About
Community
globalcitizen.org
102 packages
Last scanned on Oct 27 at 06:14 PM
Update
Name
Size
Popularity
Severity
lodash
4.17.16
Vulnerable
Outdated
Lodash modular utilities.
Script
https://static.globalcitizen.org/static/js/vendor_bundle.32cb5eba877d.js
License
MIT
Footprint
3 KB
Vulnerabilities
High
GHSA-35jh-r3h4-6jhm
Command Injection in lodash
Affected versions >=0 <4.17.21
Moderate
GHSA-29mw-wpgm-hmr9
Regular Expression Denial of Service (ReDoS) in lodash
Affected versions >=0 <4.17.21
High
GHSA-p6mc-m468-83gw
Prototype Pollution in lodash
Affected versions >=0 <4.17.20
Matched Modules
Version distribution in production
3 846
4.17.16
946
4.17.21
337
4.17.20
322
4.17.15
302
4.17.19
301
4.17.13
Also used on 4830 websites
skype.com
20 packages
cloudflare.com
116 packages
sentry.io
157 packages
pinterest.com
52 packages
Repository
Homepage
More
modules
stdlib
util
ua-parser-js
0.7.22
Vulnerable
Outdated
Detect Browser, Engine, OS, CPU, and Device type/model from User-Agent data. Supports browser & node.js environment
user-agent
parser
browser
engine
os
+4
faisalman
markdown-it
2.0.0 - 2.1.0
Vulnerable
Outdated
Markdown-it - modern pluggable markdown parser.
markdown
parser
commonmark
markdown-it
markdown-it-plugin
vitaly
moment-timezone
0.5.33
Vulnerable
Outdated
Parse and display moments in any timezone.
moment
date
time
timezone
olson
+3
+4
i18next
2.2.0 - 2.3.3
Vulnerable
Outdated
i18next internationalization framework
i18next
internationalization
i18n
translation
localization
+3
debug
2.3.1 - 3.1.0
Outdated
Lightweight debugging utility for Node.js and the browser
debug
log
debugger
+1
ms
2.0.0
Outdated
Tiny millisecond conversion utility
+5
tslib
1.9.2 - 2.4.0
Outdated
Runtime library for TypeScript helper functions
TypeScript
Microsoft
compiler
language
javascript
+2
+5
inherits
2.0.3 - 2.0.4
Browser-friendly inheritance fully compatible with standard node.js inherits()
inheritance
class
klass
oop
object-oriented
+3
isaacs
react-is
16.3.0 - 17.0.2
Outdated
Brand checking of React Elements.
react
+3
form-data
1.0.0 - 4.0.0
A library to create readable "multipart/form-data" streams. Can be used to submit forms and file uploads to other web applications.
+2
@babel/runtime
7.13.6 - 7.13.7
Outdated
babel's modular runtime helpers
+1
core-js
2.6.11
Outdated
Standard library
ES3
ES5
ES6
ES7
ES2015
+39
zloirock
has-symbols
1.0.0 - 1.0.1
Outdated
Determine if the JS environment has Symbol support. Supports spec, or shams.
Symbol
symbols
typeof
sham
polyfill
+3
ljharb
object-inspect
1.8.0
Outdated
string representations of objects in node and the browser
inspect
util.inspect
object
stringify
pretty
axios
0.21.4
Outdated
Promise based HTTP client for the browser and node.js
xhr
http
ajax
promise
node
+1
get-intrinsic
1.0.0 - 1.0.1
Outdated
Get and robustly cache all JS language-level intrinsics at first require time
javascript
ecmascript
es
js
intrinsic
+2
ljharb
es-abstract
1.17.7
Outdated
ECMAScript spec abstract operations.
ECMAScript
ES
abstract
operation
abstract operation
+4
ljharb
has
1.0.1 - 1.0.3
Object.prototype.hasOwnProperty.call shortcut
is-callable
1.2.0 - 1.2.2
Outdated
Is this JS value callable? Works with Functions and GeneratorFunctions, despite ES6 @@toStringTag.
Function
function
callable
generator
generator function
+5
ljharb
function-bind
1.1.0 - 1.1.1
Implementation of Function.prototype.bind
function
bind
shim
es5
util
0.10.0 - 0.12.5
Node.js's util module for all engines
util
+3
define-properties
1.1.3 - 1.1.4
Define multiple non-enumerable properties at once. Uses `Object.defineProperty` when available; falls back to standard assignment in older engines.
Object.defineProperty
Object.defineProperties
object
property descriptor
descriptor
+2
ljharb
is-regex
1.1.1
Outdated
Is this value a JS regex? Works cross-realm/iframe, and despite ES6 @@toStringTag
regex
regexp
is
regular expression
regular
+1
ljharb
object-keys
1.1.0 - 1.1.1
An Object.keys replacement, in case Object.keys is not available. From https://github.com/es-shims/es5-shim
Object.keys
keys
ES5
shim
ljharb
side-channel
1.0.1 - 1.0.3
Outdated
Store information about any JS value in a side channel. Uses WeakMap if available.
weakmap
map
side
channel
metadata
ljharb
is-date-object
1.0.1 - 1.0.3
Outdated
Is this value a JS Date object? This module works cross-realm/iframe, and despite ES6 @@toStringTag.
Date
ES6
toStringTag
@@toStringTag
Date object
ljharb
regexp.prototype.flags
1.2.0 - 1.3.2
Outdated
ES6 spec-compliant RegExp.prototype.flags shim.
RegExp.prototype.flags
regex
regular expression
ES6
shim
+6
ljharb
es-to-primitive
1.2.0 - 1.2.1
ECMAScript “ToPrimitive” algorithm. Provides ES5 and ES2015 versions.
primitive
abstract
ecmascript
es5
es6
+11
ljharb
internal-slot
1.0.1 - 1.0.3
Outdated
ES spec-like internal slots
internal
slot
internal slot
ecmascript
es
+5
ljharb
eventemitter3
2.0.0 - 4.0.7
Outdated
EventEmitter3 focuses on performance while maintaining a Node.js AND browser compatible interface.
EventEmitter
EventEmitter2
EventEmitter3
Events
addEventListener
+10
performance-now
0.1.3 - 2.1.0
Implements performance.now (based on process.hrtime).
meryn
prop-types
15.7.0 - 15.7.2
Outdated
Runtime type checking for React props and similar objects.
react
+2
scheduler
0.15.0 - 0.23.0
Cooperative scheduler for the browser environment.
react
+3
is-windows
0.1.0 - 0.2.0
Outdated
Returns true if the platform is windows. UMD module, works with node.js, commonjs, browser, AMD, electron, etc.
check
cywin
is
is-windows
nix
+8
react
16.13.0 - 18.2.0
React is a JavaScript library for building user interfaces.
react
+3
lodash.debounce
4.0.8
The lodash method `_.debounce` exported as a module.
lodash-modularized
debounce
react-dom
18.0.0 - 18.2.0
React package for working with the DOM.
react
+4
hoist-non-react-statics
3.3.1 - 3.3.2
Copies non-react specific statics from a child component to a parent component
react
mridgway
object.getownpropertydescriptors
2.0.0 - 2.1.4
Outdated
ES2017 spec-compliant shim for `Object.getOwnPropertyDescriptors` that works in ES5.
Object.getOwnPropertyDescriptors
descriptor
property descriptor
ES8
ES2017
+4
ljharb
string.prototype.matchall
4.0.2 - 4.0.5
Outdated
Spec-compliant polyfill for String.prototype.matchAll
ES2020
ES
String.prototype.matchAll
matchAll
match
+5
ljharb
classnames
2.2.6
Outdated
A simple utility for conditionally joining classNames together
react
css
classes
classname
classnames
+2
@emotion/unitless
0.7.2 - 0.8.0
An object of css properties that don't accept values with units
+1
is-promise
2.1.0 - 4.0.0
Test whether an object looks like a promises-a+ promise
@emotion/serialize
0.11.12 - 0.11.16
Outdated
serialization utils for emotion
+1
graphql
16.1.0 - 16.6.0
A Query Language and Runtime which can target any service.
graphql
graphql-js
+4
jsonc-parser
2.3.1 - 3.2.0
Scanner and parser for JSON with comments.
+4
@emotion/sheet
0.9.1 - 0.9.4
Outdated
emotion's stylesheet
+1
memoize-one
5.1.0 - 5.1.1
Outdated
A memoization library which only remembers the latest invocation
memoize
memoization
cache
performance
alexreardon
shallowequal
1.0.1 - 1.1.0
Like lodash isEqualWith but for shallow equal.
shallowequal
shallow
equal
isequal
compare
+1
dashed
lodash-es
4.17.21
Lodash exported as ES modules.
es6
modules
stdlib
util
react-lifecycles-compat
3.0.4
Backwards compatibility polyfill for React class components
+2
raf
1.0.0 - 3.4.1
requestAnimationFrame polyfill for node and the browser
requestAnimationFrame
polyfill
p-is-promise
3.0.0 - 4.0.0
Check if something is a promise
promise
is
detect
check
kind
+7
sindresorhus
@emotion/stylis
0.8.1
Outdated
A custom build of Stylis
+1
unfetch
2.0.0 - 2.0.1
Outdated
Bare minimum fetch polyfill in 500 bytes
fetch
polyfill
xhr
ajax
developit
polished
1.0.0 - 1.9.3
Outdated
A lightweight toolset for writing styles in Javascript.
styled-components
polished
emotion
glamor
css-in-js
+9
js-cookie
1.5.0 - 3.0.1
A simple, lightweight JavaScript API for handling cookies
cookie
cookies
browser
amd
commonjs
+3
graphql-tag
2.12.2 - 2.12.6
A JavaScript template literal tag that parses GraphQL queries
resize-observer-polyfill
1.5.0 - 1.5.1
A polyfill for the Resize Observer API
ResizeObserver
resize
observer
util
client
+3
que-etc
zen-observable-ts
1.2.4 - 1.2.5
Outdated
Thin wrapper around zen-observable and @types/zen-observable, to support ESM exports as well as CommonJS exports
react-select
3.1.0 - 4.3.1
Outdated
A Select control built with and for ReactJS
combobox
form
input
multiselect
react
+3
+2
@wry/equality
0.5.1 - 0.5.2
Outdated
Structural equality checking for JavaScript values
benjamn
@emotion/core
10.0.17 - 10.3.1
Outdated
+1
@wry/context
0.4.0 - 0.6.1
Outdated
Manage contextual information needed by (a)synchronous tasks without explicitly passing objects around
benjamn
react-input-autosize
2.2.2
Outdated
Auto-resizing Input Component for React
react
react-component
input
autosize
+1
optimism
0.16.1
Outdated
Composable reactive caching with efficient invalidation.
caching
cache
invalidation
reactive
reactivity
+4
benjamn
@apollo/client
3.6.5 - 3.6.10
Outdated
A fully-featured caching GraphQL client.
apollo
graphql
react
hooks
client
+1
+1
attr-accept
2.2.2
JavaScript implementation of the "accept" attribute for HTML5 <input type="file">
html5
input
tag
attribute
attr
+2
exenv
1.1.0 - 1.2.2
React's ExecutionEnvironment module extracted for use in other packages & components
react
browser
server
environment
env
+2
jedwatson
@wry/trie
0.2.1 - 0.3.2
https://en.wikipedia.org/wiki/Trie
trie
prefix
weak
dictionary
lexicon
benjamn
d3
3.5.17
Outdated
Data-Driven Documents
d3
dom
visualization
svg
animation
+1
dset
3.0.0 - 3.1.2
A tiny (194B) utility for safely writing deep Object values~!
deepset
values
object
write
deep
+2
lukeed
json2mq
0.2.0
Generate media query string from JSON or javascript object
akiran
string-convert
0.2.0 - 0.2.1
String convertions
akiran
react-modal
3.4.1 - 3.11.2
Outdated
Accessible modal dialog component for React.JS
react
react-component
modal
dialog
diasbruno
react-bootstrap
0.32.0 - 0.33.1
Outdated
Bootstrap 5 components built with React
bootstrap
react
component
components
ecosystem-react
+1
@datadog/browser-core
1.5.0 - 1.9.2
Outdated
Datadog browser core utilities.
datadog
fp-ts
0.2.1 - 0.2.9
Outdated
Functional programming in TypeScript
typescript
algebraic-data-types
functional-programming
gcanti
xstate
4.5.0
Outdated
Finite State Machines and Statecharts for the Modern Web.
statechart
state machine
finite state machine
finite automata
scxml
+2
recharts
2.0.0
Outdated
React charts
react
reactjs
chart
react-component
load-script
1.0.0 - 2.0.0
Dynamic script loading for browser
browser
script
load
enquire.js
2.1.6
Awesome Media Queries in JavaScript
media query
media queries
matchMedia
enquire
enquire.js
wickynilliams
antd
3.26.14 - 4.1.0
Outdated
An enterprise-class UI design language and React components implementation
ant
component
components
design
framework
+4
+4
react-slick
0.29.0
React port of slick carousel
slick
carousel
Image slider
orbit
slider
+1
akiran
mapbox-gl
0.22.0 - 0.33.1
Outdated
A WebGL interactive maps library
+25
flux
2.1.0 - 3.1.3
Outdated
An application architecture based on a unidirectional data flow
flux
react
facebook
dispatcher
body-scroll-lock
2.7.0 - 3.1.5
Outdated
Enables body scroll locking (for iOS Mobile and Tablet, Android, desktop Safari/Chrome/Firefox) without breaking scrolling of a target element (eg. modal/lightbox/flyouts/nav-menus)
body scroll
body scroll lock
react scroll lock
react scroll
scroll
+16
willmcpo
react-ga
3.0.0 - 3.3.0
Outdated
React Google Analytics Module
React
GA
Google Analytics
Universal Analytics
rollbar
0.2.0 - 0.6.6
Outdated
Error tracking and logging from JS to Rollbar
sister
3.0.1 - 3.0.2
Event manager.
events
gajus
intl-tel-input
14.0.0 - 16.0.15
Outdated
A JavaScript plugin for entering and validating international telephone numbers
international
i18n
country
dial
code
+4
jackocnr
react-feather
2.0.8 - 2.0.10
React component for Feather icons
react
icons
svg
inline
feather
+1
carmelo
react-countdown
2.3.2 - 2.3.3
Outdated
A customizable countdown component for React.
react
typescript
countdown
component
ndresx
react_ujs
0.2.0 - 1.0.0
Outdated
Rails UJS for the react-rails gem
react-flip-move
3.0.4
Outdated
Effortless animation between DOM changes (eg. list reordering) using the FLIP technique.
react
react-dom
animation
magic-move
component
+3
instantsearch.js
3.1.0 - 3.7.0
Outdated
InstantSearch.js is a JavaScript library for building performant and instant search experiences with Algolia.
algolia
instantsearch
search
widget
vanilla
+12
dialog-polyfill
0.4.4 - 0.4.5
Outdated
Polyfill for the dialog element
chartist
1.0.0 - 1.2.1
Outdated
Simple, responsive charts
chartist
responsive charts
charts
charting
gionkunz
react-stickynode
3.0.3 - 3.1.1
Outdated
A performant and comprehensive React sticky component
Sticky
React
+2
@tannin/plural-forms
1.0.0 - 1.1.0
Compiles a function to compute the plural forms index for a given value
aduth
scrollmonitor
1.0.10 - 1.0.12
Outdated
A simple and fast API to monitor DOM elements as you scroll
scroll
dom
sakabako
Popular search queries
webpack.js.org
url
react-scripts
react
lottie-api
react-helmet-async
+8 packages
github.com
engine.io-client
superagent
yup
ramda-adjunct
smoothscroll-polyfill
+13 packages
pinterest.com
lodash
relay-runtime
react-relay
react-use
lodash-es
+47 packages
Popular packages
react
React is a JavaScript library for building user interfaces.
+6 634 websites
core-js
Standard library
+10 238 websites
es5-ext
ECMAScript extensions and shims
+10 229 websites
@babel/runtime
babel's modular runtime helpers
+8 352 websites
lodash
Lodash modular utilities.
+4 826 websites
axios
Promise based HTTP client for the browser and node.js
+4 742 websites