Hold on, we're currently generating a fresh version of this report

Generated on Apr 17, 2024 via pnpm

cylon 0.20.2

A JavaScript robotics framework for Node.js

Package summary

24

issues

4

licenses

Package created

18 Oct 2013

Version published

6 Nov 2014

Maintainers

3

Total deps

44

Direct deps

4

License

Apache 2.0

Issues

24

7 critical severity issues

bytes@1.0.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: body-parser@1.9.0

cookie@0.1.2

Package has no specified license

Recommendation: Check the package code and files for license information

via: express@4.9.8

debug@2.0.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: express@4.9.8

escape-html@1.0.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: express@4.9.8

mime@1.2.11

Package has no specified license

Recommendation: Check the package code and files for license information

via: express@4.9.8

ms@0.6.2

Package has no specified license

Recommendation: Check the package code and files for license information

via: express@4.9.8

path-to-regexp@0.1.3

Package has no specified license

Recommendation: Check the package code and files for license information

via: express@4.9.8

10 high severity issues

qs@2.2.4

Prototype Pollution Protection Bypass in qs

Recommendation: Upgrade to version 6.0.4 or later

via: body-parser@1.9.0 & others

negotiator@0.4.9

Regular Expression Denial of Service in negotiator

Recommendation: Upgrade to version 0.6.1 or later

via: express@4.9.8

fresh@0.2.4

Regular Expression Denial of Service in fresh

Recommendation: Upgrade to version 0.5.2 or later

via: express@4.9.8

mime@1.2.11

mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input

Recommendation: Upgrade to version 1.4.1 or later

via: express@4.9.8

debug@2.0.0

debug Inefficient Regular Expression Complexity vulnerability

Recommendation: Upgrade to version 2.6.9 or later

via: express@4.9.8

ms@0.6.2

Regular Expression Denial of Service in ms

Recommendation: Upgrade to version 0.7.1 or later

via: express@4.9.8

qs@2.2.4

qs vulnerable to Prototype Pollution

Recommendation: Upgrade to version 6.2.4 or later

via: body-parser@1.9.0 & others

cylon@0.20.2

Package uses an invalid SPDX license ("Apache 2.0")

Recommendation: Validate that the package complies with your license policy

via: cylon@0.20.2

robeaux@0.2.0

Package uses an invalid SPDX license ("Apache 2.0")

Recommendation: Validate that the package complies with your license policy

via: robeaux@0.2.0

qs@2.2.4

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: body-parser@1.9.0 & others

3 moderate severity issues

ms@0.6.2

Vercel ms Inefficient Regular Expression Complexity vulnerability

Recommendation: Upgrade to version 2.0.0 or later

via: express@4.9.8

send@0.9.3

Root Path Disclosure in send

Recommendation: Upgrade to version 0.11.1 or later

via: express@4.9.8

express@4.9.8

Express.js Open Redirect in malformed URLs

Recommendation: Upgrade to version 4.19.2 or later

via: express@4.9.8

4 low severity issues

debug@2.0.0

Regular Expression Denial of Service in debug

Recommendation: Upgrade to version 2.6.9 or later

via: express@4.9.8

cylon@0.20.2

Package uses a license that is not OSI approved ("Apache 2.0")

Recommendation: Read and validate the license terms

via: cylon@0.20.2

robeaux@0.2.0

Package uses a license that is not OSI approved ("Apache 2.0")

Recommendation: Read and validate the license terms

via: robeaux@0.2.0

qs@2.2.4

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: body-parser@1.9.0 & others

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

34 Packages, Including:

accepts@1.1.4

async@0.9.0

body-parser@1.9.0

cookie-signature@1.0.5

crc@3.0.0

depd@0.4.5

depd@1.0.1

destroy@1.0.3

ee-first@1.0.5

ee-first@1.1.0

etag@1.4.0

express@4.9.8

finalhandler@0.2.0

forwarded@0.1.2

fresh@0.2.4

iconv-lite@0.4.4

ipaddr.js@1.0.5

media-typer@0.3.0

merge-descriptors@0.0.2

methods@1.1.0

mime-db@1.12.0

mime-types@2.0.14

negotiator@0.4.9

on-finished@2.1.0

on-finished@2.1.1

parseurl@1.3.3

proxy-addr@1.0.10

range-parser@1.0.3

raw-body@1.3.0

send@0.9.3

serve-static@1.6.5

type-is@1.5.7

utils-merge@1.0.0

vary@1.0.1

N/A

N/A

7 Packages, Including:

bytes@1.0.0

cookie@0.1.2

debug@2.0.0

escape-html@1.0.1

mime@1.2.11

ms@0.6.2

path-to-regexp@0.1.3

Apache 2.0

Invalid

Not OSI Approved

2 Packages, Including:

cylon@0.20.2

robeaux@0.2.0

BSD

Invalid

Not OSI Approved

1 Packages, Including:

qs@2.2.4

Direct Dependencies

4

All Dependencies CSV

ⓘ This is a list of cylon 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
async	0.9.0	19.38 kB	MIT	prod
body-parser	1.9.0	7.84 kB	MIT	prod	1 3 1
express	4.9.8	43.49 kB	MIT	prod	6 8 3 2
robeaux	0.2.0	1.22 MB	Apache 2.0	prod	1 1

Recent Versions