{"package":"posthog-js","ecosystem":"npm","latest_version":"1.372.6","description":"Posthog-js allows you to automatically capture usage and send events to PostHog.","license":"SEE LICENSE IN LICENSE","license_risk":"unknown","commercial_use_notes":"verify manually — license not parseable / not declared.","homepage":"https://posthog.com/docs/libraries/js","repository":"https://github.com/PostHog/posthog-js","downloads_weekly":null,"health":{"score":73,"risk":"moderate","breakdown":{"maintenance":25,"popularity":0,"security":25,"maturity":15,"community":8},"deprecated":false,"max_score":100},"vulnerabilities":{"count":0,"critical":0,"high":0,"medium":0,"low":0,"details":[]},"versions":{"latest":"1.372.6","total_count":1140,"recent":["1.369.0","1.369.1","1.369.2","1.369.3","1.369.4","1.369.5","1.370.0","1.370.1","1.371.0","1.371.1","1.371.2","1.371.3","1.371.4","1.372.0","1.372.1","1.372.2","1.372.3","1.372.4","1.372.5","1.372.6"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":17,"first_published":"2020-02-20T02:44:55.768Z","last_published":"2026-05-01T13:46:17.685Z","dependencies_count":13,"dependencies":["@opentelemetry/api","@opentelemetry/api-logs","@opentelemetry/exporter-logs-otlp-http","@opentelemetry/resources","@opentelemetry/sdk-logs","core-js","dompurify","fflate","preact","query-selector-shadow-dom","web-vitals","@posthog/core","@posthog/types"]},"github_stats":{"stars":541,"forks":250,"open_issues":171,"is_archived":false,"pushed_at":"2026-05-01T14:56:59Z","subscribers_count":15},"bundle":null,"typescript":{"score":10,"has_types":true,"types_source":"bundled","types_package":null},"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"1.372.6","version_hint":null,"summary":"posthog-js@1.372.6 is safe to use (health: 73/100)"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":503,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false,"advisory_id":"MAL-2025-191402","summary":"Malicious code in posthog-js (npm)","action":"use_with_caution","affected_versions":["1.297.3"],"latest_version_safe":true,"note":"Advisory MAL-2025-191402: versions 1.297.3 are compromised. Current latest (1.372.6) is safe."},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":2262,"last_release_days_ago":0,"avg_days_between_releases":119,"release_velocity":"active"}}