Is hummus safe to use?

hummus has 2 known vulnerabilities on the latest version (1.0.118). DepScope rates its health at 53/100 (high risk).

What is the latest version of hummus?

The latest version of hummus is 1.0.118, released 2025-11-10.

Does hummus have known vulnerabilities?

Yes. hummus has 2 known vulnerabilities. See depscope.dev/pkg/npm/hummus for details.

Is hummus deprecated?

No, hummus is actively maintained. Latest release: 1.0.118 (2025-11-10).

What are alternatives to hummus?

Popular alternatives to hummus in npm include: semver, debug, ansi-styles, minimatch, brace-expansion.

What license does hummus use?

hummus is licensed under Apache-2.0.

hummus

npmv1.0.118

Create, read and modify PDF files and streams

License Apache-2.0permissive118 versions1 maintainers1 deps4,265 weekly dl

galkahana/HummusJS

/ 100

Health

update required

[email protected] has vulnerabilities — update to latest

Update to >= 2.6.0 to fix known vulnerabilities

Moderate health score (53/100) — verify manually
2 high severity vulnerabilities

Health breakdown0 – 100

15/25

maintenance

6/20

popularity

15/25

security

15/15

maturity

2/15

community

Vulnerabilities

2 high

Advisories (2)

Severity	ID	Summary	Fixed in
high	CVE-2022-41957	muhammara and hummus vulnerable to Unchecked Return Value to NULL Pointer Dereference	2.6.2
high	CVE-2022-25885	muhammara and hummus vulnerable to null pointer dereference on bad response object	2.6.0

Bundle & TypeScript

📦

Bundle Size

188.3 KBminified

50.7 KB gzipped

1 direct dependencies

side effects

🌟

TypeScript

10/10typed

bundled

Health History

Dependency Tree

License Audit

Dependencies (1)

@mapbox/node-pre-gyp

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/hummus

hummus

npmv1.0.118

Create, read and modify PDF files and streams

License Apache-2.0permissive118 versions1 maintainers1 deps4,265 weekly dl

galkahana/HummusJS

/ 100

Health

update required

[email protected] has vulnerabilities — update to latest

Update to >= 2.6.0 to fix known vulnerabilities

Moderate health score (53/100) — verify manually
2 high severity vulnerabilities

Health breakdown0 – 100

15/25

maintenance

6/20

popularity

15/25

security

15/15

maturity

2/15

community

Vulnerabilities

2 high

Advisories (2)

Severity	ID	Summary	Fixed in
high	CVE-2022-41957	muhammara and hummus vulnerable to Unchecked Return Value to NULL Pointer Dereference	2.6.2
high	CVE-2022-25885	muhammara and hummus vulnerable to null pointer dereference on bad response object	2.6.0

Bundle & TypeScript

📦

Bundle Size

188.3 KBminified

50.7 KB gzipped

1 direct dependencies

side effects

🌟

TypeScript

10/10typed

bundled

Health History

Dependency Tree

License Audit

Dependencies (1)

@mapbox/node-pre-gyp

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/hummus