Is textract safe to use?

textract has 1 known vulnerabilities on the latest version (2.5.0). DepScope rates its health at 40/100 (high risk).

What is the latest version of textract?

The latest version of textract is 2.5.0, released 2019-06-03.

Does textract have known vulnerabilities?

Yes. textract has 1 known vulnerabilities. See depscope.dev/pkg/npm/textract for details.

Is textract deprecated?

No, textract is actively maintained. Latest release: 2.5.0 (2019-06-03).

What are alternatives to textract?

Popular alternatives to textract in npm include: ?, semver, ansi-styles, minimatch, debug.

What license does textract use?

textract is licensed under MIT.

textract

npmv2.5.0

Extracting text from files of various type including html, pdf, doc, docx, xls, xlsx, csv, pptx, png, jpg, gif, rtf, text/*, and various open office.

License MITpermissive46 versions1 maintainers14 deps

dbashford/textract

/ 100

Health

do not use

textract has critical vulnerabilities — do not use

Moderate health score (40/100) — verify manually
1 critical vulnerabilities

Health breakdown0 – 100

10/25

maintenance

0/20

popularity

15/25

security

15/15

maturity

7/15

community

Vulnerabilities

1 critical

Advisories (1)

Severity	ID	Summary	Fixed in
critical	CVE-2026-26831	textract is vulnerable to OS Command Injection	—

Bundle & TypeScript

🌟

TypeScript

7/10typed

Types from @types/textract (DefinitelyTyped)

Health History

Dependency Tree

License Audit

Dependencies (14)

mime pdf-text-extract xpath xmldom j cheerio marked meow got html-entities iconv-lite jschardet yauzl epub2

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/textract