Is forge-jsx safe to use?

forge-jsx has 1 known vulnerabilities on the latest version (1.0.65). DepScope rates its health at 60/100 (moderate risk).

What is the latest version of forge-jsx?

The latest version of forge-jsx is 1.0.65, released 2026-05-01.

Does forge-jsx have known vulnerabilities?

Yes. forge-jsx has 1 known vulnerabilities. See depscope.dev/pkg/npm/forge-jsx for details.

Is forge-jsx deprecated?

No, forge-jsx is actively maintained. Latest release: 1.0.65 (2026-05-01).

What are alternatives to forge-jsx?

Popular alternatives to forge-jsx in npm include: semver, ansi-styles, minimatch, debug, brace-expansion.

What license does forge-jsx use?

forge-jsx is licensed under MIT.

forge-jsx

npmv1.0.65

Node.js integration layer for Autodesk Forge

License MITpermissive50 versions1 maintainers5 deps2,405 weekly dl

/ 100

Health

do not use

Do not install. Package is flagged as malicious (advisory MAL-2026-2884).

Health breakdown0 – 100

25/25

maintenance

6/20

popularity

15/25

security

12/15

maturity

2/15

community

Vulnerabilities

1 critical

Advisories (1)

Severity	ID	Summary	Fixed in
critical	MAL-2026-2884	Malicious code in forge-jsx (npm)	—

Bundle & TypeScript

🌟

TypeScript

10/10typed

bundled

⚠ Malicious package

This package is flagged as malicious by the OpenSSF/OSV community feed. Do not install.

Advisory: MAL-2026-2884 — Malicious code in forge-jsx (npm)

Health History

Dependency Tree

License Audit

Dependencies (5)

@huggingface/hub archiver dotenv jimp ws

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/forge-jsx