Is vega-interpreter safe to use?

vega-interpreter has 1 known vulnerabilities on the latest version (2.2.1). DepScope rates its health at 61/100 (moderate risk).

What is the latest version of vega-interpreter?

The latest version of vega-interpreter is 2.2.1, released 2025-09-24.

Does vega-interpreter have known vulnerabilities?

Yes. vega-interpreter has 1 known vulnerabilities. See depscope.dev/pkg/npm/vega-interpreter for details.

Is vega-interpreter deprecated?

No, vega-interpreter is actively maintained. Latest release: 2.2.1 (2025-09-24).

What are alternatives to vega-interpreter?

Popular alternatives to vega-interpreter in npm include: minimatch, wrap-ansi, @types/node, eslint-visitor-keys, ajv.

What license does vega-interpreter use?

vega-interpreter is licensed under BSD-3-Clause.

vega-interpreter

npmv2.2.1

CSP-compliant interpreter for Vega expressions.

License BSD-3-Clausepermissive13 versions5 maintainers1 deps374,922 weekly dl

vega/vega

/ 100

Health

update required

[email protected] has vulnerabilities — update to latest

Update to >= 5.2.1 to fix known vulnerabilities

1 high severity vulnerabilities

Health breakdown0 – 100

10/25

maintenance

14/20

popularity

20/25

security

12/15

maturity

5/15

community

Vulnerabilities

1 high

Advisories (1)

Severity	ID	Summary	Fixed in
high	CVE-2025-59840	Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable	5.2.1

Bundle & TypeScript

📦

Bundle Size

6.0 KBminified

2.5 KB gzipped

1 direct dependencies

side effects

🌟

TypeScript

10/10typed

bundled

Health History

Dependency Tree

License Audit

Dependencies (1)

vega-util

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/vega-interpreter