Is ngrok safe to use?

ngrok has 1 known vulnerabilities on the latest version (5.0.0-beta.2). DepScope rates its health at 53/100 (high risk).

What is the latest version of ngrok?

The latest version of ngrok is 5.0.0-beta.2, released 2023-05-07.

Does ngrok have known vulnerabilities?

Yes. ngrok has 1 known vulnerabilities. See depscope.dev/pkg/npm/ngrok for details.

No, ngrok is actively maintained. Latest release: 5.0.0-beta.2 (2023-05-07).

What are alternatives to ngrok?

Popular alternatives to ngrok in npm include: ?, semver, minimatch, debug, brace-expansion.

What license does ngrok use?

ngrok is licensed under BSD-2-Clause.

ngrok

npmv5.0.0-beta.2

node wrapper for ngrok

License BSD-2-Clausepermissive90 versions3 maintainers6 deps150,587 weekly dl

bubenshchykov/ngrok

/ 100

Health

update required

[email protected] has vulnerabilities — update to latest

Moderate health score (53/100) — verify manually
1 high severity vulnerabilities

Health breakdown0 – 100

0/25

maintenance

14/20

popularity

20/25

security

15/15

maturity

4/15

community

0/15

popularity_floor

Vulnerabilities

1 high

Advisories (1)

Severity	ID	Summary	Fixed in
high	CVE-2025-57282	ngrok is Vulnerable to Command Injection	—

Bundle & TypeScript

🌟

TypeScript

10/10typed

bundled

Health History

Dependency Tree

License Audit

Dependencies (6)

got uuid yaml hpagent extract-zip lodash.clonedeep

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/ngrok