Is @backstage/backend-app-api safe to use?

@backstage/backend-app-api has 1 known vulnerabilities on the latest version (1.6.1). DepScope rates its health at 78/100 (moderate risk).

What is the latest version of @backstage/backend-app-api?

The latest version of @backstage/backend-app-api is 1.6.1, released 2026-04-14.

Does @backstage/backend-app-api have known vulnerabilities?

Yes. @backstage/backend-app-api has 1 known vulnerabilities. See depscope.dev/pkg/npm/@backstage/backend-app-api for details.

Is @backstage/backend-app-api deprecated?

No, @backstage/backend-app-api is actively maintained. Latest release: 1.6.1 (2026-04-14).

What are alternatives to @backstage/backend-app-api?

Popular alternatives to @backstage/backend-app-api in npm include: debug, minimatch, ansi-styles, brace-expansion, strip-ansi.

What license does @backstage/backend-app-api use?

@backstage/backend-app-api is licensed under Apache-2.0.

@backstage/backend-app-api

npmv1.6.1

Core API used by Backstage backend apps

License Apache-2.0permissive1329 versions3 maintainers3 deps232,533 weekly dl

backstage/backstage

/ 100

Health

update required

@backstage/[email protected] has vulnerabilities — update to latest

Update to >= 0.5.9-next.1 to fix known vulnerabilities

1 high severity vulnerabilities

Health breakdown0 – 100

25/25

maintenance

14/20

popularity

20/25

security

15/15

maturity

4/15

community

Vulnerabilities

1 high

Advisories (1)

Severity	ID	Summary	Fixed in
high	CVE-2023-6944	@backstage/backend-app-api leaks GitLab access tokens	0.5.9-next.1

Bundle & TypeScript

🌟

TypeScript

10/10typed

bundled

Health History

Dependency Tree

License Audit

Dependencies (3)

@backstage/config @backstage/errors @backstage/backend-plugin-api

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/@backstage/backend-app-api