About
Community
coveredca.com
160 packages
Last scanned on Jan 19 at 09:34 AM
Update
Name
Size
Popularity
Severity
lodash.mergewith
4.6.1
Vulnerable
Outdated
The Lodash method `_.mergeWith` exported as a module.
License
MIT
Vulnerabilities
Critical
GHSA-jf85-cpcp-j695
Prototype Pollution in lodash
Affected versions >=0 <4.6.2
High
GHSA-779f-wgxg-qr8f
Prototype Pollution in lodash.mergewith
Affected versions >=0 <4.6.2
Version distribution in production
113
4.6.2
72
4.6.1
0
4.0.0
0
4.0.1
0
4.0.2
0
4.0.3
Also used on 116 websites
open.spotify.com
98 packages
rakuten.com
73 packages
bbc.co.uk
58 packages
dailymail.co.uk
82 packages
Repository
Homepage
More
lodash-modularized
mergewith
jsonwebtoken
8.5.0 - 8.5.1
Vulnerable
Outdated
JSON Web Token implementation (symmetric and asymmetric)
jwt
elliptic
6.3.1 - 6.4.1
Vulnerable
Outdated
EC cryptography
EC
Elliptic
curve
Cryptography
indutny
sanitize-html
1.20.1
Vulnerable
Outdated
Clean up user-submitted HTML, preserving allowlisted elements and allowlisted attributes on a per-element basis
html
parser
sanitizer
sanitize
+15
postcss
4.1.3 - 7.0.39
Vulnerable
Outdated
Tool for transforming styles with JS plugins
css
postcss
rework
preprocessor
parser
+4
ai
markdown-it
8.4.1 - 8.4.2
Vulnerable
Outdated
Markdown-it - modern pluggable markdown parser.
markdown
parser
commonmark
markdown-it
markdown-it-plugin
vitaly
es5-ext
0.10.24 - 0.10.49
Vulnerable
Outdated
ECMAScript extensions and shims
ecmascript
ecmascript5
ecmascript6
es5
es6
+11
medikoo
semver
5.6.0 - 6.3.0
Outdated
The semantic version parser used by npm.
+2
ms
2.1.2 - 2.1.3
Tiny millisecond conversion utility
+5
source-map
0.6.1
Outdated
Generates and consumes source maps
+16
readable-stream
2.3.4 - 2.3.7
Outdated
Node.js Streams, a user-land copy of the stream library from Node.js
readable
stream
pipe
safe-buffer
5.1.0 - 5.2.1
Safer Node.js Buffer API
buffer
buffer allocate
node security
safe
safe-buffer
+2
string_decoder
1.1.0 - 1.3.0
The string_decoder module from Node core
string
decoder
browser
browserify
+1
isarray
1.0.0 - 2.0.5
Array#isArray for older browsers
browser
isarray
array
juliangruber
react-is
16.3.0 - 16.13.1
Outdated
Brand checking of React Elements.
react
+1
punycode
x.x.x
A robust Punycode converter that fully complies to RFC 3492 and RFC 5891, and works on nearly all JavaScript platforms.
punycode
unicode
idn
idna
dns
+2
inherits
2.0.3
Outdated
Browser-friendly inheritance fully compatible with standard node.js inherits()
inheritance
class
klass
oop
object-oriented
+3
isaacs
mime
2.4.3
Outdated
A comprehensive library for mime-type mapping
extension
file
mime
mime-db
mimetypes
+1
broofa
buffer
4.6.0 - 4.9.2
Outdated
Node.js Buffer API, for the browser
arraybuffer
browser
browserify
buffer
compatible
+2
feross
regenerator-runtime
x.x.x
Runtime for Regenerator-compiled generator and async functions.
regenerator
runtime
generator
async
benjamn
bytes
3.0.0
Outdated
Utility to parse a string bytes to bytes and vice-versa
byte
bytes
utility
parse
parser
+2
entities
1.1.1 - 1.1.2
Outdated
Encode & decode XML and HTML entities with ease & speed
entity
decoding
encoding
html
xml
+1
feedic
@babel/runtime
7.18.2 - 7.18.3
Outdated
babel's modular runtime helpers
+1
core-util-is
1.0.2 - 1.0.3
The `util.is*` functions introduced in Node v0.12.
util
isBuffer
isArray
isNumber
isString
+4
isaacs
rxjs
5.5.12
Outdated
Reactive Extensions for modern JavaScript
Rx
RxJS
ReactiveX
ReactiveExtensions
Streams
+5
ieee754
1.1.0 - 1.2.1
Read/write IEEE754 floating point numbers from/to a Buffer or array-like object
IEEE 754
buffer
convert
floating point
ieee754
feross
util-deprecate
x.x.x
The Node.js `util.deprecate()` function with browser support
util
deprecate
browserify
browser
node
tootallnate
object-assign
4.1.0 - 4.1.1
ES2015 `Object.assign()` ponyfill
object
assign
extend
properties
es2015
+7
domutils
1.7.0
Outdated
Utilities for working with htmlparser2's dom
dom
htmlparser2
feedic
base64-js
1.3.0 - 1.5.1
Base64 encoding/decoding in pure JS
base64
dom-serializer
0.1.1
Outdated
render domhandler DOM nodes to a string
html
xml
render
feedic
domhandler
2.4.0 - 2.4.2
Outdated
Handler for htmlparser2 that turns pages into a dom
dom
htmlparser2
feedic
bn.js
x.x.x
Big number implementation in pure javascript
BN
Big number
BigNum
Modulo
Montgomery
+1
events
3.0.0 - 3.3.0
Node's event emitter for all engines.
events
eventEmitter
eventDispatcher
listeners
domelementtype
1.2.0 - 1.3.1
Outdated
all the types of nodes in htmlparser2's dom
dom
element
types
htmlparser2
feedic
process-nextick-args
2.0.0 - 2.0.1
process.nextTick but always with args
cwmma
core-js
3.0.1
Outdated
Standard library
ES3
ES5
ES6
ES7
ES2015
+39
zloirock
util
0.10.0 - 0.12.5
Node.js's util module for all engines
util
+3
htmlparser2
3.10.0 - 3.10.1
Outdated
Fast & forgiving HTML/XML parser
html
parser
streams
xml
dom
+3
feedic
xtend
4.0.1 - 4.0.2
extend like a boss
extend
merge
options
opts
object
+1
raynos
scheduler
0.19.0 - 0.19.1
Outdated
Cooperative scheduler for the browser environment.
react
+1
randombytes
x.x.x
random bytes from browserify stand alone
crypto
random
+2
prop-types
15.8.0 - 15.8.1
Runtime type checking for React props and similar objects.
react
react
17.0.0 - 17.0.2
Outdated
React is a JavaScript library for building user interfaces.
react
+1
process
x.x.x
process information for node.js and browsers
process
jws
3.2.1 - 4.0.0
Implementation of JSON Web Signatures
jws
json
web
signatures
+4
jwa
1.4.1
Outdated
JWA implementation (supports all JWS algorithms)
jwa
jws
jwt
rsa
ecdsa
+1
+4
react-dom
16.13.0 - 16.14.0
Outdated
React package for working with the DOM.
react
+2
performance-now
0.1.3 - 2.1.0
Implements performance.now (based on process.hrtime).
meryn
url
0.11.0
Outdated
The core `url` packaged standalone for use with Browserify.
parsing
url
analyze
lodash.isplainobject
4.0.6
The lodash method `_.isPlainObject` exported as a module.
lodash-modularized
isplainobject
asap
x.x.x
High-priority task queue for Node.js and browsers
event
task
queue
minimalistic-assert
1.0.0 - 1.0.1
minimalistic-assert ===
setimmediate
x.x.x
A shim for the setImmediate efficient script yielding API
domenic
html-entities
2.0.4 - 2.3.3
Outdated
Fastest HTML entities encode/decode library.
html
html entities
html entities encode
html entities decode
entities
+2
mdevils
hoist-non-react-statics
3.3.0
Outdated
Copies non-react specific statics from a child component to a parent component
react
mridgway
ecdsa-sig-formatter
1.0.10 - 1.0.11
Translate ECDSA signatures between ASN.1/DER and JOSE-style concatenation
ecdsa
der
asn.1
jwt
jwa
+2
d2l-travis-deploy
buffer-equal-constant-time
1.0.0 - 1.0.1
Constant-time comparison of Buffers
buffer
equal
constant-time
crypto
invariant
2.2.0 - 2.2.4
invariant
test
invariant
path-browserify
0.0.0 - 0.0.1
Outdated
the path module from node core for browsers
browser
browserify
path
+36
promise
8.0.2 - 8.0.3
Outdated
Bare bones Promises/A+ implementation
lodash.once
4.1.1
The lodash method `_.once` exported as a module.
lodash-modularized
once
dequal
2.0.0 - 2.0.3
A tiny (304B to 489B) utility for check for deep equality
deep
deep-equal
equality
lukeed
lodash.isstring
4.0.1
The lodash method `_.isString` exported as a module.
lodash-modularized
isstring
classnames
2.3.2
Outdated
A simple utility for conditionally joining classNames together
react
css
classes
classname
classnames
+2
symbol-observable
1.2.0
Outdated
Symbol.observable ponyfill
symbol
observable
observables
ponyfill
polyfill
+1
react-transition-group
4.1.0 - 4.4.5
A react component toolset for managing animations
react
transition
addons
transition-group
animation
+2
sha.js
2.4.9 - 2.4.11
Streamable SHA hashes in pure javascript
whatwg-fetch
3.0.0 - 3.1.1
Outdated
A window.fetch polyfill.
dom-helpers
5.2.1
tiny modular DOM lib for ie9+
dom-helpers
react-component
dom
api
cross-browser
+8
lodash.isboolean
3.0.1 - 3.0.3
The lodash method `_.isBoolean` exported as a module.
lodash-modularized
isboolean
stream-browserify
0.0.0 - 3.0.0
the stream module from node core for browsers
stream
browser
browserify
+36
@popperjs/core
2.11.3 - 2.11.5
Outdated
Tooltip and Popover Positioning Engine
tooltip
popover
dropdown
popup
popper
+1
asn1.js
4.6.0 - 4.10.1
Outdated
ASN.1 encoder and decoder
asn.1
der
lodash.includes
4.3.0
The lodash method `_.includes` exported as a module.
lodash-modularized
includes
hash-base
3.0.4 - 3.1.0
abstract base class for hash-streams
hash
stream
+1
lodash.isinteger
4.0.4
The lodash method `_.isInteger` exported as a module.
lodash-modularized
isinteger
lodash.clonedeep
4.5.0
The lodash method `_.cloneDeep` exported as a module.
lodash-modularized
clonedeep
lodash.isnumber
3.0.1 - 3.0.3
The lodash method `_.isNumber` exported as a module.
lodash-modularized
isnumber
memoize-one
4.0.2 - 4.0.3
Outdated
A memoization library which only remembers the latest invocation
memoize
memoization
cache
performance
alexreardon
hash.js
1.1.2 - 1.1.7
Various hash functions that could be run by both browser and node
hash
sha256
sha224
hmac
indutny
brorand
1.0.3 - 1.1.0
Random number generator for browsers and node.js
Random
RNG
browser
crypto
indutny
hmac-drbg
1.0.1
Deterministic random bit generator (hmac)
hmac
drbg
prng
indutny
minimalistic-crypto-utils
x.x.x
Minimalistic tools for JS crypto modules
minimalistic
utils
crypto
indutny
redux
4.0.1 - 4.2.0
Outdated
Predictable state container for JavaScript apps
redux
reducer
state
predictable
functional
+6
+3
des.js
1.0.0
Outdated
DES implementation
DES
3DES
EDE
CBC
indutny
ripemd160
2.0.0 - 2.0.2
Compute ripemd160 of bytes or strings.
string
strings
ripemd160
ripe160
bitcoin
+2
+4
number-is-nan
1.0.0 - 1.0.1
Outdated
ES2015 `Number.isNaN()` ponyfill
es2015
ecmascript
ponyfill
polyfill
shim
+4
sindresorhus
array-uniq
0.1.1 - 1.0.3
Outdated
Create an array without duplicates
array
set
uniq
unique
duplicate
+1
sindresorhus
warning
1.0.0 - 4.0.3
A mirror of Facebook's Warning
warning
facebook
react
invariant
berkeleytrue
md5.js
1.1.0 - 1.3.5
node style md5 on pure JavaScript
crypto
md5
+2
pbkdf2
3.0.16 - 3.0.17
Outdated
This library provides the functionality of PBKDF2 with the ability to use any supported hashing algorithm returned from crypto.getHashes()
pbkdf2
kdf
salt
hash
+3
cipher-base
1.0.4
abstract base class for crypto-streams
cipher
stream
parse-asn1
5.1.4 - 5.1.5
Outdated
utility library for parsing asn1 files for use with browserify-sign.
+2
browserify-sign
2.4.0 - 2.8.0
Outdated
adds node crypto signing for browsers
+2
buffer-xor
1.0.0 - 1.0.3
Outdated
A simple module for bitwise-xor on buffers
bits
bitwise
buffer
buffer-xor
crypto
+5
create-hash
x.x.x
create hashes for browserify
crypto
+2
browserify-aes
0.4.0 - 0.8.1
Outdated
aes, for browserify
aes
crypto
browserify
+2
create-hmac
x.x.x
node style hmacs in the browser
crypto
hmac
+2
evp_bytestokey
1.0.3
The insecure key derivation algorithm from OpenSSL
crypto
openssl
browserify-rsa
3.0.0 - 4.0.1
Outdated
RSA for browserify
+2
timers-browserify
2.0.6 - 2.0.12
timers module for browserify
timers
browserify
browser
+36
crypto-browserify
x.x.x
implementation of crypto for the browser
+2
create-ecdh
3.0.0 - 4.0.4
createECDH but browserifiable
diffie
hellman
diffiehellman
ECDH
+2
public-encrypt
4.0.3
browserify version of publicEncrypt & privateDecrypt
+2
diffie-hellman
1.1.2
Outdated
pure js diffie-hellman
diffie
hellman
diffiehellman
dh
+2
browserify-des
1.0.2
browserify-des ===
browserify-cipher
x.x.x
ciphers for the browser
cwmma
miller-rabin
1.1.0 - 4.0.1
Miller Rabin algorithm for primality test
prime
miller-rabin
bignumber
randomfill
1.0.0 - 1.0.4
random fill from browserify stand alone
crypto
random
vm-browserify
0.0.3 - 1.1.2
vm module for the browser
vm
browser
eval
+36
mdurl
1.0.0 - 1.0.1
Outdated
URL utilities for markdown-it
vitaly
character-entities-legacy
2.0.0
Outdated
List of legacy HTML named character references that don’t need a trailing semicolon
html
entity
entities
character
reference
+1
wooorm
querystring-es3
0.2.1
Node's querystring module for all engines. (ES3 compat fork)
commonjs
query
querystring
spaintrain
react-redux
5.1.0 - 5.1.1
Outdated
Official React bindings for Redux
react
reactjs
redux
+2
linkify-it
2.1.0
Outdated
Links recognition library with FULL unicode support
linkify
linkifier
autolink
autolinker
vitaly
fbjs
1.0.0 - 3.0.4
Outdated
A collection of utility libraries used by other Facebook JS projects
+5
@xmldom/xmldom
0.7.0 - 0.8.6
Outdated
A pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.
w3c
dom
xml
parser
javascript
+3
karfau
raf
3.2.0 - 3.4.1
requestAnimationFrame polyfill for node and the browser
requestAnimationFrame
polyfill
uc.micro
1.0.6
Outdated
Micro subset of unicode data files for markdown-it projects.
vitaly
react-lifecycles-compat
3.0.4
Backwards compatibility polyfill for React class components
p-is-promise
3.0.0 - 4.0.0
Check if something is a promise
promise
is
detect
check
kind
+7
sindresorhus
hyphenate-style-name
1.0.3 - 1.0.4
Hyphenates a camelcased CSS property name
hyphenate
style
css
camelcase
rexxars
lodash.escaperegexp
4.1.2
The lodash method `_.escapeRegExp` exported as a module.
lodash-modularized
escaperegexp
react-app-polyfill
x.x.x
Polyfills for various browsers including commonly used language features
+1
react-scripts
0.4.2
Outdated
Configuration and scripts for Create React App.
+1
inline-style-prefixer
0.1.1 - 4.0.2
Outdated
Run-time Autoprefixer for JavaScript style objects
react
react styling
prefixer
inline styles
autoprefixer
+2
rofrischmann
css-in-js-utils
1.0.0 - 3.0.2
Outdated
Useful utility functions for CSS in JS solutions
css
cssinjs
utils
small
rofrischmann
uncontrollable
7.1.0 - 7.2.1
Outdated
Wrap a controlled react component, to allow specific prop/handler pairs to be uncontrolled
uncontrolled-component
react-component
input
controlled
uncontrolled
+1
monastic.panic
fp-ts
2.6.6 - 2.9.5
Outdated
Functional programming in TypeScript
typescript
algebraic-data-types
functional-programming
gcanti
math-random
x.x.x
math-random is an isomorphic, drop-in replacement for `Math.random` that uses cryptographically secure random number generation, where available
michaelrhodes
react-dnd
9.1.0 - 9.3.4
Outdated
Drag and Drop for React
+2
@restart/hooks
0.4.6 - 0.4.7
Outdated
A set of utility and general-purpose React hooks.
react-bootstrap
2.0.0 - 2.4.0
Outdated
Bootstrap 5 components built with React
bootstrap
react
component
components
ecosystem-react
+1
redux-saga
0.16.1 - 0.16.2
Outdated
Saga middleware for Redux to handle Side Effects
javascript
redux
middleware
saga
effects
+1
leaflet
1.3.2 - 1.9.1
Outdated
JavaScript library for mobile-friendly interactive maps
gis
map
+3
react-player
1.12.0 - 1.15.3
Outdated
A React component for playing a variety of URLs, including file paths, YouTube, Facebook, Twitch, SoundCloud, Streamable, Vimeo, Wistia and DailyMotion
react
media
player
video
audio
+11
cookpete
react-async-script
1.2.0
A composition mixin for loading scripts asynchronously for React
react
asynchronous
script-loader
dozoisch
react-google-recaptcha
2.1.0
Outdated
React Component Wrapper for Google reCAPTCHA
react
react-component
captcha
recaptcha
google-recaptcha
dozoisch
react-input-mask
2.0.4
Masked input component for React
react
input
mask
masked
react-component
sanniassin
@restart/ui
1.4.0 - 1.4.1
Outdated
Utilities for creating robust overlay components
react-overlays
react-component
react
overlay
react-component
+4
srcset
1.0.0
Outdated
Parse and stringify the HTML `<img>` srcset attribute
html
attribute
image
img
src
+6
sindresorhus
custom-event-polyfill
x.x.x
A polyfill for creating CustomEvents on IE9+ if the native implementation is missing.
polyfill
custom-event
CustomEvent
Web API Interface
adaptivecards
1.1.1 - 1.1.3
Outdated
Adaptive Cards Javascript library for HTML Clients
adaptivecards
adaptive
cards
microsoft
bot
adaptivecards
redux-promise-middleware
5.0.0 - 5.1.1
Outdated
Enables simple, yet robust handling of async action creators in Redux
redux
middleware
middlewares
promise
promises
+4
pburtchaell
glamor
2.20.37 - 2.20.40
inline css for component systems
css
inline
simple-update-in
1.4.0 - 2.2.0
A lightweight `updateIn` for immutable objects.
asynchronous
immutable
predicate
update
updater
+1
compulim
react-scroll-to-bottom
1.3.1
Outdated
React container that will auto scroll to bottom
react
follow
jump
jump to bottom
jump to top
+7
markdown-it-for-inline
0.1.1
Outdated
Inline tokens iterator for markdown-it markdown parser.
markdown-it-plugin
markdown-it
markdown
iterator
vitaly
botframework-directlinejs
0.11.4
Outdated
Client library for the Microsoft Bot Framework Direct Line 3.0 protocol
+5
botframework-webchat
4.4.2
Outdated
A highly-customizable web-based chat client for Azure Bot Services.
+5
event-as-promise
1.0.5
Handle continuous stream of events with Promise and generator function.
event
promise
promisify
p-event
compulim
web-speech-cognitive-services
4.0.0
Outdated
Polyfill Web Speech API with Cognitive Services Speech-to-Text service
cognitive services
dictation
microphone
polyfill
react
+14
compulim
botframework-webchat-core
4.4.1 - 4.4.2
Outdated
Core of botframework-webchat
+2
botframework-webchat-component
4.4.2
Outdated
React component of botframework-webchat
+2
react-film
1.2.0 - 1.3.0
Outdated
React component for showing carousel just like a film strip
carousel
film
react
slideshow
slide show
react-say
1.2.0
Outdated
[![npm version](https://badge.fury.io/js/react-say.svg)](https://badge.fury.io/js/react-say) [![Build Status](https://travis-ci.org/compulim/react-say.svg?branch=master)](https://travis-ci.org/compulim/react-say)
react
speak
speech synthesis
speechsynthesis
text to speech
+4
react-dictate-button
1.1.2 - 1.1.3
Outdated
A button to start dictation using Web Speech API, with an easy to understand event lifecycle.
dictate
dictation
rtc
speech recognition
speech to text
+6
@dhmk/utils
1.0.0
Outdated
A collection of frequently used functions and primitives
utils
tools
functions
helpers
misc
dhmk083
microsoft-speech-browser-sdk
0.0.12
Microsoft Speech SDK for browsers
microsoft
speech
sdk
javascript
typescript
+5
Popular search queries
webpack.js.org
url
react-scripts
react
lottie-api
react-helmet-async
+7 packages
github.com
color-convert
@headlessui/react
hoist-non-react-statics
reactstrap
lit-html
+60 packages
pinterest.com
lodash
relay-runtime
react-relay
react-use
lodash-es
+51 packages
Popular packages
react
React is a JavaScript library for building user interfaces.
+6 634 websites
core-js
Standard library
+10 238 websites
es5-ext
ECMAScript extensions and shims
+10 229 websites
@babel/runtime
babel's modular runtime helpers
+8 352 websites
lodash
Lodash modular utilities.
+4 826 websites
axios
Promise based HTTP client for the browser and node.js
+4 742 websites