lodash
npmIs lodash safe to use?
The latest brin safety scan flagged lodash v4.17.23 with risk indicators that warrant review. 3 known CVE vulnerabilities. Trust score: 75/100. Review the findings below before use. This is an automated assessment and may contain errors.
Install (safety-checked)
lodash Has Warnings
Warnings detected due to potential concerns
3
0
0
Risk Indicators
- •Can spawn child processes
lodash CVE Vulnerabilities (3)
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions
Fixed in: 4.17.23
Command Injection in lodash
Fixed in: 4.17.21
Prototype Pollution in lodash
Fixed in: 4.17.19
brin Recommendations
- →This package has warnings detected. Evaluate the specific concerns before proceeding.
Install with brin add lodash to automatically apply these checks before installation.
This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.
lodash Capabilities & Permissions
What lodash can access when installed. Review these capabilities before using with AI agents like Cursor, Claude Code, or Codex.
Filesystem Access
Writes to the filesystem.
Process Spawning
This package can spawn child processes.
AGENTS.md for lodash
Good instructions lead to good results. brin adds lodash documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.
brin initVercel's research: 100% accuracy with AGENTS.md vs 53% without →
lodash Documentation & Source Code
For the full lodash README, API documentation, and source code, visit the official package registry.
Frequently asked questions about lodash safety
Install (safety-checked)
Weekly Downloads
Version
4.17.23License
MITLast Scanned
Trust Score
CVEs (3)
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions
Fixed in: 4.17.23
Capabilities
Writes files
Spawns child processes