DepKeep

OSS Support Hub / Build Tool

Node.js Build Tool MIT Latest: v5.108.1

Webpack

Static module bundler for modern JavaScript applications

npmGitHub
Health Metrics

Project Health at a Glance

Live data from GitHub and npm, updated daily.

65.8K+103
GitHub Stars
📦
v5.108.1
Latest Release · 3 days ago
🔄
13d
Avg. Release Cadence
🐛
176
Open Issues
📅
Yesterday
Last Commit
⬇️
49.5M
Weekly Downloads
🔒
4
Active CVEs

Data last fetched: 2026-06-29

Security

Known Vulnerabilities

4 active CVEs reported via OSV.dev

GHSA-38r7-794h-5758 CVSS_V3

webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence

Published: 2026-02-05 Fixed in: 5.104.0
GHSA-4vvj-4cpr-p986 CVSS_V3

Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS

Published: 2024-08-27 Fixed in: 5.94.0
GHSA-8fgc-7cc6-rx7x CVSS_V3

webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior

Published: 2026-02-05 Fixed in: 5.104.1
GHSA-hc6q-2mpp-qw7j CVSS_V3

Cross-realm object access in Webpack 5

Published: 2023-03-13 Fixed in: 5.76.0
Ecosystem

Alternatives to Webpack

Other Build Tool projects in the Node.js ecosystem worth evaluating.

vite parcel rollup
Get Help

Support Options for Webpack

Enterprise Support via DepKeep

Get SLA-backed support, security patches, and direct access to senior engineers for Webpack — without relying on volunteer maintainers.

Talk to an Expert →

Community Channels

GitHub Discussions →Stack Overflow →