brin
brin

devalue

npm

Is devalue safe to use?

The latest brin safety scan flagged devalue v5.6.2 with risk indicators that warrant review. 2 known CVE vulnerabilities. Trust score: 75/100. Review the findings below before use. This is an automated assessment and may contain errors.

Install (safety-checked)

devalue Has Warnings

Warnings detected due to potential concerns

warning
CVEs

2

Threats

0

Install Scripts

0

Risk Indicators

  • Can spawn child processes

devalue CVE Vulnerabilities (2)

CVE-2026-22774high

Devalue is vulnerable to denial of service due to memory exhaustion in devalue.parse

Fixed in: 5.6.2

CVE-2026-22775high

devalue vulnerable to denial of service due to memory/CPU exhaustion in devalue.parse

Fixed in: 5.6.2

brin Recommendations

  • This package has warnings detected. Evaluate the specific concerns before proceeding.
  • Update to a patched version to address 2 high-severity CVEs.

Install with brin add devalue to automatically apply these checks before installation.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

devalue Capabilities & Permissions

What devalue can access when installed. Review these capabilities before using with AI agents like Cursor, Claude Code, or Codex.

Process Spawning

This package can spawn child processes.

AGENTS.md for devalue

Good instructions lead to good results. brin adds devalue documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.

brin init

Vercel's research: 100% accuracy with AGENTS.md vs 53% without →

devalue Documentation & Source Code

For the full devalue README, API documentation, and source code, visit the official package registry.

View on npmView SourceHomepage

Frequently asked questions about devalue safety

Weekly Downloads

4.1M

Version

5.6.2

License

MIT

Other Versions

5.6.3

Last Scanned

Feb 1, 2026

Trust Score

75/100·Legitimacy signals, not safety

CVEs (2)

CVE-2026-22774

Devalue is vulnerable to denial of service due to memory exhaustion in devalue.parse

Fixed in: 5.6.2

CVE-2026-22775

devalue vulnerable to denial of service due to memory/CPU exhaustion in devalue.parse

Fixed in: 5.6.2

Capabilities

Process

Spawns child processes

Is devalue Safe? | npm Safety Scan - brin