Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
Packages you depend on that have known security holes (CVEs).
CVE-2025-7783 form-data: Unsafe random function in form-dataCVE-2025-7783 form-data: Unsafe random function in form-dataCVE-2021-3918 nodejs-json-schema: Prototype pollution vulnerabilityCVE-2019-10744 nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying propertiesCVE-2021-44906 minimist: prototype pollutionGHSA-28xh-wpgr-7fm8 Command Injection in openNSWG-ECO-433 Command Injection - GenericCVE-2025-69873 ajv: ReDoS via $data referenceCVE-2024-45590 body-parser: Denial of Service Vulnerability in body-parserCVE-2026-33750 brace-expansion: brace-expansion: Denial of Service via zero step value in brace patternCVE-2024-4068 braces: fails to limit the number of characters it can handleCVE-2024-4068 braces: fails to limit the number of characters it can handleCVE-2017-20165 A vulnerability classified as problematic has been found in debug-js d ...CVE-2026-12143 form-data is a library for creating readable multipart/form-data strea ...CVE-2026-12143 form-data is a library for creating readable multipart/form-data strea ...CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()CVE-2018-16487 lodash: Prototype pollution in utilities functionCVE-2021-23337 nodejs-lodash: command injection via templateCVE-2026-2950 lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypassCVE-2026-4800 lodash: lodash: Arbitrary code execution via untrusted input in template importsCVE-2025-13465 lodash: prototype pollution in _.unset and _.omit functionsCVE-2026-2950 lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypassCVE-2026-4800 lodash: lodash: Arbitrary code execution via untrusted input in template importsCVE-2024-4067 micromatch: vulnerable to Regular Expression Denial of ServiceCVE-2024-4067 micromatch: vulnerable to Regular Expression Denial of ServiceYour dependencies cross-checked against the OSV vulnerability database.
GHSA-fjxv-7rqg-78g4 form-data uses unsafe random function in form-data for choosing boundaryGHSA-fjxv-7rqg-78g4 form-data uses unsafe random function in form-data for choosing boundaryGHSA-896r-f27r-55mw json-schema is vulnerable to Prototype PollutionGHSA-jf85-cpcp-j695 Prototype Pollution in lodashGHSA-xvch-5gv4-984h Prototype Pollution in minimistGHSA-28xh-wpgr-7fm8 Command Injection in openGHSA-2g4f-4pwh-qvx6 ajv has ReDoS when using `$data` optionGHSA-qwcr-r2fm-qrc7 body-parser vulnerable to denial of service when url encoding is enabledGHSA-f886-m6hf-6m8v brace-expansion: Zero-step sequence causes process hang and memory exhaustionGHSA-grv7-fg5c-xmjg Uncontrolled resource consumption in bracesGHSA-grv7-fg5c-xmjg Uncontrolled resource consumption in bracesGHSA-9vvw-cc9w-f27h debug Inefficient Regular Expression Complexity vulnerabilityGHSA-hmw2-7cc7-3qxx form-data: CRLF injection in form-data via unescaped multipart field names and filenamesGHSA-hmw2-7cc7-3qxx form-data: CRLF injection in form-data via unescaped multipart field names and filenamesGHSA-43f8-2h32-f4cj Regular Expression Denial of Service in hosted-git-infoGHSA-35jh-r3h4-6jhm Command Injection in lodashGHSA-4xc9-xhrj-v574 Prototype Pollution in lodashGHSA-f23m-r3pf-42rh lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`GHSA-fvqr-27wr-82fm Prototype Pollution in lodashGHSA-f23m-r3pf-42rh lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`GHSA-r5fr-rjxr-66jc lodash vulnerable to Code Injection via `_.template` imports key namesGHSA-xxjr-mmjv-4gpg Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functionsGHSA-35jh-r3h4-6jhm Command Injection in lodashGHSA-35jh-r3h4-6jhm Command Injection in lodashGHSA-35jh-r3h4-6jhm Command Injection in lodashCode that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.