SUPPLY-CHAIN REPORT

faisalman/ua-parser-js

UAParser.js - The Essential Web Development Tool for User-Agent Detection. Detect Browsers, OS, Devices, Bots, Apps, AI Crawlers, and more. Run in Browser (client-side) or Node.js (server-side).

VERDICTCOMPROMISED·63/100

View on GitHub →

STARS

10,103

FORKS

1,223

OPEN ISSUES

LANGUAGE

JavaScript

LICENSE

AGPL-3.0

LAST PUSH

2026-04-16

SIGNALS

BAD

Historical supply-chain incidents

1 known incident on record. Worst: ua-parser-js hijack — cryptominer + password stealer.

INFO

Historical security advisories

1 disclosed advisory (0 critical, 1 high) — typically patched in newer releases. Pin to the latest version.

Maintenance activity

Actively maintained. Last push 0 days ago.

Ecosystem trust

10,103 stars. Widely used — supply-chain attacks on popular repos are high-impact but also more likely to be caught fast.

License

AGPL-3.0

HISTORICAL INCIDENTS (1)

CRITICAL2021-10-22

ua-parser-js hijack — cryptominer + password stealer

Maintainer npm account compromised; malicious versions 0.7.29, 0.8.0, 1.0.0 published containing Linux cryptominer and Windows credential stealer. CISA issued alert.

Source →

METHODOLOGY

This report is generated on demand by querying the GitHub API for repository metadata and published security advisories, then cross-referencing our curated database of known supply-chain incidents (xz-utils, event-stream, ua-parser-js, colors.js, tj-actions, Codecov, and more). Results are cached for 24 hours. We do not scan repository code or dependencies — for that, see Snyk or Socket. Verdict: CLEAN ≥80, CAUTION 50–79, COMPROMISED<50.

SCAN A DEPLOYED SITE

Repo looks clean but the live deployment might still be exposing headers, CORS, or SSL misconfigurations.

SCAN A URL →

SCANNING faisalman/ua-parser-js...