Is marko safe to use?

marko has 1 known vulnerabilities on the latest version (5.38.37). DepScope rates its health at 68/100 (moderate risk).

What is the latest version of marko?

The latest version of marko is 5.38.37, released 2026-04-24.

Does marko have known vulnerabilities?

Yes. marko has 1 known vulnerabilities. See depscope.dev/pkg/npm/marko for details.

No, marko is actively maintained. Latest release: 5.38.37 (2026-04-24).

What are alternatives to marko?

Popular alternatives to marko in npm include: semver, ansi-styles, minimatch, debug, brace-expansion.

marko

npmv5.38.37

UI Components + streaming, async, high performance, HTML templating for Node.js and the browser.

License MITpermissive1289 versions7 maintainers15 deps

marko-js/marko

/ 100

Health

safe to use

[email protected] is safe to use (health: 68/100)

Update to >= 6.0.164 to fix known vulnerabilities

Health breakdown0 – 100

25/25

maintenance

0/20

popularity

23/25

security

15/15

maturity

5/15

community

Vulnerabilities

1 medium

Advisories (1)

Severity	ID	Summary	Fixed in
medium	CVE-2026-41591	Marko: XSS via case-insensitive script/style closing tag bypass in runtime HTML escaping	6.0.164

Bundle & TypeScript

🌟

TypeScript

10/10typed

bundled

Health History

Dependency Tree

License Audit

Dependencies (15)

argly warp10 csstype complain minimatch raptor-util events-light magic-string resolve-from @marko/compiler app-module-path listener-tracker self-closing-tags @marko/runtime-tags browser-refresh-client

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/marko