{"package":"underscore-keypath","ecosystem":"npm","latest_version":"0.9.3","description":"Adds Key-Path mechanism extensions for underscore","license":"EPL-1.0","license_risk":"weak_copyleft","commercial_use_notes":"EPL: weak copyleft with a patent grant; modified files must be released under EPL.","homepage":"https://github.com/jeeeyul/underscore-keypath#readme","repository":"https://github.com/jeeeyul/underscore-keypath","downloads_weekly":null,"health":{"score":37,"risk":"critical","breakdown":{"maintenance":0,"popularity":0,"security":20,"maturity":15,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":1,"medium":0,"low":0,"details":[{"vuln_id":"CVE-2023-26139","severity":"high","summary":"underscore-keypath vulnerable to Prototype Pollution","affected_versions":">=0.0.11,<=0.9.3","fixed_version":null,"source":"osv","published_at":"2023-08-01T06:30:15Z","in_kev":false,"epss_prob":0.0014,"epss_percentile":0.33716,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"0.9.3","total_count":21,"recent":["0.0.3","0.0.4","0.0.5","0.0.7","0.0.10","0.0.11","0.0.12","0.0.13","0.0.14","0.0.15","0.0.17","0.0.18","0.0.19","0.0.20","0.0.21","0.0.22","0.9.0","0.9.1","0.9.2","0.9.3"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":"2014-02-07T07:10:28.496Z","last_published":"2016-02-12T06:28:15.459Z","dependencies_count":1,"dependencies":["underscore"]},"github_stats":null,"bundle":{"size_kb":33.0,"gzip_kb":9.2,"dependency_count":1,"has_js_module":false,"has_side_effects":true,"scoped":false,"source":"bundlephobia"},"typescript":{"score":0,"has_types":false,"types_source":null,"types_package":null},"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["Low health score (37/100)","1 high severity vulnerabilities"],"use_version":"0.9.3","version_hint":null,"summary":"underscore-keypath@0.9.3 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":757,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":4465,"last_release_days_ago":3730,"avg_days_between_releases":235,"release_velocity":"stale"}}