`astro`

Ecosystem:
npm

Package URL:
pkg:npm/astro

Total PRs:
34,430 Dependabot PRs

Latest PR:
about 3 hours ago

Unique Repositories:
7,643 repositories

Unique Repos (30 days):
523 repositories

Security Advisories

Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values

GHSA-ggxq-hp9w-j794 CVE-2025-64765 MODERATE published 6 months ago • updated 1 day ago

A mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validati...

View all 17 advisories

Recent PRs

RSS Feed

build(deps): bump the dependencies group across 1 directory with 10 updates

gxjansen/gxjansen.github.io #192

6.3.7 → 6.4.2 Minor PR

Open about 3 hours ago 1 comment

Bump astro from 5.18.2 to 6.4.2

melissa98m/portfolio-2025 #42

5.18.2 → 6.4.2 Major PR

Open about 18 hours ago 1 comment

Bump the prod-minor-patch group across 1 directory with 4 updates

dupontcyborg/flightyco2 #6

6.3.3 → 6.4.2 Minor PR

Open about 19 hours ago 1 comment

chore(deps): bump astro from 6.3.7 to 6.4.2

Hexaxia-Labs/hexaxia-labs.github.io #3

6.3.7 → 6.4.2 Minor PR

Open about 20 hours ago 1 comment

chore(deps): bump astro from 6.3.8 to 6.4.2

SecPal/secpal.app #116

6.3.8 → 6.4.2 Minor PR

Open about 20 hours ago 2 comments

deps(deps): bump the minor-and-patch group across 1 directory with 12 updates

pramodhm112/cloudnative-atlas #13

6.1.10 → 6.4.2 Minor PR

Open about 21 hours ago 2 comments

chore(deps): bump the npm_and_yarn group across 1 directory with 8 updates

pinkpixel-dev/keyper #38

5.18.0 → 6.4.2 Major PR

Open about 22 hours ago 1 comment

build(deps): bump the minor-updates group across 1 directory with 3 updates

markd3ng/KIRARI #62

6.3.7 → 6.4.2 Minor PR

Open about 23 hours ago 1 comment

chore(deps): bump the astro group with 3 updates

ArtemioPadilla/issue-driven-web-template #74

5.18.2 → 6.4.2 Major PR

Closed 1 day ago 1 comment

Bump astro from 6.3.7 to 6.4.2

PlayForm/Favicon #55

6.3.7 → 6.4.2 Minor PR

Open 1 day ago 3 comments

chore(deps): bump astro from 6.3.6 to 6.4.2

SebitaxGod/Portafolio-astro #7

6.3.6 → 6.4.2 Minor PR

Open 1 day ago 2 comments

chore(deps): bump the npm_and_yarn group across 4 directories with 15 updates

danielbodnar/sandbox-agent #18

5.16.15 → 6.1.10 Major PR

Closed 1 day ago 3 comments

chore(deps): bump the npm_and_yarn group across 7 directories with 8 updates

pellera9/opencode #2

5.7.13 → 6.1.10 Major PR

Closed 1 day ago 4 comments

chore(deps): bump the npm_and_yarn group across 1 directory with 7 updates

milliorn/portfolio #249

5.18.1 → 6.1.10 Major PR

Closed 2 days ago 3 comments

chore(deps)(deps-dev): bump the astro group with 3 updates

hasegawa-101/hasegawa #119

6.3.7 → 6.3.8 Patch PR

Closed 2 days ago 1 comment

chore(deps): bump the minor-and-patch group across 1 directory with 4 updates

davidhfrost/dhfrost #97

6.3.3 → 6.3.8 Patch PR

Open 2 days ago 2 comments

chore(deps): Bump astro from 6.1.10 to 6.3.8

kiakiraki/resume-builder #26

6.1.10 → 6.3.8 Minor PR

Open 2 days ago 1 comment

chore(deps): Bump astro from 6.3.3 to 6.3.6 in /docs

devantler-tech/ksail #4904

6.3.3 → 6.3.6 Patch PR

Open 2 days ago 1 comment

chore(deps): bump astro from 6.1.9 to 6.3.1 in /website in the website-minor-patch group across 1 directory

agent-of-empires/agent-of-empires #1537

6.1.9 → 6.3.1 Minor PR

Open 3 days ago 3 comments

build(deps): bump the patch-updates group across 1 directory with 11 updates

W-zeke/my_blog #10

6.3.1 → 6.3.8 Patch PR

Closed 3 days ago 2 comments

Bump astro from 6.3.3 to 6.3.8

FA-T-T/FA-T-T.github.io #20

6.3.3 → 6.3.8 Patch PR

Closed 3 days ago 1 comment

Bump the patch-updates group across 1 directory with 3 updates

CCA8798/CCA8798_Blog_Astro_Fuwari #22

5.18.1 → 5.18.2 Patch PR

Closed 3 days ago 1 comment

Bump astro from 6.3.1 to 6.3.8

esphome/esphome-devices #1628

6.3.1 → 6.3.8 Patch PR

Open 3 days ago 1 comment

deps(deps): bump the minor-and-patch group across 1 directory with 13 updates

pramodhm112/cloudnative-atlas #12

6.1.10 → 6.3.8 Minor PR

Open 3 days ago 3 comments

build(deps): bump the astro group across 1 directory with 2 updates

joeseverino/jseverino.com #8

6.3.5 → 6.3.8 Patch PR

Open 3 days ago 1 comment

Build(deps): Bump the patch-updates group across 1 directory with 7 updates

Yamrc/RC-Blog #138

5.18.1 → 5.18.2 Patch PR

Open 3 days ago 2 comments

build(deps): bump the patch-updates group across 1 directory with 3 updates

naranyinyun/NalanyinyunsLibrary #87

5.18.1 → 5.18.2 Patch PR

Open 3 days ago 1 comment

deps(site): bump astro from 6.3.5 to 6.3.8 in /site

mcp-tool-shop-org/sovereign #13

6.3.5 → 6.3.8 Patch PR

Open 3 days ago 1 comment

chore(deps): bump the patch-updates group across 1 directory with 4 updates

Games55k/iBlog #47

6.3.7 → 6.3.8 Patch PR

Open 3 days ago 1 comment

deps: bump the production-dependencies group with 2 updates

sitcon-tw/camp2026 #137

6.3.7 → 6.3.8 Patch PR

Open 3 days ago 1 comment

Bump the patch-updates group across 1 directory with 8 updates

wwwaaa123122/Starlr_blog #6

5.18.1 → 5.18.2 Patch PR

Open 3 days ago 2 comments

Bump the patch-updates group across 1 directory with 8 updates

Hailuo4ever/Hailuo_blog #18

5.18.1 → 5.18.2 Patch PR

Open 3 days ago 1 comment

build(deps): bump the patch-and-minor-dependencies group across 1 directory with 63 updates

nl-design-system/theme-wizard #776

6.2.1 → 6.3.7 Minor PR

Open 4 days ago 2 comments

chore(site): bump astro from 6.3.5 to 6.3.7 in /site in the astro-ecosystem group

jonathan-vella/azure-agentic-infraops #437

6.3.5 → 6.3.7 Patch PR

Open 4 days ago 1 comment

build(deps): bump the patch-updates group across 1 directory with 6 updates

qwc-ch/Firefly #24

6.3.5 → 6.3.7 Patch PR

Closed 4 days ago 3 comments

chore(deps)(deps): bump the prod-minor-patch group with 11 updates

pauljohnchamberlain/pool-pals #2

6.2.2 → 6.3.7 Minor PR

Closed 4 days ago 2 comments

yarn(deps): bump astro from 6.3.5 to 6.3.7 in the production-dependencies group

devparada/Portfolio #58

6.3.5 → 6.3.7 Patch PR

Closed 4 days ago 2 comments

Bump astro from 6.3.5 to 6.3.7 in /docs/starlight in the docs-dependencies group

ParleSec/ProtocolSoup #43

6.3.5 → 6.3.7 Patch PR

Open 4 days ago 1 comment

chore(deps): bump the npm-root group with 5 updates

aretw0/vault-seed #31

6.3.5 → 6.3.7 Patch PR

Open 4 days ago 1 comment

chore(deps): bump astro from 6.3.5 to 6.3.7 in the astro group

subhan-f/personal-portfolio #10

6.3.5 → 6.3.7 Patch PR

Open 4 days ago 1 comment

Bump astro from 6.3.5 to 6.3.7

AzuraCast/azuracast.com #212

6.3.5 → 6.3.7 Patch PR

Open 4 days ago 1 comment

chore(deps): bump astro from 6.3.1 to 6.3.7

javirojas988/clase-alan-turing #5

6.3.1 → 6.3.7 Patch PR

Open 4 days ago 2 comments

chore(dependency): bump astro from 5.18.1 to 6.3.7

qianjunakasumi/qianjunakasumi.moe #430

5.18.1 → 6.3.7 Major PR

Open 4 days ago 1 comment

chore(deps-dev): bump astro from 6.3.1 to 6.3.7

colinvkim/capitalize #7

6.3.1 → 6.3.7 Patch PR

Open 4 days ago 1 comment

Bump astro from 6.1.9 to 6.3.7

jocmp/capyreader-site #28

6.1.9 → 6.3.7 Minor PR

Open 4 days ago 2 comments

chore(deps): bump astro from 6.3.1 to 6.3.7

Ju4nmaFd3z/cert-dev-ops-personal-site #5

6.3.1 → 6.3.7 Patch PR

Open 4 days ago 2 comments

build(deps): bump astro from 4.16.19 to 6.3.7

AthenaTheOwl/athena-site #12

4.16.19 → 6.3.7 Major PR

Open 4 days ago 3 comments

chore(deps): bump astro from 6.3.5 to 6.3.7

idcesares/Portfolio #71

6.3.5 → 6.3.7 Patch PR

Open 4 days ago 2 comments

chore(deps): bump the all-npm-minor-patch group across 1 directory with 20 updates

blaudden/mtbo-sajten #154

6.1.9 → 6.3.7 Minor PR

Open 4 days ago 1 comment

chore(deps): Bump the minor-and-patch group across 1 directory with 14 updates

MinistrarePL/SimpleInvesting #7

6.3.0 → 6.3.7 Patch PR

Open 5 days ago 2 comments

Package Details

Name:	`astro`
Ecosystem:	npm
PURL Type:	npm
Package URL:	`pkg:npm/astro`
JSON API:	View JSON

Security Advisories

17

Active advisories

HIGH 3

MODERATE 10

LOW 4

View All npm Advisories

Package Information

Description:

Astro is a modern site builder with web best practices, performance, and DX front-of-mind.

Repository:	https://github.com/withastro/astro
Homepage:	https://astro.build
Latest Release:	`4.16.16` over 1 year ago
Dependent Repos:	18,705
Dependent Packages:	915
Downloads:	1,349,386
Ranking:	Top 0.1941% by dependent repos Top 0.2899% by downloads Top 0.0943% by dependent pkgs

PR Status

Open 15,903 (46.2%)

Merged 3,432 (10.0%)

Closed 12,733 (37.0%)

PR Types

Major 2,397 (7.0%)

Minor 18,465 (53.6%)

Patch 11,189 (32.5%)

astro

Security Advisories

Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values

Atro CSRF Middleware Bypass (security.checkOrigin)

Astro allows unauthorized third-party images in _image endpoint

Astro: XSS in define:vars via incomplete </script> tag sanitization

Astro's `X-Forwarded-Host` is reflected without validation

Recent PRs

Package Details

Security Advisories

17

Package Information

PR Status

PR Types

`astro`