Is @excalidraw/excalidraw safe to use?

@excalidraw/excalidraw has 1 known vulnerabilities on the latest version (0.18.1). DepScope rates its health at 90/100 (low risk).

What is the latest version of @excalidraw/excalidraw?

The latest version of @excalidraw/excalidraw is 0.18.1, released 2026-04-20.

Does @excalidraw/excalidraw have known vulnerabilities?

Yes. @excalidraw/excalidraw has 1 known vulnerabilities. See depscope.dev/pkg/npm/@excalidraw/excalidraw for details.

Is @excalidraw/excalidraw deprecated?

No, @excalidraw/excalidraw is actively maintained. Latest release: 0.18.1 (2026-04-20).

What are alternatives to @excalidraw/excalidraw?

Popular alternatives to @excalidraw/excalidraw in npm include: semver, debug, ansi-styles, minimatch, brace-expansion.

What license does @excalidraw/excalidraw use?

@excalidraw/excalidraw is licensed under MIT.

@excalidraw/excalidraw

npmv0.18.1

Excalidraw as a React component

License MITpermissive458 versions2 maintainers31 deps243,799 weekly dl

excalidraw/excalidraw

/ 100

Health

safe to use

@excalidraw/[email protected] is safe to use (health: 90/100)

Update to >= 1.1.3 to fix known vulnerabilities

Health breakdown0 – 100

25/25

maintenance

14/20

popularity

23/25

security

15/15

maturity

13/15

community

0/15

popularity_floor

Vulnerabilities

1 medium

Advisories (1)

Severity	ID	Summary	Fixed in
medium	GHSA-39h7-pwv7-rc3x	Excalidraw vulnerable to XSS via Mermaid sequence diagram labels (KaTeX rendering)	1.1.3

Bundle & TypeScript

📦

Bundle Size

1098.1 KBminified

344.4 KB gzipped

31 direct dependencies

ESMside effectsscoped

🌟

TypeScript

10/10typed

bundled

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/@excalidraw/excalidraw