{"package":"jquery-ui","ecosystem":"npm","latest_version":"1.14.2","description":"A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://jqueryui.com","repository":"git://github.com/jquery/jquery-ui","downloads_weekly":852350,"health":{"score":83,"risk":"low","breakdown":{"maintenance":20,"popularity":14,"security":21,"maturity":15,"community":13},"deprecated":false,"max_score":100},"vulnerabilities":{"count":2,"critical":0,"high":0,"medium":2,"low":0,"details":[{"vuln_id":"BIT-drupal-2021-41184","severity":"medium","summary":"XSS in the `of` option of the `.position()` util in jquery-ui","affected_versions":"<1.13.0|<1.13.0|<1.13.0|<7.0.0|=1.10.4|=1.10.5|=1.12.0|=1.12.0-rc.2|=1.12.1|=1.13.0-rc.2|=1.13.0-rc.3|=1.10.0|=1.10.1|=1.10.2|=1.10.3|=1.10.4|=1.11.0|=1.11.1|=1.11.2|=1.11.3|=1.11.4|=1.12.0|=1.12.1|=1.8.10|=1.8.11|=1.8.12|=1.8.13|=1.8.14|=1.8.15|=1.8.16|=1.8.17|=1.8.18|=1.8.19|=1.8.20|=1.8.20.1|=1.8.21|=1.8.22|=1.8.23|=1.8.24|=1.8.9|=1.9.0|=1.9.0-RC1|=1.9.1|=1.9.2|=0.0.1|=0.0.2|=0.1.0|=0.2.0|=0.2.1|=0.2.2|=0.3.0|=0.4.0|=0.4.1|=0.5.0|=1.0.0|=1.1.0|=1.1.1|=2.0.0|=2.0.1|=2.0.2|=3.0.0|=3.0.1|=4.0.0|=4.0.1|=4.0.2|=4.0.3|=4.0.4|=4.0.5|=4.1.0|=4.1.1|=4.1.2|=4.2.0|=4.2.1|=5.0.0|=5.0.1|=5.0.2|=5.0.3|=5.0.4|=5.0.5|=6.0.0|=6.0.1","fixed_version":"7.0.0","source":"osv","published_at":"2021-10-26T14:55:12Z","in_kev":false,"threat_tier":"unknown"},{"vuln_id":"CVE-2010-5312","severity":"medium","summary":"Cross-site Scripting in jquery-ui","affected_versions":">=1.7.0,<1.10.0|>=1.7.0,<1.10.0|>=1.7.0,<1.10.0|<4.0.0|=1.8.10|=1.8.11|=1.8.12|=1.8.13|=1.8.14|=1.8.15|=1.8.16|=1.8.17|=1.8.18|=1.8.19|=1.8.20|=1.8.20.1|=1.8.21|=1.8.22|=1.8.23|=1.8.24|=1.8.9|=1.9.0|=1.9.0-RC1|=1.9.1|=1.9.2|=0.0.1|=0.0.2|=0.1.0|=0.2.0|=0.2.1|=0.2.2|=0.3.0|=0.4.0|=0.4.1|=0.5.0|=1.0.0|=1.1.0|=1.1.1|=2.0.0|=2.0.1|=2.0.2|=3.0.0|=3.0.1","fixed_version":"4.0.0","source":"osv","published_at":"2017-10-24T18:33:38Z","in_kev":false,"epss_prob":0.05931,"epss_percentile":0.90656,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"1.14.2","total_count":20,"recent":["1.10.4","1.10.5","1.12.0-beta.1","1.12.0-rc.1","1.12.0-rc.2","1.12.0","1.12.1","1.13.0-alpha.1","1.13.0-rc.1","1.13.0-rc.2","1.13.0-rc.3","1.13.0","1.13.1","1.13.2","1.13.3","1.14.0-beta.1","1.14.0-beta.2","1.14.0","1.14.1","1.14.2"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":5,"first_published":"2014-03-16T08:21:46.507Z","last_published":"2026-01-28T23:49:18.089Z","dependencies_count":1,"dependencies":["jquery"]},"bundle":{"size_kb":8.4,"gzip_kb":3.1,"dependency_count":1,"has_js_module":false,"has_side_effects":true,"scoped":false,"source":"bundlephobia"},"typescript":{"score":0,"has_types":false,"types_source":null,"types_package":null},"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"1.14.2","version_hint":"Update to >= 4.0.0 to fix known vulnerabilities","summary":"jquery-ui@1.14.2 is safe to use (health: 83/100)"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false}}