About
Community
hbr.org
85 packages
Last scanned on Oct 27 at 05:54 PM
Update
Name
Size
Popularity
Severity
lodash.merge
3.3.0 - 3.3.2
Vulnerable
Outdated
The Lodash method `_.merge` exported as a module.
Script
https://hbr.org/resources/js/common_b12c48e5f45e29e4.js
License
MIT
Footprint
429 B
Vulnerabilities
Critical
GHSA-jf85-cpcp-j695
Prototype Pollution in lodash
Affected versions >=0 <4.6.2
High
GHSA-2m96-9w4j-wgv7
Prototype Pollution in lodash.merge
Affected versions >=0 <4.6.1
High
GHSA-h726-x36v-rx45
Prototype Pollution in lodash.merge
Affected versions >=0 <4.6.2
Matched Modules
Version distribution in production
271
4.6.2
235
4.6.1
47
3.3.2
46
3.3.0
46
3.3.1
1
4.5.0
Also used on 323 websites
www.netflix.com
59 packages
nytimes.com
110 packages
hbr.org
85 packages
nyt.com
110 packages
Repository
Homepage
More
lodash-modularized
merge
lodash-es
3.0.0 - 3.9.3
Vulnerable
Outdated
Lodash exported as ES modules.
es6
modules
stdlib
util
moment
2.29.3
Vulnerable
Outdated
Parse, validate, manipulate, and display dates
moment
date
time
parse
format
+4
+2
jquery-validation
1.19.3
Vulnerable
Outdated
Client-side form validation made easy
jquery
jquery-plugin
forms
validation
validate
axios
0.26.1
Vulnerable
Outdated
Promise based HTTP client for the browser and node.js
xhr
http
ajax
promise
node
+1
xml2js
0.4.23
Vulnerable
Outdated
Simple XML to JavaScript object converter.
xml
json
leonidas
readable-stream
3.6.0
Outdated
Node.js Streams, a user-land copy of the stream library from Node.js
readable
stream
pipe
safe-buffer
5.2.1
Safer Node.js Buffer API
buffer
buffer allocate
node security
safe
safe-buffer
+2
string_decoder
1.1.0 - 1.3.0
The string_decoder module from Node core
string
decoder
browser
browserify
+1
inherits
2.0.4
Browser-friendly inheritance fully compatible with standard node.js inherits()
inheritance
class
klass
oop
object-oriented
+3
isaacs
buffer
6.0.1 - 6.0.3
Node.js Buffer API, for the browser
arraybuffer
browser
browserify
buffer
compatible
+2
feross
async
3.0.0 - 3.2.4
Outdated
Higher-order functions and common patterns for asynchronous code
async
callback
module
utility
+2
lodash
4.17.3 - 4.17.21
Lodash modular utilities.
modules
stdlib
util
function-bind
1.1.1
Outdated
Implementation of Function.prototype.bind
function
bind
shim
es5
entities
1.1.2
Outdated
Encode & decode XML and HTML entities with ease & speed
entity
decoding
encoding
html
xml
+1
feedic
get-intrinsic
1.1.2
Outdated
Get and robustly cache all JS language-level intrinsics at first require time
javascript
ecmascript
es
js
intrinsic
+2
ljharb
has-symbols
1.0.2 - 1.0.3
Determine if the JS environment has Symbol support. Supports spec, or shams.
Symbol
symbols
typeof
sham
polyfill
+3
ljharb
call-bind
1.0.2
Outdated
Robustly `.call.bind()` a function
javascript
ecmascript
es
js
callbind
+8
ljharb
util-deprecate
1.0.2
The Node.js `util.deprecate()` function with browser support
util
deprecate
browserify
browser
node
tootallnate
ieee754
1.2.0 - 1.2.1
Read/write IEEE754 floating point numbers from/to a Buffer or array-like object
IEEE 754
buffer
convert
floating point
ieee754
feross
object-assign
4.1.1
ES2015 `Object.assign()` ponyfill
object
assign
extend
properties
es2015
+7
define-properties
1.1.4
Outdated
Define multiple non-enumerable properties at once. Uses `Object.defineProperty` when available; falls back to standard assignment in older engines.
Object.defineProperty
Object.defineProperties
object
property descriptor
descriptor
+2
ljharb
domutils
1.7.0
Outdated
Utilities for working with htmlparser2's dom
dom
htmlparser2
feedic
base64-js
1.5.1
Base64 encoding/decoding in pure JS
base64
dom-serializer
0.2.2
Outdated
render domhandler DOM nodes to a string
html
xml
render
feedic
es-abstract
1.18.7 - 1.20.1
Outdated
ECMAScript spec abstract operations.
ECMAScript
ES
abstract
operation
abstract operation
+4
ljharb
is-callable
1.2.4
Outdated
Is this JS value callable? Works with Functions and GeneratorFunctions, despite ES6 @@toStringTag.
Function
function
callable
generator
generator function
+5
ljharb
has-property-descriptors
1.0.0
Outdated
Does the environment have full property descriptor support? Handles IE 8's broken defineProperty/gOPD.
property
descriptors
has
environment
env
+2
ljharb
domhandler
2.4.2
Outdated
Handler for htmlparser2 that turns pages into a dom
dom
htmlparser2
feedic
object-keys
1.1.1
An Object.keys replacement, in case Object.keys is not available. From https://github.com/es-shims/es5-shim
Object.keys
keys
ES5
shim
ljharb
domelementtype
1.2.0 - 1.3.1
Outdated
all the types of nodes in htmlparser2's dom
dom
element
types
htmlparser2
feedic
sax
1.2.4
Outdated
An evented streaming XML parser in JavaScript
isaacs
events
3.3.0
Node's event emitter for all engines.
events
eventEmitter
eventDispatcher
listeners
has-tostringtag
1.0.0
Determine if the JS environment has `Symbol.toStringTag` support. Supports spec, or shams.
javascript
ecmascript
symbol
symbols
tostringtag
+1
ljharb
util
0.12.4
Outdated
Node.js's util module for all engines
util
+3
has
1.0.2 - 1.0.3
Outdated
Object.prototype.hasOwnProperty.call shortcut
tarruda
which-typed-array
1.1.8
Outdated
Which kind of Typed Array is this JavaScript value? Works cross-realm, without `instanceof`, and despite Symbol.toStringTag.
array
TypedArray
typed array
which
typed
+13
ljharb
is-typed-array
1.1.9
Outdated
Is this value a JS Typed Array? This module works cross-realm/iframe, does not depend on `instanceof` or mutable properties, and despite ES6 Symbol.toStringTag.
array
TypedArray
typed array
is
typed
+13
htmlparser2
3.10.1
Outdated
Fast & forgiving HTML/XML parser
html
parser
streams
xml
dom
+3
feedic
available-typed-arrays
1.0.5
Returns an array of Typed Array names that are available in the current environment
typed
arrays
Float32Array
Float64Array
Int8Array
+8
ljharb
for-each
0.3.3
A better forEach
is-arguments
1.1.1
Is this an arguments object? It's a harder question than you think.
arguments
js
javascript
is-arguments
is
+1
ljharb
scheduler
0.19.1
Outdated
Cooperative scheduler for the browser environment.
react
+1
prop-types
15.8.0 - 15.8.1
Runtime type checking for React props and similar objects.
react
xmlbuilder
11.0.0 - 11.0.1
Outdated
An XML builder for node.js
xml
xmlbuilder
oozcitak
react
16.14.0
Outdated
React is a JavaScript library for building user interfaces.
react
+1
react-dom
16.14.0
Outdated
React package for working with the DOM.
react
+2
process
0.11.10
process information for node.js and browsers
process
is-generator-function
1.0.10
Determine if a function is a native generator function.
generator
generator function
es6
es2015
yield
+2
ljharb
object-is
1.1.4 - 1.1.5
ES2015-compliant shim for Object.is - differentiates between -0 and +0
is
Object.is
equality
sameValueZero
ES6
+4
setimmediate
1.0.5
A shim for the setImmediate efficient script yielding API
domenic
assert
2.0.0
Outdated
The assert module from Node.js, for the browser.
assert
browser
+3
lodash.once
2.0.0 - 2.4.1
Outdated
The lodash method `_.once` exported as a module.
lodash-modularized
once
sha.js
2.4.10 - 2.4.11
Streamable SHA hashes in pure javascript
stream-browserify
3.0.0
the stream module from node core for browsers
stream
browser
browserify
+36
lodash.sortby
2.4.0 - 2.4.1
Outdated
The lodash method `_.sortBy` exported as a module.
lodash-modularized
sortby
lodash.defaults
2.0.0 - 2.4.1
Outdated
The lodash method `_.defaults` exported as a module.
lodash-modularized
defaults
jquery
3.6.0
Outdated
JavaScript library for DOM operations
jquery
javascript
browser
library
+1
timers-browserify
2.0.10 - 2.0.12
timers module for browserify
timers
browserify
browser
+36
console-browserify
1.2.0
Emulate console for all the browsers
+36
lodash.difference
2.0.0 - 2.2.1
Outdated
The lodash method `_.difference` exported as a module.
lodash-modularized
difference
p-is-promise
3.0.0 - 4.0.0
Check if something is a promise
promise
is
detect
check
kind
+7
sindresorhus
is-nan
1.3.1 - 1.3.2
ES2015-compliant shim for Number.isNaN - the global isNaN returns false positives.
is
NaN
not a number
number
isNaN
+5
ljharb
lodash.templatesettings
2.0.0 - 4.0.1
Outdated
The Lodash method `_.templateSettings` exported as a module.
lodash-modularized
templatesettings
es6-object-assign
1.0.0 - 1.1.0
ECMAScript 2015 (ES6) Object.assign polyfill and ponyfill
Object
assign
ES6
ECMAScript 6
ES2015
+3
rubennorte
iterall
1.0.1 - 1.3.0
Minimal zero-dependency utilities for using JavaScript Iterables in all environments.
es6
iterator
iterable
polyfill
for-of
leebyron
lodash.omit
2.3.0 - 2.4.1
Outdated
The lodash method `_.omit` exported as a module.
lodash-modularized
omit
create-react-class
15.7.0
Legacy API for creating React components.
react
lodash.reduce
2.0.0 - 2.4.1
Outdated
The lodash method `_.reduce` exported as a module.
lodash-modularized
reduce
slick-carousel
1.8.1
the last carousel you'll ever need
carousel
slick
responsive
js
slider
thekenwheeler
@auth0/auth0-spa-js
2.0.0
Outdated
Auth0 SDK for Single Page Applications using Authorization Code Grant Flow with PKCE
auth0
login
Authorization Code Grant Flow
PKCE
Single Page Application authentication
+1
+42
smoothscroll-polyfill
0.4.4
Smooth Scroll behavior polyfill
smooth
scroll
CSSOM
polyfill
react-with-styles
0.1.0 - 2.4.0
Outdated
[![Build Status][travis-svg]][travis-url] [![dependency status][deps-svg]][deps-url] [![dev dependency status][dev-deps-svg]][dev-deps-url] [![License][license-image]][license-url] [![Downloads][downloads-image]][downloads-url]
react
css
styles
aphrodite
radium
+4
+1
moment-duration-format
2.3.2
A moment.js plugin for formatting durations.
moment
duration
format
jsmreese
ismobilejs
1.1.1
A simple JS library that detects mobile devices.
ismobile
device detection
mobile devices
useragent
kai
react-html-parser
2.0.2
Parse HTML into React components
react
html
htmlparser
htmlparser2
inner html
+1
wrakky
@splidejs/splide
3.0.0 - 4.1.3
Outdated
Splide is a lightweight, flexible and accessible slider/carousel. No dependencies, no Lighthouse errors.
splide
slider
carousel
slideshow
gallery
+4
splidejs
analytics-utils
0.0.7 - 0.0.15
Outdated
Analytics utility functions used by 'analytics' module
analytics
analytics-project
analytics-utilities
davidwells
svg4everybody
2.1.9
Use external SVG spritemaps in any browser
contents
defs
externals
fallbacks
icons
+9
+1
picturefill
3.0.2 - 3.0.3
A responsive image polyfill.
picturefill
srcset
picture
responsive
responsive images
prebid.js
1.27.0 - 6.19.0
Outdated
Header Bidding Management Library
advertising
auction
header bidding
prebid
+1
jplayer
x.x.x
jquery-outside-events
x.x.x
lodash-amd
x.x.x
react-dom-factories
x.x.x
Popular search queries
webpack.js.org
url
react-scripts
react
lottie-api
react-helmet-async
+7 packages
github.com
color-convert
engine.io-client
lit-html
intl-messageformat
web-vitals
+21 packages
pinterest.com
libphonenumber-js
react-relay
jss
@babel/runtime
redux-form
+50 packages
Popular packages
react
React is a JavaScript library for building user interfaces.
+6 634 websites
core-js
Standard library
+10 238 websites
es5-ext
ECMAScript extensions and shims
+10 229 websites
@babel/runtime
babel's modular runtime helpers
+8 352 websites
lodash
Lodash modular utilities.
+4 826 websites
axios
Promise based HTTP client for the browser and node.js
+4 742 websites