About
Community
post.at
105 packages
Last scanned on Jan 19 at 10:11 AM
Update
Name
Size
Popularity
Severity
lodash.merge
3.3.0 - 3.3.2
Vulnerable
Outdated
The Lodash method `_.merge` exported as a module.
Script
https://sc-prod.azureedge.net/static/js/vendor.f8421f4d.js?09594037372f332d899b
License
MIT
Footprint
5 KB
Vulnerabilities
Critical
GHSA-jf85-cpcp-j695
Prototype Pollution in lodash
Affected versions >=0 <4.6.2
High
GHSA-2m96-9w4j-wgv7
Prototype Pollution in lodash.merge
Affected versions >=0 <4.6.1
High
GHSA-h726-x36v-rx45
Prototype Pollution in lodash.merge
Affected versions >=0 <4.6.2
Matched Modules
Version distribution in production
271
4.6.2
235
4.6.1
47
3.3.2
46
3.3.0
46
3.3.1
1
4.5.0
Also used on 323 websites
www.netflix.com
59 packages
nytimes.com
110 packages
hbr.org
85 packages
nyt.com
110 packages
Repository
Homepage
More
lodash-modularized
merge
lodash
4.17.16
Vulnerable
Outdated
Lodash modular utilities.
modules
stdlib
util
axios
0.19.1 - 0.19.2
Vulnerable
Outdated
Promise based HTTP client for the browser and node.js
xhr
http
ajax
promise
node
+1
trim
0.0.1
Vulnerable
Outdated
Trim string whitespace
string
trim
es5-ext
0.10.53 - 0.10.62
Vulnerable
Outdated
ECMAScript extensions and shims
ecmascript
ecmascript5
ecmascript6
es5
es6
+11
medikoo
react-is
16.3.0 - 16.13.1
Outdated
Brand checking of React Elements.
react
+1
inherits
2.0.3
Outdated
Browser-friendly inheritance fully compatible with standard node.js inherits()
inheritance
class
klass
oop
object-oriented
+3
isaacs
qs
6.5.2
Outdated
A querystring parser that supports nesting and arrays, with a depth limit
querystring
qs
query
url
parse
+1
@babel/runtime
7.0.0 - 7.20.7
Outdated
babel's modular runtime helpers
+1
entities
2.0.0
Outdated
Encode & decode XML and HTML entities with ease & speed
entity
decoding
encoding
html
xml
+1
feedic
fast-deep-equal
3.0.0 - 3.1.3
Fast deep equal
fast
equal
deep-equal
esp
is-plain-obj
1.1.0
Outdated
Check if a value is a plain object
object
is
check
test
type
+4
sindresorhus
domutils
2.0.0 - 2.2.0
Outdated
Utilities for working with htmlparser2's dom
dom
htmlparser2
feedic
dom-serializer
0.2.0 - 0.2.2
Outdated
render domhandler DOM nodes to a string
html
xml
render
feedic
domhandler
3.0.0
Outdated
Handler for htmlparser2 that turns pages into a dom
dom
htmlparser2
feedic
is-buffer
1.1.4 - 1.1.6
Outdated
Determine if an object is a Buffer
arraybuffer
browser
browser buffer
browserify
buffer
+10
feross
events
3.0.0 - 3.3.0
Node's event emitter for all engines.
events
eventEmitter
eventDispatcher
listeners
core-js
3.9.0 - 3.15.2
Outdated
Standard library
ES3
ES5
ES6
ES7
ES2015
+39
zloirock
deepmerge
2.1.0 - 2.2.1
Outdated
A library for deep (recursive) merging of Javascript objects
merge
deep
extend
copy
clone
+1
tehshrike
domelementtype
2.0.0 - 2.1.0
Outdated
all the types of nodes in htmlparser2's dom
dom
element
types
htmlparser2
feedic
htmlparser2
4.0.0
Outdated
Fast & forgiving HTML/XML parser
html
parser
streams
xml
dom
+3
feedic
extend
3.0.2
Port of jQuery.extend for node.js and the browser
extend
clone
merge
scheduler
0.15.0 - 0.23.0
Cooperative scheduler for the browser environment.
react
+1
prop-types
15.7.0 - 15.7.2
Outdated
Runtime type checking for React props and similar objects.
react
react
16.13.0 - 17.0.2
Outdated
React is a JavaScript library for building user interfaces.
react
+1
lodash.debounce
4.0.8
The lodash method `_.debounce` exported as a module.
lodash-modularized
debounce
is-generator-function
1.0.0 - 1.0.4
Outdated
Determine if a function is a native generator function.
generator
generator function
es6
es2015
yield
+2
ljharb
dayjs
1.8.18 - 1.8.20
Outdated
2KB immutable date time library alternative to Moment.js with the same modern API
dayjs
date
time
immutable
moment
iamkun
repeat-string
1.6.0 - 1.6.1
Repeat the given string n times. Fastest implementation for repeating a string.
fast
fastest
fill
left
left-pad
+10
hoist-non-react-statics
3.3.1 - 3.3.2
Copies non-react specific statics from a child component to a parent component
react
mridgway
unist-util-visit-parents
1.0.0 - 2.0.1
Outdated
unist utility to recursively walk over nodes, with ancestral information
unist
unist-util
util
utility
tree
+7
unist-util-is
2.1.0 - 2.1.3
Outdated
unist utility to check if a node passes a test
unist
unist-util
util
utility
tree
+6
path-browserify
0.0.0 - 0.0.1
Outdated
the path module from node core for browsers
browser
browserify
path
+36
unist-util-visit
1.4.0 - 2.0.3
Outdated
unist utility to visit nodes
unist
unist-util
util
utility
remark
+16
dom-helpers
5.0.1 - 5.2.1
tiny modular DOM lib for ie9+
dom-helpers
react-component
dom
api
cross-browser
+8
lodash.camelcase
4.2.0 - 4.3.0
The lodash method `_.camelCase` exported as a module.
lodash-modularized
camelcase
ramda
0.26.0 - 0.27.2
Outdated
A practical functional library for JavaScript programmers.
ramda
functional
utils
utilities
toolkit
+6
+5
unist-util-stringify-position
1.1.1 - 1.1.2
Outdated
unist utility to serialize a node, position, or point as a human readable location
unist
unist-util
util
utility
position
+5
vfile-message
1.0.0 - 2.0.4
Outdated
vfile utility to create a virtual message
vfile
vfile-util
util
utility
virtual
+2
wooorm
unified
6.2.0 - 7.0.0
Outdated
parse, inspect, transform, and serialize content through syntax trees
ast
compile
content
cst
parse
+10
vfile
2.1.0 - 4.2.0
Outdated
Virtual file format for text processing
vfile
virtual
file
text
processing
+6
wooorm
is-promise
2.1.0 - 4.0.0
Test whether an object looks like a promises-a+ promise
react-fast-compare
2.0.4
Outdated
Fastest deep equal comparison for React. Great for React.memo & shouldComponentUpdate. Also really fast general-purpose deep comparison.
fast
equal
react
compare
shouldComponentUpdate
+1
+12
next-tick
1.1.0
Environment agnostic nextTick polyfill
nexttick
setImmediate
setTimeout
async
medikoo
es6-symbol
3.1.2 - 3.1.3
Outdated
ECMAScript 6 Symbol polyfill
symbol
private
property
es6
ecmascript
+3
medikoo
d
1.0.1
Outdated
Property descriptor factory
descriptor
es
ecmascript
ecma
property
+3
medikoo
lodash-es
4.17.9 - 4.17.21
Lodash exported as ES modules.
es6
modules
stdlib
util
timers-browserify
2.0.9
Outdated
timers module for browserify
timers
browserify
browser
+36
remark-parse
5.0.0
Outdated
remark plugin to add support for parsing markdown input
abstract
ast
markdown
mdast
parse
+6
trough
1.0.3 - 1.0.5
Outdated
`trough` is middleware
middleware
ware
wooorm
bail
1.0.0 - 2.0.2
Throw a given error
fail
bail
throw
callback
error
wooorm
parse-entities
1.1.1 - 1.1.2
Outdated
Parse HTML character references
parse
html
character
reference
entity
+1
wooorm
is-alphabetical
1.0.0 - 2.0.0
Outdated
Check if a character is alphabetical
string
character
char
code
alphabetical
wooorm
is-decimal
1.0.0 - 2.0.0
Outdated
Check if a character is decimal
string
character
char
code
decimal
wooorm
is-hexadecimal
1.0.0 - 2.0.0
Outdated
Check if a character is hexadecimal
string
character
char
code
hexadecimal
wooorm
react-lifecycles-compat
3.0.4
Backwards compatibility polyfill for React class components
style-to-object
0.2.3 - 0.4.1
Outdated
Parse CSS inline style to JavaScript object.
style-to-object
inline
style
parser
css
+2
remarkablemark
event-emitter
0.3.0 - 0.3.5
Environment agnostic event emitter
event
events
trigger
observer
listener
+2
medikoo
toposort
2.0.2
Topological sort of directed ascyclic graphs (like dependecy lists)
topological
sort
sorting
graphs
graph
+4
marcelklehr
replace-ext
0.0.1 - 1.0.0
Outdated
Replaces a file extension with another one.
gulp
extensions
filepath
basename
inline-style-parser
0.1.0 - 0.1.1
Outdated
An inline style parser.
inline-style-parser
inline-style
style
parser
css
remarkablemark
react-popper
1.3.1 - 1.3.4
Outdated
Official library to use Popper on React projects
react
react-popper
popperjs
component
drop
+2
popper.js
1.12.6 - 1.16.1
A kickass library to manage your poppers
popperjs
component
drop
tooltip
popover
+2
fezvrasta
synchronous-promise
2.0.0 - 2.0.16
Outdated
Synchronous Promise-like prototype to use in testing where you would have used an ES6 Promise
fluffynuts
property-expr
2.0.4
Outdated
tiny util for getting and setting deep object props safely
expr
expression
setter
getter
deep
+3
monastic.panic
bootstrap
4.4.0 - 4.4.1
Outdated
The most popular front-end framework for developing responsive, mobile first projects on the web.
css
sass
mobile-first
responsive
front-end
+2
vfile-location
2.0.0 - 3.0.1
Outdated
vfile utility to convert between positional (line and column-based) and offset (range-based) locations
vfile
vfile-util
util
utility
virtual
+5
wooorm
unist-util-remove-position
1.1.0 - 3.0.0
Outdated
unist utility to remove positions from a tree
unist
unist-util
util
utility
remove
+4
graphql-request
1.5.0 - 1.8.2
Outdated
Minimal GraphQL client supporting Node and browsers for scripts or simple apps
graphql
request
fetch
graphql-client
+2
collapse-white-space
1.0.0 - 2.0.0
Outdated
Collapse white space
collapse
white
space
wooorm
attr-accept
2.2.2
JavaScript implementation of the "accept" attribute for HTML5 <input type="file">
html5
input
tag
attribute
attr
+2
unherit
1.1.0 - 1.1.3
Outdated
Create a subclass that can be modified without affecting the super class
clone
super
class
constructor
wooorm
trim-trailing-lines
1.1.0 - 1.1.3
Outdated
Remove final line feeds from a string
trim
final
line
newline
characters
wooorm
is-whitespace-character
1.0.0 - 2.0.1
Check if a character is a whitespace character
string
character
char
code
whitespace
+2
wooorm
state-toggle
1.0.0 - 2.0.1
Outdated
Enter/exit a state
enter
exit
state
wooorm
markdown-escapes
1.0.0 - 1.0.4
Outdated
Legacy list of escapable characters in markdown
markdown
escape
pedantic
gfm
commonmark
wooorm
is-word-character
1.0.0 - 2.0.1
Check if a character is a word character
string
character
char
code
word
wooorm
react-markdown
4.2.0 - 4.3.1
Outdated
React component to render markdown
ast
commonmark
component
gfm
markdown
+4
formik
2.0.1 - 2.2.6
Outdated
Build forms in React, without the tears
formik
form
forms
react
react-dom
+7
jaredpalmer
gud
1.0.0
Create a 'gud nuff' (not cryptographically secure) globally unique id
global
unique
id
identifier
number
+2
thejameskyle
exenv
1.1.0 - 1.2.2
React's ExecutionEnvironment module extracted for use in other packages & components
react
browser
server
environment
env
+2
jedwatson
react-dnd
9.1.0 - 9.3.4
Outdated
Drag and Drop for React
+2
react-day-picker
7.4.1 - 7.4.8
Outdated
Customizable Date Picker for React
lit-element
3.0.1 - 3.2.2
Outdated
A simple base class for creating fast, lightweight web components
+11
react-modal
3.3.1 - 3.11.2
Outdated
Accessible modal dialog component for React.JS
react
react-component
modal
dialog
diasbruno
html-react-parser
0.10.0 - 0.10.3
Outdated
HTML to React parser.
html-react-parser
html
react
parser
dom
remarkablemark
react-property
1.0.1 - 1.0.2
Outdated
HTML and SVG DOM property configs used by React.
react-property
html
svg
dom
property
+4
remarkablemark
@reach/utils
0.12.0 - 0.17.0
Outdated
Internal, shared utilities for Reach UI.
+1
react-spring
3.0.0
Outdated
<p align="center"> <img src="https://i.imgur.com/QZownhg.png" width="240" /> </p>
animated
animation
hooks
motion
react
+4
@auth0/auth0-spa-js
2.0.0 - 2.0.2
Outdated
Auth0 SDK for Single Page Applications using Authorization Code Grant Flow with PKCE
auth0
login
Authorization Code Grant Flow
PKCE
Single Page Application authentication
+1
+41
react-input-mask
1.0.6 - 1.2.2
Outdated
Masked input component for React
react
input
mask
masked
react-component
sanniassin
smoothscroll-polyfill
0.4.4
Smooth Scroll behavior polyfill
smooth
scroll
CSSOM
polyfill
react-sortable-hoc
0.4.6 - 0.8.4
Outdated
Set of higher-order components to turn any list into a sortable, touch-friendly, animated list
react
reactjs
react-component
sortable
sortable-list
+7
clauderic
@chakra-ui/hooks
1.0.0 - 1.6.2
Outdated
React hooks for Chakra components
hooks
react
chakra ui
utilities
html-to-react
1.4.2
Outdated
A lightweight library that converts raw HTML to a React DOM structure.
react
react-component
html
webfontloader
1.6.18 - 1.6.28
Web Font Loader gives you added control when using linked fonts via @font-face.
web
fonts
webfonts
font
loader
+1
mdast-add-list-metadata
1.0.1 - 1.1.0
Enhances the metadata of list and listItem nodes
unified
remark
mdast
markdown
unist
staltz
ev-emitter
1.1.1
Outdated
lil' event emitter
event
emitter
pubsub
desandro
dom-scroll-into-view
1.0.0 - 1.0.1
Outdated
scroll dom node into view automatically
dom
scrollIntoView
yiminghe
react-truncate
2.3.0 - 2.4.0
React component for truncating multi-line spans and adding an ellipsis
react
truncate
ellipsis
multiline
react-image-lightbox
5.1.0 - 5.1.1
Outdated
A lightbox component for React.js
react
react-component
image
lightbox
picturefill
3.0.0 - 3.0.3
A responsive image polyfill.
picturefill
srcset
picture
responsive
responsive images
react-autocomplete
1.5.10 - 1.8.1
Accessible, extensible, Autocomplete for React.js
+1
headroom.js
0.11.0
Outdated
Give your page some headroom. Hide your header until you need it
header
fixed
scroll
menu
react-amphtml
3.1.0 - 4.0.2
Use amphtml components inside your React apps easily!
react
amphtml
dfrankland
Popular search queries
webpack.js.org
url
react-scripts
react
lottie-api
react-helmet-async
+7 packages
github.com
color-convert
@headlessui/react
hoist-non-react-statics
reactstrap
lit-html
+60 packages
pinterest.com
libphonenumber-js
react-relay
jss
@babel/runtime
redux-form
+50 packages
Popular packages
react
React is a JavaScript library for building user interfaces.
+6 634 websites
core-js
Standard library
+10 238 websites
es5-ext
ECMAScript extensions and shims
+10 229 websites
@babel/runtime
babel's modular runtime helpers
+8 352 websites
lodash
Lodash modular utilities.
+4 826 websites
axios
Promise based HTTP client for the browser and node.js
+4 742 websites