Is @kong/spec-renderer safe to use?

@kong/spec-renderer has 1 known vulnerabilities on the latest version (1.107.15). DepScope rates its health at 57/100 (high risk).

What is the latest version of @kong/spec-renderer?

The latest version of @kong/spec-renderer is 1.107.15, released 2026-04-24.

Does @kong/spec-renderer have known vulnerabilities?

Yes. @kong/spec-renderer has 1 known vulnerabilities. See depscope.dev/pkg/npm/@kong/spec-renderer for details.

Is @kong/spec-renderer deprecated?

No, @kong/spec-renderer is actively maintained. Latest release: 1.107.15 (2026-04-24).

What are alternatives to @kong/spec-renderer?

Popular alternatives to @kong/spec-renderer in npm include: semver, ansi-styles, minimatch, debug, brace-expansion.

What license does @kong/spec-renderer use?

@kong/spec-renderer is licensed under Apache-2.0.

@kong/spec-renderer

npmv1.107.15

Kong's open-source spec renderer

License Apache-2.0permissive563 versions1 maintainers19 deps

Kong/spec-renderer

/ 100

Health

do not use

@kong/spec-renderer has critical vulnerabilities — do not use

1 critical vulnerabilities

Health breakdown0 – 100

25/25

maintenance

0/20

popularity

15/25

security

15/15

maturity

2/15

community

Vulnerabilities

1 critical

Advisories (1)

Severity	ID	Summary	Fixed in
critical	GHSA-3r2q-8jxp-mjmh	Malicious code in @kong/spec-renderer (npm)	—

Bundle & TypeScript

🌟

TypeScript

10/10typed

bundled

Health History

Dependency Tree

License Audit

Dependencies (19)

shiki flatted lodash-es @kong/icons allof-merge httpsnippet markdown-it @vueuse/core sanitize-html @stoplight/json @stoplight/yaml form-urlencoded @asyncapi/parser @floating-ui/vue @stoplight/types @stoplight/http-spec @asyncapi/avro-schema-parser @asyncapi/openapi-schema-parser @apidevtools/json-schema-ref-parser

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/@kong/spec-renderer