-v87g node-fetch forwards secure headers to untrusted sitesGHSA-rp65-9cf3-cjxr Inefficient Regular Expression Complexity in nth-checkGHSA-c2qf-rxjj-qqgw semver vulnerable to Regular Expression Denial of ServiceGHSA-w5p7-h5w8-2hfq Regular Expression Denial of Service in trimGHSA-c4w7-xm78-47vh Prototype Pollution in y18nGHSA-r6h4-mm7h-8pmq PyMdown Extensions has a ReDOS bug in its Figure Capture extensionGHSA-gxpj-cx7g-858c Regular Expression Denial of Service in debugGHSA-w7rc-rwvf-8q5r The `size` option isn't honored after following a redirect in node-fetchGHSA-62q4-447f-wv8h Regression in pymdownx.snippets reintroduces sibling-prefix path traversal bypass despite restrict_base_pathGHSA-65pc-fj4g-8rjx Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fixGHSA-pfrx-2q88-qq97 Got allows a redirect to a UNIX socketGHSA-f23m-r3pf-42rh lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`GHSA-fvqr-27wr-82fm Prototype Pollution in lodashCode that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
Nothing found by this check. ✓
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
scorecard-overall OpenSSF Scorecard overall: 3.8/10scorecard-CI-Tests CI-Tests scored 0: 0 out of 22 merged PRs checked by a CI test -- score normalized to 0scorecard-CII-Best-Practices CII-Best-Practices scored 0: no effort to earn an OpenSSF best practices badge detectedscorecard-Fuzzing Fuzzing scored 0: project is not fuzzedscorecard-License License scored 0: license file not detectedscorecard-Maintained Maintained scored 0: 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0scorecard-SAST SAST scored 0: SAST tool is not run on all commits -- score normalized to 0scorecard-Security-Policy Security-Policy scored 0: security policy file not detectedscorecard-Vulnerabilities Vulnerabilities scored 0: 23 existing vulnerabilities detected