Home
Docs
GitHub
Pricing
Blog
Log In
DOCS
GITHUB
PRICING
BLOG
Log In

Run Sandworm Audit for your App

Get started
Hold on, we're currently generating a fresh version of this report
Generated on Apr 18, 2024 via pnpm
Repo
Npm
Home

core-js 3.33.1

Standard library
ES3
ES5
ES6
ES7
ES2015
ES2016
ES2017
ES2018
ES2019
ES2020
ES2021
ES2022
ES2023
ECMAScript 3
ECMAScript 5
ECMAScript 6
ECMAScript 7
ECMAScript 2015
ECMAScript 2016
ECMAScript 2017
ECMAScript 2018
ECMAScript 2019
ECMAScript 2020
ECMAScript 2021
ECMAScript 2022
ECMAScript 2023
Map
Set
WeakMap
WeakSet
TypedArray
Promise
Observable
Symbol
Iterator
AsyncIterator
URL
URLSearchParams
queueMicrotask
setImmediate
structuredClone
polyfill
ponyfill
shim
Package summary
Share
1
issue
1
high severity
meta
1
1
license
1
MIT
Package created
18 Jul 2013
Version published
20 Oct 2023
Maintainers
1
Total deps
1
Direct deps
0
License
MIT

Issues

1

1 high severity issue

high
core-js@3.33.1
Package uses postinstall script: "node -e "try{require('./postinstall')}catch(e){}""
via: core-js@3.33.1
Collapse
Expand

Install Script Usage

β“˜ This section contains AI-generated explanations for this package's install scripts.
     We recommend overviewing the package source files before installing to your project.

The "postinstall" Script

node -e "try{require('./postinstall')}catch(e){}"

This is a post-install script used by the core-js package. core-js is a popular Javascript library that offers polyfills for many newer Javascript and DOM features to older browsers/platforms. The script basically displays a banner in the console which thanks for using core-js and requests for donations. When the package is installed, it checks if certain environmental variables are defined (ADBLOCK, DISABLE_OPENCOLLECTIVE, npm_config_loglevel, OPEN_SOURCE_CONTRIBUTOR, and certain CI variables) and the contents of a file named core-js-banners in the OS's temporary directory. It will write the banner to that file if it's not already present, or if it hasn't been displayed in the last 3 minutes. If none of these conditions are met, it will display the banner in the console. There is no code in this script that looks like it would be a security vulnerability. It does not attempt to open network connections, read sensitive data, make changes to system files, or execute remote code.

Licenses

MIT
1

MIT License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
Cannot
hold-liable
Must
include-copyright
include-license
1 Packages, Including:
core-js@3.33.1
Disclaimer

This deed highlights only some of the key features and terms of the actual license. It is not a license and has no legal value. You should carefully review all of the terms and conditions of the actual license before using the licensed material.

Sandworm is not a law firm and does not provide legal services. Distributing, displaying, or linking to this deed or the license that it summarizes does not create a lawyer-client or any other relationship.

Direct Dependencies

0
All Dependencies CSV
β“˜ This is a list of core-js 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.
NameVersionSizeLicenseTypeVulnerabilities

Visualizations

Tree
Treemap

Frequently Asked Questions

What does core-js do?

Core-js is a modular standard library for JavaScript. It provides polyfills for ECMAScript, including promises, symbols, collections, iterators, typed arrays and various other features. Core-js also supports ECMAScript proposals and some cross-platform WHATWG / W3C features and proposals, like URL. You can choose to load only the features you need or use it without the pollution of the global namespace.

How do you use core-js?

To use Core-js, you can simply import it into your JavaScript file. Here is an example of using the whole library:

import 'core-js/actual';

Promise.resolve(42).then(it => console.log(it));  // => 42

Array.from(new Set([1, 2, 3]).union(new Set([3, 4, 5])));  // => [1, 2, 3, 4, 5]

If you only need certain features, you can import them individually:

import 'core-js/actual/promise';
import 'core-js/actual/iterator';

Promise.resolve(42).then(it => console.log(it));  // => 42

To avoid global namespace pollution, use the 'core-js-pure' import pattern:

import Promise from 'core-js-pure/actual/promise';

Promise.resolve(42).then(it => console.log(it));  // => 42

Where are the core-js docs?

The core-js documentation is available in its GitHub repository. This comprehensive guide provides deeper insights into the package's functionality, usage examples, and additional resources for better understanding and implementation.

Recent Versions

Sandworm Dunes
Ready to start?

Scan your app for security vulnerabilities and license issues

Start Free With GitHub
Sandworm Open Source
Sandworm
Getting Started Issue Types Resolve Issues License Policies Sandworm Guard
Explore
Npm Package List Composer Package List Npm Categories List Npm Security Vulnerabilities Composer Security Vulnerabilities
Support
Sponsor Discuss Terms of Use Privacy Policy Security
More from Sandworm
Newsletter 𝕏 / Twitter 𝕏 / Twitter Security Alerts Knowledge Base Blog Contact