`undici`

Ecosystem:
npm

Package URL:
pkg:npm/undici

Total PRs:
15,509 Dependabot PRs

Latest PR:
about 6 hours ago

Unique Repositories:
9,734 repositories

Unique Repos (30 days):
160 repositories

Security Advisories

Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect

GHSA-9qxr-qj54-h672 CVE-2024-30261 LOW published about 2 years ago • updated 4 days ago

### Impact If an attacker can alter the `integrity` option passed to `fetch()`, they can let `fetch()` accept requests as valid even if they have ...

undici Denial of Service attack via bad certificate data

GHSA-cxrh-j4jr-qwg3 CVE-2025-47279 LOW published about 1 year ago • updated 1 day ago

### Impact Applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certifi...

Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type

GHSA-f772-66g8-q5h3 CVE-2022-35948 MODERATE published almost 4 years ago • updated about 2 months ago

### Impact `=< undici@5.8.0` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specificall...

Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS

GHSA-phc3-fgpg-7m6h CVE-2026-2581 MODERATE published 3 months ago • updated 28 days ago

## Impact This is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS). In vulnerable Undici vers...

Undici has Unhandled Exception in WebSocket Client Due to Invalid server_max_window_bits Validation

GHSA-v9p9-hfj2-hcw8 CVE-2026-2229 HIGH published 3 months ago • updated 20 days ago

### Impact The undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the `server_max_window_bits` para...

View all 22 advisories

Recent PRs

RSS Feed

Bump the npm_and_yarn group across 1 directory with 10 updates

sthivaios/sthivaios.dev #39

5.29.0 → 6.27.0 Major PR

Open about 6 hours ago 1 comment

deps: bump undici from 7.27.2 to 7.28.0

Tiliavir/wollbach-website #997

7.27.2 → 7.28.0 Minor PR

Closed 1 day ago 1 comment

build(deps): bump the production-minor-and-patch group across 1 directory with 17 updates

openclaw/clawhub #2663

7.27.2 → 7.28.0 Minor PR

Closed 1 day ago 3 comments

build(deps): bump undici from 8.4.1 to 8.5.0

hakatashi/decathlon #1314

8.4.1 → 8.5.0 Minor PR

Closed 1 day ago 2 comments

chore(deps): bump the npm_and_yarn group across 7 directories with 18 updates

James-Seely-scln/qwen-code #35

6.22.0 → 6.24.0 Minor PR

Closed 1 day ago 1 comment

build(deps): bump the npm_and_yarn group across 3 directories with 26 updates

HarleyCoops/qwen-code #15

7.10.0 → 7.28.0 Minor PR

Open 1 day ago 2 comments

chore(deps): bump the npm_and_yarn group across 2 directories with 25 updates

sethdford/gemini-cli #11

7.10.0 → 7.28.0 Minor PR

Closed 1 day ago 1 comment

build(deps): bump the production-minor-and-patch group across 1 directory with 8 updates

openclaw/clawhub #2650

7.27.2 → 7.28.0 Minor PR

Closed 1 day ago 3 comments

build(deps): bump undici from 8.4.0 to 8.4.1

roebi/github-api-get #296

8.4.0 → 8.4.1 Patch PR

Open 2 days ago 1 comment

frontend(deps): bump the npm_and_yarn group across 1 directory with 7 updates

imran31415/agentlog #178

6.21.3 → 6.26.0 Minor PR

Open 2 days ago 2 comments

chore(deps): bump undici from 7.24.5 to 8.4.0

google-gemini/gemini-cli #27928

7.24.5 → 8.4.0 Major PR

Closed 2 days ago 3 comments

chore(deps): bump the npm_and_yarn group across 2 directories with 20 updates

karbon0x/openworkflow #2

7.22.0 → 7.27.2 Minor PR

Closed 3 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 7 directories with 22 updates

Prekzursil/mcp-funnel #5

6.21.3 → 6.24.0 Minor PR

Open 3 days ago 3 comments

chore(deps): bump the npm_and_yarn group across 3 directories with 25 updates

HarleyCoops/gemini-cli #15

7.15.0 → 7.27.2 Minor PR

Open 3 days ago 2 comments

Bump the npm_and_yarn group across 1 directory with 3 updates

ksksrbiz-arch/agent-visibility #1

7.14.0 → 7.24.8 Minor PR

Open 3 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 2 directories with 24 updates

cosmiccareer/terminai #23

7.15.0 → 7.27.2 Minor PR

Closed 3 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 3 directories with 26 updates

EmilynnJ/qwen-code #9

6.22.0 → 6.24.0 Minor PR

Open 3 days ago 4 comments

chore(deps): Bump the production-dependencies group across 1 directory with 15 updates

ironmussa/funny #34

8.4.0 → 8.4.1 Patch PR

Open 4 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 5 directories with 6 updates

sunilkumarvalmiki/hermes-agent #9

7.23.0 → 7.27.2 Minor PR

Open 4 days ago 2 comments

chore(deps): bump the npm_and_yarn group across 4 directories with 7 updates

sanjeed5/hermes-agent #12

7.23.0 → 7.27.2 Minor PR

Open 4 days ago 2 comments

build(deps): bump the npm_and_yarn group across 2 directories with 7 updates

goodgollyholly/nitro #7

7.11.0 → 7.24.0 Minor PR

Open 5 days ago 2 comments

Bump undici and wrangler

unixfy/alexwang.net #217

7.18.2 → 7.24.8 Minor PR

Closed 5 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 2 directories with 24 updates

HarleyCoops/gemini-cli #13

7.15.0 → 7.27.2 Minor PR

Closed 6 days ago 3 comments

chore(deps): bump the npm_and_yarn group across 5 directories with 19 updates

Kaairofelipe/qwen-code #12

6.22.0 → 6.24.0 Minor PR

Closed 6 days ago 1 comment

build(deps): bump the npm_and_yarn group across 3 directories with 18 updates

mkusaka/bun #3

5.20.0 → 6.24.0 Major PR

Closed 6 days ago 1 comment

chore: bump the npm_and_yarn group across 1 directory with 2 updates

KanishJebaMathewM/Truxify #502

5.29.0 → 6.26.0 Major PR

Open 6 days ago 1 comment

build(deps): bump the npm_and_yarn group across 4 directories with 10 updates

Razisafir/KOVIX #55

6.20.1 → 6.26.0 Minor PR

Closed 6 days ago 1 comment

deps(deps): bump the production-dependencies group across 1 directory with 13 updates

actions-marketplace-validations/anantacloud-actions_setup-node #14

6.25.0 → 6.26.0 Minor PR

Open 6 days ago 1 comment

chore(deps): bump the test-versions group across 1 directory with 34 updates

DataDog/dd-trace-js #8855

8.3.0 → 8.4.0 Minor PR

Open 7 days ago 3 comments

chore(deps): bump the npm-patch-minor group across 1 directory with 9 updates

cortega26/elrincondeebano #334

8.2.0 → 8.4.1 Minor PR

Closed 7 days ago 4 comments

chore(deps): bump the npm_and_yarn group across 6 directories with 15 updates

ai-integr8tor/hermes-agent #9

7.23.0 → 7.27.2 Minor PR

Open 7 days ago 2 comments

chore(deps): bump the npm_and_yarn group across 2 directories with 3 updates

AvonS/hermes-agent #43

7.23.0 → 7.27.2 Minor PR

Open 7 days ago 1 comment

chore(deps): Bump the npm-patch-minor group across 1 directory with 27 updates

jaredglaser/homelab-manager #225

8.1.0 → 8.3.0 Minor PR

Open 8 days ago 1 comment

Bump undici from 7.25.0 to 8.4.1

Orsino404/1 #108

7.25.0 → 8.4.1 Major PR

Closed 8 days ago 3 comments

build(deps): bump the dependencies group across 1 directory with 18 updates

yashas-30/NYX #5

8.3.0 → 8.4.1 Minor PR

Open 8 days ago 1 comment

chore: bump undici from 7.25.0 to 8.4.1

eXist-db/node-exist #388

7.25.0 → 8.4.1 Major PR

Open 8 days ago 1 comment

Bump the npm_and_yarn group across 1 directory with 8 updates

georgyo/ipfs-hls #21

7.22.0 → 7.27.2 Minor PR

Closed 8 days ago 2 comments

Bump undici from 8.3.0 to 8.4.1

Test-Subject-droid/Etherpad #10

8.3.0 → 8.4.1 Minor PR

Closed 8 days ago 1 comment

chore(deps-dev): bump undici from 8.0.2 to 8.4.1 in /flipt-client-js

flipt-io/flipt-client-sdks #1779

8.0.2 → 8.4.1 Minor PR

Closed 9 days ago 1 comment

deps(deps): bump undici from 7.24.7 to 8.4.1

YawLabs/mcp-compliance #43

7.24.7 → 8.4.1 Major PR

Open 9 days ago 1 comment

fix(deps): bump undici from 7.27.2 to 8.4.0

HarperFast/template-site-cache #45

7.27.2 → 8.4.0 Major PR

Closed 9 days ago 2 comments

Bump the all group across 1 directory with 48 updates

johnohhh1/ollama-code #28

7.24.5 → 8.4.0 Major PR

Closed 9 days ago 1 comment

Bump undici from 7.25.0 to 7.27.2

Jasonhonghh/rsshub1 #123

7.25.0 → 7.27.2 Minor PR

Open 9 days ago 2 comments

chore(deps): bump undici from 8.3.0 to 8.4.0

pablopfg/evolution-api #1027

8.3.0 → 8.4.0 Minor PR

Open 9 days ago 2 comments

deps: Bump the production group across 1 directory with 23 updates

EfkaStudio-prd/G-ROUTER #18

8.3.0 → 8.4.0 Minor PR

Open 9 days ago 1 comment

build(deps): bump undici from 7.22.0 to 8.4.0

actions-marketplace-validations/gr2m_notifier-action #20

7.22.0 → 8.4.0 Major PR

Closed 9 days ago 1 comment

chore(deps-dev): bump the development-dependencies group across 1 directory with 40 updates

senoldogann/Guardian #93

7.25.0 → 7.27.2 Minor PR

Open 9 days ago 2 comments

Bump undici from 5.29.0 to 8.4.0

ruying-suixing/blog #12

5.29.0 → 8.4.0 Major PR

Closed 9 days ago 3 comments

build(deps): Bump undici from 5.28.4 to 8.4.0

tvv-lippu-ja-maksujarjestelma-oy/http-pulsar-poller #687

5.28.4 → 8.4.0 Major PR

Open 9 days ago 2 comments

chore(deps): bump the npm_and_yarn group across 1 directory with 3 updates

anavvanzin/iconocracy-corpus #67

5.29.0 → 7.24.8 Major PR

Open 9 days ago 1 comment

Package Details

Name:	`undici`
Ecosystem:	npm
PURL Type:	npm
Package URL:	`pkg:npm/undici`
JSON API:	View JSON

Security Advisories

22

Active advisories

HIGH 5

MODERATE 10

LOW 7

View All npm Advisories

Package Information

Description:

An HTTP/1.1 client, written from scratch for Node.js

Repository:	https://github.com/nodejs/undici
Homepage:	https://undici.nodejs.org
Latest Release:	`7.10.0` about 1 year ago
Dependent Repos:	98,048
Dependent Packages:	1,956
Downloads:	76,040,467
Ranking:	Top 0.1008% by dependent repos Top 0.0472% by downloads Top 0.0399% by dependent pkgs

PR Status

Open 7,075 (45.6%)

Merged 2,108 (13.6%)

Closed 4,636 (29.9%)

PR Types

Major 1,145 (7.4%)

Minor 9,816 (63.3%)

Patch 2,519 (16.2%)

Removal 289 (1.9%)