Generated on Feb 24, 2024 via pnpm

Npm

Home

blockstack 18.1.1

The Blockstack Javascript library for authentication, identity, and storage.

Package summary

issues

licenses

Package created

8 Apr 2016

Version published

24 Sep 2020

Maintainers

Total deps

166

Direct deps

License

MIT

Issues

4 critical severity issues

critical

bigi@1.4.2

Package has no specified license

Recommendation: Check the package code and files for license information

via: bigi@1.4.2 & others

custom-protocol-detection-blockstack@1.1.4

Package has no specified license

Recommendation: Check the package code and files for license information

via: custom-protocol-detection-blockstack@1.1.4

domutils@1.5.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: cheerio@0.22.0

progress@1.1.8

Package has no specified license

Recommendation: Check the package code and files for license information

via: triplesec@3.0.27

Collapse

Expand

11 high severity issues

high

schema-inspector@1.7.0

Regular Expression Denial-of-Service in npm schema-inspector

Recommendation: Upgrade to version 2.0.0 or later

via: schema-inspector@1.7.0

nth-check@1.0.2

Inefficient Regular Expression Complexity in nth-check

Recommendation: Upgrade to version 2.0.1 or later

via: cheerio@0.22.0

lodash.pick@4.4.0

Prototype Pollution in lodash

Recommendation: None

via: cheerio@0.22.0

css-select@1.2.0

Package uses an invalid SPDX license ("BSD-like")

Recommendation: Validate that the package complies with your license policy

via: cheerio@0.22.0

jsonify@0.0.1

Package uses an invalid SPDX license ("Public Domain")

Recommendation: Validate that the package complies with your license policy

via: ajv@4.11.8

core-js@2.6.12

Deprecated package

via: babel-runtime@6.26.0

core-js@2.6.12

Package uses postinstall script: "node -e "try{require('./postinstall')}catch(e){}""

via: babel-runtime@6.26.0

har-validator@5.1.5

Deprecated package

via: request@2.88.2

request@2.88.2

Deprecated package

via: request@2.88.2

tiny-secp256k1@1.1.6

Package uses install script: "npm run build || echo "secp256k1 bindings compilation fail. Pure JS implementation will be used.""

via: bip32@1.0.4 & others

uuid@3.4.0

Deprecated package

via: request@2.88.2 & others

Collapse

Expand

4 moderate severity issues

moderate

ajv@4.11.8

Prototype Pollution in Ajv

Recommendation: Upgrade to version 6.12.3 or later

via: ajv@4.11.8

request@2.88.2

Server-Side Request Forgery in Request

Recommendation: None

via: request@2.88.2

validator@7.2.0

Inefficient Regular Expression Complexity in validator.js

Recommendation: Upgrade to version 13.7.0 or later

via: jsontokens@0.7.8 & others

tough-cookie@2.5.0

tough-cookie Prototype Pollution vulnerability

Recommendation: Upgrade to version 4.1.3 or later

via: request@2.88.2

Collapse

Expand

2 low severity issues

low

css-select@1.2.0

Package uses a license that is not OSI approved ("BSD-like")

Recommendation: Read and validate the license terms

via: cheerio@0.22.0

jsonify@0.0.1

Package uses a license that is not OSI approved ("Public Domain")

Recommendation: Read and validate the license terms

via: ajv@4.11.8

Collapse

Expand

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

130 Packages, Including:

ajv@4.11.8

ajv@6.12.6

asap@2.0.6

asn1.js@4.10.1

asn1.js@5.4.1

asn1@0.2.6

assert-plus@1.0.0

async@2.6.4

asynckit@0.4.0

aws4@1.12.0

babel-runtime@6.26.0

base-x@3.0.9

base64url@3.0.1

bech32@1.1.4

bindings@1.5.0

bip32@1.0.4

bip66@1.1.5

bitcoin-ops@1.4.1

bitcoinjs-lib@4.0.5

blockstack@18.1.1

bn.js@4.12.0

brorand@1.1.0

bs58@4.0.1

bs58check@2.1.2

call-bind@1.0.7

cheerio@0.22.0

cipher-base@1.0.4

co@4.6.0

combined-stream@1.0.8

core-js@2.6.12

core-util-is@1.0.2

create-hash@1.2.0

create-hmac@1.1.7

cross-fetch@2.2.6

dashdash@1.14.1

define-data-property@1.1.4

delayed-stream@1.0.0

dom-serializer@0.1.1

ecc-jsbn@0.1.2

ecurve@1.0.6

elliptic@6.5.4

es-define-property@1.0.0

es-errors@1.3.0

es6-promise@4.2.8

extend@3.0.2

extsprintf@1.3.0

fast-deep-equal@3.1.3

fast-json-stable-stringify@2.1.0

file-uri-to-path@1.0.0

form-data@2.3.3

BSD 2-Clause "Simplified" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

hold-liable

Must

include-copyright

include-license

9 Packages, Including:

css-what@2.1.3

domelementtype@1.3.1

domhandler@2.4.2

domutils@1.7.0

entities@1.1.2

nth-check@1.0.2

uglify-js@3.17.4

uri-js@4.4.1

webidl-conversions@3.0.1

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

7 Packages, Including:

bip39@2.6.0

boolbase@1.0.0

har-schema@2.0.0

inherits@2.0.4

json-stringify-safe@5.0.1

minimalistic-assert@1.0.1

zone-file@0.2.3

Apache License 2.0

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

use-patent-claims

place-warranty

Cannot

hold-liable

use-trademark

Must

include-copyright

include-license

state-changes

include-notice

6 Packages, Including:

aws-sign2@0.7.0

caseless@0.12.0

forever-agent@0.6.1

oauth-sign@0.9.0

request@2.88.2

tunnel-agent@0.6.0

BSD 3-Clause "New" or "Revised" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

use-trademark

hold-liable

Must

include-copyright

include-license

4 Packages, Including:

bcrypt-pbkdf@1.0.2

qs@6.5.3

sprintf-js@1.1.3

tough-cookie@2.5.0

N/A

4 Packages, Including:

bigi@1.4.2

custom-protocol-detection-blockstack@1.1.4

domutils@1.5.1

progress@1.1.8

BSD-like

Invalid

Not OSI Approved

1 Packages, Including:

css-select@1.2.0

(AFL-2.1 OR BSD-3-Clause)

Permissive

1 Packages, Including:

json-schema@0.4.0

Public Domain

Invalid

Not OSI Approved

1 Packages, Including:

jsonify@0.0.1

(MIT AND BSD-3-Clause)

Permissive

1 Packages, Including:

sha.js@2.4.11

The Unlicense

Public Domain

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

private-use

modify

Cannot

include-copyright

hold-liable

Must

1 Packages, Including:

tweetnacl@0.14.5

MIT or GPL-2.0

Permissive

1 Packages, Including:

unorm@1.6.0

Direct Dependencies

All Dependencies CSV

ⓘ This is a list of blockstack 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
ajv	4.11.8	495.24 kB	MIT	prod	1 1 1
babel-runtime	6.26.0	13.06 kB	MIT	prod	2
bigi	1.4.2	13.46 kB	UNKNOWN	prod	1
bip32	1.0.4	14.34 kB	MIT	prod	1
bip39	2.6.0	61.8 kB	ISC	prod
bitcoinjs-lib	4.0.5	29.52 kB	MIT	prod	1
cheerio	0.22.0	29.52 kB	MIT	prod	1 3 1
cross-fetch	2.2.6	15.55 kB	MIT	prod
custom-protocol-detection-blockstack	1.1.4	4.32 kB	UNKNOWN	prod	1
ecurve	1.0.6	6.44 kB	MIT	prod	1
elliptic	6.5.4	40.55 kB	MIT	prod
es6-promise	4.2.8	72.15 kB	MIT	prod
form-data	2.5.1	9.87 kB	MIT	prod
jsontokens	0.7.8	702.15 kB	MIT	prod	1
promise	7.3.1	16.1 kB	MIT	prod
query-string	4.3.4	4.07 kB	MIT	prod
request	2.88.2	57.83 kB	Apache-2.0	prod	3 2
ripemd160	2.0.2	3.69 kB	MIT	prod
schema-inspector	1.7.0	93.85 kB	MIT	prod	1
sprintf-js	1.1.3	10.71 kB	BSD-3-Clause	prod
triplesec	3.0.27	169.39 kB	MIT	prod	1
uuid	3.4.0	11.87 kB	MIT	prod	1
validator	7.2.0	38.63 kB	MIT	prod	1
zone-file	0.2.3	9.9 kB	ISC	prod