Is lodash.defaultsdeep safe to use?

lodash.defaultsdeep has 1 known vulnerabilities on the latest version (4.6.1). DepScope rates its health at 60/100 (moderate risk).

What is the latest version of lodash.defaultsdeep?

The latest version of lodash.defaultsdeep is 4.6.1, released 2019-07-10.

Does lodash.defaultsdeep have known vulnerabilities?

Yes. lodash.defaultsdeep has 1 known vulnerabilities. See depscope.dev/pkg/npm/lodash.defaultsdeep for details.

Is lodash.defaultsdeep deprecated?

No, lodash.defaultsdeep is actively maintained. Latest release: 4.6.1 (2019-07-10).

What are alternatives to lodash.defaultsdeep?

Popular alternatives to lodash.defaultsdeep in npm include: minimatch, commander, eslint-visitor-keys, ajv, color-name.

What license does lodash.defaultsdeep use?

lodash.defaultsdeep is licensed under MIT.

lodash.defaultsdeep

npmv4.6.1

The Lodash method `_.defaultsDeep` exported as a module.

License MITpermissive20 versions2 maintainers0 deps1,354,369 weekly dl

lodash/lodash

/ 100

Health

do not use

lodash.defaultsdeep has critical vulnerabilities — do not use

Update to >= 4.17.12 to fix known vulnerabilities

1 critical vulnerabilities

Health breakdown0 – 100

0/25

maintenance

17/20

popularity

15/25

security

15/15

maturity

13/15

community

Vulnerabilities

1 critical

Advisories (1)

Severity	ID	Summary	Fixed in
critical	CVE-2019-10744	Prototype Pollution in lodash	4.17.12

Bundle & TypeScript

📦

Bundle Size

9.3 KBminified

3.5 KB gzipped

0 direct dependencies

side effects

🌟

TypeScript

7/10typed

Types from @types/lodash.defaultsdeep (DefinitelyTyped)

Quality signals

Publish security

npm signed

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/lodash.defaultsdeep