Is csrf-sync safe to use?

csrf-sync has no known vulnerabilities on the latest version (4.2.1). DepScope rates its health at 56/100 (high risk).

What is the latest version of csrf-sync?

The latest version of csrf-sync is 4.2.1, released 2025-05-10.

No known vulnerabilities on the latest version of csrf-sync.

No, csrf-sync is actively maintained. Latest release: 4.2.1 (2025-05-10).

Popular alternatives to csrf-sync in npm include: debug, minimatch, ansi-styles, brace-expansion, strip-ansi.

csrf-sync is licensed under ISC.

npmv4.2.1

A utility package to help implement stateful CSRF protection using the Synchroniser Token Pattern in express.

License ISCpermissive14 versions1 maintainers1 deps87,859 weekly dl

/ 100

Health

safe to use

[email protected] is safe to use (health: 56/100)

Health breakdown0 – 100

10/25

maintenance

10/20

popularity

25/25

security

9/15

maturity

2/15

community

Vulnerabilities

none known

🌟

10/10typed

bundled

Dependencies (1)

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/csrf-sync