About
Community
goldbelly.com
98 packages
Last scanned on Jan 19 at 09:21 AM
Update
Name
Size
Popularity
Severity
lodash.merge
3.3.0 - 3.3.2
Vulnerable
Outdated
The Lodash method `_.merge` exported as a module.
Script
https://cdn1.goldbelly.com/packs/js/explore/index-8b8e75c719d3449aec98.chunk.js
License
MIT
Footprint
1 KB
Vulnerabilities
Critical
GHSA-jf85-cpcp-j695
Prototype Pollution in lodash
Affected versions >=0 <4.6.2
High
GHSA-2m96-9w4j-wgv7
Prototype Pollution in lodash.merge
Affected versions >=0 <4.6.1
High
GHSA-h726-x36v-rx45
Prototype Pollution in lodash.merge
Affected versions >=0 <4.6.2
Matched Modules
Version distribution in production
271
4.6.2
235
4.6.1
47
3.3.2
46
3.3.0
46
3.3.1
1
4.5.0
Also used on 323 websites
www.netflix.com
59 packages
nytimes.com
110 packages
hbr.org
85 packages
nyt.com
110 packages
Repository
Homepage
More
lodash-modularized
merge
crypto-js
4.1.0 - 4.1.1
Vulnerable
Outdated
JavaScript library of crypto standards.
security
crypto
Hash
MD5
SHA1
+15
evanvosberg
lodash
4.17.16
Vulnerable
Outdated
Lodash modular utilities.
modules
stdlib
util
tesseract.js
1.0.2 - 1.0.3
Vulnerable
Outdated
Pure Javascript Multilingual OCR
+1
es5-ext
0.10.24 - 0.10.49
Vulnerable
Outdated
ECMAScript extensions and shims
ecmascript
ecmascript5
ecmascript6
es5
es6
+11
medikoo
sweetalert2
10.15.4 - 11.4.18
Vulnerable
Outdated
A beautiful, responsive, customizable and accessible (WAI-ARIA) replacement for JavaScript's popup boxes, supported fork of sweetalert
sweetalert
sweetalert2
alert
modal
popup
+4
limonte
uuid
8.3.0 - 9.0.0
Outdated
RFC4122 (v1, v4, and v5) UUIDs
uuid
guid
rfc4122
react-is
16.3.0 - 16.13.1
Outdated
Brand checking of React Elements.
react
+1
camelcase
5.3.1
Outdated
Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`
camelcase
camel-case
camel
case
dash
+9
sindresorhus
@babel/runtime
7.13.6 - 7.13.7
Outdated
babel's modular runtime helpers
+1
get-intrinsic
1.1.3
Outdated
Get and robustly cache all JS language-level intrinsics at first require time
javascript
ecmascript
es
js
intrinsic
+2
ljharb
function-bind
1.1.0 - 1.1.1
Outdated
Implementation of Function.prototype.bind
function
bind
shim
es5
path-to-regexp
6.0.0 - 6.2.0
Outdated
Express style path to RegExp utility
express
regexp
route
routing
+2
axios
0.19.1 - 1.2.3
Outdated
Promise based HTTP client for the browser and node.js
xhr
http
ajax
promise
node
+1
call-bind
1.0.2
Outdated
Robustly `.call.bind()` a function
javascript
ecmascript
es
js
callbind
+8
ljharb
object-inspect
1.12.2 - 1.12.3
Outdated
string representations of objects in node and the browser
inspect
util.inspect
object
stringify
pretty
fast-deep-equal
3.0.0 - 3.1.3
Fast deep equal
fast
equal
deep-equal
esp
has-symbols
1.0.2 - 1.0.3
Determine if the JS environment has Symbol support. Supports spec, or shams.
Symbol
symbols
typeof
sham
polyfill
+3
ljharb
has-property-descriptors
1.0.0
Outdated
Does the environment have full property descriptor support? Handles IE 8's broken defineProperty/gOPD.
property
descriptors
has
environment
env
+2
ljharb
es-abstract
1.20.0 - 1.20.2
Outdated
ECMAScript spec abstract operations.
ECMAScript
ES
abstract
operation
abstract operation
+4
ljharb
define-properties
1.1.4
Outdated
Define multiple non-enumerable properties at once. Uses `Object.defineProperty` when available; falls back to standard assignment in older engines.
Object.defineProperty
Object.defineProperties
object
property descriptor
descriptor
+2
ljharb
is-callable
1.2.6
Outdated
Is this JS value callable? Works with Functions and GeneratorFunctions, despite ES6 @@toStringTag.
Function
function
callable
generator
generator function
+5
ljharb
has-tostringtag
1.0.0
Outdated
Determine if the JS environment has `Symbol.toStringTag` support. Supports spec, or shams.
javascript
ecmascript
symbol
symbols
tostringtag
+1
ljharb
object-keys
1.1.0 - 1.1.1
An Object.keys replacement, in case Object.keys is not available. From https://github.com/es-shims/es5-shim
Object.keys
keys
ES5
shim
ljharb
regexp.prototype.flags
1.4.2 - 1.4.3
Outdated
ES6 spec-compliant RegExp.prototype.flags shim.
RegExp.prototype.flags
regex
regular expression
ES6
shim
+6
ljharb
deepmerge
1.5.2
Outdated
A library for deep (recursive) merging of Javascript objects
merge
deep
extend
copy
clone
+1
tehshrike
core-js
3.16.0 - 3.17.3
Outdated
Standard library
ES3
ES5
ES6
ES7
ES2015
+39
zloirock
is-regex
1.1.4
Is this value a JS regex? Works cross-realm/iframe, and despite ES6 @@toStringTag
regex
regexp
is
regular expression
regular
+1
ljharb
is-date-object
1.0.1 - 1.0.3
Outdated
Is this value a JS Date object? This module works cross-realm/iframe, and despite ES6 @@toStringTag.
Date
ES6
toStringTag
@@toStringTag
Date object
ljharb
es-to-primitive
1.2.0 - 1.2.1
ECMAScript “ToPrimitive” algorithm. Provides ES5 and ES2015 versions.
primitive
abstract
ecmascript
es5
es6
+11
ljharb
function.prototype.name
1.1.2 - 1.1.5
Outdated
An ES2015 spec-compliant `Function.prototype.name` shim
Function.prototype.name
function
name
ES6
ES2015
+3
ljharb
functions-have-names
1.1.1 - 1.2.3
Does this JS environment support the `name` property on functions?
function
name
es5
names
functions
+1
ljharb
object.values
1.0.0 - 1.1.6
Outdated
ES2017 spec-compliant Object.values shim.
Object.values
Object.keys
Object.entries
values
ES7
+8
ljharb
scheduler
0.15.0 - 0.23.0
Outdated
Cooperative scheduler for the browser environment.
react
+1
has
1.0.1 - 1.0.3
Outdated
Object.prototype.hasOwnProperty.call shortcut
tarruda
map-obj
4.2.1
Outdated
Map object keys and values into a new object
map
object
key
keys
value
+8
sindresorhus
array.prototype.flat
1.2.2 - 1.2.5
Outdated
An ES2019 spec-compliant `Array.prototype.flat` shim/polyfill/replacement that works as far down as ES3.
Array.prototype.flatten
Array.prototype.flat
flatten
flat
array
+6
ljharb
is-arguments
1.0.4
Outdated
Is this an arguments object? It's a harder question than you think.
arguments
js
javascript
is-arguments
is
+1
ljharb
react
16.13.0 - 17.0.2
Outdated
React is a JavaScript library for building user interfaces.
react
+1
react-dom
16.13.0 - 16.14.0
Outdated
React package for working with the DOM.
react
+2
quick-lru
4.0.1
Outdated
Simple “Least Recently Used” (LRU) cache
lru
quick
cache
caching
least
+6
sindresorhus
querystringify
2.2.0
Querystringify - Small, simple but powerful query string parser.
query
string
query-string
querystring
qs
+4
+1
lodash.debounce
4.0.8
The lodash method `_.debounce` exported as a module.
lodash-modularized
debounce
performance-now
0.1.3 - 2.1.0
Implements performance.now (based on process.hrtime).
meryn
deep-equal
1.1.0 - 1.1.1
Outdated
node's assert.deepEqual algorithm
equality
equal
compare
ljharb
date-fns
2.16.1 - 2.18.0
Outdated
Modern JavaScript date utility library
kossnocorp
object-is
1.1.0 - 1.1.5
Outdated
ES2015-compliant shim for Object.is - differentiates between -0 and +0
is
Object.is
equality
sameValueZero
ES6
+4
ljharb
hoist-non-react-statics
3.3.1 - 3.3.2
Copies non-react specific statics from a child component to a parent component
react
mridgway
camelcase-keys
6.2.2 - 7.0.1
Outdated
Convert object keys to camel case
map
object
key
keys
value
+19
sindresorhus
classnames
1.1.1 - 2.3.1
Outdated
A simple utility for conditionally joining classNames together
react
css
classes
classname
classnames
+2
query-string
6.5.0 - 7.1.3
Outdated
Parse and stringify URL query strings
browser
querystring
query
string
qs
+9
sindresorhus
is-promise
2.1.0 - 4.0.0
Test whether an object looks like a promises-a+ promise
lodash-es
4.17.20 - 4.17.21
Lodash exported as ES modules.
es6
modules
stdlib
util
redux
4.0.5
Outdated
Predictable state container for JavaScript apps
redux
reducer
state
predictable
functional
+6
+3
react-fast-compare
2.0.4
Outdated
Fastest deep equal comparison for React. Great for React.memo & shouldComponentUpdate. Also really fast general-purpose deep comparison.
fast
equal
react
compare
shouldComponentUpdate
+1
+12
es6-promise
3.3.0 - 3.3.1
Outdated
A lightweight library that provides tools for organizing asynchronous code
futures
polyfill
promise
promises
superagent
3.8.0 - 8.0.8
Outdated
elegant & feature rich browser / node HTTP with a fluent API
agent
ajax
ajax
api
async
+25
+4
reselect
4.0.0
Outdated
Selectors for Redux.
react
redux
+3
shallowequal
1.0.1 - 1.1.0
Like lodash isEqualWith but for shallow equal.
shallowequal
shallow
equal
isequal
compare
+1
dashed
raf
3.0.0 - 3.1.0
Outdated
requestAnimationFrame polyfill for node and the browser
requestAnimationFrame
polyfill
react-lifecycles-compat
3.0.4
Backwards compatibility polyfill for React class components
split-on-first
1.0.0 - 1.1.0
Outdated
Split a string on the first occurance of a given separator
split
string
first
once
occurrence
+3
sindresorhus
unquote
1.1.0 - 1.1.1
Remove wrapping quotes from a string.
string
unquote
quotes
lakenen
redux-thunk
2.1.0 - 2.4.2
Outdated
Thunk middleware for Redux.
redux
thunk
middleware
redux-middleware
flux
+2
js-base64
2.5.2
Outdated
Yet another Base64 transcoder in pure-JS
base64
binary
dankogai
react-popper
1.3.1 - 2.3.0
Official library to use Popper on React projects
react
react-popper
popperjs
component
drop
+2
popper.js
1.12.6 - 1.16.1
A kickass library to manage your poppers
popperjs
component
drop
tooltip
popover
+2
fezvrasta
framer-motion
6.5.0 - 8.5.0
Outdated
A simple and powerful JavaScript animation library
react animation
react
three
3d
pose
+8
+36
enzyme-shallow-equal
1.0.4
Outdated
Adaptation of react-addons-shallow-compare, for independent usage
javascript
shallow rendering
shallowRender
test
reactjs
+7
+1
swr
0.2.3 - 0.5.7
Outdated
React Hooks library for remote data fetching
swr
react
hooks
request
cache
+1
+5
gud
1.0.0
Create a 'gud nuff' (not cryptographically secure) globally unique id
global
unique
id
identifier
number
+2
thejameskyle
react-beautiful-dnd
1.0.0 - 6.0.2
Outdated
Beautiful and accessible drag and drop for lists with React
drag and drop
dnd
sortable
reorder
reorderable
+5
airbnb-prop-types
2.16.0
Custom React PropType validators that we use at Airbnb.
react
propTypes
airbnb
prop
types
+2
+1
@stripe/react-stripe-js
1.14.0 - 1.16.4
Outdated
React components for Stripe.js and Stripe Elements
React
Stripe
Elements
+15
@fortawesome/react-fontawesome
0.2.0
Official React component for Font Awesome 5
+4
consolidated-events
1.0.0 - 1.1.1
Outdated
Manage multiple event handlers using few event listeners
events
performance
lencioni
redux-devtools-extension
2.12.2
Outdated
Wrappers for Redux DevTools Extension.
+1
@fortawesome/free-regular-svg-icons
6.0.0 - 6.2.1
Outdated
The iconic font, CSS, and SVG framework
font
awesome
fontawesome
icon
svg
+1
+4
@reach/router
1.3.1 - 1.3.4
Next generation Routing for React.
react
react router
+1
@fortawesome/free-brands-svg-icons
5.1.0 - 6.2.1
Outdated
The iconic font, CSS, and SVG framework
font
awesome
fontawesome
icon
svg
+1
+4
document.contains
1.0.1
Outdated
Polyfill/shim for `document.contains`
contains
document
element
node
polyfill
+1
ljharb
react-outside-click-handler
1.3.0
A React component for dealing with clicks outside its subtree
+2
react-with-direction
1.0.0 - 1.4.0
Components to provide and consume RTL or LTR direction in React
+4
react-with-styles
4.1.0
Outdated
[![Build Status][travis-svg]][travis-url] [![dependency status][deps-svg]][deps-url] [![dev dependency status][dev-deps-svg]][dev-deps-url] [![License][license-image]][license-url] [![Downloads][downloads-image]][downloads-url]
react
css
styles
aphrodite
radium
+4
+1
react-moment-proptypes
1.6.0 - 1.8.1
React proptype for moment module
moment
react
props
proptypes
react-dates
21.8.0
A responsive and accessible date range picker component built with React
+4
global-cache
1.2.0 - 1.2.1
Sometimes you have to do horrible things, like use the global object to share a singleton. Abstract that away, with this!
global
window
self
cache
global object
ljharb
react-with-styles-interface-css
6.0.0
Interface for react-with-styles outputting CSS
react-with-styles
css-in-js
css
+3
redux-form
8.3.4 - 8.3.9
Outdated
A higher order component decorator for forms using Redux and React
react
reactjs
flux
redux
react-redux
+3
use-query-params
2.0.0 - 2.1.2
Outdated
React Hook for managing state in URL query parameters with easy serialization.
react
url
query
parameters
hook
+3
pbeshai
amplitude-js
5.2.0
Outdated
Javascript library for Amplitude Analytics
analytics
amplitude
+5
analytics-utils
0.0.14 - 0.1.1
Outdated
Analytics utility functions used by 'analytics' module
analytics
analytics-project
analytics-utilities
davidwells
deepcopy
2.0.0 - 2.1.0
deep copy data
sasaplus1
wretch
0.2.2
Outdated
A tiny wrapper built around fetch with an intuitive syntax.
wretch
fetch
ajax
request
elbywan
tiny-slider
2.8.8
Outdated
Vanilla javascript slider for all purposes, inspired by Owl Carousel.
ganlanyuan
react-imgix
8.6.4 - 9.0.3
Outdated
React Component for displaying an image from Imgix
react
+12
lottie-api
1.0.0 - 1.0.2
Outdated
A library to edit lottie-web animations dynamically
airnan
tg-core-redux
0.0.2 - 0.0.4
Outdated
tg-core-redux
+4
Popular search queries
webpack.js.org
url
react-scripts
react
lottie-api
react-helmet-async
+7 packages
github.com
color-convert
@headlessui/react
hoist-non-react-statics
reactstrap
lit-html
+60 packages
pinterest.com
lodash
relay-runtime
react-relay
react-use
lodash-es
+51 packages
Popular packages
react
React is a JavaScript library for building user interfaces.
+6 634 websites
core-js
Standard library
+10 238 websites
es5-ext
ECMAScript extensions and shims
+10 229 websites
@babel/runtime
babel's modular runtime helpers
+8 352 websites
lodash
Lodash modular utilities.
+4 826 websites
axios
Promise based HTTP client for the browser and node.js
+4 742 websites