Generated on Apr 28, 2024 via pnpm

Npm

Home

express-gateway 1.16.11

A microservices API gateway built on top of ExpressJS

microservices

apis

api gateway

Package summary

issues

licenses

Package created

29 Jun 2017

Version published

29 Apr 2021

Maintainers

Total deps

638

Direct deps

License

Apache-2.0

Issues

3 critical severity issues

critical

ejs@2.7.4

ejs template injection vulnerability

Recommendation: Upgrade to version 3.1.7 or later

via: ejs@2.7.4 & others

cli-table@0.3.11

Package has no specified license

Recommendation: Check the package code and files for license information

via: yeoman-environment@2.10.3 & others

pause@0.0.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: passport@0.4.1

Collapse

Expand

17 high severity issues

high

redis@2.8.0

Node-Redis potential exponential regex in monitor mode

Recommendation: Upgrade to version 3.1.1 or later

via: rate-limit-redis@1.7.0

pac-resolver@4.2.0

Code Injection in pac-resolver

Recommendation: Upgrade to version 5.0.0 or later

via: proxy-agent@4.0.1

degenerator@2.2.0

Code Injection in pac-resolver

Recommendation: Upgrade to version 3.0.1 or later

via: proxy-agent@4.0.1

glob-parent@3.1.0

glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex

Recommendation: Upgrade to version 5.1.2 or later

via: yeoman-environment@2.10.3 & others

glob-to-regexp@0.3.0

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: yeoman-environment@2.10.3 & others

spdx-exceptions@2.5.0

Package uses an atypical license ("CC-BY-3.0")

Recommendation: Read and validate the license terms

via: yeoman-environment@2.10.3 & others

ejs@2.7.4

Package uses postinstall script: "node ./postinstall.js"

via: ejs@2.7.4 & others

es5-ext@0.10.64

Package uses postinstall script: " node -e "try{require('./_postinstall')}catch(e){}" || exit 0"

via: ioredis-mock@4.21.8

formidable@1.2.6

Deprecated package

via: superagent-logger@1.1.0 & others

json-schema-ref-parser@7.1.4

Deprecated package

via: json-schema-ref-parser@7.1.4

resolve-url@0.2.1

Deprecated package

via: yeoman-environment@2.10.3 & others

source-map-resolve@0.5.3

Deprecated package

via: yeoman-environment@2.10.3 & others

source-map-url@0.4.1

Deprecated package

via: yeoman-environment@2.10.3 & others

superagent@5.3.1

Deprecated package

via: superagent-logger@1.1.0 & others

urix@0.1.0

Deprecated package

via: yeoman-environment@2.10.3 & others

uuid@3.3.2

Deprecated package

via: uuid62@1.0.1

uuid@3.4.0

Deprecated package

via: uuid@3.4.0

Collapse

Expand

7 moderate severity issues

moderate

got@6.7.1

Got allows a redirect to a UNIX socket

Recommendation: Upgrade to version 11.8.5 or later

via: yeoman-environment@2.10.3 & others

jsonwebtoken@8.5.1

jsonwebtoken unrestricted key type could lead to legacy keys usage

Recommendation: Upgrade to version 9.0.0 or later

via: jsonwebtoken@8.5.1

jsonwebtoken@8.5.1

jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC

Recommendation: Upgrade to version 9.0.0 or later

via: jsonwebtoken@8.5.1

jsonwebtoken@8.5.1

jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()

Recommendation: Upgrade to version 9.0.0 or later

via: jsonwebtoken@8.5.1

passport@0.4.1

Passport vulnerable to session regeneration when a users logs in or out

Recommendation: Upgrade to version 0.6.0 or later

via: passport@0.4.1

axios@0.21.4

Axios Cross-Site Request Forgery Vulnerability

Recommendation: Upgrade to version 0.28.0 or later

via: yeoman-environment@2.10.3 & others

pause@0.0.1

Package has no specified source code repository

via: passport@0.4.1

Collapse

Expand

4 low severity issues

low

glob-to-regexp@0.3.0

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: yeoman-environment@2.10.3 & others

spdx-exceptions@2.5.0

Package uses a license that is not OSI approved ("CC-BY-3.0")

Recommendation: Read and validate the license terms

via: yeoman-environment@2.10.3 & others

spdx-license-ids@3.0.17

Package uses a license that is not OSI approved ("CC0-1.0")

Recommendation: Read and validate the license terms

via: yeoman-environment@2.10.3 & others

yaml-js@0.1.5

Package uses a license that is not OSI approved ("WTFPL")

Recommendation: Read and validate the license terms

via: yawn-yaml@1.4.0

Collapse

Expand

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

546 Packages, Including:

@babel/code-frame@7.24.2

@babel/helper-validator-identifier@7.22.20

@babel/highlight@7.24.2

@colors/colors@1.6.0

@mrmlnc/readdir-enhanced@2.2.1

@nodelib/fs.stat@1.1.3

@tootallnate/once@1.1.2

@types/glob@7.2.0

@types/keyv@3.1.4

@types/minimatch@3.0.5

@types/minimatch@5.1.2

@types/node@20.12.7

@types/normalize-package-data@2.4.4

@types/responselike@1.0.3

@types/triple-beam@1.3.5

accepts@1.3.8

agent-base@6.0.2

ajv-keywords@3.5.2

ajv@6.12.6

ansi-escapes@4.3.2

ansi-regex@2.1.1

ansi-regex@3.0.1

ansi-regex@4.1.1

ansi-regex@5.0.1

ansi-styles@2.2.1

ansi-styles@3.2.1

ansi-styles@4.3.0

argparse@1.0.10

arr-diff@4.0.0

arr-flatten@1.1.0

arr-union@3.1.0

array-differ@1.0.0

array-differ@3.0.0

array-flatten@1.1.1

array-from@2.1.1

array-union@1.0.2

array-union@2.1.0

array-uniq@1.0.3

array-unique@0.3.2

arrify@1.0.1

arrify@2.0.1

assign-symbols@1.0.0

ast-types@0.13.4

async@2.6.4

async@3.2.5

asynckit@0.4.0

axios@0.21.4

balanced-match@1.0.2

base-x@3.0.5

base64-js@1.5.1

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

46 Packages, Including:

anymatch@3.1.3

cli-width@3.0.0

cliui@5.0.0

d@1.0.2

es5-ext@0.10.64

es6-set@0.1.6

es6-symbol@3.1.4

esniff@2.0.1

ext@1.7.0

fs.realpath@1.0.0

get-caller-file@2.0.5

glob-parent@3.1.0

glob-parent@5.1.2

glob@7.2.3

graceful-fs@4.2.11

hosted-git-info@2.8.9

inflight@1.0.6

inherits@2.0.4

isexe@2.0.0

lru-cache@5.1.1

lru-cache@6.0.0

minimatch@3.1.2

minimatch@5.1.6

mute-stream@0.0.8

next-tick@1.1.0

once@1.4.0

picocolors@1.0.0

remove-trailing-separator@1.1.0

require-main-filename@2.0.0

rimraf@2.7.1

rimraf@3.0.2

semver@5.7.2

semver@6.3.1

semver@7.6.0

set-blocking@2.0.0

setprototypeof@1.2.0

signal-exit@3.0.7

type@2.7.2

which-module@2.0.1

which@1.3.1

which@2.0.2

wrappy@1.0.2

y18n@4.0.3

yallist@3.1.1

yallist@4.0.0

yargs-parser@15.0.3

BSD 3-Clause "New" or "Revised" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

use-trademark

hold-liable

Must

include-copyright

include-license

12 Packages, Including:

buffer-equal-constant-time@1.0.1

diff@3.5.0

diff@4.0.2

duplexer3@0.1.5

ieee754@1.2.1

qs@6.11.0

qs@6.12.1

shelljs@0.8.5

source-map@0.5.7

source-map@0.6.1

sprintf-js@1.0.3

sprintf-js@1.1.3

Apache License 2.0

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

use-patent-claims

place-warranty

Cannot

hold-liable

use-trademark

Must

include-copyright

include-license

state-changes

include-notice

12 Packages, Including:

cluster-key-slot@1.1.2

denque@1.5.1

ecdsa-sig-formatter@1.0.11

ejs@2.7.4

ejs@3.1.10

express-gateway@1.16.11

filelist@1.0.4

human-signals@1.1.1

jake@10.8.7

rxjs@6.6.7

spdx-correct@3.2.0

validate-npm-package-license@3.0.4

BSD 2-Clause "Simplified" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

hold-liable

Must

include-copyright

include-license

10 Packages, Including:

escodegen@1.14.3

esprima@4.0.1

estraverse@4.3.0

esutils@2.0.3

normalize-package-data@2.5.0

uri-js@4.4.1

webidl-conversions@3.0.1

yeoman-environment@2.10.3

yeoman-generator@3.2.0

yeoman-generator@4.13.0

(MIT OR Apache-2.0)

Permissive

2 Packages, Including:

JSONStream@1.3.5

atob@2.1.2

N/A

2 Packages, Including:

cli-table@0.3.11

pause@0.0.1

BSD Zero Clause License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

include-copyright

include-license

include-original

Cannot

hold-liable

Must

2 Packages, Including:

tslib@1.14.1

tslib@2.6.2

(MIT OR CC0-1.0)

Public Domain

2 Packages, Including:

type-fest@0.21.3

type-fest@0.6.0

BSD

Invalid

Not OSI Approved

1 Packages, Including:

glob-to-regexp@0.3.0

Creative Commons Attribution 3.0 Unported

Uncategorized

Not OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

Cannot

Must

1 Packages, Including:

spdx-exceptions@2.5.0

Creative Commons Zero v1.0 Universal

Public Domain

Not OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

Cannot

Must

1 Packages, Including:

spdx-license-ids@3.0.17

Do What The F*ck You Want To Public License

Permissive

Not OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

sublicense

distribute

modify

Cannot

Must

rename

1 Packages, Including:

yaml-js@0.1.5

Direct Dependencies

All Dependencies CSV

ⓘ This is a list of express-gateway 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
ajv-keywords	3.5.2	17.83 kB	MIT	prod
ajv	6.12.6	197.63 kB	MIT	prod peer
bcryptjs	2.4.3	76.21 kB	MIT	prod
chalk	2.4.2	9.63 kB	MIT	prod
chokidar	3.6.0	25.83 kB	MIT	prod
clone	2.1.2	5.68 kB	MIT	prod
color-convert	1.9.3	8.67 kB	MIT	prod
connect-ensure-login	0.1.1	2.94 kB	MIT	prod
cors	2.8.5	6.03 kB	MIT	prod
ejs	2.7.4	37.03 kB	Apache-2.0	prod	1 1
express-rate-limit	2.14.2	4.97 kB	MIT	prod
express-session	1.18.0	22.25 kB	MIT	prod
express	4.19.2	209.73 kB	MIT	prod
find-up	3.0.0	2.22 kB	MIT	prod
form-urlencoded	4.5.1	3.11 kB	MIT	prod
http-proxy	1.18.1	66.74 kB	MIT	prod
ioredis-mock	4.21.8	42.34 kB	MIT	prod	1
ioredis	4.28.5	79.48 kB	MIT	prod peer
js-yaml	3.14.1	75.07 kB	MIT	prod
json-schema-merge-allof	0.6.0	14.45 kB	MIT	prod
json-schema-ref-parser	7.1.4	30.74 kB	MIT	prod	1
jsonwebtoken	8.5.1	21.01 kB	MIT	prod	3
lodash.flatmap	4.5.0	15.73 kB	MIT	prod
minimatch	3.1.2	11.66 kB	ISC	prod
oauth2orize	1.12.0	20.29 kB	MIT	prod
parent-require	1.0.0	2.75 kB	MIT	prod
passport-http-bearer	1.0.1	4.19 kB	MIT	prod
passport-http	0.3.0	5.82 kB	MIT	prod
passport-jwt	4.0.1	11.66 kB	MIT	prod
passport-local	1.0.0	3.28 kB	MIT	prod
passport-oauth2-client-password	0.1.2	2.74 kB	MIT	prod
passport	0.4.1	12.67 kB	MIT	prod	1 2
proxy-agent	4.0.1	7.53 kB	MIT	prod	2
rate-limit-redis	1.7.0	4.21 kB	MIT	prod	1
semver	6.3.1	18.65 kB	ISC	prod
superagent-logger	1.1.0	263.86 kB	MIT	prod	2
superagent-prefix	0.0.2	806 B	MIT	prod
superagent	5.3.1	187.08 kB	MIT	prod peer	2
uuid62	1.0.1	4.95 kB	MIT	prod	1
uuid	3.4.0	11.87 kB	MIT	prod	1
vhost	3.0.2	3.86 kB	MIT	prod
winston	3.2.1	73.01 kB	MIT	prod
yargs	14.2.3	64.2 kB	MIT	prod
yawn-yaml	1.4.0	59.56 kB	MIT	prod	1
yeoman-environment	2.10.3	25.14 kB	BSD-2-Clause	prod optional	2 8 2 3
yeoman-generator	3.2.0	16.77 kB	BSD-2-Clause	prod	2 8 2 3