{"package":"rack-cors","ecosystem":"rubygems","latest_version":"3.0.0","description":"Middleware that will make Rack-based apps CORS compatible. Fork the project here: https://github.com/cyu/rack-cors","license":"MIT","homepage":"https://github.com/cyu/rack-cors","repository":"https://github.com/cyu/rack-cors","downloads_weekly":8249424,"health":{"score":61,"risk":"moderate","breakdown":{"maintenance":10,"popularity":17,"security":25,"maturity":9,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":0,"critical":0,"high":0,"medium":0,"low":0,"details":[]},"versions":{"latest":"3.0.0","total_count":20,"recent":["3.0.0","2.0.2","2.0.1","2.0.0","2.0.0.rc1","1.1.1","1.1.0","1.0.6","1.0.5","1.0.3","1.0.2","1.0.1","1.0.0","0.4.1","0.4.0","0.3.1","0.3.0","0.2.9","0.2.8","0.2.7"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2025-05-16T17:59:05.548Z","dependencies_count":2,"dependencies":["logger","rack"]},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"recommendation":{"action":"safe_to_use","issues":[],"use_version":"3.0.0","version_hint":null,"summary":"rack-cors@3.0.0 is safe to use (health: 61/100)"},"requested_version":null,"_cache":"miss","_response_ms":119,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":1,"active_contributors_12m":3,"primary_author_ratio":0.5714285714285714,"owner_account_age_days":6619,"is_archived":false,"stars":3290,"alerts":["single_active_maintainer_3m"]},"malicious":{"is_malicious":false,"advisory_id":"GHSA-2j9c-9vmv-7m39","summary":"Missing Regex anchor in Rack-Cors allows malicious third party site to perform CORS request","action":"review_advisory","downloads_weekly_at_check":8249424,"note":"Advisory GHSA-2j9c-9vmv-7m39 flags this name but the package has 8,249,424 weekly downloads — likely a false positive or a withdrawn advisory. Verify on OSV.dev before treating as malicious."},"scorecard":{"available":false},"quality":{"available":false}}