Hold on, we're currently generating a fresh version of this report

Generated on May 18, 2024 via pnpm

activator 3.4.0

simple user activation and password reset for nodejs

Package summary

26

issues

9

licenses

Package created

19 Aug 2013

Version published

22 Feb 2019

Maintainers

1

Total deps

58

Direct deps

5

License

MIT

Issues

26

8 critical severity issues

underscore@1.4.4

Arbitrary Code Execution in underscore

Recommendation: Upgrade to version 1.12.1 or later

via: styliner@1.0.4

cheerio@0.10.8

Package has no specified license

Recommendation: Check the package code and files for license information

via: styliner@1.0.4

cycle@1.0.3

Package has no specified license

Recommendation: Check the package code and files for license information

via: styliner@1.0.4

domhandler@2.0.3

Package has no specified license

Recommendation: Check the package code and files for license information

via: styliner@1.0.4

domutils@1.0.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: styliner@1.0.4

domutils@1.2.2

Package has no specified license

Recommendation: Check the package code and files for license information

via: styliner@1.0.4

underscore@1.4.4

Package has no specified license

Recommendation: Check the package code and files for license information

via: styliner@1.0.4

url2@0.0.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: styliner@1.0.4

9 high severity issues

qs@1.2.2

Prototype Pollution Protection Bypass in qs

Recommendation: Upgrade to version 6.0.4 or later

via: styliner@1.0.4

qs@1.2.2

qs vulnerable to Prototype Pollution

Recommendation: Upgrade to version 6.2.4 or later

via: styliner@1.0.4

CSSselect@0.3.11

Package uses an invalid SPDX license ("BSD-like")

Recommendation: Validate that the package complies with your license policy

via: styliner@1.0.4

CSSwhat@0.4.7

Package uses an invalid SPDX license ("BSD-like")

Recommendation: Validate that the package complies with your license policy

via: styliner@1.0.4

entities@0.5.0

Package uses an invalid SPDX license ("BSD-like")

Recommendation: Validate that the package complies with your license policy

via: styliner@1.0.4

qs@1.2.2

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: styliner@1.0.4

CSSselect@0.3.11

Deprecated package

via: styliner@1.0.4

CSSwhat@0.4.7

Deprecated package

via: styliner@1.0.4

es5-ext@0.10.64

Package uses postinstall script: " node -e "try{require('./_postinstall')}catch(e){}" || exit 0"

via: styliner@1.0.4

5 moderate severity issues

jsonwebtoken@5.7.0

jsonwebtoken unrestricted key type could lead to legacy keys usage

Recommendation: Upgrade to version 9.0.0 or later

via: jsonwebtoken@5.7.0

jsonwebtoken@5.7.0

jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC

Recommendation: Upgrade to version 9.0.0 or later

via: jsonwebtoken@5.7.0

jsonwebtoken@5.7.0

jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()

Recommendation: Upgrade to version 9.0.0 or later

via: jsonwebtoken@5.7.0

ms@0.7.3

Vercel ms Inefficient Regular Expression Complexity vulnerability

Recommendation: Upgrade to version 2.0.0 or later

via: jsonwebtoken@5.7.0

eyes@0.1.8

Package has no specified source code repository

via: styliner@1.0.4

4 low severity issues

CSSselect@0.3.11

Package uses a license that is not OSI approved ("BSD-like")

Recommendation: Read and validate the license terms

via: styliner@1.0.4

CSSwhat@0.4.7

Package uses a license that is not OSI approved ("BSD-like")

Recommendation: Read and validate the license terms

via: styliner@1.0.4

entities@0.5.0

Package uses a license that is not OSI approved ("BSD-like")

Recommendation: Read and validate the license terms

via: styliner@1.0.4

qs@1.2.2

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: styliner@1.0.4

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

26 Packages, Including:

activator@3.4.0

async@0.2.10

async@2.6.4

colors@1.0.3

dom-serializer@2.0.0

es6-iterator@2.0.3

event-emitter@0.3.5

eyes@0.1.8

htmlparser2@2.6.0

isstream@0.1.2

jsonwebtoken@5.7.0

jwa@1.4.1

jws@3.2.2

lodash@4.17.21

mime@1.6.0

mimeparse@0.1.4

ms@0.7.3

parserlib@1.1.1

q-io@1.13.6

q@1.5.1

qx@1.0.0

safe-buffer@5.2.1

stack-trace@0.0.10

styliner@1.0.4

winston@2.4.7

xtend@4.0.2

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

9 Packages, Including:

boolbase@1.0.0

d@1.0.2

es5-ext@0.10.64

es6-set@0.1.6

es6-symbol@3.1.4

esniff@2.0.1

ext@1.7.0

next-tick@1.1.0

type@2.7.2

BSD 2-Clause "Simplified" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

hold-liable

Must

include-copyright

include-license

9 Packages, Including:

cheerio-select@2.1.0

css-select@5.1.0

css-what@6.1.0

domelementtype@1.3.1

domelementtype@2.3.0

domhandler@5.0.3

domutils@3.1.0

entities@4.5.0

nth-check@2.1.1

N/A

N/A

7 Packages, Including:

cheerio@0.10.8

cycle@1.0.3

domhandler@2.0.3

domutils@1.0.1

domutils@1.2.2

underscore@1.4.4

url2@0.0.0

BSD-like

Invalid

Not OSI Approved

3 Packages, Including:

CSSselect@0.3.11

CSSwhat@0.4.7

entities@0.5.0

BSD 3-Clause "New" or "Revised" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

use-trademark

hold-liable

Must

include-copyright

include-license

1 Packages, Including:

buffer-equal-constant-time@1.0.1

Apache License 2.0

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

use-patent-claims

place-warranty

Cannot

hold-liable

use-trademark

Must

include-copyright

include-license

state-changes

include-notice

1 Packages, Including:

ecdsa-sig-formatter@1.0.11

MIT No Attribution

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

Cannot

Must

1 Packages, Including:

nodemailer@6.9.13

BSD

Invalid

Not OSI Approved

1 Packages, Including:

qs@1.2.2

Direct Dependencies

5

All Dependencies CSV

ⓘ This is a list of activator 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
async	0.2.10	15.4 kB	MIT	prod
jsonwebtoken	5.7.0	17.88 kB	MIT	prod	4
lodash	4.17.21	311.49 kB	MIT	prod
nodemailer	6.9.13	491.4 kB	MIT-0	prod
styliner	1.0.4	17.06 kB	MIT	prod	8 9 1 4

Recent Versions