| Name | Type | Description | Notes |
|---|---|---|---|
| packageName | string | Name of the affected npm package | |
| installedVersion | string | Version of the package currently installed | |
| isDirect | bool | Whether the package is a direct dependency | |
| isPatchable | bool | Whether the vulnerability can be auto-patched without a major version bump | |
| fixVersion | string | Version that fixes the vulnerability, if known | |
| vulnerabilityId | string | Unique vulnerability identifier (e.g. GHSA or CVE) | |
| severity | string | Severity level of the vulnerability | |
| title | string | Short human-readable title of the vulnerability | |
| description | string | Detailed description of the vulnerability | |
| cvssScore | float | CVSS base score (0.0-10.0) | |
| cve | string | CVE identifier, if available | |
| cwe | string | CWE identifier describing the weakness type | |
| url | string | URL to the vulnerability advisory | |
| publishedAt | \DateTime | Date the vulnerability was published, in ISO 8601 format | |
| isPatchingInProgress | bool | Whether this vulnerability is included in a currently open patch pull request |