Upgrading version of the XLSX library

XLSX has chosen to stop publishing to the npm registry. This means that XLSX is permanently locked at version 0.18.5.

If you want to use the latest version of XLSX, you can add this into your package.json file:

"resolutions": {
  "xlsx": "https://cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz"
"overrides": {
  "xlsx": "https://cdn.sheetjs.com/xlsx-0.19.3/xlsx-0.19.3.tgz"

Now your project will use the XLSX CDN, instead of using the npm package.

However, that has a lot of issues:

  • You are now locked to a single version of XLSX, it will not automatically upgrade.
  • CDNs cannot be used with npm audit.
  • CDNs have not been verified by npm.
  • CDNs do not have checksums, which means they can be tampered with.
  • CDNs do not have any security at all, you are trusting a (potentially malicious) third party.
  • If the CDN gets hacked your entire project can now be hacked and hijacked.

If you choose to use the XLSX CDN, we cannot take any responsibility for any issues that may happen.

Posted in Uncategorized