Does jspdf have any known vulnerabilities?

jspdf v4.0.0 has 8 known CVE vulnerabilities. Review the safety scan for severity details and remediation guidance.

What capabilities does jspdf have?

jspdf has the following detected capabilities: network access, filesystem access, process spawning. Review these before using with AI coding agents.

Can I use jspdf safely with AI coding agents?

jspdf has been flagged with risk indicators. Review the detected threats and capabilities before using with AI coding agents. Assessments are automated and may contain errors.

jspdf

Q: Is jspdf safe to use?

jspdf v4.0.0 has warnings detected in the latest brin safety scan. Trust score: 65/100. Review the flagged concerns before use. This is an automated assessment.

npm

Is jspdf safe to use?

The latest brin safety scan flagged jspdf v4.0.0 with risk indicators that warrant review. 8 known CVE vulnerabilities. Trust score: 65/100. Review the findings below before use. This is an automated assessment and may contain errors.

Install (safety-checked)

jspdf Has Warnings

Warnings detected due to potential concerns

warning

CVEs

Threats

Install Scripts

Risk Indicators

•Can spawn child processes

jspdf CVE Vulnerabilities (8)

CVE-2026-24040medium

jsPDF has Shared State Race Condition in addJS Plugin

Fixed in: 4.1.0

CVE-2026-24043medium

jsPDF Vulnerable to Stored XMP Metadata Injection (Spoofing & Integrity Violation)

Fixed in: 4.1.0

CVE-2026-24133high

jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder

Fixed in: 4.1.0

brin Recommendations

→This package has warnings detected. Evaluate the specific concerns before proceeding.
→Update to a patched version to address 2 high-severity CVEs.

Install with brin add jspdf to automatically apply these checks before installation.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

jspdf Capabilities & Permissions

What jspdf can access when installed. Review these capabilities before using with AI agents like Cursor, Claude Code, or Codex.

Network Access

This package makes network requests.

cdnjs.cloudflare.comdeveloper.mozilla.orgeligrey.comen.wikipedia.orggithub.comhansmuller-flex.blogspot.comjspdf.default.namespaceurimgran.blogspot.com]opensource.orgrawgit.com+11 more

Protocols: http, https

Filesystem Access

Reads and writes to the filesystem.

Process Spawning

This package can spawn child processes.

AGENTS.md for jspdf

Good instructions lead to good results. brin adds jspdf documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.