PrivBatch loads these libraries from public CDNs. Every script is open source. Nothing is hidden.
| Library | Version | Licence | Source | Used in PrivBatch |
|---|---|---|---|---|
| Papa Parse | 5.4.1 | MIT | github.com/mholt/PapaParse | CSV ⇔ JSON |
| SheetJS (xlsx) | 0.20.3 | Apache-2.0 | github.com/SheetJS/sheetjs | Excel → JSON, CLIServed from cdn.sheetjs.com |
| jsPDF | 2.5.1 | MIT | github.com/parallax/jsPDF | CSV ⇔ JSON, XML ⇔ JSON, Excel → JSON, SQL → JSON, GDPR Suite, GDPR Pack, Bundle Mode |
| JSZip | 3.10.1 | MIT or GPLv3 | github.com/Stuk/jszip | CSV ⇔ JSON, XML ⇔ JSON, Excel → JSON, SQL → JSON, GDPR Pack, Bundle Mode |
| crypto-js | 4.2.0 | MIT | github.com/brix/crypto-js | Hash Generator, GDPR Suite, GDPR Pack, Bundle ModePinned >=4.2.0 - earlier versions had a PBKDF2 vulnerability (CVE-2023-46233) |
| marked | 9.1.6 | MIT | github.com/markedjs/marked | Markdown Preview |
| cronstrue | 2.50.0 | MIT | github.com/bradymholt/cRonstrue | Cron Parser |
| js-yaml | 4.1.0 | MIT | github.com/nodeca/js-yaml | YAML ⇔ JSON, .env Formatter |
| jsonpath | 1.1.1 | MIT | github.com/dchester/jsonpath | JSON Query |
| xterm.js | 5.3.0 | MIT | github.com/xtermjs/xterm.js | CLISame renderer used by VS Code, Replit, Cloud Shell. Served from jsdelivr (cdnjs has delisted it). Loaded on /cli.html only. |
| xterm-addon-fit | 0.8.0 | MIT | github.com/xtermjs/xterm.js/addons/addon-fit | CLISizes the terminal to its container. Served from jsdelivr. Loaded on /cli.html only. |
| minimist | 1.2.8 | MIT | github.com/minimistjs/minimist | CLIArgv parser. Pinned >=1.2.6 to avoid CVE-2021-44906 (prototype pollution). Served from jsdelivr (cdnjs has delisted it). Loaded on /cli.html only via a 3-line module shim because the file ships as CommonJS. |
We load these from cdnjs.cloudflare.com, cdn.sheetjs.com, and cdn.jsdelivr.net because they cache once per user and never reload. After your first visit, every tool runs without fetching anything.
jsdelivr is the documented exception for libraries that cdnjs has delisted (xterm.js + minimist, both loaded on `/cli.html` only). Everything else is pure cdnjs.
Each library is auditable on its GitHub page. No build step, no bundle, no transpilation. You can open DevTools, view the source of any tool, and read exactly what runs on your machine.
Google Fonts (Geist, IBM Plex Mono) is also loaded for typography. Beyond the libraries above and that font request, PrivBatch makes no network calls during processing - confirm it yourself with Prove It mode in any tool.
