Is csrf-csrf safe to use?

csrf-csrf has no known vulnerabilities on the latest version (4.0.3). DepScope rates its health at 49/100 (high risk).

What is the latest version of csrf-csrf?

The latest version of csrf-csrf is 4.0.3, released 2025-05-27.

Does csrf-csrf have known vulnerabilities?

No known vulnerabilities on the latest version of csrf-csrf.

Is csrf-csrf deprecated?

No, csrf-csrf is actively maintained. Latest release: 4.0.3 (2025-05-27).

What are alternatives to csrf-csrf?

Popular alternatives to csrf-csrf in npm include: semver, ms, lru-cache, supports-color, ansi-regex.

What license does csrf-csrf use?

csrf-csrf is licensed under ISC.

csrf-csrf

npmv4.0.3

A utility package to help implement stateless CSRF protection using the Double Submit Cookie Pattern in express.

License ISCpermissive30 versions1 maintainers1 deps

Psifi-Solutions/csrf-csrf

/ 100

Health

safe to use

[email protected] is safe to use (health: 49/100)

Health breakdown0 – 100

10/25

maintenance

0/20

popularity

25/25

security

12/15

maturity

2/15

community

Vulnerabilities

none known

Bundle & TypeScript

📦

Bundle Size

8.6 KBminified

3.5 KB gzipped

1 direct dependencies

side effects

🌟

TypeScript

10/10typed

bundled

Health History

Dependency Tree

License Audit

Dependencies (1)

http-errors

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/csrf-csrf