Is elliptic safe to use?

elliptic has 1 known vulnerabilities on the latest version (6.6.1). DepScope rates its health at 67/100 (moderate risk).

What is the latest version of elliptic?

The latest version of elliptic is 6.6.1, released 2024-11-13.

Does elliptic have known vulnerabilities?

Yes. elliptic has 1 known vulnerabilities. See depscope.dev/pkg/npm/elliptic for details.

Is elliptic deprecated?

No, elliptic is actively maintained. Latest release: 6.6.1 (2024-11-13).

What are alternatives to elliptic?

Popular alternatives to elliptic in npm include: ?, semver, minimatch, debug, brace-expansion.

What license does elliptic use?

elliptic is licensed under MIT.

elliptic

npmv6.6.1

EC cryptography

License MITpermissive86 versions1 maintainers7 deps15,145,830 weekly dl

indutny/elliptic

/ 100

Health

use with caution

[email protected] low health (67/100) — consider alternatives

Moderate health score (67/100) — verify manually

Health breakdown0 – 100

0/25

maintenance

20/20

popularity

25/25

security

15/15

maturity

7/15

community

0/15

popularity_floor

Vulnerabilities

1 low

Advisories (1)

Severity	ID	Summary	Fixed in
low	CVE-2025-14505	Elliptic Uses a Cryptographic Primitive with a Risky Implementation	—

Bundle & TypeScript

📦

Bundle Size

130.8 KBminified

46.3 KB gzipped

7 direct dependencies

side effects

🌟

TypeScript

7/10typed

Types from @types/elliptic (DefinitelyTyped)

Quality signals

Download trend

stable(0%)

Publish security

npm signed

Health History

Dependency Tree

License Audit

Dependencies (7)

bn.js brorand hash.js hmac-drbg inherits minimalistic-assert minimalistic-crypto-utils

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/elliptic