{"package":"faker","ecosystem":"npm","latest_version":"6.6.6","description":"Generate massive amounts of fake contextual data","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://github.com/Marak/Faker.js#readme","repository":"ssh://git@github.com/Marak/Faker.js","downloads_weekly":2579600,"health":{"score":54,"risk":"high","breakdown":{"maintenance":0,"popularity":17,"security":20,"maturity":15,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":1,"medium":0,"low":0,"details":[{"vuln_id":"GHSA-5w9c-rv96-fr7g","severity":"high","summary":"Removal of functional code in faker.js","affected_versions":"=6.6.6","fixed_version":null,"source":"osv","published_at":"2022-03-22T19:28:24Z"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"6.6.6","total_count":29,"recent":["2.1.2","2.1.3","2.1.4","2.1.5","3.0.0","3.0.1","3.1.0","4.0.0","4.1.0","5.0.0","5.1.0","5.2.0","5.3.0","5.3.1","5.4.0","5.5.0","5.5.1","5.5.2","5.5.3","6.6.6"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":"2013-11-24T14:36:18.914Z","last_published":"2022-01-05T01:38:36.409Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":{"score":7,"has_types":true,"types_source":"definitely-typed","types_package":"@types/faker"},"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":{"count":1,"matches_current_version":true,"incidents":[{"affected_versions":"=6.6.6","incident_type":"abandoned_malicious","year":2022,"summary":"Same maintainer as colors; released 6.6.6 that wipes data. Forked by community as @faker-js/faker.","refs":["https://github.com/Marak/faker.js/issues/1046"],"matches_current_version":true}]},"recommendation":{"action":"do_not_use","issues":["Historical compromise KB matches current version (1 incident(s))"],"use_version":null,"version_hint":"Check /api/versions for a safe release","summary":"faker: version matches a known historical supply-chain compromise. DO NOT install."},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"co_used_with":[{"package":"json-source-map","occurrences":5},{"package":"@azure/event-hubs","occurrences":3},{"package":"Accord.Math","occurrences":3}],"version_history_summary":{"total_versions":20,"first_release_age_days":4539,"last_release_days_ago":1575,"avg_days_between_releases":239,"release_velocity":"stale"}}