Is @backstage/core-components safe to use?

@backstage/core-components has 1 known vulnerabilities on the latest version (0.18.10). DepScope rates its health at 89/100 (low risk).

What is the latest version of @backstage/core-components?

The latest version of @backstage/core-components is 0.18.10, released 2026-05-19.

Does @backstage/core-components have known vulnerabilities?

Yes. @backstage/core-components has 1 known vulnerabilities. See depscope.dev/pkg/npm/@backstage/core-components for details.

Is @backstage/core-components deprecated?

No, @backstage/core-components is actively maintained. Latest release: 0.18.10 (2026-05-19).

What are alternatives to @backstage/core-components?

Popular alternatives to @backstage/core-components in npm include: ?, semver, minimatch, debug, brace-expansion.

What license does @backstage/core-components use?

@backstage/core-components is licensed under Apache-2.0.

@backstage/core-components

npmv0.18.10

Core components used by Backstage plugins and apps

License Apache-2.0permissive1596 versions3 maintainers42 deps286,002 weekly dl

backstage/backstage

/ 100

Health

safe to use

@backstage/[email protected] is safe to use (health: 89/100)

Update to >= 1.7.2 to fix known vulnerabilities

Health breakdown0 – 100

25/25

maintenance

14/20

popularity

23/25

security

15/15

maturity

12/15

community

0/15

popularity_floor

Vulnerabilities

1 medium

Advisories (1)

Severity	ID	Summary	Fixed in
medium	CVE-2023-25571	Cross site scripting Vulnerability in backstage Software Catalog	1.7.2

Bundle & TypeScript

🌟

TypeScript

10/10typed

bundled

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/@backstage/core-components