Is steal safe to use?

steal has 8 known vulnerabilities on the latest version (2.3.0). DepScope rates its health at 26/100 (critical risk).

What is the latest version of steal?

The latest version of steal is 2.3.0, released 2022-06-09.

Does steal have known vulnerabilities?

Yes. steal has 8 known vulnerabilities. See depscope.dev/pkg/npm/steal for details.

No, steal is actively maintained. Latest release: 2.3.0 (2022-06-09).

What are alternatives to steal?

Popular alternatives to steal in npm include: semver, debug, ansi-styles, minimatch, brace-expansion.

What license does steal use?

License information for steal is not declared in the registry metadata.

steal

npmv2.3.0

Gets JavaScript.

311 versions6 maintainers19 deps5,858 weekly dl

stealjs/steal

/ 100

Health

do not use

steal has critical vulnerabilities — do not use

Moderate health score (26/100) — verify manually
3 high severity vulnerabilities
5 critical vulnerabilities

Health breakdown0 – 100

0/25

maintenance

6/20

popularity

0/25

security

15/15

maturity

5/15

community

Vulnerabilities

5 critical3 high

Advisories (8)

Severity	ID	Summary	Fixed in
high	CVE-2022-37262	steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments	—
high	CVE-2022-37260	steal vulnerable to Regular Expression Denial of Service via input variable	—
critical	CVE-2022-37264	steal vulnerable to Prototype Pollution via optionName variable	—
critical	CVE-2022-37257	steal vulnerable to Prototype Pollution via requestedVersion variable	—
critical	CVE-2022-37258	steal vulnerable to Prototype Pollution	—
high	CVE-2022-37259	steal Inefficient Regular Expression Complexity vulnerability via string variable	—
critical	CVE-2022-37266	steal vulnerable to Prototype Pollution via key variable in babel.js	—
critical	CVE-2022-37265	steal vulnerable to Prototype Pollution via alias variable	—

Bundle & TypeScript

🌟

TypeScript

0/10untyped

No type definitions available

Health History

Dependency Tree

License Audit

Dependencies (19)

assert buffer console-browserify constants-browserify crypto-browserify domain-browser events http-browserify https-browserify os-browserify path-browserify process punycode resolve string_decoder testee-client tty-browserify vm-browserify zlib-browserify

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/steal

steal

npmv2.3.0

Gets JavaScript.

311 versions6 maintainers19 deps5,858 weekly dl

stealjs/steal

/ 100

Health

do not use

steal has critical vulnerabilities — do not use

Moderate health score (26/100) — verify manually
3 high severity vulnerabilities
5 critical vulnerabilities

Health breakdown0 – 100

0/25

maintenance

6/20

popularity

0/25

security

15/15

maturity

5/15

community

Vulnerabilities

5 critical3 high

Advisories (8)

Severity	ID	Summary	Fixed in
high	CVE-2022-37262	steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments	—
high	CVE-2022-37260	steal vulnerable to Regular Expression Denial of Service via input variable	—
critical	CVE-2022-37264	steal vulnerable to Prototype Pollution via optionName variable	—
critical	CVE-2022-37257	steal vulnerable to Prototype Pollution via requestedVersion variable	—
critical	CVE-2022-37258	steal vulnerable to Prototype Pollution	—
high	CVE-2022-37259	steal Inefficient Regular Expression Complexity vulnerability via string variable	—
critical	CVE-2022-37266	steal vulnerable to Prototype Pollution via key variable in babel.js	—
critical	CVE-2022-37265	steal vulnerable to Prototype Pollution via alias variable	—

Bundle & TypeScript

🌟

TypeScript

0/10untyped

No type definitions available

Health History

Dependency Tree

License Audit

Dependencies (19)

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/steal