Is tailwind-merge-v2 safe to use?

tailwind-merge-v2 has 1 known vulnerabilities on the latest version (0.0.1-security). DepScope rates its health at 30/100 (critical risk).

What is the latest version of tailwind-merge-v2?

The latest version of tailwind-merge-v2 is 0.0.1-security, released 2026-01-16.

Does tailwind-merge-v2 have known vulnerabilities?

Yes. tailwind-merge-v2 has 1 known vulnerabilities. See depscope.dev/pkg/npm/tailwind-merge-v2 for details.

Is tailwind-merge-v2 deprecated?

No, tailwind-merge-v2 is actively maintained. Latest release: 0.0.1-security (2026-01-16).

What are alternatives to tailwind-merge-v2?

Popular alternatives to tailwind-merge-v2 in npm include: semver, debug, ansi-styles, minimatch, brace-expansion.

What license does tailwind-merge-v2 use?

License information for tailwind-merge-v2 is not declared in the registry metadata.

tailwind-merge-v2

npmv0.0.1-security

security holding package

1 versions0 deps2 weekly dl

npm/security-holder

/ 100

Health

do not use

Do not install. Package is flagged as malicious (advisory MAL-2026-315).

Health breakdown0 – 100

15/25

maintenance

0/20

popularity

15/25

security

0/15

maturity

0/15

community

Vulnerabilities

1 critical

Advisories (1)

Severity	ID	Summary	Fixed in
critical	GHSA-53q4-wj32-3vv9	Malicious code in tailwind-merge-v2 (npm)	—

Bundle & TypeScript

🌟

TypeScript

0/10untyped

No type definitions available

⚠ Malicious package

This package is flagged as malicious by the OpenSSF/OSV community feed. Do not install.

Advisory: MAL-2026-315 — Malicious code in tailwind-merge-v2 (npm)

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/tailwind-merge-v2

tailwind-merge-v2

npmv0.0.1-security

security holding package

1 versions0 deps2 weekly dl

npm/security-holder

/ 100

Health

do not use

Do not install. Package is flagged as malicious (advisory MAL-2026-315).

Health breakdown0 – 100

15/25

maintenance

0/20

popularity

15/25

security

0/15

maturity

0/15

community

Vulnerabilities

1 critical

Advisories (1)

Severity	ID	Summary	Fixed in
critical	GHSA-53q4-wj32-3vv9	Malicious code in tailwind-merge-v2 (npm)	—

Bundle & TypeScript

🌟

TypeScript

0/10untyped

No type definitions available

⚠ Malicious package

This package is flagged as malicious by the OpenSSF/OSV community feed. Do not install.

Advisory: MAL-2026-315 — Malicious code in tailwind-merge-v2 (npm)

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/tailwind-merge-v2