Informational scan, not a security audit. How this is computed.
API keys, passwords or tokens committed into the repo.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
Packages you depend on that have known security holes (CVEs).
CVE-2025-7783 form-data: Unsafe random function in form-dataCVE-2019-10744 nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying propertiesCVE-2021-44906 minimist: prototype pollutionCVE-2025-7783 form-data: Unsafe random function in form-dataCVE-2025-7783 form-data: Unsafe random function in form-dataCVE-2023-26920 fast-xml-parser vulnerable to Prototype Pollution through tag or attribute nameCVE-2026-41650 fast-xml-parser: fast-xml-parser: XML injection via improper escaping of comment and CDATA sequencesCVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actorCVE-2023-26920 fast-xml-parser vulnerable to Prototype Pollution through tag or attribute nameCVE-2026-41650 fast-xml-parser: fast-xml-parser: XML injection via improper escaping of comment and CDATA sequencesCVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actorCVE-2023-26920 fast-xml-parser vulnerable to Prototype Pollution through tag or attribute nameCVE-2026-41650 fast-xml-parser: fast-xml-parser: XML injection via improper escaping of comment and CDATA sequencesCVE-2020-28496 Denial of service in threeCVE-2023-26920 fast-xml-parser vulnerable to Prototype Pollution through tag or attribute nameCVE-2026-41650 fast-xml-parser: fast-xml-parser: XML injection via improper escaping of comment and CDATA sequencesCVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actorCVE-2026-33750 brace-expansion: brace-expansion: Denial of Service via zero step value in brace patternCVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand functionCVE-2026-26996 minimatch: minimatch: Denial of Service via specially crafted glob patternsCVE-2026-27903 minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patternsCVE-2026-27904 minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressionsCVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actorCVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actorCVE-2023-26920 fast-xml-parser vulnerable to Prototype Pollution through tag or attribute nameYour dependencies cross-checked against the OSV vulnerability database.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
Code that can be exploited — injection, hardcoded credentials and similar.
Nothing found by this check. ✓
Packages that look intentionally malicious — typosquats, sneaky install scripts.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.
A signal about how the project is maintained — not a vulnerability in your code. It doesn’t affect the verdict above.
Maintenance & supply-chain hygiene. A signal about the project — not a vulnerability in your code.
This check didn’t finish — that’s not the same as “clean.” Try Check again above.