Hold on, we're currently generating a fresh version of this report

Generated on Feb 25, 2024 via pnpm

everyauth 0.4.8

Auth solution (password, facebook, & more) for your node.js Connect & Express apps

Package summary

50

issues

5

licenses

Package created

5 Apr 2011

Version published

17 Oct 2014

Maintainers

1

Total deps

132

Direct deps

8

License

UNKNOWN

Issues

50

18 critical severity issues

morgan@1.6.1

Code Injection in morgan

Recommendation: Upgrade to version 1.9.1 or later

via: express@3.21.2

minimist@0.0.8

Prototype Pollution in minimist

Recommendation: Upgrade to version 0.2.4 or later

via: express@3.21.2

bytes@0.1.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@2.3.9

connect@2.3.9

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@2.3.9

cookie@0.0.4

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@2.3.9

crc@0.2.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@2.3.9

debug@0.5.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@2.3.9 & others

everyauth@0.4.8

Package has no specified license

Recommendation: Check the package code and files for license information

via: everyauth@0.4.8

formidable@1.0.11

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@2.3.9

fresh@0.1.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@2.3.9

mime@1.2.6

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@2.3.9

ms@0.7.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: express@3.21.2

node-swt@0.1.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: node-swt@0.1.1

node-wsfederation@0.1.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: node-wsfederation@0.1.1

qs@0.4.2

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@2.3.9

range-parser@0.0.4

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@2.3.9

request@2.9.203

Package has no specified license

Recommendation: Check the package code and files for license information

via: request@2.9.203

send@0.0.3

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@2.3.9

15 high severity issues

qs@0.4.2

Prototype Pollution Protection Bypass in qs

Recommendation: Upgrade to version 6.0.4 or later

via: connect@2.3.9 & others

base64-url@1.2.1

Out-of-bounds Read in base64-url

Recommendation: Upgrade to version 2.0.0 or later

via: express@3.21.2

qs@0.4.2

Denial-of-Service Extended Event Loop Blocking in qs

Recommendation: Upgrade to version 1.0.0 or later

via: connect@2.3.9

negotiator@0.5.3

Regular Expression Denial of Service in negotiator

Recommendation: Upgrade to version 0.6.1 or later

via: express@3.21.2

qs@0.4.2

Denial-of-Service Memory Exhaustion in qs

Recommendation: Upgrade to version 1.0.0 or later

via: connect@2.3.9

fresh@0.1.0

Regular Expression Denial of Service in fresh

Recommendation: Upgrade to version 0.5.2 or later

via: connect@2.3.9 & others

mime@1.2.6

mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input

Recommendation: Upgrade to version 1.4.1 or later

via: connect@2.3.9 & others

debug@0.5.0

debug Inefficient Regular Expression Complexity vulnerability

Recommendation: Upgrade to version 2.6.9 or later

via: connect@2.3.9 & others

qs@0.4.2

qs vulnerable to Prototype Pollution

Recommendation: Upgrade to version 6.2.4 or later

via: connect@2.3.9 & others

stream-counter@0.2.0

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: express@3.21.2

connect@2.3.9

Deprecated package

via: connect@2.3.9

connect@2.30.2

Deprecated package

via: express@3.21.2

formidable@1.0.11

Deprecated package

via: connect@2.3.9

mkdirp@0.5.1

Deprecated package

via: express@3.21.2

request@2.9.203

Deprecated package

via: request@2.9.203

14 moderate severity issues

connect@2.3.9

Cross-Site Scripting in connect

Recommendation: Upgrade to version 2.14.0 or later

via: connect@2.3.9

request@2.9.203

Server-Side Request Forgery in Request

Recommendation: None

via: request@2.9.203

connect@2.3.9

Node Connect Reflected Cross-Site Scripting in Sencha Labs Connect middleware

Recommendation: Upgrade to version 2.8.2 or later

via: connect@2.3.9

request@2.9.203

Remote Memory Exposure in request

Recommendation: Upgrade to version 2.68.0 or later

via: request@2.9.203

debug@0.5.0

Regular Expression Denial of Service in debug

Recommendation: Upgrade to version 2.6.9 or later

via: connect@2.3.9 & others

ms@0.7.1

Vercel ms Inefficient Regular Expression Complexity vulnerability

Recommendation: Upgrade to version 2.0.0 or later

via: express@3.21.2

send@0.0.3

Root Path Disclosure in send

Recommendation: Upgrade to version 0.11.1 or later

via: connect@2.3.9

minimist@0.0.8

Prototype Pollution in minimist

Recommendation: Upgrade to version 0.2.1 or later

via: express@3.21.2

bytes@0.1.0

Package has no specified source code repository

via: connect@2.3.9

debug@0.5.0

Package has no specified source code repository

via: connect@2.3.9 & others

formidable@1.0.11

Package has no specified source code repository

via: connect@2.3.9

fresh@0.1.0

Package has no specified source code repository

via: connect@2.3.9

range-parser@0.0.4

Package has no specified source code repository

via: connect@2.3.9

send@0.0.3

Package has no specified source code repository

via: connect@2.3.9

3 low severity issues

connect@2.3.9

methodOverride Middleware Reflected Cross-Site Scripting in connect

Recommendation: Upgrade to version 2.8.1 or later

via: connect@2.3.9

send@0.0.3

Directory Traversal in send

Recommendation: Upgrade to version 0.8.4 or later

via: connect@2.3.9

stream-counter@0.2.0

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: express@3.21.2

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

110 Packages, Including:

accepts@1.2.13

accepts@1.3.8

asynckit@0.4.0

axios@1.6.7

basic-auth-connect@1.0.0

basic-auth@1.0.4

batch@0.5.3

body-parser@1.13.3

bytes@2.1.0

bytes@2.4.0

call-bind@1.0.7

combined-stream@1.0.8

commander@2.6.0

compressible@2.0.18

compression@1.5.2

connect-timeout@1.6.2

connect@2.30.2

content-disposition@0.5.0

content-type@1.0.5

cookie-parser@1.3.5

cookie-signature@1.0.6

cookie@0.1.3

core-util-is@1.0.3

crc@3.3.0

csrf@3.0.6

csurf@1.8.3

debug@2.2.0

debug@2.6.9

define-data-property@1.1.4

delayed-stream@1.0.0

depd@1.0.1

depd@1.1.2

destroy@1.0.3

destroy@1.0.4

ee-first@1.1.1

errorhandler@1.4.3

es-define-property@1.0.0

es-errors@1.3.0

escape-html@1.0.2

escape-html@1.0.3

etag@1.7.0

express-session@1.11.3

express@3.21.2

finalhandler@0.4.0

follow-redirects@1.15.5

form-data@4.0.0

forwarded@0.1.2

fresh@0.3.0

function-bind@1.1.2

get-intrinsic@1.2.4

N/A

N/A

16 Packages, Including:

bytes@0.1.0

connect@2.3.9

cookie@0.0.4

crc@0.2.0

debug@0.5.0

everyauth@0.4.8

formidable@1.0.11

fresh@0.1.0

mime@1.2.6

ms@0.7.1

node-swt@0.1.1

node-wsfederation@0.1.1

qs@0.4.2

range-parser@0.0.4

request@2.9.203

send@0.0.3

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

3 Packages, Including:

base64-url@1.2.1

inherits@2.0.4

sax@1.3.0

BSD 3-Clause "New" or "Revised" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

use-trademark

hold-liable

Must

include-copyright

include-license

2 Packages, Including:

qs@4.0.0

qs@6.11.2

BSD

Invalid

Not OSI Approved

1 Packages, Including:

stream-counter@0.2.0

Direct Dependencies

8

All Dependencies CSV

ⓘ This is a list of everyauth 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
connect	2.3.9	70.98 kB	UNKNOWN	prod	11 9 10 2
debug	0.5.0	10 kB	UNKNOWN	prod peer	1 1 2
express	3.21.2	42.38 kB	MIT	prod	3 10 3 1
node-swt	0.1.1	10 kB	UNKNOWN	prod	1
node-wsfederation	0.1.1	10 kB	UNKNOWN	prod	1
openid	2.0.11	20.95 kB	MIT	prod	1 1 2
request	2.9.203	78.33 kB	UNKNOWN	prod	1 1 2
xml2js	0.6.2	838.3 kB	MIT	prod

Recent Versions