Home
Docs
GitHub
Pricing
Blog
Log In
DOCS
GITHUB
PRICING
BLOG
Log In

Run Sandworm Audit for your App

Get started
Hold on, we're currently generating a fresh version of this report
Generated on Nov 23, 2023 via pnpm
Repo
Npm
Home

custom-react-scripts 0.2.2

Configuration and scripts for create-react-app
Package summary
Share
144
issues
19
critical severity
vulnerability
6
license
13
81
high severity
vulnerability
25
license
12
meta
44
27
moderate severity
vulnerability
23
meta
4
17
low severity
vulnerability
4
license
13
24
licenses
1047
MIT
99
ISC
64
BSD-3-Clause
94
other licenses
Apache-2.0
29
BSD-2-Clause
29
N/A
13
BSD
4
+ 17 more
Package created
24 Sep 2016
Version published
6 Mar 2018
Maintainers
1
Total deps
1304
Direct deps
47
License
BSD-3-Clause

Issues

144

19 critical severity issues

critical
socket.io-parser@2.3.1
Insufficient validation when decoding a Socket.IO packet
Recommendation: Upgrade to version 3.3.3 or later
via: webpack-dashboard@1.1.1
fsevents@1.1.2
Malware in fsevents
Recommendation: Upgrade to version 1.2.11 or later
via: webpack-dev-server@2.7.1 & others
eventsource@0.1.6
Exposure of Sensitive Information in eventsource
Recommendation: Upgrade to version 1.1.1 or later
via: react-dev-utils@3.1.3 & others
shell-quote@1.6.1
Improper Neutralization of Special Elements used in a Command in Shell-quote
Recommendation: Upgrade to version 1.7.3 or later
via: react-dev-utils@3.1.3 & others
loader-utils@0.2.17
Prototype pollution in webpack loader-utils
Recommendation: Upgrade to version 1.4.1 or later
via: html-webpack-plugin@2.29.0
fsevents@1.1.2
Code injection in fsevents
Recommendation: Upgrade to version 1.2.11 or later
via: webpack-dev-server@2.7.1 & others
arraybuffer.slice@0.0.6
Package has no specified license
Recommendation: Check the package code and files for license information
via: webpack-dashboard@1.1.1
async-foreach@0.1.3
Package has no specified license
Recommendation: Check the package code and files for license information
via: node-sass@4.14.1 & others
better-assert@1.0.2
Package has no specified license
Recommendation: Check the package code and files for license information
via: webpack-dashboard@1.1.1
blob@0.0.4
Package has no specified license
Recommendation: Check the package code and files for license information
via: webpack-dashboard@1.1.1
callsite@1.0.0
Package has no specified license
Recommendation: Check the package code and files for license information
via: webpack-dashboard@1.1.1
component-bind@1.0.0
Package has no specified license
Recommendation: Check the package code and files for license information
via: webpack-dashboard@1.1.1
component-emitter@1.1.2
Package has no specified license
Recommendation: Check the package code and files for license information
via: webpack-dashboard@1.1.1
component-inherit@0.0.3
Package has no specified license
Recommendation: Check the package code and files for license information
via: webpack-dashboard@1.1.1
indexof@0.0.1
Package has no specified license
Recommendation: Check the package code and files for license information
via: webpack-dashboard@1.1.1
ms@0.7.1
Package has no specified license
Recommendation: Check the package code and files for license information
via: webpack-dashboard@1.1.1 & others
object-component@0.0.3
Package has no specified license
Recommendation: Check the package code and files for license information
via: webpack-dashboard@1.1.1
options@0.0.6
Package has no specified license
Recommendation: Check the package code and files for license information
via: webpack-dashboard@1.1.1
watch@0.10.0
Package has no specified license
Recommendation: Check the package code and files for license information
via: jest@20.0.4
Collapse
Expand

81 high severity issues

high
webpack-dev-server@2.7.1
Missing Origin Validation in webpack-dev-server
Recommendation: Upgrade to version 3.1.11 or later
via: webpack-dev-server@2.7.1
engine.io@1.8.5
Resource exhaustion in engine.io
Recommendation: Upgrade to version 3.6.0 or later
via: webpack-dashboard@1.1.1
is-svg@2.1.0
ReDOS in IS-SVG
Recommendation: Upgrade to version 4.3.0 or later
via: css-loader@0.28.4
tar@2.2.2
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
Recommendation: Upgrade to version 3.2.2 or later
via: node-sass@4.14.1 & others
socket.io-parser@2.3.1
Resource exhaustion in socket.io-parser
Recommendation: Upgrade to version 3.3.2 or later
via: webpack-dashboard@1.1.1
merge@1.2.1
Prototype Pollution in merge
Recommendation: Upgrade to version 2.1.1 or later
via: jest@20.0.4
parsejson@0.0.3
Regular Expression Denial of Service in parsejson
Recommendation: None
via: webpack-dashboard@1.1.1
glob-parent@2.0.0
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex
Recommendation: Upgrade to version 5.1.2 or later
via: babel-jest@20.0.3 & others
ansi-html@0.0.7
Uncontrolled Resource Consumption in ansi-html
Recommendation: Upgrade to version 0.0.8 or later
via: webpack-dev-server@2.7.1
tar@2.2.2
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
Recommendation: Upgrade to version 3.2.3 or later
via: node-sass@4.14.1 & others
tar@2.2.2
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
Recommendation: Upgrade to version 4.4.16 or later
via: node-sass@4.14.1 & others
tar@2.2.2
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
Recommendation: Upgrade to version 4.4.18 or later
via: node-sass@4.14.1 & others
node-forge@0.10.0
Improper Verification of Cryptographic Signature in node-forge
Recommendation: Upgrade to version 1.3.0 or later
via: webpack-dev-server@2.7.1
node-forge@0.10.0
Improper Verification of Cryptographic Signature in node-forge
Recommendation: Upgrade to version 1.3.0 or later
via: webpack-dev-server@2.7.1
js-yaml@3.7.0
Code Injection in js-yaml
Recommendation: Upgrade to version 3.13.1 or later
via: css-loader@0.28.4
hawk@3.1.3
Uncontrolled Resource Consumption in Hawk
Recommendation: Upgrade to version 9.0.1 or later
via: less-loader@4.1.0 & others
tar@2.2.2
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
Recommendation: Upgrade to version 4.4.18 or later
via: node-sass@4.14.1 & others
scss-tokenizer@0.2.3
Regular expression denial of service in scss-tokenizer
Recommendation: Upgrade to version 0.4.3 or later
via: node-sass@4.14.1 & others
json5@0.5.1
Prototype Pollution in JSON5 via Parse Method
Recommendation: Upgrade to version 1.0.2 or later
via: babel-core@6.25.0 & others
trim-newlines@1.0.0
Uncontrolled Resource Consumption in trim-newlines
Recommendation: Upgrade to version 3.0.1 or later
via: node-sass@4.14.1 & others
mime@1.3.6
mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input
Recommendation: Upgrade to version 1.4.1 or later
via: url-loader@0.5.9
hoek@2.16.3
Prototype Pollution in hoek
Recommendation: Upgrade to version 4.2.1 or later
via: less-loader@4.1.0 & others
minimatch@3.0.3
minimatch ReDoS vulnerability
Recommendation: Upgrade to version 3.0.5 or later
via: react-dev-utils@3.1.3 & others
is-svg@2.1.0
Regular Expression Denial of Service (ReDoS)
Recommendation: Upgrade to version 4.2.2 or later
via: css-loader@0.28.4
debug@2.3.3
debug Inefficient Regular Expression Complexity vulnerability
Recommendation: Upgrade to version 2.6.9 or later
via: webpack-dashboard@1.1.1 & others
doctrine@1.5.0
Package uses an invalid SPDX license ("BSD")
Recommendation: Validate that the package complies with your license policy
via: eslint-config-react-app@2.1.0 & others
regenerator-transform@0.10.1
Package uses an invalid SPDX license ("BSD")
Recommendation: Validate that the package complies with your license policy
via: babel-preset-react-app@3.1.2
regjsparser@0.1.5
Package uses an invalid SPDX license ("BSD")
Recommendation: Validate that the package complies with your license policy
via: babel-preset-react-app@3.1.2
sntp@1.0.9
Package uses an invalid SPDX license ("BSD")
Recommendation: Validate that the package complies with your license policy
via: less-loader@4.1.0 & others
caniuse-db@1.0.30001564
Package uses an atypical license ("CC-BY-4.0")
Recommendation: Read and validate the license terms
via: css-loader@0.28.4
caniuse-lite@1.0.30001564
Package uses an atypical license ("CC-BY-4.0")
Recommendation: Read and validate the license terms
via: autoprefixer@7.1.2 & others
rx-lite-aggregates@4.0.8
Package uses an invalid SPDX license ("Apache License, Version 2.0")
Recommendation: Validate that the package complies with your license policy
via: eslint-config-react-app@2.1.0 & others
rx-lite@4.0.8
Package uses an invalid SPDX license ("Apache License, Version 2.0")
Recommendation: Validate that the package complies with your license policy
via: eslint-config-react-app@2.1.0 & others
jsonify@0.0.1
Package uses an invalid SPDX license ("Public Domain")
Recommendation: Validate that the package complies with your license policy
via: eslint-config-react-app@2.1.0 & others
rc@1.2.8
Package uses a custom license expression: `(BSD-2-Clause OR MIT OR Apache-2.0)`
Recommendation: Validate that the license expression complies with your license policy
via: sw-precache-webpack-plugin@0.11.4
spdx-exceptions@2.3.0
Package uses an atypical license ("CC-BY-3.0")
Recommendation: Read and validate the license terms
via: babel-jest@20.0.3 & others
wordwrap@0.0.2
Package uses an invalid SPDX license ("MIT/X11")
Recommendation: Validate that the package complies with your license policy
via: babel-loader@7.1.1 & others
acorn-dynamic-import@2.0.2
Deprecated package
via: babel-loader@7.1.1 & others
babel-eslint@7.2.3
Deprecated package
via: babel-eslint@7.2.3 & others
boom@2.10.1
Deprecated package
via: less-loader@4.1.0 & others
browserslist@1.7.7
Deprecated package
via: css-loader@0.28.4
browserslist@2.11.3
Deprecated package
via: autoprefixer@7.1.2 & others
chokidar@1.7.0
Deprecated package
via: webpack-dev-server@2.7.1
chokidar@2.1.8
Deprecated package
via: babel-loader@7.1.1 & others
circular-json@0.3.3
Deprecated package
via: eslint-config-react-app@2.1.0 & others
core-js@2.6.12
Deprecated package
via: babel-core@6.25.0 & others
core-js@2.6.12
Package uses postinstall script: "node -e "try{require('./postinstall')}catch(e){}""
via: babel-core@6.25.0 & others
cryptiles@2.0.5
Deprecated package
via: less-loader@4.1.0 & others
es5-ext@0.10.62
Package uses postinstall script: " node -e "try{require('./_postinstall')}catch(e){}" || exit 0"
via: babel-loader@7.1.1 & others
eslint-loader@1.9.0
Deprecated package
via: eslint-loader@1.9.0
extract-text-webpack-plugin@3.0.0
Deprecated package
via: extract-text-webpack-plugin@3.0.0
flatten@1.0.3
Deprecated package
via: css-loader@0.28.4
fsevents@1.1.2
Deprecated package
via: webpack-dev-server@2.7.1 & others
fsevents@1.1.2
Package uses install script: "node install"
via: webpack-dev-server@2.7.1 & others
fsevents@1.2.13
Deprecated package
via: babel-loader@7.1.1 & others
fsevents@1.2.13
Package uses install script: "node install.js"
via: babel-loader@7.1.1 & others
har-validator@4.2.1
Deprecated package
via: less-loader@4.1.0 & others
har-validator@5.1.5
Deprecated package
via: jest@20.0.4 & others
hawk@3.1.3
Deprecated package
via: less-loader@4.1.0 & others
hoek@2.16.3
Deprecated package
via: less-loader@4.1.0 & others
html-webpack-plugin@2.29.0
Deprecated package
via: html-webpack-plugin@2.29.0
json3@3.3.2
Deprecated package
via: webpack-dashboard@1.1.1
node-sass@4.14.1
Package uses install script: "node scripts/install.js"
via: node-sass@4.14.1 & others
node-sass@4.14.1
Package uses postinstall script: "node scripts/build.js"
via: node-sass@4.14.1 & others
react-dev-utils@3.1.3
Deprecated package
via: react-dev-utils@3.1.3 & others
request@2.81.0
Deprecated package
via: less-loader@4.1.0 & others
request@2.88.2
Deprecated package
via: jest@20.0.4 & others
resolve-url@0.2.1
Deprecated package
via: babel-loader@7.1.1 & others
sane@1.6.0
Deprecated package
via: jest@20.0.4
sntp@1.0.9
Deprecated package
via: less-loader@4.1.0 & others
source-map-resolve@0.5.3
Deprecated package
via: babel-loader@7.1.1 & others
source-map-url@0.4.1
Deprecated package
via: babel-loader@7.1.1 & others
svgo@0.7.2
Deprecated package
via: css-loader@0.28.4
sw-precache@5.2.1
Deprecated package
via: sw-precache-webpack-plugin@0.11.4
sw-toolbox@3.6.0
Deprecated package
via: sw-precache-webpack-plugin@0.11.4
tar@2.2.2
Deprecated package
via: node-sass@4.14.1 & others
uglify-es@3.3.9
Deprecated package
via: webpack-dashboard@1.1.1
uglifyjs-webpack-plugin@0.4.6
Package uses postinstall script: "node lib/post_install.js"
via: babel-loader@7.1.1 & others
urix@0.1.0
Deprecated package
via: babel-loader@7.1.1 & others
uuid@2.0.3
Deprecated package
via: webpack-dev-server@2.7.1
uuid@3.4.0
Deprecated package
via: jest@20.0.4 & others
Collapse
Expand

27 moderate severity issues

moderate
mem@1.1.0
Denial of Service in mem
Recommendation: Upgrade to version 4.0.0 or later
via: babel-loader@7.1.1 & others
js-yaml@3.7.0
Denial of Service in js-yaml
Recommendation: Upgrade to version 3.13.0 or later
via: css-loader@0.28.4
node-notifier@5.4.5
OS Command Injection in node-notifier
Recommendation: Upgrade to version 8.0.1 or later
via: jest@20.0.4
node-forge@0.10.0
Improper Verification of Cryptographic Signature in `node-forge`
Recommendation: Upgrade to version 1.3.0 or later
via: webpack-dev-server@2.7.1
yargs-parser@2.4.1
yargs-parser Vulnerable to Prototype Pollution
Recommendation: Upgrade to version 5.0.1 or later
via: webpack-dashboard@1.1.1 & others
yargs-parser@7.0.0
yargs-parser Vulnerable to Prototype Pollution
Recommendation: Upgrade to version 13.1.2 or later
via: babel-loader@7.1.1 & others
got@6.7.1
Got allows a redirect to a UNIX socket
Recommendation: Upgrade to version 11.8.5 or later
via: sw-precache-webpack-plugin@0.11.4
ajv@5.5.2
Prototype Pollution in Ajv
Recommendation: Upgrade to version 6.12.3 or later
via: babel-loader@7.1.1 & others
react-dev-utils@3.1.3
react-dev-utils OS Command Injection in function `getProcessForPort`
Recommendation: Upgrade to version 11.0.4 or later
via: react-dev-utils@3.1.3 & others
jsdom@9.12.0
Insufficient Granularity of Access Control in JSDom
Recommendation: Upgrade to version 16.5.0 or later
via: jest@20.0.4
engine.io@1.8.5
Uncaught exception in engine.io
Recommendation: Upgrade to version 3.6.1 or later
via: webpack-dashboard@1.1.1
color-string@0.3.0
Regular Expression Denial of Service (ReDOS)
Recommendation: Upgrade to version 1.5.5 or later
via: css-loader@0.28.4
sockjs@0.3.18
Improper Input Validation in SocksJS-Node
Recommendation: Upgrade to version 0.3.20 or later
via: webpack-dev-server@2.7.1
node-sass@4.14.1
Improper Certificate Validation in node-sass
Recommendation: Upgrade to version 7.0.0 or later
via: node-sass@4.14.1 & others
request@2.88.2
Server-Side Request Forgery in Request
Recommendation: None
via: jest@20.0.4 & others
postcss@6.0.23
Regular Expression Denial of Service in postcss
Recommendation: Upgrade to version 7.0.36 or later
via: autoprefixer@7.1.2 & others
socket.io@1.7.4
CORS misconfiguration in socket.io
Recommendation: Upgrade to version 2.4.0 or later
via: webpack-dashboard@1.1.1
node-forge@0.10.0
Open Redirect in node-forge
Recommendation: Upgrade to version 1.0.0 or later
via: webpack-dev-server@2.7.1
debug@2.3.3
Regular Expression Denial of Service in debug
Recommendation: Upgrade to version 2.6.9 or later
via: webpack-dashboard@1.1.1 & others
ms@0.7.2
Vercel ms Inefficient Regular Expression Complexity vulnerability
Recommendation: Upgrade to version 2.0.0 or later
via: webpack-dashboard@1.1.1 & others
postcss@6.0.23
PostCSS line return parsing error
Recommendation: Upgrade to version 8.4.31 or later
via: autoprefixer@7.1.2 & others
semver@5.3.0
semver vulnerable to Regular Expression Denial of Service
Recommendation: Upgrade to version 5.7.2 or later
via: node-sass@4.14.1 & others
tough-cookie@2.5.0
tough-cookie Prototype Pollution vulnerability
Recommendation: Upgrade to version 4.1.3 or later
via: jest@20.0.4 & others
callsite@1.0.0
Package has no specified source code repository
via: webpack-dashboard@1.1.1
has-binary@0.1.7
Package has no specified source code repository
via: webpack-dashboard@1.1.1
indexof@0.0.1
Package has no specified source code repository
via: webpack-dashboard@1.1.1
object-component@0.0.3
Package has no specified source code repository
via: webpack-dashboard@1.1.1
Collapse
Expand

17 low severity issues

low
braces@1.8.5
Regular Expression Denial of Service in braces
Recommendation: Upgrade to version 2.3.1 or later
via: babel-jest@20.0.3 & others
node-forge@0.10.0
Prototype Pollution in node-forge debug API.
Recommendation: Upgrade to version 1.0.0 or later
via: webpack-dev-server@2.7.1
node-forge@0.10.0
URL parsing in node-forge could lead to undesired behavior.
Recommendation: Upgrade to version 1.0.0 or later
via: webpack-dev-server@2.7.1
braces@1.8.5
Regular Expression Denial of Service (ReDoS) in braces
Recommendation: Upgrade to version 2.3.1 or later
via: babel-jest@20.0.3 & others
doctrine@1.5.0
Package uses a license that is not OSI approved ("BSD")
Recommendation: Read and validate the license terms
via: eslint-config-react-app@2.1.0 & others
regenerator-transform@0.10.1
Package uses a license that is not OSI approved ("BSD")
Recommendation: Read and validate the license terms
via: babel-preset-react-app@3.1.2
regjsparser@0.1.5
Package uses a license that is not OSI approved ("BSD")
Recommendation: Read and validate the license terms
via: babel-preset-react-app@3.1.2
sntp@1.0.9
Package uses a license that is not OSI approved ("BSD")
Recommendation: Read and validate the license terms
via: less-loader@4.1.0 & others
caniuse-db@1.0.30001564
Package uses a license that is not OSI approved ("CC-BY-4.0")
Recommendation: Read and validate the license terms
via: css-loader@0.28.4
caniuse-lite@1.0.30001564
Package uses a license that is not OSI approved ("CC-BY-4.0")
Recommendation: Read and validate the license terms
via: autoprefixer@7.1.2 & others
rx-lite-aggregates@4.0.8
Package uses a license that is not OSI approved ("Apache License, Version 2.0")
Recommendation: Read and validate the license terms
via: eslint-config-react-app@2.1.0 & others
rx-lite@4.0.8
Package uses a license that is not OSI approved ("Apache License, Version 2.0")
Recommendation: Read and validate the license terms
via: eslint-config-react-app@2.1.0 & others
jsonify@0.0.1
Package uses a license that is not OSI approved ("Public Domain")
Recommendation: Read and validate the license terms
via: eslint-config-react-app@2.1.0 & others
spdx-exceptions@2.3.0
Package uses a license that is not OSI approved ("CC-BY-3.0")
Recommendation: Read and validate the license terms
via: babel-jest@20.0.3 & others
spdx-license-ids@3.0.16
Package uses a license that is not OSI approved ("CC0-1.0")
Recommendation: Read and validate the license terms
via: babel-jest@20.0.3 & others
wordwrap@0.0.2
Package uses a license that is not OSI approved ("MIT/X11")
Recommendation: Read and validate the license terms
via: babel-loader@7.1.1 & others
xml-name-validator@2.0.1
Package uses a license that is not OSI approved ("WTFPL")
Recommendation: Read and validate the license terms
via: jest@20.0.4
Collapse
Expand

Licenses

MIT
1047
ISC
99
BSD-3-Clause
64
Apache-2.0
29
BSD-2-Clause
29
N/A
13
BSD
4
CC-BY-4.0
2
Apache License, Version 2.0
2
BSD-3-Clause OR MIT
1
(MIT OR Apache-2.0)
1
(Apache-2.0 OR MPL-1.1)
1
(AFL-2.1 OR BSD-3-Clause)
1
Public Domain
1
(BSD-3-Clause OR GPL-2.0)
1
(MIT AND Zlib)
1
(WTFPL OR MIT)
1
(BSD-2-Clause OR MIT OR Apa...
1
(MIT AND BSD-3-Clause)
1
CC-BY-3.0
1
CC0-1.0
1
Unlicense
1
MIT/X11
1
WTFPL
1

MIT License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
Cannot
hold-liable
Must
include-copyright
include-license
1047 Packages, Including:
@most/multicast@1.3.0
@most/prelude@1.8.0
@types/keyv@3.1.4
@types/node@20.9.4
@types/responselike@1.0.3
accepts@1.3.3
accepts@1.3.8
acorn-dynamic-import@2.0.2
acorn-globals@3.1.0
acorn-jsx@3.0.1
acorn@3.3.0
acorn@4.0.13
acorn@5.7.4
address@1.0.2
after@0.8.2
ajv-keywords@2.1.1
ajv-keywords@3.5.2
ajv@4.11.8
ajv@5.5.2
ajv@6.12.6
align-text@0.1.4
alphanum-sort@1.0.2
anser@1.4.1
ansi-escapes@1.4.0
ansi-escapes@2.0.0
ansi-escapes@3.2.0
ansi-regex@2.1.1
ansi-regex@3.0.1
ansi-regex@4.1.1
ansi-styles@2.2.1
ansi-styles@3.2.1
append-transform@0.4.0
argparse@1.0.10
arr-diff@2.0.0
arr-diff@4.0.0
arr-flatten@1.1.0
arr-union@3.1.0
array-buffer-byte-length@1.0.0
array-equal@1.0.2
array-filter@0.0.1
array-find-index@1.0.2
array-flatten@1.1.1
array-flatten@2.1.2
array-includes@3.1.7
array-map@0.0.1
array-reduce@0.0.0
array-union@1.0.2
array-uniq@1.0.3
array-unique@0.2.1
array-unique@0.3.2

ISC License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
Cannot
hold-liable
Must
include-copyright
include-license
99 Packages, Including:
abab@1.0.4
abbrev@1.1.1
ansi-align@2.0.0
anymatch@1.3.2
anymatch@2.0.0
anymatch@3.1.3
aproba@1.2.0
are-we-there-yet@1.1.7
ast-types-flow@0.0.7
block-stream@0.0.9
boolbase@1.0.0
browserify-sign@4.2.2
cli-width@2.2.1
cliui@2.1.0
cliui@3.2.0
cliui@5.0.0
console-control-strings@1.1.0
d@1.0.1
electron-to-chromium@1.4.592
es5-ext@0.10.62
es6-set@0.1.6
es6-symbol@3.1.3
es6-weak-map@2.0.3
ext@1.7.0
fs.realpath@1.0.0
fstream@1.0.12
gauge@2.7.4
get-caller-file@1.0.3
get-caller-file@2.0.5
glob-parent@2.0.0
glob-parent@3.1.0
glob-parent@5.1.2
glob@7.1.7
glob@7.2.3
graceful-fs@4.2.11
har-schema@1.0.5
har-schema@2.0.0
har-validator@4.2.1
has-unicode@2.0.1
hosted-git-info@2.8.9
icss-replace-symbols@1.1.0
icss-utils@2.1.0
in-publish@2.0.1
inflight@1.0.6
inherits@2.0.3
inherits@2.0.4
ini@1.3.8
is-resolvable@1.1.0
isexe@2.0.0
json-stringify-safe@5.0.1

BSD 3-Clause "New" or "Revised" License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
place-warranty
Cannot
use-trademark
hold-liable
Must
include-copyright
include-license
64 Packages, Including:
babel-jest@20.0.3
babel-plugin-istanbul@4.1.6
babel-plugin-jest-hoist@20.0.3
babel-preset-jest@20.0.3
bcrypt-pbkdf@1.0.2
boom@2.10.1
cryptiles@2.0.5
custom-react-scripts@0.2.2
diff@3.5.0
duplexer3@0.1.5
eslint-plugin-flowtype@2.35.0
esquery@1.5.0
filesize@3.5.10
filesize@3.6.1
hawk@3.1.3
hoek@2.16.3
ieee754@1.2.1
istanbul-api@1.3.7
istanbul-lib-coverage@1.2.1
istanbul-lib-hook@1.2.2
istanbul-lib-instrument@1.10.2
istanbul-lib-report@1.1.5
istanbul-lib-source-maps@1.2.6
istanbul-reports@1.5.1
jest-changed-files@20.0.3
jest-cli@20.0.4
jest-config@20.0.4
jest-diff@20.0.3
jest-docblock@20.0.3
jest-environment-jsdom@20.0.3
jest-environment-node@20.0.3
jest-haste-map@20.0.5
jest-jasmine2@20.0.4
jest-matcher-utils@20.0.3
jest-matchers@20.0.3
jest-message-util@20.0.3
jest-mock@20.0.3
jest-regex-util@20.0.3
jest-resolve-dependencies@20.0.3
jest-resolve@20.0.4
jest-runtime@20.0.4
jest-snapshot@20.0.3
jest-util@20.0.3
jest-validate@20.0.3
jest@20.0.4
js-base64@2.6.4
makeerror@1.0.12
pretty-format@20.0.3
qs@6.11.0
qs@6.11.2

Apache License 2.0

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
use-patent-claims
place-warranty
Cannot
hold-liable
use-trademark
Must
include-copyright
include-license
state-changes
include-notice
29 Packages, Including:
ansi-html@0.0.7
aria-query@0.7.1
aws-sign2@0.6.0
aws-sign2@0.7.0
axobject-query@0.1.0
bser@1.0.2
bser@2.1.1
caseless@0.12.0
doctrine@2.1.0
farmhash@1.2.1
faye-websocket@0.11.4
fb-watchman@1.9.2
fb-watchman@2.0.2
forever-agent@0.6.1
less@2.7.3
oauth-sign@0.8.2
oauth-sign@0.9.0
request@2.81.0
request@2.88.2
spdx-correct@3.2.0
sw-precache@5.2.1
sw-toolbox@3.6.0
true-case-path@1.0.3
tunnel-agent@0.6.0
validate-npm-package-license@3.0.4
walker@1.0.8
websocket-driver@0.7.4
websocket-extensions@0.1.4
workerpool@2.3.4

BSD 2-Clause "Simplified" License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
place-warranty
Cannot
hold-liable
Must
include-copyright
include-license
29 Packages, Including:
configstore@3.1.5
css-select@4.3.0
css-what@6.1.0
damerau-levenshtein@1.0.8
domelementtype@2.3.0
domhandler@4.3.1
domutils@2.8.0
dotenv@4.0.0
entities@2.2.0
escodegen@1.14.3
escope@3.6.0
eslint-scope@3.7.3
espree@3.5.4
esprima@2.7.3
esprima@4.0.1
esrecurse@4.3.0
estraverse@4.3.0
estraverse@5.3.0
esutils@2.0.3
normalize-package-data@2.5.0
nth-check@2.1.1
uglify-es@3.3.9
uglify-js@2.8.29
uglify-js@3.17.4
uglify-js@3.4.10
update-notifier@2.5.0
uri-js@4.4.1
webidl-conversions@3.0.1
webidl-conversions@4.0.2

N/A

N/A
13 Packages, Including:
arraybuffer.slice@0.0.6
async-foreach@0.1.3
better-assert@1.0.2
blob@0.0.4
callsite@1.0.0
component-bind@1.0.0
component-emitter@1.1.2
component-inherit@0.0.3
indexof@0.0.1
ms@0.7.1
object-component@0.0.3
options@0.0.6
watch@0.10.0

BSD

Invalid
Not OSI Approved
4 Packages, Including:
doctrine@1.5.0
regenerator-transform@0.10.1
regjsparser@0.1.5
sntp@1.0.9

Creative Commons Attribution 4.0 International

Uncategorized
Not OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
Cannot
Must
2 Packages, Including:
caniuse-db@1.0.30001564
caniuse-lite@1.0.30001564

Apache License, Version 2.0

Invalid
Not OSI Approved
2 Packages, Including:
rx-lite-aggregates@4.0.8
rx-lite@4.0.8

BSD-3-Clause OR MIT

Permissive
1 Packages, Including:
amdefine@1.0.1

(MIT OR Apache-2.0)

Permissive
1 Packages, Including:
atob@2.1.2

(Apache-2.0 OR MPL-1.1)

Permissive
1 Packages, Including:
harmony-reflect@1.6.2

(AFL-2.1 OR BSD-3-Clause)

Permissive
1 Packages, Including:
json-schema@0.4.0

Public Domain

Invalid
Not OSI Approved
1 Packages, Including:
jsonify@0.0.1

(BSD-3-Clause OR GPL-2.0)

Permissive
1 Packages, Including:
node-forge@0.10.0

(MIT AND Zlib)

Permissive
1 Packages, Including:
pako@1.0.11

(WTFPL OR MIT)

Permissive
1 Packages, Including:
path-is-inside@1.0.2

(BSD-2-Clause OR MIT OR Apache-2.0)

Expression
1 Packages, Including:
rc@1.2.8

(MIT AND BSD-3-Clause)

Permissive
1 Packages, Including:
sha.js@2.4.11

Creative Commons Attribution 3.0 Unported

Uncategorized
Not OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
Cannot
Must
1 Packages, Including:
spdx-exceptions@2.3.0

Creative Commons Zero v1.0 Universal

Public Domain
Not OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
Cannot
Must
1 Packages, Including:
spdx-license-ids@3.0.16

The Unlicense

Public Domain
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
private-use
modify
Cannot
include-copyright
hold-liable
Must
1 Packages, Including:
tweetnacl@0.14.5

MIT/X11

Invalid
Not OSI Approved
1 Packages, Including:
wordwrap@0.0.2

Do What The F*ck You Want To Public License

Permissive
Not OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
sublicense
distribute
modify
Cannot
Must
rename
1 Packages, Including:
xml-name-validator@2.0.1
Disclaimer

This deed highlights only some of the key features and terms of the actual license. It is not a license and has no legal value. You should carefully review all of the terms and conditions of the actual license before using the licensed material.

Sandworm is not a law firm and does not provide legal services. Distributing, displaying, or linking to this deed or the license that it summarizes does not create a lawyer-client or any other relationship.

Direct Dependencies

47
All Dependencies CSV
β“˜ This is a list of custom-react-scripts 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.
NameVersionSizeLicenseTypeVulnerabilities
autoprefixer7.1.251.58 kBMIT
prod
2
2
1
babel-core6.25.021.48 kBMIT
prod peer
3
babel-eslint7.2.311.32 kBMIT
prod peer
3
babel-jest20.0.32.55 kBBSD-3-Clause
prod
5
4
babel-loader7.1.19.56 kBMIT
prod
16
3
3
babel-plugin-transform-decorators-legacy1.3.56.23 kBMIT
prod
2
babel-preset-react-app3.1.22.85 kBMIT
prod
6
3
babel-preset-stage-06.24.1907 BMIT
prod
2
babel-runtime6.23.011.1 kBMIT
prod peer
2
case-sensitive-paths-webpack-plugin2.1.14.5 kBMIT
prod
chalk1.1.35.11 kBMIT
prod
css-loader0.28.412.6 kBMIT
prod
7
4
1
dotenv4.0.05.89 kBBSD-2-Clause
prod
eslint-config-react-app2.1.03.94 kBMIT
prod
9
1
6
eslint-loader1.9.06.46 kBMIT
prod
5
1
3
eslint-plugin-flowtype2.35.027.39 kBBSD-3-Clause
prod peer
4
1
3
eslint-plugin-import2.7.0110.82 kBMIT
prod peer
6
1
6
eslint-plugin-jsx-a11y5.1.1101.08 kBMIT
prod peer
4
1
3
eslint-plugin-react7.1.083.85 kBMIT
prod peer
4
1
3
eslint4.4.1447.86 kBMIT
prod peer
4
1
3
extract-text-webpack-plugin3.0.011.28 kBMIT
prod
15
3
3
file-loader0.11.24.28 kBMIT
prod peer
fs-extra3.0.132.76 kBMIT
prod
fsevents1.1.21.75 MBMIT
prod optional
2
2
html-webpack-plugin2.29.018.81 kBMIT
prod
1
15
3
3
identity-obj-proxy3.0.05.14 kBMIT
prod
jest20.0.42.02 kBBSD-3-Clause
prod
1
11
4
6
less-loader4.1.010.29 kBMIT
prod
26
5
5
less2.7.3490.48 kBApache-2.0
prod peer
12
3
2
node-sass4.14.1381 kBMIT
prod peer
1
14
4
2
object-assign4.1.12.61 kBMIT
prod
postcss-flexbugs-fixes3.2.02.85 kBMIT
prod
2
postcss-loader2.0.68.02 kBMIT
prod
3
promise8.0.126.06 kBMIT
prod
react-dev-utils3.1.328.37 kBBSD-3-Clause
prod
2
19
4
6
react-error-overlay1.0.1020.81 kBBSD-3-Clause
prod
2
17
4
4
sass-loader6.0.711.89 kBMIT
prod
1
27
7
3
style-loader0.18.210.31 kBMIT
prod
1
stylus-loader3.0.211.51 kBMIT
prod
4
stylus0.54.8102.45 kBMIT
prod peer
4
sw-precache-webpack-plugin0.11.450.48 kBISC
prod
18
4
3
url-loader0.5.93.82 kBMIT
prod
1
webpack-dashboard1.1.113.46 kBMIT
prod
12
22
12
3
webpack-dev-server2.7.1202.14 kBMIT
prod
4
24
9
7
webpack-manifest-plugin1.2.12.77 kBMIT
prod
14
3
3
webpack3.5.1173.04 kBMIT
prod peer
14
3
3
whatwg-fetch2.0.37.48 kBMIT
prod

Visualizations

Tree
Treemap

All Versions

Sandworm Dunes
Ready to start?

Scan your app for security vulnerabilities and license issues

Start Free With GitHub
Sandworm Open Source
Sandworm
Getting Started Issue Types Resolve Issues License Policies Sandworm Guard
Explore
Npm Package List Composer Package List Npm Categories List Npm Security Vulnerabilities Composer Security Vulnerabilities
Support
Sponsor Discuss Terms of Use Privacy Policy Security
More from Sandworm
Newsletter 𝕏 / Twitter 𝕏 / Twitter Security Alerts Knowledge Base Blog Contact