Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

minimatch

Ecosystem:
npm
Package URL:
pkg:npm/minimatch
Total PRs:
24,992 Dependabot PRs
Latest PR:
about 3 hours ago
Unique Repositories:
12,927 repositories
Unique Repos (30 days):
8,116 repositories
Security Advisories
Regular Expression Denial of Service in minimatch
GHSA-hxm2-r34f-qmc5 CVE-2016-10540 HIGH published over 7 years ago • updated 2 days ago
Affected versions of `minimatch` are vulnerable to regular expression denial of service attacks when user input is passed into the `pattern` argume...
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments
GHSA-7r86-cg39-jmmj CVE-2026-27903 HIGH published 12 days ago • updated 6 days ago
### Summary `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and...
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions
GHSA-23c5-xmqv-rm74 CVE-2026-27904 HIGH published 12 days ago • updated 6 days ago
### Summary Nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtrackin...
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern
GHSA-3ppc-4f35-3m26 CVE-2026-26996 HIGH published 20 days ago • updated 7 days ago
### Summary `minimatch` is vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive `*` wildcards f...
minimatch ReDoS vulnerability
GHSA-f8q6-p94x-37v3 CVE-2022-3517 HIGH published over 3 years ago • updated 2 days ago
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand fu...
Recent PRs
RSS Feed
chore(deps): bump the npm_and_yarn group across 6 directories with 11 updates

qenex-ai/fern #56

10.1.1 → 10.2.3 Minor PR
Open about 3 hours ago 1 comment
qenex-ai
Bump the npm_and_yarn group across 8 directories with 14 updates

100mslive/100ms-react-native #1557

3.1.2 → 3.1.5 Patch PR
Open about 3 hours ago 1 comment
100mslive
build(deps): bump the npm_and_yarn group across 17 directories with 9 updates

machalliance/Migration-Documentation-AI #43

3.1.2 → 3.1.5 Patch PR
Open about 3 hours ago 1 comment
machalliance
Bump the npm_and_yarn group across 5 directories with 24 updates

ammar-knowledge/storybook #462

10.1.2 → 10.2.3 Minor PR
Open about 4 hours ago 3 comments
ammar-knowledge
build(deps): bump the npm_and_yarn group across 1 directory with 21 updates

JounQin/renovate #12

10.0.1 → 10.2.3 Minor PR
Open about 4 hours ago 3 comments
JounQin
Bump minimatch from 3.1.2 to 3.1.5 in /xml-transformer

McNamara84/DataCite-XML-Updater #20

3.1.2 → 3.1.5 Patch PR
Closed about 4 hours ago 1 comment
McNamara84
Bump minimatch from 3.1.2 to 3.1.5

cbirdsong/birdsong.dev #38

3.1.2 → 3.1.5 Patch PR
Open about 4 hours ago 1 comment
cbirdsong
chore(deps): bump the npm_and_yarn group across 2 directories with 5 updates

RomainDECOSTER/scoutquest #21

3.1.2 → 3.1.5 Patch PR
Open about 5 hours ago 12 comments
RomainDECOSTER
chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates

ischon/DnDCharacterManagement #155

3.1.2 → 3.1.5 Patch PR
Open about 6 hours ago 1 comment
ischon
chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates

ischon/DnDCharacterManagement #151

3.1.2 → 3.1.5 Patch PR
Closed about 6 hours ago 3 comments
ischon
chore(deps): Bump the npm_and_yarn group across 9 directories with 2 updates

jcornell3/tamshai-enterprise-ai #202

3.1.2 → 3.1.5 Patch PR
Closed about 6 hours ago 2 comments
jcornell3
Bump minimatch from 3.1.2 to 3.1.3

Kwiket/jets-seatmap-react-lib-pub #154

3.1.2 → 3.1.3 Patch PR
Closed about 7 hours ago 1 comment
Kwiket
deps: bump the npm_and_yarn group across 1 directory with 3 updates

AUo959/aurora-cloudbank-symbolic #486

3.1.2 → 3.1.5 Patch PR
Open about 11 hours ago 23 comments
AUo959
build(deps): bump minimatch and serve

zazuko/cube-link #247

3.1.2 → 3.1.5 Patch PR
Open about 11 hours ago 1 comment
zazuko
deps(deps): bump minimatch and markdownlint-cli

winccoa-tools-pack/npm-winccoa-log-reader #10

10.1.3 → 10.2.4 Minor PR
Open about 12 hours ago 1 comment
winccoa-tools-pack
build(deps): bump minimatch from 3.1.2 to 3.1.5 in /vue-model-api

modelix/modelix.core #2466

3.1.2 → 3.1.5 Patch PR
Closed about 12 hours ago 2 comments
modelix
Bump the npm_and_yarn group across 3 directories with 7 updates

augustocristian/asw2324_0 #235

3.1.2 → 3.1.5 Patch PR
Open about 12 hours ago 2 comments
augustocristian
build(deps): bump minimatch in /packages/otelbin-validation-image

dash0hq/otelbin #543

3.1.2 → 3.1.5 Patch PR
Open about 14 hours ago 2 comments
dash0hq
chore(deps): bump the production-dependencies group with 17 updates

XQZmeSIR/XQZmeSIR-Digital-Garden #49

10.1.1 → 10.2.4 Minor PR
Open about 14 hours ago 1 comment
XQZmeSIR
build(deps): Bump the npm_and_yarn group across 1 directory with 9 updates

OsoPanda1/citemesh-roots #2

3.1.2 → 3.1.5 Patch PR
Open about 15 hours ago 1 comment
OsoPanda1
chore(deps): bump the production-dependencies group across 1 directory with 19 updates

MatsuiMiyako/Physics-Final #14

10.1.1 → 10.2.4 Minor PR
Open about 15 hours ago 2 comments
MatsuiMiyako
chore(deps): bump the production-dependencies group with 17 updates

lowen-ht/lowen_web #2

10.1.1 → 10.2.4 Minor PR
Open about 16 hours ago 1 comment
lowen-ht
Bump the npm_and_yarn group across 1 directory with 2 updates

JaonaryRR/CGU_UDT #1

9.0.5 → 9.0.9 Patch PR
Open about 16 hours ago 1 comment
JaonaryRR
chore(deps-dev): bump minimatch from 9.0.5 to 9.0.9 in /multiple-node-versions-example

GoogleCloudPlatform/cloud-build-samples #388

9.0.5 → 9.0.9 Patch PR
Open about 17 hours ago 2 comments
GoogleCloudPlatform
Bump the production-dependencies group across 1 directory with 20 updates

moon0727/blog #14

10.1.1 → 10.2.4 Minor PR
Open about 18 hours ago 2 comments
moon0727
chore(deps): bump the production-dependencies group with 17 updates

jempolbagas/personal-knowledge-base #2

10.1.1 → 10.2.4 Minor PR
Open about 18 hours ago 1 comment
jempolbagas
chore(deps): bump the production-dependencies group across 1 directory with 20 updates

HOowada/obsidian-quartz #13

10.1.1 → 10.2.4 Minor PR
Open about 21 hours ago 1 comment
HOowada
chore(deps-dev): bump minimatch from 3.1.2 to 3.1.5

jedau/PICKL #159

3.1.2 → 3.1.5 Patch PR
Open about 22 hours ago 3 comments
jedau
chore: Bump minimatch from 5.1.6 to 5.1.9

thenativeweb/eventsourcingdb-merkle #35

5.1.6 → 5.1.9 Patch PR
Closed about 23 hours ago 1 comment
thenativeweb
chore(deps): bump the production-dependencies group with 17 updates

mqqcqdp9wv-wq/lyubimov-blog #2

10.1.1 → 10.2.4 Minor PR
Open about 23 hours ago 1 comment
mqqcqdp9wv-wq
chore(deps): bump the production-dependencies group across 1 directory with 17 updates

tfle/comp9417-notes #8

10.1.1 → 10.2.4 Minor PR
Open about 23 hours ago 1 comment
tfle
build(deps): bump minimatch and editorconfig in /web

bcgov/jasper #890

9.0.1 → 9.0.9 Patch PR
Open about 24 hours ago 1 comment
bcgov
Bump the npm_and_yarn group across 1 directory with 2 updates

heymumford/redeemflow #30

3.1.2 → 3.1.5 Patch PR
Closed 1 day ago 1 comment
heymumford
chore(deps): bump the production-dependencies group across 1 directory with 17 updates

jiorjioo/quran-journaling #8

10.1.1 → 10.2.4 Minor PR
Open 1 day ago 1 comment
jiorjioo
Bump the npm_and_yarn group across 2 directories with 4 updates

Chrispine-1210/MEC #6

9.0.5 → 9.0.9 Patch PR
Closed 1 day ago 2 comments
Chrispine-1210
Bump the npm_and_yarn group across 1 directory with 6 updates

lilaflo/trilium-mcp #2

3.1.2 → 3.1.5 Patch PR
Closed 1 day ago 1 comment
lilaflo
build(deps): bump the npm_and_yarn group across 5 directories with 9 updates

globe-and-citizen/cnc-portal #1657

3.1.2 → 3.1.5 Patch PR
Open 1 day ago 1 comment
globe-and-citizen
chore(deps): bump the npm_and_yarn group across 2 directories with 3 updates

ForgedApps/mcpflare #14

9.0.5 → 9.0.9 Patch PR
Closed 1 day ago 1 comment
ForgedApps
Bump the npm_and_yarn group across 1 directory with 3 updates

mehdiraized/npmax #79

3.1.2 → 3.1.5 Patch PR
Closed 1 day ago 1 comment
mehdiraized
Bump minimatch from 10.1.1 to 10.2.4 in /common

WFP-VAM/prism-app #1754

10.1.1 → 10.2.4 Minor PR
Open 1 day ago 2 comments
WFP-VAM
Bump the production-dependencies group across 1 directory with 17 updates

chenguangj/Quartz-nodes #4

10.1.1 → 10.2.4 Minor PR
Open 1 day ago 1 comment
chenguangj
Bump minimatch from 3.1.2 to 3.1.5

smtchahal/gta-snap-to-jpg #48

3.1.2 → 3.1.5 Patch PR
Open 1 day ago 1 comment
smtchahal
build(deps-dev): bump minimatch from 3.1.2 to 3.1.5 in /frontend

0b501e7e/smashd #21

3.1.2 → 3.1.5 Patch PR
Open 1 day ago 1 comment
0b501e7e
⬆️ Bump minimatch

Juanitte/Ino-UI #18

3.1.2 → 3.1.5 Patch PR
Closed 1 day ago 2 comments
Juanitte
build: bump minimatch in /tests/acceptance

shopware/SwagPayPal #575

3.1.2 → 3.1.5 Patch PR
Closed 1 day ago 2 comments
shopware
Bump minimatch from 3.1.2 to 3.1.5 in /src/Exceptionless.Web/ClientApp

exceptionless/Exceptionless #2144

3.1.2 → 3.1.5 Patch PR
Open 1 day ago 1 comment
exceptionless
chore(deps): bump the production-dependencies group across 1 directory with 13 updates

nchalla3/notes #47

10.2.0 → 10.2.4 Patch PR
Open 1 day ago 1 comment
nchalla3
Bump minimatch from 3.1.2 to 3.1.5

hpi-schul-cloud/schulcloud-server #6177

3.1.2 → 3.1.5 Patch PR
Closed 1 day ago 1 comment
hpi-schul-cloud
build(deps): bump the npm_and_yarn group across 1 directory with 4 updates

openvanilla/McBopomofoWeb #545

3.1.2 → 3.1.5 Patch PR
Open 1 day ago 1 comment
openvanilla
chore(deps): bump minimatch and aws-cdk-lib in /ultimate-test

dreamorosi/create-cdk-app-cli #80

removed Removal PR
Open 1 day ago 1 comment
dreamorosi
Package Details
Name: minimatch
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/minimatch
JSON API: View JSON
Security Advisories

5

Active advisories
HIGH 5
View All npm Advisories
Package Information
Description:

a glob matcher in javascript

Repository: https://github.com/isaacs/minimatch
Homepage: https://github.com/isaacs/minimatch#readme
Latest Release: 10.0.1
over 1 year ago
Dependent Repos: 2,198,462
Dependent Packages: 9,743
Downloads: 1,223,937,395
Ranking: Top 0.0126% by dependent repos Top 0.0004% by downloads Top 0.0099% by dependent pkgs
PR Status
Open 10,776 (43.1%)
Merged 240 (1.0%)
Closed 13,858 (55.4%)
PR Types
Removal 48 (0.2%)
Minor 7,031 (28.1%)
Major 652 (2.6%)
Patch 17,117 (68.5%)