{"package":"@duckdb/duckdb-wasm","ecosystem":"npm","latest_version":"1.33.1-dev45.0","description":"DuckDB powered by WebAssembly","license":"MIT","homepage":"https://github.com/duckdb/duckdb-wasm#readme","repository":"https://github.com/duckdb/duckdb-wasm","downloads_weekly":171120,"health":{"score":82,"risk":"low","breakdown":{"maintenance":25,"popularity":14,"security":25,"maturity":15,"community":3},"deprecated":false,"max_score":100},"vulnerabilities":{"count":2,"critical":0,"high":0,"medium":0,"low":2,"details":[{"vuln_id":"CVE-2025-59037","severity":"unknown","summary":"DuckDB NPM packages 1.3.3 and 1.29.2 briefly compromised with malware","affected_versions":">=1.29.2","fixed_version":"1.30.0","source":"osv","published_at":"2025-09-09T14:39:14Z","in_kev":false,"epss_prob":0.00061,"epss_percentile":0.18864,"threat_tier":"theoretical"},{"vuln_id":"MAL-2025-46991","severity":"unknown","summary":"Malicious code in @duckdb/duckdb-wasm (npm)","affected_versions":null,"fixed_version":null,"source":"osv","published_at":"2025-09-09T10:30:00Z","in_kev":false,"threat_tier":"unknown"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"1.33.1-dev45.0","total_count":438,"recent":["1.33.1-dev17.0","1.33.1-dev18.0","1.33.1-dev19.0","1.33.1-dev20.0","1.33.1-dev34.0","1.33.1-dev35.0","1.33.1-dev36.0","1.33.1-dev37.0","1.33.1-dev38.0","1.33.1-dev39.0","1.33.1-dev40.0","1.33.1-dev41.0","1.33.1-dev42.0","1.33.1-dev43.0","1.33.1-dev44.0","1.33.1-dev45.0","1.33.1-dev47.0","1.33.1-dev48.0","1.33.1-dev50.0","1.33.1-dev53.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":2,"first_published":"2021-10-06T19:08:26.926Z","last_published":"2026-04-13T05:52:20.674Z","dependencies_count":2,"dependencies":["qs","apache-arrow"]},"bundle":{"size_kb":194.1,"gzip_kb":44.3,"dependency_count":2,"has_js_module":"dist/duckdb-browser.mjs","has_side_effects":false,"scoped":true,"source":"bundlephobia"},"typescript":{"score":10,"has_types":true,"types_source":"bundled","types_package":null},"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"recommendation":{"action":"safe_to_use","issues":[],"use_version":"1.33.1-dev45.0","version_hint":"Update to >= 1.30.0 to fix known vulnerabilities","summary":"@duckdb/duckdb-wasm@1.33.1-dev45.0 is safe to use (health: 82/100)"},"requested_version":null,"_cache":"miss","_response_ms":1409,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false,"advisory_id":"MAL-2025-46991","summary":"Malicious code in @duckdb/duckdb-wasm (npm)","action":"review_advisory","downloads_weekly_at_check":171120,"note":"Advisory MAL-2025-46991 flags this name but the package has 171,120 weekly downloads — likely a false positive or a withdrawn advisory. Verify on OSV.dev before treating as malicious."},"scorecard":{"available":false},"quality":{"available":false}}