About
Community
grammarly.com
66 packages
Last scanned on Oct 27 at 06:02 PM
Update
Name
Size
Popularity
Severity
sanitize-html
1.19.1 - 1.20.1
Vulnerable
Outdated
Clean up user-submitted HTML, preserving allowlisted elements and allowlisted attributes on a per-element basis
Script
https://static.grammarly.com/assets/js/67970f8f4bb04a609a1f/vendor.js
License
MIT
Footprint
5 KB
Vulnerabilities
Moderate
GHSA-rjqq-98f6-6j3r
Improper Input Validation in sanitize-html
Affected versions >=0 <2.3.1
Moderate
GHSA-mjxr-4v3x-q3m4
Improper Input Validation in sanitize-html
Affected versions >=0 <2.3.2
Moderate
GHSA-rm97-x556-q36h
sanitize-html Information Exposure vulnerability
Affected versions >=0 <2.12.1
High
GHSA-cgfm-xwp7-2cvr
Sanitize-html Vulnerable To REDoS Attacks
Affected versions >=0 <2.7.1
Matched Modules
Version distribution in production
30
2.4.0
26
2.5.0
25
2.7.0
25
2.7.2
24
2.7.3
8
1.20.1
Also used on 164 websites
grammarly.com
66 packages
zappos.com
139 packages
patreon.com
108 packages
istockphoto.com
32 packages
Repository
Homepage
More
html
parser
sanitizer
sanitize
+15
es5-ext
0.10.24 - 0.10.49
Vulnerable
Outdated
ECMAScript extensions and shims
ecmascript
ecmascript5
ecmascript6
es5
es6
+11
medikoo
next
12.1.1 - 13.0.0
Vulnerable
Outdated
The React Framework
sweetalert2
9.0.0 - 10.2.0
Vulnerable
Outdated
A beautiful, responsive, customizable and accessible (WAI-ARIA) replacement for JavaScript's popup boxes, supported fork of sweetalert
sweetalert
sweetalert2
alert
modal
popup
+4
semver
5.7.0 - 6.3.0
Outdated
The semantic version parser used by npm.
+2
tslib
1.2.0 - 2.4.0
Outdated
Runtime library for TypeScript helper functions
TypeScript
Microsoft
compiler
language
javascript
+2
+5
source-map
0.6.1
Outdated
Generates and consumes source maps
+16
string_decoder
1.1.0 - 1.3.0
The string_decoder module from Node core
string
decoder
browser
browserify
+1
isarray
0.0.0 - 2.0.5
Array#isArray for older browsers
browser
isarray
array
juliangruber
react-is
16.3.0 - 16.13.1
Outdated
Brand checking of React Elements.
react
+1
inherits
2.0.3
Outdated
Browser-friendly inheritance fully compatible with standard node.js inherits()
inheritance
class
klass
oop
object-oriented
+3
isaacs
form-data
1.0.0 - 4.0.0
A library to create readable "multipart/form-data" streams. Can be used to submit forms and file uploads to other web applications.
+2
buffer
4.6.0 - 4.9.2
Outdated
Node.js Buffer API, for the browser
arraybuffer
browser
browserify
buffer
compatible
+2
feross
entities
1.1.1 - 1.1.2
Outdated
Encode & decode XML and HTML entities with ease & speed
entity
decoding
encoding
html
xml
+1
feedic
path-to-regexp
1.7.0 - 1.8.0
Outdated
Express style path to RegExp utility
express
regexp
route
routing
+2
cookie
0.1.4 - 0.2.3
Outdated
HTTP server cookie parsing and serialization
cookie
cookies
dougwilson
domutils
1.5.1
Outdated
Utilities for working with htmlparser2's dom
dom
htmlparser2
feedic
base64-js
1.3.0 - 1.5.1
Base64 encoding/decoding in pure JS
base64
dom-serializer
0.1.0
Outdated
render domhandler DOM nodes to a string
html
xml
render
feedic
domhandler
2.3.0
Outdated
Handler for htmlparser2 that turns pages into a dom
dom
htmlparser2
feedic
events
3.0.0 - 3.3.0
Node's event emitter for all engines.
events
eventEmitter
eventDispatcher
listeners
domelementtype
1.2.0 - 1.3.1
Outdated
all the types of nodes in htmlparser2's dom
dom
element
types
htmlparser2
feedic
core-js
2.6.11
Outdated
Standard library
ES3
ES5
ES6
ES7
ES2015
+39
zloirock
htmlparser2
3.10.0 - 3.10.1
Outdated
Fast & forgiving HTML/XML parser
html
parser
streams
xml
dom
+3
feedic
scheduler
0.15.0 - 0.23.0
Cooperative scheduler for the browser environment.
react
+1
prop-types
15.6.2
Outdated
Runtime type checking for React props and similar objects.
react
react
16.13.0 - 17.0.2
Outdated
React is a JavaScript library for building user interfaces.
react
+1
react-dom
16.13.0 - 16.14.0
Outdated
React package for working with the DOM.
react
+2
url
0.11.0
Outdated
The core `url` packaged standalone for use with Browserify.
parsing
url
analyze
lodash.isplainobject
4.0.6
The lodash method `_.isPlainObject` exported as a module.
lodash-modularized
isplainobject
hoist-non-react-statics
3.3.1 - 3.3.2
Copies non-react specific statics from a child component to a parent component
react
mridgway
path-browserify
0.0.0 - 0.0.1
Outdated
the path module from node core for browsers
browser
browserify
path
+36
lodash.isstring
4.0.1
The lodash method `_.isString` exported as a module.
lodash-modularized
isstring
classnames
2.3.0 - 2.3.1
Outdated
A simple utility for conditionally joining classNames together
react
css
classes
classname
classnames
+2
query-string
5.0.1 - 5.1.1
Outdated
Parse and stringify URL query strings
browser
querystring
query
string
qs
+9
sindresorhus
whatwg-fetch
3.0.0 - 3.1.1
Outdated
A window.fetch polyfill.
underscore
1.12.0 - 1.13.6
JavaScript's functional programming helper library.
util
functional
server
client
browser
tiny-invariant
0.0.2 - 1.3.1
Outdated
A tiny invariant function
invariant
error
assert
asserts
alexreardon
object.getownpropertydescriptors
2.0.0 - 2.1.4
Outdated
ES2017 spec-compliant shim for `Object.getOwnPropertyDescriptors` that works in ES5.
Object.getOwnPropertyDescriptors
descriptor
property descriptor
ES8
ES2017
+4
ljharb
react-router
5.1.1 - 5.3.4
Outdated
Declarative routing for React
react
router
route
routing
history
+1
react-fast-compare
3.1.0 - 3.2.0
Outdated
Fastest deep equal comparison for React. Great for React.memo & shouldComponentUpdate. Also really fast general-purpose deep comparison.
fast
equal
react
compare
shouldComponentUpdate
+1
+12
array-uniq
0.1.1 - 1.0.3
Outdated
Create an array without duplicates
array
set
uniq
unique
duplicate
+1
sindresorhus
timers-browserify
2.0.9
Outdated
timers module for browserify
timers
browserify
browser
+36
querystring-es3
0.2.1
Node's querystring module for all engines. (ES3 compat fork)
commonjs
query
querystring
spaintrain
luxon
0.5.6 - 3.0.4
Outdated
Immutable date wrapper
date
immutable
icambron
history
4.0.0 - 4.10.1
Outdated
Manage session history with JavaScript
history
location
mjackson
serialize-error
2.0.0 - 2.1.0
Outdated
Serialize/deserialize an error into a plain object
error
serialize
stringify
object
convert
+4
sindresorhus
lodash.escaperegexp
4.1.2
The lodash method `_.escapeRegExp` exported as a module.
lodash-modularized
escaperegexp
@angular/core
9.0.0 - 12.2.16
Outdated
Angular - the core framework
react-scripts
0.4.2
Outdated
Configuration and scripts for Create React App.
+1
@hookform/resolvers
1.1.0
Outdated
React Hook Form validation resolvers: Yup, Joi, Superstruct, Zod, Vest, Class Validator, io-ts, Nope, computed-types, TypeBox, arktype and Typanion
scheme
validation
scheme-validation
hookform
react-hook-form
+14
exenv
1.1.0 - 1.2.2
React's ExecutionEnvironment module extracted for use in other packages & components
react
browser
server
environment
env
+2
jedwatson
fp-ts
2.7.0 - 2.9.5
Outdated
Functional programming in TypeScript
typescript
algebraic-data-types
functional-programming
gcanti
react-side-effect
2.1.0 - 2.1.2
Create components whose prop changes map to a global side effect
react
component
side
effect
mini-create-react-context
0.3.3 - 0.4.1
Smaller Polyfill for the proposed React context API
react
context
contextTypes
polyfill
ponyfill
stringepsilon
react-query
0.0.11 - 0.0.15
Outdated
Hooks for managing, caching and syncing asynchronous and remote data in React
antd
3.16.2 - 4.0.3
Outdated
An enterprise-class UI design language and React components implementation
ant
component
components
design
framework
+4
+4
numeral
2.0.6
Format and manipulate numbers.
numeral
number
format
time
money
+1
adamwdraper
io-ts
0.0.1 - 2.2.19
Outdated
TypeScript runtime type system for IO decoding/encoding
typescript
runtime
decoder
encoder
schema
gcanti
mobx-react-lite
2.0.2 - 2.1.0
Outdated
Lightweight React bindings for MobX based on React 16.8+ and Hooks
mobx
mobservable
react-component
react
reactjs
+4
mobx-react
6.1.2 - 7.2.1
Outdated
React bindings for MobX. Create fully reactive components.
mobx
mobservable
react-component
react
reactjs
+1
+1
srcset
1.0.0
Outdated
Parse and stringify the HTML `<img>` srcset attribute
html
attribute
image
img
src
+6
sindresorhus
@loadable/component
5.10.3 - 5.12.0
Outdated
React code splitting made easy.
react
ssr
webpack
code-splitting
react-router
+4
lazysizes
5.2.0 - 5.3.2
High performance (jankfree) lazy loader for images (including responsive images), iframes and scripts (widgets).
lazy
loader
lazyloader
lazyload
lazySizes
+16
lottie-api
1.0.0 - 1.0.2
Outdated
A library to edit lottie-web animations dynamically
airnan
@dhmk/utils
2.4.1 - 4.2.1
Outdated
A collection of frequently used functions and primitives
utils
tools
functions
helpers
misc
dhmk083
Popular search queries
webpack.js.org
url
react-scripts
react
lottie-api
react-helmet-async
+7 packages
github.com
color-convert
@headlessui/react
hoist-non-react-statics
reactstrap
lit-html
+60 packages
pinterest.com
lodash
relay-runtime
react-relay
react-use
lodash-es
+51 packages
Popular packages
react
React is a JavaScript library for building user interfaces.
+6 634 websites
core-js
Standard library
+10 238 websites
es5-ext
ECMAScript extensions and shims
+10 229 websites
@babel/runtime
babel's modular runtime helpers
+8 352 websites
lodash
Lodash modular utilities.
+4 826 websites
axios
Promise based HTTP client for the browser and node.js
+4 742 websites