Generated on Mar 31, 2024 via pnpm

Npm

Home

bottender 1.1.2

A framework for building conversational user interfaces.

bot

chatbot

framework

Package summary

issues

licenses

Package created

4 Aug 2017

Version published

3 Jan 2020

Maintainers

Total deps

611

Direct deps

License

MIT

Issues

1 critical severity issue

critical

buffers@0.1.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: ngrok@3.4.1

Collapse

Expand

28 high severity issues

high

axios@0.19.2

axios Inefficient Regular Expression Complexity vulnerability

Recommendation: Upgrade to version 0.21.2 or later

via: axios@0.19.2

glob-parent@3.1.0

glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex

Recommendation: Upgrade to version 5.1.2 or later

via: nodemon@1.19.4

follow-redirects@1.5.10

Exposure of sensitive information in follow-redirects

Recommendation: Upgrade to version 1.14.7 or later

via: axios@0.19.2

async@2.5.0

Prototype Pollution in async

Recommendation: Upgrade to version 2.6.4 or later

via: jfs@0.3.0

chainsaw@0.1.0

Package uses an invalid SPDX license ("MIT/X11")

Recommendation: Validate that the package complies with your license policy

via: ngrok@3.4.1

traverse@0.3.9

Package uses an invalid SPDX license ("MIT/X11")

Recommendation: Validate that the package complies with your license policy

via: ngrok@3.4.1

rc@1.2.8

Package uses a custom license expression: `(BSD-2-Clause OR MIT OR Apache-2.0)`

Recommendation: Validate that the license expression complies with your license policy

via: nodemon@1.19.4 & others

readline@1.3.0

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: readline@1.3.0

@hapi/address@2.1.4

Deprecated package

via: @hapi/joi@15.1.1

@hapi/bourne@1.3.2

Deprecated package

via: @hapi/joi@15.1.1

@hapi/hoek@8.5.1

Deprecated package

via: @hapi/joi@15.1.1

@hapi/joi@15.1.1

Deprecated package

via: @hapi/joi@15.1.1

@hapi/topo@3.1.6

Deprecated package

via: @hapi/joi@15.1.1

@types/mime@4.0.0

Deprecated package

via: @bottender/express@1.5.1

axios@0.19.2

Deprecated package

via: axios@0.19.2

chokidar@2.1.8

Deprecated package

via: nodemon@1.19.4

fsevents@1.2.13

Deprecated package

via: nodemon@1.19.4

fsevents@1.2.13

Package uses install script: "node install.js"

via: nodemon@1.19.4

har-validator@5.1.5

Deprecated package

via: ngrok@3.4.1

ngrok@3.4.1

Package uses postinstall script: "node ./postinstall.js"

via: ngrok@3.4.1

nodemon@1.19.4

Package uses postinstall script: "node bin/postinstall || exit 0"

via: nodemon@1.19.4

request-promise-native@1.0.9

Deprecated package

via: ngrok@3.4.1

request@2.88.2

Deprecated package

via: ngrok@3.4.1

resolve-url@0.2.1

Deprecated package

via: nodemon@1.19.4

source-map-resolve@0.5.3

Deprecated package

via: nodemon@1.19.4

source-map-url@0.4.1

Deprecated package

via: nodemon@1.19.4

urix@0.1.0

Deprecated package

via: nodemon@1.19.4

uuid@3.4.0

Deprecated package

via: jfs@0.3.0 & others

Collapse

Expand

10 moderate severity issues

moderate

got@6.7.1

Got allows a redirect to a UNIX socket

Recommendation: Upgrade to version 11.8.5 or later

via: nodemon@1.19.4 & others

axios@0.19.2

Axios vulnerable to Server-Side Request Forgery

Recommendation: Upgrade to version 0.21.1 or later

via: axios@0.19.2

follow-redirects@1.5.10

Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects

Recommendation: Upgrade to version 1.14.8 or later

via: axios@0.19.2

follow-redirects@1.5.10

Follow Redirects improperly handles URLs in the url.parse() function

Recommendation: Upgrade to version 1.15.4 or later

via: axios@0.19.2

axios@0.21.4

Axios Cross-Site Request Forgery Vulnerability

Recommendation: Upgrade to version 0.28.0 or later

via: @slack/rtm-api@5.0.5 & others

tough-cookie@2.5.0

tough-cookie Prototype Pollution vulnerability

Recommendation: Upgrade to version 4.1.3 or later

via: ngrok@3.4.1

request@2.88.2

Server-Side Request Forgery in Request

Recommendation: None

via: ngrok@3.4.1

follow-redirects@1.5.10

follow-redirects' Proxy-Authorization header kept across hosts

Recommendation: Upgrade to version 1.15.6 or later

via: axios@0.19.2

@types/mime@4.0.0

Package has no specified source code repository

via: @bottender/express@1.5.1

messenger-batch@0.3.1

Package has no specified source code repository

via: messenger-batch@0.3.1

Collapse

Expand

3 low severity issues

low

chainsaw@0.1.0

Package uses a license that is not OSI approved ("MIT/X11")

Recommendation: Read and validate the license terms

via: ngrok@3.4.1

traverse@0.3.9

Package uses a license that is not OSI approved ("MIT/X11")

Recommendation: Read and validate the license terms

via: ngrok@3.4.1

readline@1.3.0

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: readline@1.3.0

Collapse

Expand

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

528 Packages, Including:

@babel/runtime@7.24.1

@bottender/express@1.5.1

@sindresorhus/is@0.14.0

@slack/logger@2.0.0

@slack/rtm-api@5.0.5

@slack/types@1.10.0

@slack/web-api@5.15.0

@szmarczak/http-timer@1.1.2

@types/append-query@2.0.3

@types/body-parser@1.19.5

@types/caseless@0.12.5

@types/connect@3.4.38

@types/debug@4.1.12

@types/express-serve-static-core@4.17.43

@types/express@4.17.21

@types/http-errors@2.0.4

@types/is-stream@1.1.0

@types/keyv@3.1.4

@types/lodash@4.17.0

@types/mime@1.3.5

@types/mime@4.0.0

@types/ms@0.7.34

@types/node@20.12.2

@types/node@8.10.66

@types/p-queue@2.3.2

@types/qs@6.9.14

@types/range-parser@1.2.7

@types/request@2.48.12

@types/responselike@1.0.3

@types/retry@0.12.0

@types/send@0.17.4

@types/serve-static@1.15.5

@types/tough-cookie@4.0.5

@types/url-join@4.0.3

@types/warning@3.0.3

@types/ws@7.4.7

accepts@1.3.8

aggregate-error@3.1.0

ajv@6.12.6

ansi-bgblack@0.1.1

ansi-bgblue@0.1.1

ansi-bgcyan@0.1.1

ansi-bggreen@0.1.1

ansi-bgmagenta@0.1.1

ansi-bgred@0.1.1

ansi-bgwhite@0.1.1

ansi-bgyellow@0.1.1

ansi-black@0.1.1

ansi-blue@0.1.1

ansi-bold@0.1.1

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

36 Packages, Including:

abbrev@1.1.1

ansi-align@2.0.0

ansi-align@3.0.1

anymatch@2.0.0

cli-width@3.0.0

glob-parent@3.1.0

graceful-fs@4.2.11

har-schema@2.0.0

ignore-by-default@1.0.1

inherits@2.0.4

ini@1.3.8

isexe@2.0.0

json-stringify-safe@5.0.1

lru-cache@4.1.5

lru-cache@5.1.1

minimatch@3.1.2

mute-stream@0.0.7

mute-stream@0.0.8

nopt@3.0.6

once@1.4.0

pseudomap@1.0.2

remove-trailing-separator@1.1.0

request-promise-core@1.1.4

request-promise-native@1.0.9

semver@5.7.2

semver@6.3.1

setprototypeof@1.2.0

signal-exit@3.0.7

stealthy-require@1.1.1

touch@0.0.3

touch@3.1.0

which@1.3.1

wrappy@1.0.2

write-file-atomic@2.4.3

yallist@2.1.2

yallist@3.1.1

Apache License 2.0

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

use-patent-claims

place-warranty

Cannot

hold-liable

use-trademark

Must

include-copyright

include-license

state-changes

include-notice

13 Packages, Including:

aws-sign2@0.7.0

bson@1.1.6

caseless@0.12.0

cluster-key-slot@1.1.2

denque@1.5.1

forever-agent@0.6.1

mongodb@3.7.4

oauth-sign@0.9.0

optional-require@1.1.8

request@2.88.2

require-at@1.0.6

rxjs@6.6.7

tunnel-agent@0.6.0

BSD 3-Clause "New" or "Revised" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

use-trademark

hold-liable

Must

include-copyright

include-license

11 Packages, Including:

@hapi/address@2.1.4

@hapi/bourne@1.3.2

@hapi/hoek@8.5.1

@hapi/joi@15.1.1

@hapi/topo@3.1.6

bcrypt-pbkdf@1.0.2

duplexer3@0.1.5

qs@6.11.0

qs@6.5.3

source-map@0.5.7

tough-cookie@2.5.0

BSD 2-Clause "Simplified" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

hold-liable

Must

include-copyright

include-license

8 Packages, Including:

configstore@3.1.5

configstore@4.0.0

dotenv@8.6.0

http-cache-semantics@4.1.1

ngrok@3.4.1

update-notifier@2.5.0

update-notifier@3.0.1

uri-js@4.4.1

(MIT OR CC0-1.0)

Public Domain

4 Packages, Including:

type-fest@0.15.1

type-fest@0.21.3

type-fest@0.3.1

type-fest@0.8.1

MIT/X11

Invalid

Not OSI Approved

2 Packages, Including:

chainsaw@0.1.0

traverse@0.3.9

BSD Zero Clause License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

include-copyright

include-license

include-original

Cannot

hold-liable

Must

2 Packages, Including:

tslib@1.14.1

tslib@2.6.2

(MIT OR Apache-2.0)

Permissive

1 Packages, Including:

atob@2.1.2

N/A

1 Packages, Including:

buffers@0.1.1

(AFL-2.1 OR BSD-3-Clause)

Permissive

1 Packages, Including:

json-schema@0.4.0

(WTFPL OR MIT)

Permissive

1 Packages, Including:

path-is-inside@1.0.2

(BSD-2-Clause OR MIT OR Apache-2.0)

Expression

1 Packages, Including:

rc@1.2.8

BSD

Invalid

Not OSI Approved

1 Packages, Including:

readline@1.3.0

The Unlicense

Public Domain

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

private-use

modify

Cannot

include-copyright

hold-liable

Must

1 Packages, Including:

tweetnacl@0.14.5

Direct Dependencies

All Dependencies CSV

ⓘ This is a list of bottender 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
@bottender/express	1.5.1	4.26 kB	MIT	prod	1 1
@hapi/joi	15.1.1	37.32 kB	BSD-3-Clause	prod	5
@slack/rtm-api	5.0.5	24.98 kB	MIT	prod	1
arg	4.1.3	5.23 kB	MIT	prod
axios	0.19.2	85.88 kB	MIT	prod	3 5
chalk	2.4.2	9.63 kB	MIT	prod
cli-table3	0.5.1	12.28 kB	MIT	prod
date-fns	2.30.0	682.42 kB	MIT	prod
debug	4.3.4	12.94 kB	MIT	prod
deep-object-diff	1.1.9	4.74 kB	MIT	prod
delay	4.4.1	3.96 kB	MIT	prod
dotenv	8.6.0	8.9 kB	BSD-2-Clause	prod
express	4.19.2	209.73 kB	MIT	prod
figures	3.2.0	4.19 kB	MIT	prod
file-type	12.4.2	14.51 kB	MIT	prod
fromentries	1.3.2	2.44 kB	MIT	prod
fs-extra	8.1.0	31.77 kB	MIT	prod
hasha	5.2.2	4.81 kB	MIT	prod
import-fresh	3.3.0	2.28 kB	MIT	prod
inquirer	7.3.3	22.32 kB	MIT	prod
invariant	2.2.4	3.01 kB	MIT	prod
ioredis	4.28.5	79.48 kB	MIT	prod
jfs	0.3.0	9.13 kB	MIT	prod	2
jsonfile	5.0.0	5.39 kB	MIT	prod
lodash	4.17.21	311.49 kB	MIT	prod
lru-cache	5.1.1	5.69 kB	ISC	prod
messaging-api-common	1.0.4	15.62 kB	MIT	prod	1
messaging-api-line	1.1.0	183.19 kB	MIT	prod	1
messaging-api-messenger	1.1.0	104.34 kB	MIT	prod	1
messaging-api-slack	1.1.0	41.05 kB	MIT	prod	1
messaging-api-telegram	1.1.0	86.58 kB	MIT	prod	1
messaging-api-viber	1.1.0	36.01 kB	MIT	prod	1
messenger-batch	0.3.1	5.5 kB	MIT	prod	1
minimist	1.2.8	15.16 kB	MIT	prod
mongodb	3.7.4	287.9 kB	Apache-2.0	prod
ngrok	3.4.1	12.89 MB	BSD-2-Clause	prod	1 7 2 2
nodemon	1.19.4	32.94 kB	MIT	prod	10 1
p-map	3.0.0	3.26 kB	MIT	prod
p-props	3.1.0	2.67 kB	MIT	prod
pascal-case	2.0.1	2.06 kB	MIT	prod
pkg-dir	4.2.0	2.07 kB	MIT	prod
prompt-confirm	2.0.4	3.57 kB	MIT	prod
read-chunk	3.2.0	2.02 kB	MIT	prod
readline	1.3.0	719.36 kB	BSD	prod	1 1
recursive-readdir	2.2.3	2.42 kB	MIT	prod
shortid	2.2.16	8.45 kB	MIT	prod
update-notifier	3.0.1	5.89 kB	BSD-2-Clause	prod	1 1
warning	4.0.3	3.66 kB	MIT	prod