Does undici have any known vulnerabilities?

undici v7.19.2 has 1 known CVE vulnerability. Review the safety scan for severity details and remediation guidance.

What capabilities does undici have?

undici has the following detected capabilities: network access, process spawning, environment variable access. Review these before using with AI coding agents.

Can I use undici safely with AI coding agents?

undici has been flagged with risk indicators. Review the detected threats and capabilities before using with AI coding agents. Assessments are automated and may contain errors.

undici

Q: Is undici safe to use?

undici v7.19.2 has warnings detected in the latest brin safety scan. Trust score: 75/100. Review the flagged concerns before use. This is an automated assessment.

npm

Is undici safe to use?

The latest brin safety scan flagged undici v7.19.2 with risk indicators that warrant review. 1 known CVE vulnerability. Trust score: 75/100. Review the findings below before use. This is an automated assessment and may contain errors.

Install (safety-checked)

undici Has Warnings

Warnings detected due to potential concerns

warning

CVEs

Threats

Install Scripts

Risk Indicators

•Can spawn child processes

undici CVE Vulnerabilities (1)

CVE-2026-22036medium

Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

Fixed in: 6.23.0

brin Recommendations

→This package has warnings detected. Evaluate the specific concerns before proceeding.

Install with brin add undici to automatically apply these checks before installation.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

undici Capabilities & Permissions

What undici can access when installed. Review these capabilities before using with AI agents like Cursor, Claude Code, or Codex.

Network Access

This package makes network requests.

262.ecma-international.organdreubotella.github.iobugs.chromium.orgdatatracker.ietf.orgdeveloper.mozilla.orgdom.spec.whatwg.orgencoding.spec.whatwg.orgfetch.spec.whatwg.orggithub.comhtml.spec.whatwg.org+21 more

Protocols: http, https, tcp

Process Spawning

This package can spawn child processes.

Environment Variables

Accesses the following environment variables.

CIHTTPS_PROXYHTTP_PROXYJEST_WORKER_IDNO_PROXYUNDICI_NO_WASM_SIMDhttp_proxyhttps_proxyno_proxy

AGENTS.md for undici

Good instructions lead to good results. brin adds undici documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.