Hold on, we're currently generating a fresh version of this report

Generated on Jan 1, 2024 via pnpm

cote 0.21.1

A Node.js library for building zero-configuration microservices.

zero-configuration

Package summary

24

issues

3

licenses

Package created

28 Apr 2013

Version published

29 Sep 2019

Maintainers

1

Total deps

65

Direct deps

10

License

MIT

Issues

24

8 critical severity issues

better-assert@1.0.2

Package has no specified license

Recommendation: Check the package code and files for license information

via: socket.io@2.2.0

callsite@1.0.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: socket.io@2.2.0

component-bind@1.0.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: socket.io@2.2.0

component-inherit@0.0.3

Package has no specified license

Recommendation: Check the package code and files for license information

via: socket.io@2.2.0

configurable@0.0.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: @dashersw/axon@2.0.5

escape-regexp@0.0.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: @dashersw/axon@2.0.5

indexof@0.0.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: socket.io@2.2.0

object-component@0.0.3

Package has no specified license

Recommendation: Check the package code and files for license information

via: socket.io@2.2.0

6 high severity issues

redis@2.8.0

Node-Redis potential exponential regex in monitor mode

Recommendation: Upgrade to version 3.1.1 or later

via: @dashersw/node-discover@1.0.5

engine.io@3.3.2

Resource exhaustion in engine.io

Recommendation: Upgrade to version 3.6.0 or later

via: socket.io@2.2.0

core-js@2.6.12

Deprecated package

via: core-js@2.6.12

core-js@2.6.12

Package uses postinstall script: "node -e "try{require('./postinstall')}catch(e){}""

via: core-js@2.6.12

debug@4.1.1

Deprecated package

via: socket.io@2.2.0

uuid@3.4.0

Deprecated package

via: @dashersw/node-discover@1.0.5 & others

10 moderate severity issues

engine.io@3.3.2

Uncaught exception in engine.io

Recommendation: Upgrade to version 3.6.1 or later

via: socket.io@2.2.0

ws@6.1.4

ReDoS in Sec-Websocket-Protocol header

Recommendation: Upgrade to version 6.2.2 or later

via: socket.io@2.2.0

socket.io@2.2.0

CORS misconfiguration in socket.io

Recommendation: Upgrade to version 2.4.0 or later

via: socket.io@2.2.0

debug@4.1.1

Regular Expression Denial of Service in debug

Recommendation: Upgrade to version 4.3.1 or later

via: socket.io@2.2.0

callsite@1.0.0

Package has no specified source code repository

via: socket.io@2.2.0

configurable@0.0.1

Package has no specified source code repository

via: @dashersw/axon@2.0.5

escape-regexp@0.0.1

Package has no specified source code repository

via: @dashersw/axon@2.0.5

has-binary2@1.0.3

Package has no specified source code repository

via: socket.io@2.2.0

indexof@0.0.1

Package has no specified source code repository

via: socket.io@2.2.0

object-component@0.0.3

Package has no specified source code repository

via: socket.io@2.2.0

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

56 Packages, Including:

@dashersw/axon@2.0.5

@dashersw/node-discover@1.0.5

accepts@1.3.8

after@0.8.2

amp-message@0.1.2

amp@0.3.1

arraybuffer.slice@0.0.7

async-limiter@1.0.1

async@1.5.2

backo2@1.0.2

base64-arraybuffer@0.1.5

base64id@1.0.0

blob@0.0.5

charm@1.0.2

colors@1.3.3

component-emitter@1.2.1

component-emitter@1.3.1

cookie@0.3.1

core-js@2.6.12

cote@0.21.1

debug@2.6.9

debug@3.1.0

debug@4.1.1

debug@4.3.4

double-ended-queue@2.1.0-0

engine.io-client@3.3.3

engine.io-parser@2.1.3

engine.io@3.3.2

eventemitter2@5.0.1

has-binary2@1.0.3

has-cors@1.1.0

isarray@2.0.1

lodash@4.17.21

mime-db@1.52.0

mime-types@2.1.35

minimist@1.2.8

mkdirp@0.5.6

ms@2.0.0

ms@2.1.2

ms@2.1.3

negotiator@0.6.3

parseqs@0.0.5

parseuri@0.0.5

portfinder@1.0.20

redis-commands@1.7.0

redis-parser@2.6.0

redis@2.8.0

socket.io-adapter@1.1.2

socket.io-client@2.2.0

socket.io-parser@3.3.3

N/A

N/A

8 Packages, Including:

better-assert@1.0.2

callsite@1.0.0

component-bind@1.0.0

component-inherit@0.0.3

configurable@0.0.1

escape-regexp@0.0.1

indexof@0.0.1

object-component@0.0.3

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

1 Packages, Including:

inherits@2.0.4

Direct Dependencies

10

All Dependencies CSV

ⓘ This is a list of cote 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
@dashersw/axon	2.0.5	12.01 kB	MIT	prod	2 2
@dashersw/node-discover	1.0.5	13.56 kB	MIT	prod	2
charm	1.0.2	5.18 kB	MIT	prod
colors	1.3.3	10.47 kB	MIT	prod
core-js	2.6.12	548.99 kB	MIT	prod	2
eventemitter2	5.0.1	9.91 kB	MIT	prod
lodash	4.17.21	311.49 kB	MIT	prod
portfinder	1.0.20	6.34 kB	MIT	prod
socket.io	2.2.0	13.39 kB	MIT	prod	6 2 8
uuid	3.4.0	11.87 kB	MIT	prod	1

Recent Versions