npm
defu
2 known vulnerabilities · 0 critical · 1 high
CVE-2026-35209HIGH
Risk: 50.4/100
defu: Prototype pollution via `__proto__` key in defaults argument
Published Apr 4, 2026
defuddle vulnerable to XSS via unescaped string interpolation in _findContentBySchemaText image tag
Published Mar 6, 2026
Check your entire dependency tree at onceRun dependency scan →