Is apollo-server safe to use?

apollo-server has 1 known vulnerabilities on the latest version (3.13.0). DepScope rates its health at 21/100 (critical risk).

What is the latest version of apollo-server?

The latest version of apollo-server is 3.13.0, released 2023-11-14.

Does apollo-server have known vulnerabilities?

Yes. apollo-server has 1 known vulnerabilities. See depscope.dev/pkg/npm/apollo-server for details.

Is apollo-server deprecated?

Yes, apollo-server is deprecated: The `apollo-server` package is part of Apollo Server v2 and v3, which are now end-of-life (as of October 22nd 2023 and October 22nd 2024, respectively). This package's functionality is now found in the `@apollo/server` package. See https://www.apollographql.com/docs/apollo-server/previous-versions/ for more details. Consider using semver instead.

What are alternatives to apollo-server?

Popular alternatives to apollo-server in npm include: semver, debug, ansi-styles, minimatch, brace-expansion.

What license does apollo-server use?

apollo-server is licensed under MIT.

apollo-server

npmv3.13.0deprecated

Production ready GraphQL Server

License MITpermissive320 versions1 maintainers4 deps206,487 weekly dl

apollographql/apollo-server

/ 100

Health

find alternative

apollo-server is deprecated — find an alternative

Update to >= 5.4.0 to fix known vulnerabilities

Low health score (21/100)
1 high severity vulnerabilities
Package is deprecated

Health breakdown0 – 100

0/25

maintenance

14/20

popularity

20/25

security

15/15

maturity

2/15

community

Vulnerabilities

1 high

Advisories (1)

Severity	ID	Summary	Fixed in
high	CVE-2026-23897	Apollo Serve vulnerable to Denial of Service with `startStandaloneServer`	5.4.0

Bundle & TypeScript

🌟

TypeScript

10/10typed

bundled

Health History

Dependency Tree

License Audit

Dependencies (4)

express @types/express apollo-server-core apollo-server-express

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/apollo-server