Is path-extend safe to use?

path-extend has no known vulnerabilities on the latest version (1.0.8). DepScope rates its health at 61/100 (moderate risk).

What is the latest version of path-extend?

The latest version of path-extend is 1.0.8, released 2026-04-17.

Does path-extend have known vulnerabilities?

No known vulnerabilities on the latest version of path-extend.

Is path-extend deprecated?

No, path-extend is actively maintained. Latest release: 1.0.8 (2026-04-17).

What are alternatives to path-extend?

Popular alternatives to path-extend in npm include: semver, ansi-styles, debug, minimatch, brace-expansion.

What license does path-extend use?

path-extend is licensed under ISC.

path-extend

npmv1.0.8

Node.js path module

License ISCpermissive9 versions1 maintainers7 deps576 weekly dl

/ 100

Health

do not use

Do not install. Package is flagged as malicious (advisory MAL-2026-2929).

Health breakdown0 – 100

25/25

maintenance

3/20

popularity

25/25

security

6/15

maturity

2/15

community

Vulnerabilities

none known

Bundle & TypeScript

📦

Bundle Size

13.0 KBminified

4.6 KB gzipped

7 direct dependencies

side effects

🌟

TypeScript

0/10untyped

No type definitions available

⚠ Malicious package

This package is flagged as malicious by the OpenSSF/OSV community feed. Do not install.

Advisory: MAL-2026-2929 — Malicious code in path-extend (npm)

Health History

Dependency Tree

License Audit

Dependencies (7)

axios execp fs process request path util

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/path-extend