Menu
I am using xlsx in my js code. It works fine from last year. Today I start getting problem and build fails. Dueto:
$ yarn audit:
yarn audit v1.22.19
┌─────────────────────────────────────────────────────────────────────────────
│ moderate: Prototype Pollution in sheetJS
├─────────────────────────────────────────────────────────────────────────────
│ Package: xlsx
├─────────────────────────────────────────────────────────────────────────────
│ Patched in: >=0.19.3
├─────────────────────────────────────────────────────────────────────────────
│ Dependency of: xlsx
├─────────────────────────────────────────────────────────────────────────────
│ Path: xlsx
├─────────────────────────────────────────────────────────────────────────────
│ More info: https://www.npmjs.com/advisories/1091817
└─────────────────────────────────────────────────────────────────────────────
It is obvious the solution is to upgrade to version 0.19.3 or higher, but the latest vesion is 0.18.5 due to: https://www.npmjs.com/package/xlsx?activeTab=readme.
Is there any way to solve this issue?
274
asked Sep 01 '25 16:09
As explained in the README, this project is no longer maintained on GitHub and no longer published to npm. Try to install from below link: https://cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz. In your package.json file add this:
"xlsx": "https://cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz"
use this version Evergreen Version (will change over time) in your package.json change the url manually :
"xlsx": "https://cdn.sheetjs.com/xlsx-latest/xlsx-latest.tgz"
or the current version while writing this:
"xlsx": "https://cdn.sheetjs.com/xlsx-0.20.2/xlsx-0.20.2.tgz"
and run npm install
full details: https://cdn.sheetjs.com/
30
answered Sep 14 '25 00:09
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With