Is safe-eval safe to use?

safe-eval has 5 known vulnerabilities on the latest version (0.4.1). DepScope rates its health at 29/100 (critical risk).

What is the latest version of safe-eval?

The latest version of safe-eval is 0.4.1, released 2018-07-27.

Does safe-eval have known vulnerabilities?

Yes. safe-eval has 5 known vulnerabilities. See depscope.dev/pkg/npm/safe-eval for details.

Is safe-eval deprecated?

No, safe-eval is actively maintained. Latest release: 0.4.1 (2018-07-27).

What are alternatives to safe-eval?

Popular alternatives to safe-eval in npm include: semver, ansi-styles, debug, minimatch, brace-expansion.

What license does safe-eval use?

safe-eval is licensed under MIT.

safe-eval

npmv0.4.1

Safer version of eval()

License MITpermissive6 versions1 maintainers0 deps29,093 weekly dl

hacksparrow/safe-eval

/ 100

Health

do not use

safe-eval has critical vulnerabilities — do not use

Moderate health score (29/100) — verify manually
1 high severity vulnerabilities
4 critical vulnerabilities

Health breakdown0 – 100

0/25

maintenance

10/20

popularity

0/25

security

15/15

maturity

4/15

community

Vulnerabilities

4 critical1 high

Advisories (5)

Severity	ID	Summary	Fixed in
critical	CVE-2022-25904	safe-eval vulnerable to Prototype Pollution	—
critical	CVE-2023-26122	safe-eval vulnerable to Sandbox Bypass due to improper input sanitization	—
high	GHSA-9pcf-h8q9-63f6	Sandbox Breakout / Arbitrary Code Execution in safe-eval	—
critical	CVE-2023-26121	safe-eval vulnerable to Prototype Pollution via the safeEval function	—
critical	CVE-2020-7710	Sandbox Breakout / Arbitrary Code Execution in safe-eval	—

Bundle & TypeScript

📦

Bundle Size

0.7 KBminified

0.4 KB gzipped

0 direct dependencies

side effects

🌟

TypeScript

0/10untyped

No type definitions available

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/safe-eval

safe-eval

npmv0.4.1

Safer version of eval()

License MITpermissive6 versions1 maintainers0 deps29,093 weekly dl

hacksparrow/safe-eval

/ 100

Health

do not use

safe-eval has critical vulnerabilities — do not use

Moderate health score (29/100) — verify manually
1 high severity vulnerabilities
4 critical vulnerabilities

Health breakdown0 – 100

0/25

maintenance

10/20

popularity

0/25

security

15/15

maturity

4/15

community

Vulnerabilities

4 critical1 high

Advisories (5)

Severity	ID	Summary	Fixed in
critical	CVE-2022-25904	safe-eval vulnerable to Prototype Pollution	—
critical	CVE-2023-26122	safe-eval vulnerable to Sandbox Bypass due to improper input sanitization	—
high	GHSA-9pcf-h8q9-63f6	Sandbox Breakout / Arbitrary Code Execution in safe-eval	—
critical	CVE-2023-26121	safe-eval vulnerable to Prototype Pollution via the safeEval function	—
critical	CVE-2020-7710	Sandbox Breakout / Arbitrary Code Execution in safe-eval	—

Bundle & TypeScript

📦

Bundle Size

0.7 KBminified

0.4 KB gzipped

0 direct dependencies

side effects

🌟

TypeScript

0/10untyped

No type definitions available

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/safe-eval