Is @lottiefiles/lottie-player safe to use?

@lottiefiles/lottie-player has no known vulnerabilities on the latest version (2.0.12). DepScope rates its health at 58/100 (high risk).

What is the latest version of @lottiefiles/lottie-player?

The latest version of @lottiefiles/lottie-player is 2.0.12, released 2024-11-04.

Does @lottiefiles/lottie-player have known vulnerabilities?

No known vulnerabilities on the latest version of @lottiefiles/lottie-player.

Is @lottiefiles/lottie-player deprecated?

No, @lottiefiles/lottie-player is actively maintained. Latest release: 2.0.12 (2024-11-04).

What are alternatives to @lottiefiles/lottie-player?

Popular alternatives to @lottiefiles/lottie-player in npm include: commander, tslib, @types/node, ajv, react-is.

What license does @lottiefiles/lottie-player use?

@lottiefiles/lottie-player is licensed under MIT.

@lottiefiles/lottie-player

npmv2.0.12

Lottie animation and Telegram Sticker player web components.

License MITpermissive59 versions2 maintainers5 deps93,526 weekly dl

LottieFiles/lottie-player

/ 100

Health

do not use

Do not install. Package is flagged as malicious (advisory MAL-2024-10301).

Health breakdown0 – 100

5/25

maintenance

10/20

popularity

25/25

security

15/15

maturity

3/15

community

Vulnerabilities

none known

Bundle & TypeScript

🌟

TypeScript

10/10typed

bundled

⚠ Malicious package

This package is flagged as malicious by the OpenSSF/OSV community feed. Do not install.

Advisory: MAL-2024-10301 — Malicious code in @lottiefiles/lottie-player (npm)

Health History

Dependency Tree

License Audit

Dependencies (5)

lit pako lottie-web @types/pako resize-observer-polyfill

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/@lottiefiles/lottie-player