Is underscore-keypath safe to use?

underscore-keypath has 1 known vulnerabilities on the latest version (0.9.3). DepScope rates its health at 47/100 (high risk).

What is the latest version of underscore-keypath?

The latest version of underscore-keypath is 0.9.3, released 2016-02-12.

Does underscore-keypath have known vulnerabilities?

Yes. underscore-keypath has 1 known vulnerabilities. See depscope.dev/pkg/npm/underscore-keypath for details.

Is underscore-keypath deprecated?

No, underscore-keypath is actively maintained. Latest release: 0.9.3 (2016-02-12).

What are alternatives to underscore-keypath?

Popular alternatives to underscore-keypath in npm include: semver, debug, ansi-styles, minimatch, brace-expansion.

What license does underscore-keypath use?

underscore-keypath is licensed under EPL-1.0.

underscore-keypath

npmv0.9.3

Adds Key-Path mechanism extensions for underscore

License EPL-1.0weak copyleft21 versions1 maintainers1 deps14,520 weekly dl

jeeeyul/underscore-keypath

/ 100

Health

update required

[email protected] has vulnerabilities — update to latest

Moderate health score (47/100) — verify manually
1 high severity vulnerabilities

Health breakdown0 – 100

0/25

maintenance

10/20

popularity

20/25

security

15/15

maturity

2/15

community

Vulnerabilities

1 high

Advisories (1)

Severity	ID	Summary	Fixed in
high	CVE-2023-26139	underscore-keypath vulnerable to Prototype Pollution	—

Bundle & TypeScript

📦

Bundle Size

33.0 KBminified

9.2 KB gzipped

1 direct dependencies

side effects

🌟

TypeScript

0/10untyped

No type definitions available

Health History

Dependency Tree

License Audit

Dependencies (1)

underscore

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/underscore-keypath