{"package":"is","ecosystem":"npm","latest_version":"3.3.2","description":"the definitive JavaScript type testing library","license":"MIT","homepage":"https://github.com/enricomarino/is","repository":"git://github.com/enricomarino/is","downloads_weekly":2906480,"health":{"score":59,"risk":"high","breakdown":{"maintenance":10,"popularity":17,"security":15,"maturity":15,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":1,"high":0,"medium":0,"low":0,"details":[{"vuln_id":"MAL-2025-6020","severity":"critical","summary":"Malicious code in is (npm)","affected_versions":null,"fixed_version":null,"source":"osv","published_at":"2025-07-22T07:14:14Z"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"3.3.2","total_count":31,"recent":["0.2.3","0.2.4","0.2.5","0.2.6","0.2.7","0.3.0","1.0.0","1.1.0","2.0.0","2.0.1","2.0.2","2.1.0","2.2.0","2.2.1","3.0.1","3.1.0","3.2.0","3.2.1","3.3.0","3.3.2"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":"2011-11-19T23:50:28.498Z","last_published":"2025-07-19T19:13:33.146Z","dependencies_count":0,"dependencies":[]},"bundle":null,"typescript":{"score":7,"has_types":true,"types_source":"definitely-typed","types_package":"@types/is"},"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"recommendation":{"action":"do_not_use","issues":["1 critical vulnerabilities"],"use_version":"3.3.2","version_hint":null,"summary":"is has critical vulnerabilities — do not use"},"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false,"advisory_id":"MAL-2025-6020","summary":"Malicious code in is (npm)","action":"review_advisory","downloads_weekly_at_check":2906480,"note":"Advisory MAL-2025-6020 flags this name but the package has 2,906,480 weekly downloads — likely a false positive or a withdrawn advisory. Verify on OSV.dev before treating as malicious."},"scorecard":{"available":false},"quality":{"available":false}}