Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

devalue

Ecosystem:
npm
Package URL:
pkg:npm/devalue
Total PRs:
3,943 Dependabot PRs
Latest PR:
4 days ago
Unique Repositories:
3,211 repositories
Unique Repos (30 days):
276 repositories
Security Advisories
Sveltejs devalue's `devalue.parse` and `devalue.unflatten` emit objects with `__proto__` own properties
GHSA-mwv9-gp5h-frr4 LOW published 3 months ago • updated 21 days ago
In some circumstances, `devalue.parse` and `devalue.unflatten` could emit objects with `__proto__` own properties. This in and of itself is not a s...
devalue affected by CPU and memory amplification from sparse arrays
GHSA-33hq-fvwr-56pm LOW published 3 months ago • updated 17 days ago
Under certain circumstances, serializing sparse arrays using `uneval` or `stringify` could cause CPU and/or memory exhaustion. When this occurs on ...
devalue `uneval`ed code can create objects with polluted prototypes when `eval`ed
GHSA-8qm3-746x-r74r LOW published 3 months ago • updated 17 days ago
Under certain circumstances, `uneval`ing untrusted data can produce output code that will create objects with polluted prototypes when later `eval`...
devalue has prototype pollution in devalue.parse and devalue.unflatten
GHSA-cfw5-2vxh-hr84 CVE-2026-30226 MODERATE published 3 months ago • updated 16 days ago
In devalue v5.6.3, `devalue.parse` and `devalue.unflatten` were susceptible to prototype pollution via maliciously crafted payloads. Successful exp...
Svelte devalue: DoS via sparse array deserialization
GHSA-77vg-94rm-hx3p CVE-2026-42570 HIGH published 21 days ago • updated 19 days ago
`devalue.parse` could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when deserializing spars...
View all 8 advisories
Recent PRs
RSS Feed
feat(deps): Bump the npm_and_yarn group across 17 directories with 5 updates

SherfeyInv/sentry-javascript #240

4.3.3 → 5.8.1 Major PR
Closed 4 days ago 2 comments
SherfeyInv
chore(deps): bump the npm_and_yarn group across 1 directory with 3 updates

ColRuDev/portfolio #34

5.7.1 → 5.8.1 Minor PR
Open 5 days ago 1 comment
ColRuDev
build(deps): bump the npm_and_yarn group across 15 directories with 15 updates

flumente/bun #64

5.1.1 → 5.8.1 Minor PR
Closed 6 days ago 1 comment
flumente
chore(deps): bump the npm_and_yarn group across 1 directory with 8 updates

pinkpixel-dev/keyper #38

5.6.3 → 5.8.1 Minor PR
Open 7 days ago 1 comment
pinkpixel-dev
chore(deps): bump the npm_and_yarn group across 17 directories with 11 updates

Surfndez/bun #58

5.1.1 → 5.8.1 Minor PR
Closed 7 days ago 1 comment
Surfndez
chore(deps): bump the npm_and_yarn group across 1 directory with 7 updates

milliorn/portfolio #249

5.7.1 → 5.8.1 Minor PR
Closed 7 days ago 3 comments
milliorn
build(deps): bump devalue from 5.8.0 to 5.8.1

SecureLayer/tmp #3

5.8.0 → 5.8.1 Patch PR
Open 10 days ago 1 comment
SecureLayer
Bump devalue from 5.6.1 to 5.8.1

brickbruce1975-ship-it/workflows-starter-template #2

5.6.1 → 5.8.1 Minor PR
Open 10 days ago 1 comment
brickbruce1975-ship-it
Bump devalue from 5.6.1 to 5.8.1

integraceBD/workflows-starter-template #2

5.6.1 → 5.8.1 Minor PR
Open 10 days ago 1 comment
integraceBD
Bump the npm_and_yarn group across 16 directories with 20 updates

jcstein/next.js #21

2.0.1 → 5.8.1 Major PR
Closed 11 days ago 1 comment
jcstein
build(deps): bump the npm_and_yarn group across 1 directory with 2 updates

itsoltech/canopy-desktop #224

5.6.4 → 5.8.1 Minor PR
Closed 11 days ago 2 comments
itsoltech
Bump the npm_and_yarn group across 13 directories with 20 updates

jcstein/next.js #19

2.0.1 → 5.8.1 Major PR
Closed 11 days ago 1 comment
jcstein
build(deps): bump the npm_and_yarn group across 1 directory with 10 updates

jianminy931020-coder/chat-jianminy #1

5.6.1 → 5.8.1 Minor PR
Closed 12 days ago 1 comment
jianminy931020-coder
chore(deps): bump the npm_and_yarn group across 3 directories with 7 updates

Metatronsdoob369/Domicile #36

5.6.4 → 5.8.1 Minor PR
Open 12 days ago 1 comment
Metatronsdoob369
chore(deps): bump the npm_and_yarn group across 4 directories with 6 updates

ANT0071/nocodb #36

5.1.1 → 5.8.1 Minor PR
Closed 12 days ago 1 comment
ANT0071
Bump the npm_and_yarn group across 5 directories with 7 updates

jinhua115/workers-sdk #16

4.3.2 → 5.8.1 Major PR
Closed 12 days ago 1 comment
jinhua115
Bump devalue from 5.6.1 to 5.8.1

Dct555/workflows-starter-template #3

5.6.1 → 5.8.1 Minor PR
Open 12 days ago 1 comment
Dct555
Bump devalue and @cloudflare/vitest-pool-workers

Dct555/chanfana-openapi-template #3

4.3.3 → 5.8.1 Major PR
Open 12 days ago 3 comments
Dct555
Bump the npm_and_yarn group across 4 directories with 7 updates

rshan1515/workers-sdk #22

4.3.2 → 5.8.1 Major PR
Closed 12 days ago 3 comments
rshan1515
Bump devalue from 5.6.2 to 5.8.1

cinderjk/math #1

5.6.2 → 5.8.1 Minor PR
Closed 12 days ago 2 comments
cinderjk
Bump the npm_and_yarn group across 1 directory with 8 updates

matthieu-octave/workers-for-platforms-template422 #1

4.3.3 → removed
Open 13 days ago 1 comment
matthieu-octave
fix: bump the npm-security group across 1 directory with 20 updates

janbiasi/rollup-plugin-sbom #313

5.6.3 → 5.8.1 Minor PR
Closed 13 days ago 2 comments
janbiasi
chore(deps): bump devalue from 5.7.1 to 5.8.1 in the npm_and_yarn group across 1 directory

dallay/agentsync #425

5.7.1 → 5.8.1 Minor PR
Open 13 days ago 2 comments
dallay
Bump the npm_and_yarn group across 9 directories with 19 updates

Surfndez/next.js #15

2.0.1 → 5.8.1 Major PR
Closed 13 days ago 1 comment
Surfndez
build(deps): Bump the npm_and_yarn group across 1 directory with 5 updates

williamzujkowski/remarque #38

5.7.1 → 5.8.1 Minor PR
Open 13 days ago 1 comment
williamzujkowski
chore(deps): Bump the npm_and_yarn group across 1 directory with 4 updates

williamzujkowski/williamzujkowski.github.io #230

5.7.1 → 5.8.1 Minor PR
Open 13 days ago 2 comments
williamzujkowski
chore(deps): bump the npm_and_yarn group across 4 directories with 9 updates

BAS-More/ruflo #89

5.6.3 → 5.8.1 Minor PR
Closed 14 days ago 1 comment
BAS-More
Bump devalue from 5.6.4 to 5.8.1

WalletScrutiny/nostr-opinion-plugin #5

5.6.4 → 5.8.1 Minor PR
Closed 14 days ago 1 comment
WalletScrutiny
Bump the npm_and_yarn group across 1 directory with 10 updates

jgeofil/mlreadme-astro-blog #361

5.6.4 → 5.8.1 Minor PR
Open 15 days ago 1 comment
jgeofil
Bump devalue from 5.8.0 to 5.8.1

srikanthsastry/srikanthsastry.github.io #134

5.8.0 → 5.8.1 Patch PR
Closed 15 days ago 1 comment
srikanthsastry
build(deps): bump the npm_and_yarn group across 1 directory with 7 updates

pionjs/pion #147

5.6.4 → 5.8.1 Minor PR
Open 15 days ago 2 comments
pionjs
Bump devalue from 5.8.0 to 5.8.1

namesakefyi/namesake #545

5.8.0 → 5.8.1 Patch PR
Open 16 days ago 2 comments
namesakefyi
Bump the npm_and_yarn group across 43 directories with 14 updates

dporkka/builder #160

4.3.2 → 5.8.1 Major PR
Closed 17 days ago 1 comment
dporkka
Bump the npm_and_yarn group across 43 directories with 13 updates

dporkka/builder #159

4.3.2 → 5.8.1 Major PR
Closed 17 days ago 1 comment
dporkka
Bump devalue from 5.7.1 to 5.8.1

rayporrello/tmpl-svelte-app #30

5.7.1 → 5.8.1 Minor PR
Closed 17 days ago 1 comment
rayporrello
chore(deps): bump devalue from 5.8.0 to 5.8.1 in the npm_and_yarn group across 1 directory

bryan-hoang/bryanhoang.dev #30

5.8.0 → 5.8.1 Patch PR
Open 17 days ago 2 comments
bryan-hoang
Bump devalue from 5.6.4 to 5.8.1

makoMakoGo/makoMakoGo.github.io #1

5.6.4 → 5.8.1 Minor PR
Closed 18 days ago 1 comment
makoMakoGo
chore(deps): bump devalue and @cloudflare/vitest-pool-workers in /web/worker

creatornader/note-to-self #1

removed Removal PR
Closed 18 days ago 2 comments
creatornader
build(deps): bump devalue and next in /frontend

pipeshub-ai/pipeshub-ai #2321

removed Removal PR
Closed 18 days ago 1 comment
pipeshub-ai
chore(deps): bump devalue from 5.6.3 to 5.8.1

sustanza/stargarden #26

5.6.3 → 5.8.1 Minor PR
Open 18 days ago 1 comment
sustanza
Bump devalue from 5.6.2 to 5.8.1

albertoperdomo2/astro-vim #35

5.6.2 → 5.8.1 Minor PR
Closed 19 days ago 1 comment
albertoperdomo2
build(deps): bump the npm_and_yarn group across 1 directory with 4 updates

jaypatrick/bloqr-landing #124

5.7.1 → 5.8.1 Minor PR
Closed 19 days ago 1 comment
jaypatrick
chore(deps): bump devalue from 5.8.0 to 5.8.1

graphql-hive/graphql-yoga #4494

5.8.0 → 5.8.1 Patch PR
Closed 19 days ago 2 comments
graphql-hive
Bump the npm_and_yarn group across 43 directories with 6 updates

dporkka/builder #158

4.3.2 → 5.8.1 Major PR
Closed 19 days ago 1 comment
dporkka
Bump devalue from 5.8.0 to 5.8.1

bhargava16623/dependabot-alternatives-test #15

5.8.0 → 5.8.1 Patch PR
Open 19 days ago 1 comment
bhargava16623
chore(deps): bump devalue from 5.8.0 to 5.8.1 in the npm_and_yarn group across 1 directory

almeidx/fogdex #28

5.8.0 → 5.8.1 Patch PR
Open 20 days ago 1 comment
almeidx
chore(deps): bump the npm_and_yarn group across 1 directory with 14 updates

AKJUS/lucide #175

5.8.0 → 5.8.1 Patch PR
Closed 20 days ago 3 comments
AKJUS
Bump the npm_and_yarn group across 37 directories with 6 updates

dporkka/builder #155

4.3.2 → 5.8.1 Major PR
Closed 20 days ago 1 comment
dporkka
build(deps): bump the npm_and_yarn group across 36 directories with 5 updates

ANT0071/builder #316

4.3.2 → 5.8.1 Major PR
Closed 20 days ago 1 comment
ANT0071
chore(deps): bump devalue from 5.7.1 to 5.8.1 in /frontend

aitit-inc/lead-ace #9

5.7.1 → 5.8.1 Minor PR
Closed 20 days ago 1 comment
aitit-inc
Package Details
Name: devalue
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/devalue
JSON API: View JSON
Security Advisories

8

Active advisories
HIGH 4
MODERATE 1
LOW 3
View All npm Advisories
Package Information
Description:

Gets the job done when JSON.stringify can't

Repository: https://github.com/sveltejs/devalue
Homepage: https://github.com/sveltejs/devalue#readme
Latest Release: 5.3.2
9 months ago
Dependent Repos: 52,279
Dependent Packages: 247
Downloads: 10,245,902
Ranking: Top 0.142% by dependent repos Top 0.1609% by downloads Top 0.2265% by dependent pkgs
PR Status
Open 2,091 (53.0%)
Merged 545 (13.8%)
Closed 1,307 (33.1%)
PR Types
Major 285 (7.2%)
Minor 2,667 (67.6%)
Patch 977 (24.8%)
Removal 13 (0.3%)