clevertap-web-sdk — JavaScript SDK

## What's Changed * Support for srcset and sizes for image in visual editor by @ThisIsRaghavGupta in https://github.com/CleverTap/clevertap-web-sdk/p…

v2.5.1

- Fixed the campaign delivery triggers logic

v2.5.0

## What's Changed * Encryption in transit web sdk by @kkyusuftk in https://github.com/CleverTap/clevertap-web-sdk/pull/468 * Develop by @kkyusuftk i…

v2.4.0

- Added Nested object support in profile and event properties.

v2.3.4

## What's Changed * semaphore: replacing semaphore agents with newer upstreamed agents by @Yashprime1 in https://github.com/CleverTap/clevertap-web-s…

🔒 Security advisories (2)

HIGH

CleverTap Web SDK is vulnerable to DOM-based XSS via handleCustomHtmlPreviewPostMessageEvent function

CVE: CVE-2026-26861Fixed in 1.15.3Details ↗

HIGH

CleverTap Web SDK is vulnerable to DOM-based Cross-Site Scripting (XSS) via window.postMessage

CVE: CVE-2026-26862Fixed in 1.15.3Details ↗

Data from OSV.dev

Quality signals

Score

Stars16

Forks19

Last updated

LicenseMIT

Supported APIs (1)

clever.com

Repository

CleverTap/clevertap-web-sdk

★ Stars Issues PRs Releases

Language

JavaScript

Browse all JavaScript SDKs →

📦 Package statsnpm ↗

Monthly downloads89.6K

Bundle size (gzip)86.1 kB

Bundle (minified)286.3 kB

Used by packages2

5.6

OpenSSF Scorecard

out of 10 · 2026-03-02

Full report ↗

👁️ Code Review

9/10

🔄 Maintained

10/10

🪙 Token Permissions

0/10

📋 Security Policy

0/10

🔐 Branch ProtectionN/A

🔍 Static Analysis (SAST)

0/10