Is @angular/ssr safe to use?

@angular/ssr has 2 known vulnerabilities on the latest version (21.2.9). DepScope rates its health at 60/100 (moderate risk).

What is the latest version of @angular/ssr?

The latest version of @angular/ssr is 21.2.9, released 2026-04-29.

Does @angular/ssr have known vulnerabilities?

Yes. @angular/ssr has 2 known vulnerabilities. See depscope.dev/pkg/npm/@angular/ssr for details.

Is @angular/ssr deprecated?

No, @angular/ssr is actively maintained. Latest release: 21.2.9 (2026-04-29).

What are alternatives to @angular/ssr?

Popular alternatives to @angular/ssr in npm include: semver, debug, ansi-styles, minimatch, brace-expansion.

What license does @angular/ssr use?

@angular/ssr is licensed under MIT.

@angular/ssr

npmv21.2.9

Angular server side rendering utilities

License MITpermissive320 versions2 maintainers1 deps398,135 weekly dl

angular/angular-cli

/ 100

Health

update required

@angular/[email protected] has vulnerabilities — update to latest

Update to >= 21.0.0-next.8 to fix known vulnerabilities

Moderate health score (60/100) — verify manually
2 high severity vulnerabilities

Health breakdown0 – 100

25/25

maintenance

14/20

popularity

15/25

security

15/15

maturity

11/15

community

Vulnerabilities

2 high

Advisories (2)

Severity	ID	Summary	Fixed in
high	CVE-2025-59052	Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage	21.0.0-next.3
high	CVE-2025-62427	Angular SSR has a Server-Side Request Forgery (SSRF) flaw	21.0.0-next.8

Bundle & TypeScript

📦

Bundle Size

198.8 KBminified

73.9 KB gzipped

1 direct dependencies

ESMscoped

🌟

TypeScript

10/10typed

bundled

Health History

Dependency Tree

License Audit

Dependencies (1)

tslib

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/@angular/ssr