Is vega-interpreter safe to use?

vega-interpreter has 1 known vulnerabilities on the latest version (2.2.1). DepScope rates its health at 60/100 (moderate risk).

What is the latest version of vega-interpreter?

The latest version of vega-interpreter is 2.2.1, released 2025-09-24.

Does vega-interpreter have known vulnerabilities?

Yes. vega-interpreter has 1 known vulnerabilities. See depscope.dev/pkg/npm/vega-interpreter for details.

Is vega-interpreter deprecated?

No, vega-interpreter is actively maintained. Latest release: 2.2.1 (2025-09-24).

What are alternatives to vega-interpreter?

Popular alternatives to vega-interpreter in npm include: ?, semver, minimatch, debug, brace-expansion.

What license does vega-interpreter use?

vega-interpreter is licensed under BSD-3-Clause.

vega-interpreter

npmv2.2.1

CSP-compliant interpreter for Vega expressions.

License BSD-3-Clausepermissive13 versions5 maintainers1 deps353,415 weekly dl

vega/vega

/ 100

Health

update required

[email protected] has vulnerabilities — update to latest

Update to >= 5.2.1 to fix known vulnerabilities

Moderate health score (60/100) — verify manually
1 high severity vulnerabilities

Health breakdown0 – 100

20/25

maintenance

14/20

popularity

20/25

security

12/15

maturity

13/15

community

0/15

popularity_floor

Vulnerabilities

1 high

Advisories (1)

Severity	ID	Summary	Fixed in
high	CVE-2025-59840	Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable	5.2.1

Bundle & TypeScript

🌟

TypeScript

10/10typed

bundled

Health History

Dependency Tree

License Audit

Dependencies (1)

vega-util

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/vega-interpreter

vega-interpreter

npmv2.2.1

CSP-compliant interpreter for Vega expressions.

License BSD-3-Clausepermissive13 versions5 maintainers1 deps353,415 weekly dl

vega/vega

/ 100

Health

update required

[email protected] has vulnerabilities — update to latest

Update to >= 5.2.1 to fix known vulnerabilities

Moderate health score (60/100) — verify manually
1 high severity vulnerabilities

Health breakdown0 – 100

20/25

maintenance

14/20

popularity

20/25

security

12/15

maturity

13/15

community

0/15

popularity_floor

Vulnerabilities

1 high

Advisories (1)

Severity	ID	Summary	Fixed in
high	CVE-2025-59840	Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable	5.2.1

Bundle & TypeScript

🌟

TypeScript

10/10typed

bundled

Health History

Dependency Tree

License Audit

Dependencies (1)

vega-util

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/vega-interpreter