Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/967301?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/967301?format=api", "purl": "pkg:npm/svelte@5.27.1", "type": "npm", "namespace": "", "name": "svelte", "version": "5.27.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.53.5", "latest_non_vulnerable_version": "5.55.7", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50268?format=api", "vulnerability_id": "VCID-2x29-rs51-hfha", "summary": "Svelte affected by cross-site scripting via spread attributes in Svelte SSR\nVersions of svelte prior to 5.51.5 are vulnerable to cross-site scripting (XSS) during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker can inject malicious event handlers that execute in victims' browsers.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27121.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27121.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27121", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01427", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0142", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01425", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27121" }, { "reference_url": "https://github.com/sveltejs/svelte", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sveltejs/svelte" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441532", "reference_id": "2441532", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441532" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27121", "reference_id": "CVE-2026-27121", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27121" }, { "reference_url": "https://github.com/advisories/GHSA-f7gr-6p89-r883", "reference_id": "GHSA-f7gr-6p89-r883", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7gr-6p89-r883" }, { "reference_url": "https://github.com/sveltejs/svelte/security/advisories/GHSA-f7gr-6p89-r883", "reference_id": "GHSA-f7gr-6p89-r883", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:31:36Z/" } ], "url": "https://github.com/sveltejs/svelte/security/advisories/GHSA-f7gr-6p89-r883" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74152?format=api", "purl": "pkg:npm/svelte@5.51.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-967r-bg6y-2bd6" }, { "vulnerability": "VCID-f7b2-jqpu-27bs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.51.5" } ], "aliases": [ "CVE-2026-27121", "GHSA-f7gr-6p89-r883" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2x29-rs51-hfha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50415?format=api", "vulnerability_id": "VCID-967r-bg6y-2bd6", "summary": "Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`\nThe contents of `bind:innerText` and `bind:textContent` on `contenteditable` elements were not properly escaped. This could enable HTML injection and Cross-site Scripting (XSS) if rendering untrusted data as the binding's initial value on the server.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27901.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27901.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27901", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10315", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10421", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10441", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10399", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27901" }, { "reference_url": "https://github.com/sveltejs/svelte", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sveltejs/svelte" }, { "reference_url": "https://github.com/sveltejs/svelte/commit/0df5abcae223058ceb95491470372065fb87951d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:30:46Z/" } ], "url": "https://github.com/sveltejs/svelte/commit/0df5abcae223058ceb95491470372065fb87951d" }, { "reference_url": "https://github.com/sveltejs/svelte/releases/tag/svelte@5.53.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sveltejs/svelte/releases/tag/svelte@5.53.5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442918", "reference_id": "2442918", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442918" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27901", "reference_id": "CVE-2026-27901", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27901" }, { "reference_url": "https://github.com/advisories/GHSA-phwv-c562-gvmh", "reference_id": "GHSA-phwv-c562-gvmh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-phwv-c562-gvmh" }, { "reference_url": "https://github.com/sveltejs/svelte/security/advisories/GHSA-phwv-c562-gvmh", "reference_id": "GHSA-phwv-c562-gvmh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:30:46Z/" } ], "url": "https://github.com/sveltejs/svelte/security/advisories/GHSA-phwv-c562-gvmh" }, { "reference_url": "https://github.com/sveltejs/svelte/releases/tag/svelte%405.53.5", "reference_id": "svelte%405.53.5", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:30:46Z/" } ], "url": "https://github.com/sveltejs/svelte/releases/tag/svelte%405.53.5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74298?format=api", "purl": "pkg:npm/svelte@5.53.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.53.5" } ], "aliases": [ "CVE-2026-27901", "GHSA-phwv-c562-gvmh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-967r-bg6y-2bd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50252?format=api", "vulnerability_id": "VCID-bq9b-9t2h-sydd", "summary": "Svelte SSR attribute spreading includes inherited properties from prototype chain\nIn server-side rendering, attribute spreading on elements (e.g. `<div {...attrs}>`) enumerates inherited properties from the object's prototype chain rather than only own properties. In environments where `Object.prototype` has already been polluted — a precondition outside of Svelte's control — this can cause unexpected attributes to appear in SSR output or cause SSR to throw errors. Client-side rendering is not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27125.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27125.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27125", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.0902", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09083", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.091", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09079", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27125" }, { "reference_url": "https://github.com/sveltejs/svelte", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sveltejs/svelte" }, { "reference_url": "https://github.com/sveltejs/svelte/commit/73098bb26c6f06e7fd1b0746d817d2c5ee90755f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T21:33:01Z/" } ], "url": "https://github.com/sveltejs/svelte/commit/73098bb26c6f06e7fd1b0746d817d2c5ee90755f" }, { "reference_url": "https://github.com/sveltejs/svelte/releases/tag/svelte@5.51.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T21:33:01Z/" } ], "url": "https://github.com/sveltejs/svelte/releases/tag/svelte@5.51.5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441511", "reference_id": "2441511", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441511" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27125", "reference_id": "CVE-2026-27125", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27125" }, { "reference_url": "https://github.com/advisories/GHSA-crpf-4hrx-3jrp", "reference_id": "GHSA-crpf-4hrx-3jrp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-crpf-4hrx-3jrp" }, { "reference_url": "https://github.com/sveltejs/svelte/security/advisories/GHSA-crpf-4hrx-3jrp", "reference_id": "GHSA-crpf-4hrx-3jrp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T21:33:01Z/" } ], "url": "https://github.com/sveltejs/svelte/security/advisories/GHSA-crpf-4hrx-3jrp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74152?format=api", "purl": "pkg:npm/svelte@5.51.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-967r-bg6y-2bd6" }, { "vulnerability": "VCID-f7b2-jqpu-27bs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.51.5" } ], "aliases": [ "CVE-2026-27125", "GHSA-crpf-4hrx-3jrp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bq9b-9t2h-sydd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50259?format=api", "vulnerability_id": "VCID-s9rd-dy7s-wka4", "summary": "Svelte SSR does not validate dynamic element tag names in `<svelte:element>`\nWhen using `<svelte:element this={tag}>` in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injection in the SSR output. Client-side rendering is not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27122.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27122.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27122", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01382", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01385", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01389", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0139", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27122" }, { "reference_url": "https://github.com/sveltejs/svelte", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sveltejs/svelte" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441520", "reference_id": "2441520", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441520" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27122", "reference_id": "CVE-2026-27122", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27122" }, { "reference_url": "https://github.com/advisories/GHSA-m56q-vw4c-c2cp", "reference_id": "GHSA-m56q-vw4c-c2cp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m56q-vw4c-c2cp" }, { "reference_url": "https://github.com/sveltejs/svelte/security/advisories/GHSA-m56q-vw4c-c2cp", "reference_id": "GHSA-m56q-vw4c-c2cp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:22:44Z/" } ], "url": "https://github.com/sveltejs/svelte/security/advisories/GHSA-m56q-vw4c-c2cp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74152?format=api", "purl": "pkg:npm/svelte@5.51.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-967r-bg6y-2bd6" }, { "vulnerability": "VCID-f7b2-jqpu-27bs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.51.5" } ], "aliases": [ "CVE-2026-27122", "GHSA-m56q-vw4c-c2cp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s9rd-dy7s-wka4" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.27.1" }