Is @posthog/cli safe to use?

@posthog/cli has no known vulnerabilities on the latest version (0.7.11). DepScope rates its health at 70/100 (moderate risk).

What is the latest version of @posthog/cli?

The latest version of @posthog/cli is 0.7.11, released 2026-04-28.

Does @posthog/cli have known vulnerabilities?

No known vulnerabilities on the latest version of @posthog/cli.

Is @posthog/cli deprecated?

No, @posthog/cli is actively maintained. Latest release: 0.7.11 (2026-04-28).

What are alternatives to @posthog/cli?

Popular alternatives to @posthog/cli in npm include: minimatch, wrap-ansi, @types/node, eslint-visitor-keys, ajv.

What license does @posthog/cli use?

@posthog/cli is licensed under MIT.

@posthog/cli

npmv0.7.11

The command line interface for PostHog 🦔

License MITpermissive62 versions17 maintainers5 deps

PostHog/posthog

/ 100

Health

do not use

Do not install. Package is flagged as malicious (advisory MAL-2025-190671).

Health breakdown0 – 100

25/25

maintenance

0/20

popularity

25/25

security

15/15

maturity

5/15

community

Vulnerabilities

none known

Bundle & TypeScript

🌟

TypeScript

0/10untyped

No type definitions available

⚠ Malicious package

This package is flagged as malicious by the OpenSSF/OSV community feed. Do not install.

Advisory: MAL-2025-190671 — Malicious code in @posthog/cli (npm)

Health History

Dependency Tree

License Audit

Dependencies (5)

axios axios-proxy-builder console.table detect-libc rimraf

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/@posthog/cli