Is lodahs safe to use?

lodahs has 1 known vulnerabilities on the latest version (0.0.1-security). DepScope rates its health at 31/100 (critical risk).

What is the latest version of lodahs?

The latest version of lodahs is 0.0.1-security, released 2019-11-25.

Does lodahs have known vulnerabilities?

Yes. lodahs has 1 known vulnerabilities. See depscope.dev/pkg/npm/lodahs for details.

Is lodahs deprecated?

No, lodahs is actively maintained. Latest release: 0.0.1-security (2019-11-25).

What are alternatives to lodahs?

Popular alternatives to lodahs in npm include: semver, debug, ansi-styles, brace-expansion, strip-ansi.

What license does lodahs use?

License information for lodahs is not declared in the registry metadata.

lodahs

npmv0.0.1-security

security holding package

1 versions1 maintainers0 deps

npm/security-holder

/ 100

Health

do not use

Do not install. Package is flagged as malicious (advisory MAL-2025-25502).

Health breakdown0 – 100

0/25

maintenance

0/20

popularity

15/25

security

12/15

maturity

4/15

community

Vulnerabilities

1 critical

Advisories (1)

Severity	ID	Summary	Fixed in
critical	MAL-2025-25502	Malicious code in lodahs (npm)	—

Bundle & TypeScript

🌟

TypeScript

0/10untyped

No type definitions available

⚠ Malicious package

This package is flagged as malicious by the OpenSSF/OSV community feed. Do not install.

Advisory: MAL-2025-25502 — Malicious code in lodahs (npm)

⚠ Possible typosquat

Name is close to a popular package. Targets:

lodash (char_swap dist 1)

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/lodahs