Update underscore lib to 1.13.*
yeah +1, need to be updated to latest underscore version
Read full answer below ↓Question
Current version have security issue
Might be update to newest version
Answers (4)
yeah +1, need to be updated to latest underscore version
Hi guys, I'm closing this as a duplicate of #3443
Also need that fix after pen test!
Thanks for reporting this, @zgeist. Security and dependency issues are important. The GrapesJS team actively works on keeping dependencies up-to-date. For you right now: Run npm audit fix to see available patches Check for a newer GrapesJS version that may have already addressed this If available,...
Related Questions and Answers
Continue research with similar issue discussions.
Issue #3443
Backbone-undo/underscore security advisory
Version: v0.17.3 Are you able to reproduce the bug from the demo?[x] Yes[ ] No What is the expected behavior? See below What is the current...
Issue #6049
Dependencies
The codebase currently relies on outdated dependencies. This ticket aims to: Update all existing dependencies to their latest stable versio...
Issue #6723
Dependency: grapesjs >=0.21.13 Depends on vulnerable versions of underscore
GrapesJS version [x] I confirm to use the latest version of GrapesJS What browser are you using? Edge, mozilla Reproducible demo link NA De...
Issue #3332
Nearly half the packages specified have high risk vulnerabilities, all have some vulnerability.
After npm i we can see that the level of vulnerabilities is unacceptable. added 646 packages from 383 contributors and audited 762 packages...
Paid Plugins That Match This Issue
Curated by issue keywords and label relevance to help you ship faster.
Loading paid plugin recommendations...
Check the open-source GrapesJS plugins on GitHub or run a quick search in our free catalog.
Browse free plugins →Premium plugins ship with support, regular updates, and production-ready features — save days of integration work.
Browse premium plugins →Related tutorials
In-depth guides on the same topic.
Tutorial
Introducing GJS.Market Services: ship your GrapesJS editor without the integration risk
It's everything that usually eats weeks of engineering time, scoped and priced up front. No open-ended hourly surprises.
Tutorial
How to integrate GrapesJS into an Astro app (complete guide 2026)
Embed GrapesJS in an Astro site: mount it in a client-side script, save content to an Astro API endpoint, and export clean HTML/CSS.
Tutorial
How to integrate GrapesJS into a Django app (complete guide 2026)
Embed GrapesJS in a Django project: render the editor in a template, persist content to a view with CSRF, store the project JSON, and export HTML/CSS.
Browse Plugin Categories
Jump directly to plugin category pages on the marketplace.