Free Semver Range Checker
Enter a version range like ^4.2.0 and a version to test · see whether it matches and what the range actually allows.
Frequently asked
What's the difference between ^ and ~?
^4.2.0 allows anything below the next major (4.x.y ≥ 4.2.0). ~4.2.0 allows only patch updates (4.2.x). Caret is npm's default · which is why a compromised minor release of a dependency can reach you automatically.
Why does this matter for security?
Supply-chain attacks ship malicious code as a "compatible" minor or patch release, and caret ranges pull it in on the next install. Lockfiles pin what you actually get · commit them, and audit before bumping.
Run a full security scan →