{"package":"@posthog/core","ecosystem":"npm","latest_version":"1.26.0","description":"","license":"MIT","homepage":"https://github.com/PostHog/posthog-js#readme","repository":"https://github.com/PostHog/posthog-js","downloads_weekly":6814246,"health":{"score":77,"risk":"moderate","breakdown":{"maintenance":25,"popularity":17,"security":15,"maturity":15,"community":5},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":1,"high":0,"medium":0,"low":0,"details":[{"vuln_id":"GHSA-3f6v-43gc-g8fr","severity":"critical","summary":"Malicious code in @posthog/core (npm)","affected_versions":null,"fixed_version":null,"source":"osv","published_at":"2025-11-24T11:29:46Z"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"1.26.0","total_count":59,"recent":["1.20.2","1.21.0","1.22.0","1.23.0","1.23.1","1.23.2","1.23.3","1.23.4","1.24.0","1.24.1","1.24.2","1.24.3","1.24.4","1.24.5","1.24.6","1.25.0","1.25.1","1.25.2","1.25.3","1.26.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":17,"first_published":"2025-07-23T16:16:12.732Z","last_published":"2026-04-22T09:54:08.261Z","dependencies_count":0,"dependencies":[]},"bundle":{"size_kb":62.7,"gzip_kb":20.4,"dependency_count":0,"has_js_module":"dist/index.mjs","has_side_effects":true,"scoped":true,"source":"bundlephobia"},"typescript":{"score":10,"has_types":true,"types_source":"bundled","types_package":null},"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"recommendation":{"action":"do_not_use","issues":["1 critical vulnerabilities"],"use_version":"1.26.0","version_hint":null,"summary":"@posthog/core has critical vulnerabilities — do not use"},"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false,"advisory_id":"MAL-2025-190645","summary":"Malicious code in @posthog/core (npm)","action":"review_advisory","downloads_weekly_at_check":6814246,"note":"Advisory MAL-2025-190645 flags this name but the package has 6,814,246 weekly downloads — likely a false positive or a withdrawn advisory. Verify on OSV.dev before treating as malicious."},"scorecard":{"available":false},"quality":{"available":false}}