brin
brin

sharp

npm

Is sharp safe to use?

The latest brin safety scan flagged sharp v0.34.5 with risk indicators that warrant review. No known CVE vulnerabilities. Trust score: 65/100. Review the findings below before use. This is an automated assessment and may contain errors.

Install (safety-checked)

sharp Has Warnings

Warnings detected due to potential concerns

warning
CVEs

0

Threats

0

Install Scripts

0

Risk Indicators

  • Can spawn child processes

brin Recommendations

  • This package has warnings detected. Evaluate the specific concerns before proceeding.

Install with brin add sharp to automatically apply these checks before installation.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

sharp Capabilities & Permissions

What sharp can access when installed. Review these capabilities before using with AI agents like Cursor, Claude Code, or Codex.

Network Access

This package makes network requests.

developer.mozilla.orgen.wikipedia.orgeprints.soton.ac.ukexample.comgithub.comjohncostella.comnodejs.orgpurl.orgsharp.pixelplumbing.comwww.cairographics.org+6 more
Protocols: http, https

Filesystem Access

Writes to the filesystem.

.env (r)/usr/ (w).env (w)package.json (w)package.json (w)

Process Spawning

This package can spawn child processes.

Environment Variables

Accesses the following environment variables.

PKG_CONFIG_PATHSHARP_FORCE_GLOBAL_LIBVIPSSHARP_IGNORE_GLOBAL_LIBVIPSnpm_config_build_from_sourcenpm_package_config_libvips

AGENTS.md for sharp

Good instructions lead to good results. brin adds sharp documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.

brin init

Vercel's research: 100% accuracy with AGENTS.md vs 53% without →

sharp Documentation & Source Code

For the full sharp README, API documentation, and source code, visit the official package registry.

View on npmView SourceHomepage

Frequently asked questions about sharp safety

Weekly Downloads

29.5M

Version

0.34.5

License

Apache-2.0

Last Scanned

Feb 1, 2026

Trust Score

65/100·Legitimacy signals, not safety

Capabilities

Network

Connects to: developer.mozilla.org, en.wikipedia.org, eprints.soton.ac.uk...

Filesystem

Writes files

Process

Spawns child processes

Environment

Accesses: PKG_CONFIG_PATH, SHARP_FORCE_GLOBAL_LIBVIPS, SHARP_IGNORE_GLOBAL_LIBVIPS...