{"package":"@flowfuse/flowfuse","ecosystem":"npm","latest_version":"2.31.3","description":"An open source low-code development platform","license":"SEE LICENSE IN ./LICENSE","license_risk":"unknown","commercial_use_notes":"verify manually — license not parseable / not declared.","homepage":"https://flowfuse.com","repository":"https://github.com/FlowFuse/flowfuse","downloads_weekly":9579,"health":{"score":40,"risk":"high","breakdown":{"maintenance":25,"popularity":6,"security":15,"maturity":15,"community":6},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":1,"high":0,"medium":0,"low":0,"details":[{"vuln_id":"GHSA-mpvf-p8hg-65gw","severity":"critical","summary":"Malicious code in @flowfuse/flowfuse (npm)","affected_versions":"=2.24.2-375f5e6-202511240929.0","fixed_version":null,"source":"osv","published_at":"2025-11-24T23:42:58Z"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"2.31.3","total_count":2367,"recent":["2.31.3-f0bc25e-202606161354.0","2.31.3-1c2ee1a-202606161421.0","2.31.3","2.31.4-67b1014-202606161444.0","2.31.4-6651f18-202606161550.0","2.31.4-6651f18-202606161554.0","2.31.4-6651f18-202606161619.0","2.31.4-6651f18-202606161632.0","2.31.4-6651f18-202606161640.0","2.31.4-6651f18-202606161646.0","2.31.4-6651f18-202606161709.0","2.31.4-e2bf6b7-202606161801.0","2.31.4-e2bf6b7-202606161814.0","2.31.4-779dfdb-202606170816.0","2.31.4-1901d41-202606171210.0","2.31.4-a7ffe25-202606171322.0","2.31.4-a5aebfe-202606171425.0","2.31.4-83ec01e-202606171901.0","2.31.4-525a175-202606172041.0","2.31.4-fab5b55-202606181341.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":3,"first_published":"2023-12-19T14:20:27.268Z","last_published":"2026-06-16T14:31:09.189Z","dependencies_count":70,"dependencies":["pg","vue","diff","mqtt","pino","uuid","yaml","axios","pinia","bcrypt","dotenv","ldapts","marked","qrcode","semver","stripe","zxcvbn","echarts","fastify","hashids","sqlite3","cronosjs","dompurify","lru-cache","sequelize","handlebars","mqtt-match","nodemailer","tar-stream","vue-router","@sentry/vue","pino-pretty","vue-echarts","@sentry/node","highlight.js","jsonwebtoken","posthog-node","random-words","vue-shepherd","@redis/client","@heroicons/vue","@node-red/util","fastify-plugin","lottie-web-vue","@fastify/cookie","@fastify/helmet","@fastify/routes","@fastify/static","@headlessui/vue","fastify-metrics","@fastify/swagger","@fastify/formbody","@fastify/passport","vue3-google-login","@fastify/multipart","@fastify/websocket","@fastify/rate-limit","@fastify/swagger-ui","@levminer/speakeasy","google-auth-library","@aws-sdk/client-sesv2","@sentry/webpack-plugin","@vuepic/vue-datepicker","@flowfuse/flow-renderer","@fastify/csrf-protection","@flowfuse/driver-localfs","@node-saml/passport-saml","validate-npm-package-name","pinia-plugin-persistedstate","@aws-sdk/credential-provider-node"]},"github_stats":{"stars":390,"forks":87,"open_issues":954,"is_archived":false,"pushed_at":"2026-06-19T14:16:45Z","subscribers_count":12},"bundle":null,"typescript":{"score":0,"has_types":false,"types_source":null,"types_package":null},"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["Moderate health score (40/100) — verify manually","1 critical vulnerabilities"],"use_version":"2.31.3","version_hint":null,"summary":"@flowfuse/flowfuse has critical vulnerabilities — do not use"},"version_scoped":null,"_meta":{"endpoint":"check","tier":"full","philosophy":"DepScope is free. Use the cheapest endpoint that answers your real question.","cheaper_alternatives":[{"endpoint":"/api/exists/npm/%40flowfuse%2Fflowfuse","tokens_estimated":12,"use_when":"you only need to know if the package exists (hallucination guard)"},{"endpoint":"/api/health/npm/%40flowfuse%2Fflowfuse","tokens_estimated":80,"use_when":"you only need a 0-100 score for go/no-go (>=70 = safe)"},{"endpoint":"/api/prompt/npm/%40flowfuse%2Fflowfuse","tokens_estimated":280,"use_when":"you want a plain-text LLM-friendly brief instead of JSON"},{"endpoint":"POST /api/check_bulk","tokens_estimated":60,"use_when":"you have 5+ packages to check; sends one round-trip instead of N"}],"docs":"https://depscope.dev/integrate","hint_bulk":"You've called /api/check 43 times in 60s. Save bandwidth + tokens with POST /api/check_bulk (1 round-trip for N pkgs)."},"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false,"advisory_id":"MAL-2025-191453","summary":"Malicious code in @flowfuse/flowfuse (npm)","action":"use_with_caution","affected_versions":["2.24.2-375f5e6-202511240929.0"],"latest_version_safe":true,"note":"Advisory MAL-2025-191453: versions 2.24.2-375f5e6-202511240929.0 are compromised. Current latest (2.31.3) is safe."},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":3,"avg_days_between_releases":null,"release_velocity":"active"}}