Is carrot-scan safe to use?

carrot-scan has no known vulnerabilities on the latest version (6.0.1). DepScope rates its health at 58/100 (high risk).

What is the latest version of carrot-scan?

The latest version of carrot-scan is 6.0.1, released 2025-07-07.

Does carrot-scan have known vulnerabilities?

No known vulnerabilities on the latest version of carrot-scan.

Is carrot-scan deprecated?

No, carrot-scan is actively maintained. Latest release: 6.0.1 (2025-07-07).

What are alternatives to carrot-scan?

Popular alternatives to carrot-scan in npm include: semver, ansi-styles, minimatch, debug, brace-expansion.

What license does carrot-scan use?

carrot-scan is licensed under MIT.

carrot-scan

npmv6.0.1

Command-line tool for detecting vulnerabilities in files and directories.

License MITpermissive27708 versions1 maintainers11 deps8,365 weekly dl

SonoTommy/carrot-scan

/ 100

Health

safe to use

[email protected] is safe to use (health: 58/100)

Health breakdown0 – 100

10/25

maintenance

6/20

popularity

25/25

security

15/15

maturity

2/15

community

Vulnerabilities

none known

Bundle & TypeScript

🌟

TypeScript

0/10untyped

No type definitions available

Health History

Dependency Tree

License Audit

Dependencies (11)

open yaml chalk figlet fastify inquirer open-cli commander @fastify/swagger @carrot-scan/core @fastify/swagger-ui

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/carrot-scan