npm Packages
Security Scores
Security scores for npm packages. Audit install scripts, dependency chains, and maintainer trust signals for the JavaScript packages in your stack.
What we analyze for npm packages
All 214 scanned npm packages
Advanced filterscookie-parser
Parse HTTP request cookies. Keywords: cookie, middleware. 38M monthly downloads. License: MIT
@emotion/react
> Simple styling in React. 74M monthly downloads. License: MIT
@aws-sdk/client-sqs
AWS SDK for JavaScript Sqs Client for Node.js, Browser and React Native
imagemin
Minify images seamlessly. Keywords: minify, compress, image, images, jpeg. 5M monthly downloads. License: MIT
@mui/material
Material UI is an open-source React component library that implements Google's Material Design. It's comprehensive and can be used in production out of the box.
@reduxjs/toolkit
The official, opinionated, batteries-included toolset for efficient Redux development
@chakra-ui/react
Responsive and accessible React UI components built with React and Emotion
consola
Elegant Console Wrapper. Keywords: console, logger, reporter, elegant, cli. 143M monthly downloads. License: MIT
keyv
Simple key-value storage with support for multiple backends
@amplitude/analytics-browser
Official Amplitude SDK for Web. Keywords: analytics, amplitude. 8M monthly downloads. License: MIT
execa
Process execution for humans. Keywords: exec, child, process, subprocess, execute. 556M monthly downloads. License: MIT
react-dom
React package for working with the DOM. Keywords: react. 514M monthly downloads. License: MIT
destr
A faster, secure and convenient alternative for JSON.parse
@sentry/nextjs
Official Sentry SDK for Next.js. License: MIT
picocolors
The tiniest and the fastest library for terminal output formatting with ANSI colors
styled-components
Fast, expressive styling for React. Keywords: react, css, css-in-js, styled-components, styling. 40M monthly downloads. License: MIT
fluent-ffmpeg
A fluent API to FFMPEG (http://www.ffmpeg.org)
kafkajs
A modern Apache Kafka client for node.js
classnames
A simple utility for conditionally joining classNames together
amqplib
An AMQP 0-9-1 (e.g., RabbitMQ) library and client.
defu
Recursively assign default properties. Lightweight and Fast!
clsx
A tiny (239B) utility for constructing className strings conditionally.
speakeasy
Two-factor authentication for Node.js. One-time passcode generator (HOTP/TOTP) with support for Google Authenticator.
formidable
A node.js module for parsing form data, especially file uploads.
@supabase/auth-helpers-nextjs
Use the Supabase JavaScript library in popular server-side rendering (SSR) frameworks.
ws
Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js
@clerk/nextjs
Clerk SDK for NextJS. Keywords: clerk, typescript, nextjs, auth, authentication. 6M monthly downloads. License: MIT
valibot
The modular and type safe schema library for validating structural data
io-ts
TypeScript runtime type system for IO decoding/encoding
postcss
Tool for transforming styles with JS plugins
body-parser
Node.js body parsing middleware. 418M monthly downloads. License: MIT
pathe
Universal filesystem path utils. 399M monthly downloads. License: MIT
p-queue
Promise queue with concurrency control. Keywords: promise, queue, enqueue, limit, limited. License: MIT
@sinclair/typebox
Json Schema Type Builder with Static Type Resolution for TypeScript
superstruct
A simple and composable way to validate data in JavaScript (and TypeScript).
compression
Node.js compression middleware. Keywords: compression, gzip, deflate, middleware, express. 142M monthly downloads. License: MIT
ofetch
A better fetch API. Works on node, browser and workers.
morgan
HTTP request logger middleware for node.js
hookable
Awaitable hook system. Keywords: hook, hookable, plugin, tapable, tappable. 45M monthly downloads. License: MIT
immer
Create your next immutable state by mutating the current one
ufo
URL utils for humans. 160M monthly downloads. License: MIT
c12
Smart Config Loader. 63M monthly downloads. License: MIT
react-router-dom
Declarative routing for React web applications
rxjs
Reactive Extensions for modern JavaScript
lucia
A simple and flexible authentication library
commander
the complete solution for node.js command-line programs
@angular/core
Angular - the core framework. 23M monthly downloads. License: MIT
@azure/identity
Provides credential implementations for Azure SDK libraries that can authenticate with Microsoft Entra ID
lodash
Lodash modular utilities. Keywords: modules, stdlib, util. 651M monthly downloads. License: MIT
chalk
Terminal string styling done right. Keywords: color, colour, colors, terminal, console. 1.8B monthly downloads. License: MIT
@radix-ui/react-dialog
View docs [here](https://radix-ui.com/primitives/docs/components/dialog).
@headlessui/react
A set of completely unstyled, fully accessible UI components for React, designed to integrate beautifully with Tailwind CSS.
@aws-sdk/client-s3
AWS SDK for JavaScript S3 Client for Node.js, Browser and React Native
@tanstack/react-query
Hooks for managing, caching and syncing asynchronous and remote data in React
supertest
SuperAgent driven library for testing HTTP servers
@sentry/node
Sentry Node SDK using OpenTelemetry for performance instrumentation
bottleneck
Distributed task scheduler and rate limiter
ms
Tiny millisecond conversion utility. License: MIT
@opentelemetry/api
Public API for OpenTelemetry. Keywords: opentelemetry, nodejs, browser, tracing, profiling. License: Apache-2.0
mixpanel
A simple server-side API for mixpanel. Keywords: mixpanel, analytics, api, stats. License: MIT
posthog-js
Posthog-js allows you to automatically capture usage and send events to PostHog.
@segment/analytics-node
https://www.npmjs.com/package/@segment/analytics-node
chokidar
Minimal and efficient cross-platform file watching library
ora
Elegant terminal spinner. Keywords: cli, spinner, spinners, terminal, term. 284M monthly downloads. License: MIT
cors
Node.js CORS middleware. Keywords: cors, express, connect, middleware. License: MIT
helmet
help secure Express/Connect apps with various HTTP headers
dotenv
Loads environment variables from .env file
@langchain/core
Core LangChain.js abstractions and schemas
tailwindcss
A utility-first CSS framework for rapidly building custom user interfaces.
react
React is a JavaScript library for building user interfaces.
zod
TypeScript-first schema declaration and validation library with static type inference
langchain
Typescript bindings for langchain. Keywords: llm, ai, gpt3, chain, prompt. License: MIT
socket.io
node.js realtime framework server. Keywords: realtime, framework, websocket, tcp, events. 60M monthly downloads. License: MIT
nodemailer
Easy as cake e-mail sending from your Node.js applications
fastify
Fast and low overhead web framework, for Node.js
vue
The progressive JavaScript framework for building modern web UI.
remix
A framework for building better websites
mysql2
fast mysql driver. Implements core protocol, prepared statements, ssl and compression in native JS
drizzle-orm
Drizzle ORM package for SQL databases. Keywords: drizzle, orm, pg, mysql, singlestore. License: Apache-2.0
jose
JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes
@auth/core
Authentication for the Web. Keywords: authentication, authjs, jwt, oauth, oidc. License: ISC
passport
Simple, unobtrusive authentication for Node.js.
node-fetch
A light-weight module that brings Fetch API to node.js
crypto-js
JavaScript library of crypto standards. Keywords: security, crypto, Hash, MD5, SHA1. License: MIT
@apollo/server
Core engine for Apollo GraphQL server. Keywords: GraphQL, Apollo, Server, Javascript. License: MIT
graphql
A Query Language and Runtime which can target any service.
ollama
Ollama Javascript library. License: MIT
replicate
JavaScript client for Replicate. License: Apache-2.0
weaviate-client
JS/TS client for Weaviate. Keywords: weaviate. License: BSD-3-Clause
multer
Middleware for handling `multipart/form-data`.
@sendgrid/mail
Twilio SendGrid NodeJS mail service. License: MIT
resend
Node.js library for the Resend API. License: MIT
archiver
a streaming interface for archive generation
@paypal/checkout-server-sdk
NodeJS SDK for PayPal Checkout APIs. License: SEE LICENSE IN https://github.com/paypal/Checkout-NodeJS-SDK/blob/master/LICENSE
stripe
Stripe API wrapper. Keywords: stripe, payment processing, credit cards, api. 50M monthly downloads. License: MIT
inquirer
A collection of common interactive command line user interfaces.
moment
Parse, validate, manipulate, and display dates
fs-extra
fs-extra contains methods that aren't included in the vanilla Node.js fs package. Such as recursive mkdir, copy, and remove.
ajv
Another JSON Schema Validator. Keywords: JSON, schema, validator, validation, jsonschema. 1.2B monthly downloads. License: MIT
joi
Object schema validation. Keywords: schema, validation. 88M monthly downloads. License: BSD-3-Clause
jotai
👻 Primitive and flexible state management for React
framer-motion
A simple and powerful JavaScript animation library
zustand
🐻 Bear necessities for state management in React
class-validator
Decorator-based property validation for classes.
yup
Dead simple Object schema validation. 48M monthly downloads. License: MIT
date-fns
Modern JavaScript date utility library. 352M monthly downloads. License: MIT
dayjs
2KB immutable date time library alternative to Moment.js with the same modern API
winston
A logger for just about everything. Keywords: winston, logger, logging, logs, sysadmin. 90M monthly downloads. License: MIT
pdf-lib
Create and modify PDF files with JavaScript
csv-parse
CSV parsing implementing the Node.js `stream.Transform` API
aws-amplify
AWS Amplify is a JavaScript library for Frontend and mobile developers building cloud-enabled applications.
llamaindex
<p align="center"> <img height="100" width="100" alt="LlamaIndex logo" src="https://ts.llamaindex.ai/square.svg" /> </p> <h1 align="center">LlamaIndex.TS</h1> <h3 align="center"> Data framework for your LLM application. </h3>
@huggingface/inference
Typescript client for the Hugging Face Inference Providers and Inference Endpoints
next-auth
Authentication for Next.js. Keywords: react, nodejs, oauth, jwt, oauth2. License: ISC
@supabase/supabase-js
Isomorphic Javascript SDK for Supabase. Keywords: javascript, typescript, supabase. 78M monthly downloads. License: MIT
ioredis
A robust, performance-focused and full-featured Redis client for Node.js.
redis
A modern, high performance Redis client. Keywords: redis. License: MIT
pg
PostgreSQL client - pure javascript & libpq with the same API
svelte
Cybernetically enhanced web apps. Keywords: svelte, UI, framework, templates, templating. License: MIT
hono
Web framework built on Web Standards. Keywords: hono, web, app, http, application. 158M monthly downloads. License: MIT
@google/generative-ai
Google AI JavaScript SDK. License: Apache-2.0
jsonwebtoken
JSON Web Token implementation (symmetric and asymmetric)
swc
Alias for @swc/cli. License: MIT
express
Fast, unopinionated, minimalist web framework
got
Human-friendly and powerful HTTP request library for Node.js
husky
Modern native Git hooks. Keywords: git, hooks, pre-commit. 118M monthly downloads. License: MIT
parcel
Blazing fast, zero configuration web application bundler
ts-node
TypeScript execution environment and REPL for node.js, with source map support
antd
An enterprise-class UI design language and React components implementation
debug
Lightweight debugging utility for Node.js and the browser
mocha
simple, flexible, fun test framework. Keywords: mocha, test, bdd, tdd, tap. 59M monthly downloads. License: MIT
terser
JavaScript parser, mangler/compressor and beautifier toolkit for ES6+
autoprefixer
Parse CSS and add vendor prefixes to CSS rules using values from the Can I Use website
yargs
yargs the modern, pirate-themed, successor to optimist.
nodemon
Simple monitor script for use during development of a Node.js app.
turbo
Turborepo is a high-performance build system for JavaScript and TypeScript codebases.
undici
An HTTP/1.1 client, written from scratch for Node.js
sass
A pure JavaScript implementation of Sass.
less
Leaner CSS. Keywords: compile less, css nesting, css variable, css, gradients css. 40M monthly downloads. License: Apache-2.0
tsup
Bundle your TypeScript library with no config, powered by esbuild
jiti
Runtime typescript and ESM support for Node.js
busboy
A streaming parser for HTML form data for node.js
tsx
TypeScript Execute (tsx): Node.js enhanced with esbuild to run TypeScript & ESM files
h3
Minimal H(TTP) framework built for high performance and portability.
express-rate-limit
Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.
http-proxy-middleware
The one-liner node.js proxy middleware for connect, express, next.js and more
rollup
Next-generation ES module bundler. Keywords: modules, bundler, bundling, es6, optimizer. 456M monthly downloads. License: MIT
vite
Native-ESM powered web dev build tool. Keywords: frontend, framework, hmr, dev-server, build-tool. 521M monthly downloads. License: MIT
ky
Tiny and elegant HTTP client based on the Fetch API
webpack
Packs ECMAScript/CommonJs/AMD modules for the browser. Allows you to split your codebase into multiple bundles, which can be loaded on demand. Supports loaders to preprocess files, i.e. json, jsx, es7, css, less, ... and your custom stuff.
jimp
An image processing library written entirely in JavaScript.
react-hook-form
Performant, flexible and extensible forms library for React Hooks
bullmq
Queue for messages and jobs based on Redis
ramda
A practical functional library for JavaScript programmers.
@nextui-org/react
🚀 Beautiful and modern React UI library.
mongoose
Mongoose MongoDB ODM. Keywords: mongodb, document, model, schema, database. License: MIT
superagent
elegant & feature rich browser / node HTTP with a fluent API
@anthropic-ai/sdk
The official TypeScript library for the Anthropic API
@google-cloud/storage
Cloud Storage Client Library for Node.js
@trpc/server
The tRPC server library. Keywords: tanstack-intent. License: MIT
envinfo
Info about your dev environment for debugging purposes
lint-staged
Lint files staged by git. Keywords: lint, git, staged, eslint, prettier. License: MIT
newrelic
New Relic agent. Keywords: apm, performance, monitoring, instrumentation, debugging. License: Apache-2.0
prettier
Prettier is an opinionated code formatter
stylelint
A mighty CSS linter that helps you avoid errors and enforce conventions.
semver
The semantic version parser used by npm.
lru-cache
A cache object that deletes the least-recently-used items.
eslint
An AST-based pattern checker for JavaScript.
rimraf
A deep deletion module for node (like `rm -rf`)
dotenv-expand
Expand environment variables using dotenv
jest
Delightful JavaScript Testing. Keywords: ava, babel, coverage, easy, expect. 181M monthly downloads. License: MIT
cheerio
The fast, flexible & elegant library for parsing and manipulating HTML and XML.
next
The React Framework. Keywords: react, framework, nextjs, web, server. License: MIT
koa
Koa web app framework. Keywords: web, app, http, application, framework. License: MIT
sequelize
Sequelize is a promise-based Node.js ORM tool for Postgres, MySQL, MariaDB, SQLite, Microsoft SQL Server, Amazon Redshift and Snowflake’s Data Cloud. It features solid transaction support, relations, eager and lazy loading, read replication and more.
typeorm
Data-Mapper ORM for TypeScript and ES2023+. Supports MySQL/MariaDB, PostgreSQL, MS SQL Server, Oracle, SAP HANA, SQLite, MongoDB databases.
uuid
RFC9562 UUIDs. Keywords: uuid, guid, rfc4122, rfc9562. License: MIT
@pinecone-database/pinecone
The official Pinecone TypeScript SDK for building vector search applications with AI/ML.
xlsx
SheetJS Spreadsheet data parser and writer
mammoth
Convert Word documents from docx to simple HTML and Markdown
glob
the most correct and second fastest glob implementation in JavaScript
cross-env
Run scripts that set and use environment variables across platforms
swr
React Hooks library for remote data fetching
concurrently
Run commands concurrently. Keywords: bash, concurrent, parallel, concurrently, command. 70M monthly downloads. License: MIT
vitest
Next generation testing framework powered by Vite
pino
super fast, all natural json logger. Keywords: fast, logger, stream, json. 134M monthly downloads. License: MIT
cohere-ai
nanoid
A tiny (118 bytes), secure URL-friendly unique string ID generator
knex
A batteries-included SQL query & schema builder for PostgresSQL, MySQL, CockroachDB, MSSQL and SQLite3
typescript
TypeScript is a language for application scale JavaScript development
firebase
Firebase JavaScript library for web and Node.js
supabase
Supabase CLI. License: MIT
openai
The official TypeScript library for the OpenAI API
bcryptjs
Optimized bcrypt in plain JavaScript with zero dependencies, with TypeScript support. Compatible to 'bcrypt'.
axios
Promise based HTTP client for the browser and node.js
mailgun.js
A javascript sdk for Mailgun built with webpack, babel & es6. This can be used in node or in the browser*.
square
Use Square APIs to manage and run business including payment, customer, product, inventory, and employee management.
postmark
Official Node.js client library for the Postmark HTTP API - https://www.postmarkapp.com
canvas
Canvas graphics API backed by Cairo. Keywords: canvas, graphic, graphics, pixman, cairo. 27M monthly downloads. License: MIT
chromadb
A JavaScript interface for chroma. Keywords: chroma, embedding, ai, vector. License: Apache-2.0
argon2
An Argon2 library for Node. Keywords: argon2, crypto, encryption, hashing, password. License: MIT
nuxt
Nuxt is a free and open-source framework with an intuitive and extendable way to create type-safe, performant and production-grade full-stack web applications and websites with Vue.js.
astro
Astro is a modern site builder with web best practices, performance, and DX front-of-mind.
@slack/bolt
A framework for building Slack apps, fast.
bcrypt
A bcrypt library for NodeJS. Keywords: bcrypt, password, auth, authentication, encryption. 21M monthly downloads. License: MIT
@playwright/test
A high-level API to automate web browsers
pm2
Production process manager for Node.JS applications with a built-in load balancer.
@mistralai/mistralai
TypeScript client library for the Mistral AI API
esbuild
An extremely fast JavaScript and CSS bundler and minifier.
gatsby
Blazing fast modern site generator for React
sharp
High performance Node.js image processing, the fastest module to resize JPEG, PNG, WebP, GIF, AVIF and TIFF images
cypress
Cypress is a next generation front end testing tool built for the modern web
puppeteer
A high-level API to control headless Chrome over the DevTools Protocol
dd-trace
Datadog APM tracing client for JavaScript
Don't see your tool?
Scan a Tool