Is angular safe to use?

angular has 9 known vulnerabilities on the latest version (1.8.3). DepScope rates its health at 9/100 (critical risk).

What is the latest version of angular?

The latest version of angular is 1.8.3, released 2022-04-07.

Does angular have known vulnerabilities?

Yes. angular has 9 known vulnerabilities. See depscope.dev/pkg/npm/angular for details.

Is angular deprecated?

Yes, angular is deprecated: For the actively supported Angular, see https://www.npmjs.com/package/@angular/core. AngularJS support has officially ended. For extended AngularJS support options, see https://goo.gle/angularjs-path-forward. Consider using ? instead.

What are alternatives to angular?

Popular alternatives to angular in npm include: ?, semver, minimatch, debug, brace-expansion.

angular

npmv1.8.3deprecated

HTML enhanced for web apps

License MITpermissive144 versions1 maintainers0 deps566,515 weekly dl

angular/angular.js

/ 100

Health

find alternative

angular is deprecated — find an alternative

Moderate health score (9/100) — verify manually
1 high severity vulnerabilities
Package is deprecated

Health breakdown0 – 100

0/25

maintenance

14/20

popularity

10/25

security

15/15

maturity

0/15

community

Vulnerabilities

1 high5 medium3 low

Advisories (9)

Severity	ID	Summary	Fixed in
medium	CVE-2023-26117	angular vulnerable to regular expression denial of service via the $resource service	—
medium	CVE-2023-26116	angular vulnerable to regular expression denial of service via the angular.copy() utility	—
high	CVE-2024-21490	angular vulnerable to super-linear runtime due to backtracking	—
low	CVE-2025-0716	AngularJS improperly sanitizes SVG elements	—
medium	CVE-2022-25844	angular vulnerable to regular expression denial of service (ReDoS)	—
low	CVE-2024-8372	AngularJS allows attackers to bypass common image source restrictions	—
low	CVE-2024-8373	AngularJS allows attackers to bypass common image source restrictions	—
medium	CVE-2022-25869	Angular (deprecated package) Cross-site Scripting	—
medium	CVE-2023-26118	angular vulnerable to regular expression denial of service via the <input type="url"> element	—

Bundle & TypeScript

📦

Bundle Size

178.9 KBminified

62.2 KB gzipped

0 direct dependencies

side effects

🌟

TypeScript

7/10typed

Types from @types/angular (DefinitelyTyped)

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/angular