Is octokit safe to use?

octokit has 1 known vulnerabilities on the latest version (5.0.5). DepScope rates its health at 60/100 (moderate risk).

What is the latest version of octokit?

The latest version of octokit is 5.0.5, released 2025-10-31.

Does octokit have known vulnerabilities?

Yes. octokit has 1 known vulnerabilities. See depscope.dev/pkg/npm/octokit for details.

Is octokit deprecated?

No, octokit is actively maintained. Latest release: 5.0.5 (2025-10-31).

What are alternatives to octokit?

Popular alternatives to octokit in npm include: ?, semver, minimatch, debug, brace-expansion.

octokit

npmv5.0.5

The all-batteries-included GitHub SDK for Browsers, Node.js, and Deno

License MITpermissive100 versions2 maintainers11 deps6,427,940 weekly dl

octokit/octokit.js

/ 100

Health

update required

[email protected] has vulnerabilities — update to latest

Update to >= 12.3.3 to fix known vulnerabilities

Moderate health score (60/100) — verify manually
1 high severity vulnerabilities

Health breakdown0 – 100

25/25

maintenance

17/20

popularity

20/25

security

15/15

maturity

9/15

community

0/15

popularity_floor

Vulnerabilities

1 high

Advisories (1)

Severity	ID	Summary	Fixed in
high	CVE-2023-50728	Unauthenticated Denial of Service in the octokit/webhooks library	12.3.3

Bundle & TypeScript

📦

Bundle Size

180.2 KBminified

40.8 KB gzipped

11 direct dependencies

🌟

TypeScript

10/10typed

bundled

Quality signals

OSS Criticality

0.72critical

Health History

Dependency Tree

License Audit

Dependencies (11)

@octokit/app @octokit/core @octokit/oauth-app @octokit/plugin-paginate-graphql @octokit/plugin-paginate-rest @octokit/plugin-rest-endpoint-methods @octokit/plugin-retry @octokit/plugin-throttling @octokit/request-error @octokit/types @octokit/webhooks

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/octokit