Generated on Apr 17, 2024 via pnpm

Npm

Home

@azure/identity 1.5.0

Provides credential implementations for Azure SDK libraries that can authenticate with Azure Active Directory

azure

cloud

active directory

authentication

credential

certificate

managed service identity

client secret

access token

Package summary

issues

licenses

Package created

27 Jun 2019

Version published

19 Jul 2021

Maintainers

Total deps

101

Direct deps

License

MIT

Issues

2 high severity issues

high

rc@1.2.8

Package uses a custom license expression: `(BSD-2-Clause OR MIT OR Apache-2.0)`

Recommendation: Validate that the license expression complies with your license policy

via: keytar@7.9.0

keytar@7.9.0

Package uses install script: "prebuild-install || npm run build"

via: keytar@7.9.0

Collapse

Expand

4 moderate severity issues

moderate

jsonwebtoken@8.5.1

jsonwebtoken unrestricted key type could lead to legacy keys usage

Recommendation: Upgrade to version 9.0.0 or later

via: @azure/msal-node@1.0.0-beta.6

jsonwebtoken@8.5.1

jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC

Recommendation: Upgrade to version 9.0.0 or later

via: @azure/msal-node@1.0.0-beta.6

jsonwebtoken@8.5.1

jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()

Recommendation: Upgrade to version 9.0.0 or later

via: @azure/msal-node@1.0.0-beta.6

axios@0.21.4

Axios Cross-Site Request Forgery Vulnerability

Recommendation: Upgrade to version 0.28.0 or later

via: @azure/msal-node@1.0.0-beta.6 & others

Collapse

Expand

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

81 Packages, Including:

@azure/abort-controller@2.1.2

@azure/core-auth@1.7.2

@azure/core-client@1.9.2

@azure/core-rest-pipeline@1.15.2

@azure/core-tracing@1.0.0-preview.12

@azure/core-tracing@1.1.2

@azure/core-util@1.9.0

@azure/identity@1.5.0

@azure/logger@1.1.2

@azure/msal-common@4.5.1

@azure/msal-node@1.0.0-beta.6

@types/node@20.12.7

@types/stoppable@1.1.3

agent-base@7.1.1

axios@0.21.4

base64-js@1.5.1

bl@4.1.0

buffer@5.7.1

call-bind@1.0.7

debug@4.3.4

decompress-response@6.0.0

deep-extend@0.6.0

define-data-property@1.1.4

end-of-stream@1.4.4

es-define-property@1.0.0

es-errors@1.3.0

events@3.3.0

follow-redirects@1.15.6

fs-constants@1.0.0

function-bind@1.1.2

get-intrinsic@1.2.4

github-from-package@0.0.0

gopd@1.0.1

has-property-descriptors@1.0.2

has-proto@1.0.3

has-symbols@1.0.3

hasown@2.0.2

http-proxy-agent@7.0.2

https-proxy-agent@7.0.4

is-docker@2.2.1

is-wsl@2.2.0

jsonwebtoken@8.5.1

jwa@1.4.1

jwa@2.0.0

jws@3.2.2

jws@4.0.0

keytar@7.9.0

lodash.includes@4.3.0

lodash.isboolean@3.0.3

lodash.isinteger@4.0.4

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

9 Packages, Including:

chownr@1.1.4

inherits@2.0.4

ini@1.3.8

lru-cache@6.0.0

once@1.4.0

semver@5.7.2

semver@7.6.0

wrappy@1.0.2

yallist@4.0.0

Apache License 2.0

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

use-patent-claims

place-warranty

Cannot

hold-liable

use-trademark

Must

include-copyright

include-license

state-changes

include-notice

4 Packages, Including:

@opentelemetry/api@1.8.0

detect-libc@2.0.3

ecdsa-sig-formatter@1.0.11

tunnel-agent@0.6.0

BSD 3-Clause "New" or "Revised" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

use-trademark

hold-liable

Must

include-copyright

include-license

3 Packages, Including:

buffer-equal-constant-time@1.0.1

ieee754@1.2.1

qs@6.12.1

BSD Zero Clause License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

include-copyright

include-license

include-original

Cannot

hold-liable

Must

2 Packages, Including:

tslib@1.14.1

tslib@2.6.2

(MIT OR WTFPL)

Permissive

1 Packages, Including:

expand-template@2.0.3

(BSD-2-Clause OR MIT OR Apache-2.0)

Expression

1 Packages, Including:

rc@1.2.8

Direct Dependencies

All Dependencies CSV

ⓘ This is a list of @azure/identity 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
@azure/core-auth	1.7.2	145.91 kB	MIT	prod
@azure/core-client	1.9.2	1.41 MB	MIT	prod
@azure/core-rest-pipeline	1.15.2	1.88 MB	MIT	prod
@azure/core-tracing	1.0.0-preview.12	33.6 kB	MIT	prod
@azure/logger	1.1.2	120.76 kB	MIT	prod
@azure/msal-node	1.0.0-beta.6	206.65 kB	MIT	prod	4
@types/stoppable	1.1.3	2.22 kB	MIT	prod
axios	0.21.4	98.72 kB	MIT	prod	1
events	3.3.0	16.19 kB	MIT	prod
jws	4.0.0	5.75 kB	MIT	prod
keytar	7.9.0	9.19 kB	MIT	prod optional	2
msal	1.4.18	540.08 kB	MIT	prod
open	7.4.2	12.37 kB	MIT	prod
qs	6.12.1	241.26 kB	BSD-3-Clause	prod
stoppable	1.1.0	3.18 kB	MIT	prod
tslib	2.6.2	15.59 kB	0BSD	prod
uuid	8.3.2	27.32 kB	MIT	prod