Is @postman/csv-parse safe to use?

@postman/csv-parse has no known vulnerabilities on the latest version (4.0.2). DepScope rates its health at 52/100 (high risk).

What is the latest version of @postman/csv-parse?

The latest version of @postman/csv-parse is 4.0.2, released 2019-10-01.

Does @postman/csv-parse have known vulnerabilities?

No known vulnerabilities on the latest version of @postman/csv-parse.

Is @postman/csv-parse deprecated?

No, @postman/csv-parse is actively maintained. Latest release: 4.0.2 (2019-10-01).

What are alternatives to @postman/csv-parse?

Popular alternatives to @postman/csv-parse in npm include: minimatch, wrap-ansi, @types/node, eslint-visitor-keys, ajv.

What license does @postman/csv-parse use?

@postman/csv-parse is licensed under MIT.

@postman/csv-parse

npmv4.0.2

CSV parsing implementing the Node.js `stream.Transform` API

License MITpermissive1 versions5 maintainers0 deps42,673 weekly dl

postmanlabs/node-csv-parse

/ 100

Health

do not use

Do not install. Package is flagged as malicious (advisory MAL-2025-190646).

Health breakdown0 – 100

0/25

maintenance

10/20

popularity

25/25

security

12/15

maturity

5/15

community

Vulnerabilities

none known

Bundle & TypeScript

📦

Bundle Size

13.9 KBminified

3.9 KB gzipped

0 direct dependencies

side effectsscoped

🌟

TypeScript

10/10typed

bundled

⚠ Malicious package

This package is flagged as malicious by the OpenSSF/OSV community feed. Do not install.

Advisory: MAL-2025-190646 — Malicious code in @postman/csv-parse (npm)

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/@postman/csv-parse