weforum.org 189 packages

Last scanned on Oct 27 at 07:02 PM
lodash 3.2.0VulnerableOutdated
Lodash modular utilities.
License
MIT
Footprint
9 KB
Vulnerabilities
Regular Expression Denial of Service (ReDoS) in lodash
Affected versions >=0 <4.17.21
Prototype Pollution in lodash
Affected versions >=0 <4.17.5
Prototype Pollution in lodash
Affected versions >=0 <4.17.11
Prototype Pollution in lodash
Affected versions >=0 <4.17.12
Regular Expression Denial of Service (ReDoS) in lodash
Affected versions >=0 <4.17.11
Prototype Pollution in lodash
Affected versions >=0 <4.17.20
Command Injection in lodash
Affected versions >=0 <4.17.21
Matched Modules
Version distribution in production
704
4.17.16
235
4.17.21
86
4.17.20
59
4.17.15
54
4.17.13
1
3.2.0
lodash-es 3.2.0 - 3.5.0VulnerableOutdated
Lodash exported as ES modules.
html-parse-stringify2 2.0.1Vulnerable
Parses well-formed HTML (meaning all tags closed) into an AST and back. quickly.
tslib 1.13.0 - 1.14.1Outdated
Runtime library for TypeScript helper functions
isarray 0.0.0 - 0.0.1Outdated
Array#isArray for older browsers
react-is 16.13.1Outdated
Brand checking of React Elements.
@babel/runtime 7.0.0 - 7.12.5Outdated
babel's modular runtime helpers
+1
hzoo
existentialism
nicolo-ribaudo
path-to-regexp 1.8.0Outdated
Express style path to RegExp utility
regenerator-runtime 0.13.7Outdated
Runtime for Regenerator-compiled generator and async functions.
cookie 0.4.1Outdated
HTTP server cookie parsing and serialization
dougwilson
dougwilson
object-assign 4.1.1
ES2015 `Object.assign()` ponyfill
fast-json-stable-stringify 2.0.0 - 2.1.0
deterministic `JSON.stringify()` - a faster version of substack's json-stable-strigify without jsonify
escape-html 1.0.3
Escape string for use in HTML
deepmerge 4.2.2
A library for deep (recursive) merging of Javascript objects
prop-types 15.7.0 - 15.7.2Outdated
Runtime type checking for React props and similar objects.
scheduler 0.19.1Outdated
Cooperative scheduler for the browser environment.
lower-case 2.0.1Outdated
Transforms the string to lower case
react 16.14.0Outdated
React is a JavaScript library for building user interfaces.
lodash.debounce 4.0.8
The lodash method `_.debounce` exported as a module.
no-case 3.0.3Outdated
Transform into a lower cased string with spaces between words
camel-case 4.1.0 - 4.1.1Outdated
Transform into a string with the separator denoted by the next word capitalized
process 0.11.10
process information for node.js and browsers
setimmediate 1.0.5
A shim for the setImmediate efficient script yielding API
domenic
domenic
react-dom 16.14.0Outdated
React package for working with the DOM.
query-string 4.3.4Outdated
Parse and stringify URL query strings
date-fns 2.15.0 - 2.16.0Outdated
Modern JavaScript date utility library
kossnocorp
leshakoss
hoist-non-react-statics 3.3.2
Copies non-react specific statics from a child component to a parent component
mridgway
mridgway
symbol-observable 2.0.0 - 3.0.0Outdated
Symbol.observable ponyfill
strict-uri-encode 1.1.0Outdated
A stricter URI encode adhering to RFC 3986
@emotion/memoize 0.6.6 - 0.7.4Outdated
emotion's memoize utility
+1
tkh44
mitchellhamilton
emotion-release-bot
invariant 2.2.3 - 2.2.4
invariant
pascal-case 3.1.0 - 3.1.2
Transform into a string of capitalized words without separators
timers-browserify 2.0.10 - 2.0.12
timers module for browserify
whatwg-fetch 3.4.0 - 3.4.1Outdated
A window.fetch polyfill.
jakechampion
mattandrews
mislav
es5-ext 0.10.24 - 0.10.49Outdated
ECMAScript extensions and shims
classnames 2.2.6Outdated
A simple utility for conditionally joining classNames together
cross-fetch 3.0.4 - 3.0.5Outdated
Universal WHATWG Fetch API for Node, Browsers and React Native
@emotion/is-prop-valid 0.8.8Outdated
A function to check whether a prop is valid for HTML and SVG elements
+1
tkh44
mitchellhamilton
emotion-release-bot
@emotion/unitless 0.7.2 - 0.7.5Outdated
An object of css properties that don't accept values with units
+1
tkh44
mitchellhamilton
emotion-release-bot
history 4.10.1Outdated
Manage session history with JavaScript
@emotion/utils 0.11.0 - 0.11.3Outdated
internal utils for emotion
+1
tkh44
mitchellhamilton
emotion-release-bot
@emotion/serialize 0.11.14 - 0.11.16Outdated
serialization utils for emotion
+1
tkh44
mitchellhamilton
emotion-release-bot
graphql 15.3.0Outdated
A Query Language and Runtime which can target any service.
@emotion/hash 0.8.0Outdated
A MurmurHash2 implementation
+1
tkh44
mitchellhamilton
emotion-release-bot
warning 4.0.3
A mirror of Facebook's Warning
@emotion/cache 10.0.17 - 10.0.29Outdated
emotion's cache
+1
tkh44
mitchellhamilton
emotion-release-bot
@emotion/sheet 0.9.1 - 0.9.4Outdated
emotion's stylesheet
+1
tkh44
mitchellhamilton
emotion-release-bot
react-router 5.2.0Outdated
Declarative routing for React
@popperjs/core 2.4.4Outdated
Tooltip and Popover Positioning Engine
clsx 1.1.1Outdated
A tiny (228B) utility for constructing className strings conditionally.
react-router-dom 5.2.0Outdated
Declarative routing for React web applications
react-fast-compare 3.1.0 - 3.2.0
Fastest deep equal comparison for React. Great for React.memo & shouldComponentUpdate. Also really fast general-purpose deep comparison.
shallowequal 1.1.0
Like lodash isEqualWith but for shallow equal.
tiny-invariant 1.1.0Outdated
A tiny invariant function
react-lifecycles-compat 3.0.4
Backwards compatibility polyfill for React class components
+2
gaearon
acdlite
fb
@emotion/stylis 0.8.4 - 0.8.5
A custom build of Stylis
+1
andarist
emotion-release-bot
tkh44
void-elements 2.0.1Outdated
Array of "void elements" defined by the HTML specification.
graphql-tag 2.9.1 - 2.11.0Outdated
A JavaScript template literal tag that parses GraphQL queries
jnwng
abernix
apollo-bot
@emotion/styled 0.10.2 - 10.3.0Outdated
styled API for emotion
+1
tkh44
mitchellhamilton
emotion-release-bot
resize-observer-polyfill 1.5.1
A polyfill for the Resize Observer API
resolve-pathname 3.0.0
Resolve URL pathnames using JavaScript
mjackson
mjackson
value-equal 1.0.1
Are these two JavaScript values equal?
mjackson
mjackson
ts-invariant 0.4.3 - 0.4.4Outdated
TypeScript implementation of invariant(condition, message)
zen-observable 0.8.15
An Implementation of ES Observables
zenparsing
zenparsing
react-select 3.0.2 - 5.5.7
A Select control built with and for ReactJS
@wry/equality 0.2.0Outdated
Structural equality checking for JavaScript values
benjamn
benjamn
luxon x.x.x
Immutable date wrapper
@emotion/css 10.0.0 - 10.0.27Outdated
The Next Generation of CSS-in-JS.
@emotion/core 10.1.1Outdated
+1
tkh44
mitchellhamilton
emotion-release-bot
mini-create-react-context 0.3.3 - 0.4.1
Smaller Polyfill for the proposed React context API
tinycolor2 1.4.1Outdated
Fast Color Parsing and Manipulation
@wry/context 0.4.4 - 0.6.1Outdated
Manage contextual information needed by (a)synchronous tasks without explicitly passing objects around
benjamn
benjamn
i18next 19.8.3 - 19.8.4Outdated
i18next internationalization framework
optimism 0.12.1Outdated
Composable reactive caching with efficient invalidation.
dequal 2.0.0 - 2.0.3
A tiny (304B to 489B) utility for check for deep equality
@emotion/styled-base 10.0.23 - 10.0.31Outdated
Deprecated package which became `@emotion/styled/base`
+1
tkh44
mitchellhamilton
emotion-release-bot
focus-lock 0.7.0Outdated
DOM trap for a focus
@apollo/client 3.2.1 - 3.2.3Outdated
A fully-featured caching GraphQL client.
@vue/shared 3.0.0 - 3.2.41
internal utils shared across @vue packages
yyx990803
yyx990803
exenv 1.2.1 - 1.2.2
React's ExecutionEnvironment module extracted for use in other packages & components
react-i18next 11.8.0 - 11.8.6Outdated
Internationalization for react done right. Using the i18next i18n ecosystem.
framesync 4.1.0Outdated
A frame-synced render loop for JavaScript
popmotion
popmotion
use-callback-ref 1.2.4 - 1.2.5Outdated
The same useRef, but with callback
use-sidecar 1.0.0 - 1.0.5Outdated
Sidecar code splitting utils
react-side-effect 1.2.0Outdated
Create components whose prop changes map to a global side effect
react-focus-lock 2.4.1Outdated
It is a trap! (for a focus)
lodash.mergewith 4.6.2
The Lodash method `_.mergeWith` exported as a module.
react-helmet 5.2.1Outdated
A document head manager for React
json2mq 0.2.0
Generate media query string from JSON or javascript object
akiran
akiran
string-convert 0.1.0 - 0.2.1
String convertions
akiran
akiran
react-clientside-effect 1.2.5 - 1.2.6
Create components whose prop changes map to a global side effect
react-modal 3.11.2Outdated
Accessible modal dialog component for React.JS
framer-motion 2.9.5Outdated
A simple and powerful React animation library
popmotion 9.0.0Outdated
The animator's toolbox
style-value-types 3.1.9 - 3.2.0Outdated
Parsers, transformers and tests for special value types, eg: %, hex codes etc.
intersection-observer 0.7.0Outdated
A polyfill for IntersectionObserver
universal-cookie 4.0.4
Universal cookies for JavaScript
@firebase/webchannel-wrapper 0.5.0Outdated
A wrapper of the webchannel packages from closure-library for use outside of a closure compiled application
+1
chholland
firebase-ops
feiyang.chen
@reach/utils 0.11.0 - 0.11.1Outdated
Internal, shared utilities for Reach UI.
+1
ryanflorence
mjackson
chancestrickland
xstate 4.7.0 - 4.33.6
Finite State Machines and Statecharts for the Modern Web.
load-script 1.0.0 - 2.0.0
Dynamic script loading for browser
react-remove-scroll 2.4.0 - 2.4.1Outdated
Disables scroll outside of `children` node.
kashey
kashey
react-use 12.3.2 - 17.4.0
Collection of React Hooks
streamich
streamich
react-remove-scroll-bar 2.2.0Outdated
Removes body scroll without content _shake_
kashey
kashey
react-style-singleton 2.1.0 - 2.1.1Outdated
Just create a single stylesheet...
enquire.js 2.1.6
Awesome Media Queries in JavaScript
get-nonce 1.0.0 - 1.0.1
returns nonce
aria-hidden 1.1.2Outdated
Cast aria-hidden to everything, except...
react-slick 0.28.1Outdated
React port of slick carousel
@chakra-ui/utils 1.8.2Outdated
Common utilities and types for Chakra UI
timkolberger
segunadebayo
_codebender828
@reach/auto-id 0.11.0 - 0.11.2Outdated
Autogenerate IDs to facilitate WAI-ARIA and server rendering.
+1
ryanflorence
mjackson
chancestrickland
@styled-system/core 5.1.2
jxnblk
jxnblk
react-tabs 3.1.1 - 3.1.2Outdated
An accessible and easy tab component for ReactJS
@chakra-ui/icon 1.0.0 - 1.0.1Outdated
A base React component for icons
@apollo/react-hooks 3.0.0 - 3.1.5Outdated
React Apollo Hooks.
react-cookie 4.1.1
Universal cookies for React
@loadable/component 5.14.1Outdated
React code splitting made easy.
react-content-loader 4.3.4Outdated
SVG-Powered component to easily create placeholder loadings (like Facebook cards loading)
@chakra-ui/theme-tools 1.0.0 - 1.0.4Outdated
Set of helpers that makes theming and styling easier
@chakra-ui/styled-system 1.0.0Outdated
Style function for css-in-js building component libraries
@chakra-ui/system 1.0.0 - 1.0.1Outdated
Chakra UI system primitives
@chakra-ui/hooks 1.0.0 - 1.0.1Outdated
React hooks for Chakra components
@chakra-ui/color-mode 1.0.0 - 1.0.1Outdated
React component and hooks for handling light and dark mode.
@chakra-ui/theme 1.0.0Outdated
The default theme for chakra components
@chakra-ui/descendant 1.0.0 - 1.1.3Outdated
Register child nodes of a react element for better accessibility
@chakra-ui/layout 1.0.0Outdated
Chakra UI layout components that give you massive speed
@chakra-ui/transition 1.0.0 - 1.0.2Outdated
Common transition components for Chakra UI
@chakra-ui/form-control 1.0.0 - 1.0.2Outdated
React component to provide validation states to form fields
@chakra-ui/visually-hidden 1.0.0 - 1.0.16Outdated
A React component that visually hides its content
@chakra-ui/spinner 1.0.0 - 1.0.1Outdated
A React component for displaying spinners and loaders
@chakra-ui/portal 1.0.0 - 1.0.1Outdated
React component used to render children outside the DOM hierarchy of the parent component
@chakra-ui/accordion 1.0.0 - 1.2.3Outdated
A simple and accessible accordion component for React & Chakra UI
@chakra-ui/tabs 1.0.0Outdated
Accessible Tabs component for React and Chakra UI
@chakra-ui/close-button 1.0.0 - 1.0.1Outdated
A React and Chakra UI close button component.
@chakra-ui/modal 1.0.0 - 1.3.0Outdated
An accessible dialog (modal) component for React & Chakra UI
@chakra-ui/clickable x.x.x
React hook and component that implements native button interactions
ev-emitter 1.1.1Outdated
lil' event emitter
@chakra-ui/input 1.0.0 - 1.0.2Outdated
A React component for input text field
@chakra-ui/popper 1.0.0 - 1.0.3Outdated
A React component and hooks wrapper for popper.js
@chakra-ui/popover 1.0.0 - 1.0.1Outdated
A React component to render that renders its content in a popover
@chakra-ui/button 1.0.0 - 1.0.1Outdated
A React component that is a base button.
@chakra-ui/image 1.0.0 - 1.0.1Outdated
React component for progressive image loading
@chakra-ui/media-query 1.0.0Outdated
A React hook for changing properties or visibility of a component based on css media query
@chakra-ui/css-reset 1.0.0Outdated
CSS reset component for Chakra UI
@chakra-ui/focus-lock 1.0.0 - 1.0.1Outdated
React focus lock for all Chakra components
iframe-resizer 4.2.11Outdated
Keep same and cross domain iFrames sized to their content with support for window/content resizing, and multiple iFrames.
fizzy-ui-utils 2.0.7Outdated
UI utilities
desandro-matches-selector 2.0.2
matches/matchesSelector helper
countup.js 2.0.4Outdated
Animates a numerical value by counting to it
inorganik
inorganik
react-flip-move 0.2.1 - 1.0.1Outdated
Effortless animation between DOM changes (eg. list reordering) using the FLIP technique.
crypto-hash 1.0.0 - 1.2.2Outdated
Tiny hashing module that uses the native crypto API in Node.js and the browser
deepcopy 2.0.0 - 2.1.0
deep copy data
sasaplus1
sasaplus1
react-media 1.10.0
CSS media queries for React
@glidejs/glide 3.4.1Outdated
Glide.js is a dependency-free JavaScript ES6 slider and carousel. It’s lightweight, flexible and fast. Designed to slide. No less, no more
plyr 3.6.2Outdated
A simple, accessible and customizable HTML5, YouTube and Vimeo media player
nuka-carousel 4.4.2 - 5.1.3Outdated
Pure React Carousel
vanilla-lazyload 11.0.6Outdated
LazyLoad is a lightweight (2.4 kB) and flexible script that speeds up your web application by deferring the loading of your below-the-fold images, videos and iframes to when they will enter the viewport. It's written in plain "vanilla" JavaScript, it leve
es6-promise-polyfill 1.2.0
Polyfill for ES6 Promise
react-tracking 4.1.0 - 5.4.0Outdated
Declarative tracking for React apps.
hoverintent 0.2.2Outdated
Fire mouse events when the user intends it
davidtheclark
tristen
sticky-js 1.3.0
Sticky elements
lottie-api 1.0.0 - 1.0.2Outdated
A library to edit lottie-web animations dynamically
airnan
airnan
prebid.js 0.5.0 - 3.15.0Outdated
Header Bidding Management Library
botframework-webchat-component 4.9.2 - 4.15.4
React component of botframework-webchat
+2
botframework
joshgummersall
sgellock
interweave x.x.x
youtube-iframe-player x.x.x
scroll-lock x.x.x
honeybadger-js x.x.x
clipboard-copy x.x.x
require-sdk x.x.x
pubsub x.x.x
js-search x.x.x
@honeybadger-io/react x.x.x
react-jw-player x.x.x
moveto x.x.x
infinite-scroll x.x.x
react-masonry-css x.x.x
fitty x.x.x
tableau-api-js x.x.x
react-tweet-embed x.x.x
hypernova x.x.x
css-get-unit x.x.x
@chakra-ui/core x.x.x
stylis-plugin-extra-scope x.x.x
@chakra-ui/select x.x.x
@chakra-ui/icons x.x.x
@chakra-ui/menu x.x.x
dangerously-set-html-content x.x.x
@chakra-ui/table x.x.x