Generated on Feb 22, 2024 via pnpm

Npm

Home

express-gateway 1.9.0

A microservices API gateway built on top of ExpressJS

microservices

apis

api gateway

Package summary

issues

licenses

Package created

29 Jun 2017

Version published

30 Apr 2018

Maintainers

Total deps

770

Direct deps

License

Apache-2.0

Issues

6 critical severity issues

critical

ejs@2.7.4

ejs template injection vulnerability

Recommendation: Upgrade to version 3.1.7 or later

via: ejs@2.7.4 & others

netmask@1.0.6

Improper parsing of octal bytes in netmask

Recommendation: Upgrade to version 1.1.0 or later

via: proxy-agent@3.1.1

cli-table@0.3.11

Package has no specified license

Recommendation: Check the package code and files for license information

via: yeoman-environment@2.10.3 & others

cycle@1.0.3

Package has no specified license

Recommendation: Check the package code and files for license information

via: winston@2.4.7

flexbuffer@0.0.6

Package has no specified license

Recommendation: Check the package code and files for license information

via: ioredis-mock@3.14.3 & others

pause@0.0.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: passport@0.4.1

Collapse

Expand

31 high severity issues

high

tar@2.2.2

Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization

Recommendation: Upgrade to version 3.2.2 or later

via: bcrypt@1.0.3

pac-resolver@3.0.0

Code Injection in pac-resolver

Recommendation: Upgrade to version 5.0.0 or later

via: proxy-agent@3.1.1

degenerator@1.0.4

Code Injection in pac-resolver

Recommendation: Upgrade to version 3.0.1 or later

via: proxy-agent@3.1.1

glob-parent@3.1.0

glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex

Recommendation: Upgrade to version 5.1.2 or later

via: chokidar@2.1.8 & others

tar@2.2.2

Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization

Recommendation: Upgrade to version 4.4.18 or later

via: bcrypt@1.0.3

lodash.pick@4.4.0

Prototype Pollution in lodash

Recommendation: None

via: ioredis-mock@3.14.3 & others

glob-to-regexp@0.3.0

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: yeoman-environment@2.10.3 & others

rc@1.2.8

Package uses a custom license expression: `(BSD-2-Clause OR MIT OR Apache-2.0)`

Recommendation: Validate that the license expression complies with your license policy

via: bcrypt@1.0.3

spdx-exceptions@2.5.0

Package uses an atypical license ("CC-BY-3.0")

Recommendation: Read and validate the license terms

via: yeoman-environment@2.10.3 & others

bcrypt@1.0.3

Deprecated package

via: bcrypt@1.0.3

bcrypt@1.0.3

Package uses install script: "node-pre-gyp install --fallback-to-build"

via: bcrypt@1.0.3

chokidar@2.1.8

Deprecated package

via: chokidar@2.1.8

ejs@2.7.4

Package uses postinstall script: "node ./postinstall.js"

via: ejs@2.7.4 & others

es5-ext@0.10.62

Package uses postinstall script: " node -e "try{require('./_postinstall')}catch(e){}" || exit 0"

via: ioredis-mock@3.14.3

express-gateway@1.9.0

Package uses postinstall script: "node scripts/json-schema-migration.js"

via: express-gateway@1.9.0

formidable@1.2.6

Deprecated package

via: superagent-logger@1.1.0 & others

fsevents@1.2.13

Deprecated package

via: chokidar@2.1.8

fsevents@1.2.13

Package uses install script: "node install.js"

via: chokidar@2.1.8

har-validator@5.1.5

Deprecated package

via: bcrypt@1.0.3

json-schema-ref-parser@5.1.3

Deprecated package

via: json-schema-ref-parser@5.1.3

node-pre-gyp@0.6.36

Deprecated package

via: bcrypt@1.0.3

puppeteer@1.20.0

Deprecated package

via: puppeteer@1.20.0

puppeteer@1.20.0

Package uses install script: "node install.js"

via: puppeteer@1.20.0

request@2.88.2

Deprecated package

via: bcrypt@1.0.3

resolve-url@0.2.1

Deprecated package

via: chokidar@2.1.8 & others

source-map-resolve@0.5.3

Deprecated package

via: chokidar@2.1.8 & others

source-map-url@0.4.1

Deprecated package

via: chokidar@2.1.8 & others

superagent@3.8.3

Deprecated package

via: superagent-logger@1.1.0 & others

tar@2.2.2

Deprecated package

via: bcrypt@1.0.3

urix@0.1.0

Deprecated package

via: chokidar@2.1.8 & others

uuid@3.4.0

Deprecated package

via: uuid@3.4.0 & others

Collapse

Expand

14 moderate severity issues

moderate

yargs-parser@9.0.2

yargs-parser Vulnerable to Prototype Pollution

Recommendation: Upgrade to version 13.1.2 or later

via: yargs@11.1.1

got@6.7.1

Got allows a redirect to a UNIX socket

Recommendation: Upgrade to version 11.8.5 or later

via: yeoman-environment@2.10.3 & others

jsonwebtoken@8.5.1

jsonwebtoken unrestricted key type could lead to legacy keys usage

Recommendation: Upgrade to version 9.0.0 or later

via: jsonwebtoken@8.5.1

bcrypt@1.0.3

Integer Overflow or Wraparound and Use of a Broken or Risky Cryptographic Algorithm in bcrypt

Recommendation: Upgrade to version 5.0.0 or later

via: bcrypt@1.0.3

jsonwebtoken@8.5.1

jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC

Recommendation: Upgrade to version 9.0.0 or later

via: jsonwebtoken@8.5.1

jsonwebtoken@8.5.1

jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()

Recommendation: Upgrade to version 9.0.0 or later

via: jsonwebtoken@8.5.1

request@2.88.2

Server-Side Request Forgery in Request

Recommendation: None

via: bcrypt@1.0.3

netmask@1.0.6

netmask npm package mishandles octal input data

Recommendation: Upgrade to version 2.0.1 or later

via: proxy-agent@3.1.1

passport@0.4.1

Passport vulnerable to session regeneration when a users logs in or out

Recommendation: Upgrade to version 0.6.0 or later

via: passport@0.4.1

tough-cookie@2.5.0

tough-cookie Prototype Pollution vulnerability

Recommendation: Upgrade to version 4.1.3 or later

via: bcrypt@1.0.3

ip@1.1.5

NPM IP package incorrectly identifies some private IP addresses as public

Recommendation: Upgrade to version 1.1.9 or later

via: proxy-agent@3.1.1

axios@0.21.4

Axios Cross-Site Request Forgery Vulnerability

Recommendation: Upgrade to version 0.28.0 or later

via: yeoman-environment@2.10.3 & others

eyes@0.1.8

Package has no specified source code repository

via: winston@2.4.7

pause@0.0.1

Package has no specified source code repository

via: passport@0.4.1

Collapse

Expand

4 low severity issues

low

glob-to-regexp@0.3.0

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: yeoman-environment@2.10.3 & others

spdx-exceptions@2.5.0

Package uses a license that is not OSI approved ("CC-BY-3.0")

Recommendation: Read and validate the license terms

via: yeoman-environment@2.10.3 & others

spdx-license-ids@3.0.17

Package uses a license that is not OSI approved ("CC0-1.0")

Recommendation: Read and validate the license terms

via: yeoman-environment@2.10.3 & others

yaml-js@0.1.5

Package uses a license that is not OSI approved ("WTFPL")

Recommendation: Read and validate the license terms

via: yawn-yaml@1.5.0

Collapse

Expand

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

643 Packages, Including:

@babel/code-frame@7.23.5

@babel/helper-validator-identifier@7.22.20

@babel/highlight@7.23.4

@mrmlnc/readdir-enhanced@2.2.1

@nodelib/fs.stat@1.1.3

@types/glob@7.2.0

@types/keyv@3.1.4

@types/minimatch@3.0.5

@types/minimatch@5.1.2

@types/node@20.11.19

@types/normalize-package-data@2.4.4

@types/responselike@1.0.3

accepts@1.3.8

agent-base@4.2.1

agent-base@4.3.0

ajv@6.12.6

ansi-escapes@4.3.2

ansi-regex@2.1.1

ansi-regex@3.0.1

ansi-regex@5.0.1

ansi-styles@2.2.1

ansi-styles@3.2.1

ansi-styles@4.3.0

argparse@1.0.10

arr-diff@4.0.0

arr-flatten@1.1.0

arr-union@3.1.0

array-buffer-byte-length@1.0.1

array-differ@1.0.0

array-differ@3.0.0

array-flatten@1.1.1

array-from@2.1.1

array-union@1.0.2

array-union@2.1.0

array-uniq@1.0.3

array-unique@0.3.2

array.prototype.reduce@1.0.6

arraybuffer.prototype.slice@1.0.3

arrify@1.0.1

arrify@2.0.1

asn1@0.2.6

assert-plus@1.0.0

assign-symbols@1.0.0

ast-types@0.14.2

async-each@1.0.6

async-limiter@1.0.1

async@2.6.4

async@3.2.5

asynckit@0.4.0

available-typed-arrays@1.0.7

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

62 Packages, Including:

abbrev@1.1.1

anymatch@2.0.0

aproba@1.2.0

are-we-there-yet@1.1.7

block-stream@0.0.9

cli-width@3.0.0

cliui@4.1.0

console-control-strings@1.1.0

d@1.0.1

es5-ext@0.10.62

es6-set@0.1.6

es6-symbol@3.1.3

ext@1.7.0

fs.realpath@1.0.0

fstream-ignore@1.0.5

fstream@1.0.12

gauge@2.7.4

get-caller-file@1.0.3

glob-parent@3.1.0

glob@7.2.3

graceful-fs@4.2.11

har-schema@2.0.0

has-unicode@2.0.1

hosted-git-info@2.8.9

inflight@1.0.6

inherits@2.0.4

ini@1.3.8

isexe@2.0.0

json-stringify-safe@5.0.1

lru-cache@5.1.1

lru-cache@6.0.0

minimatch@3.1.2

minimatch@5.1.6

mute-stream@0.0.8

next-tick@1.1.0

nopt@4.0.3

npmlog@4.1.2

once@1.4.0

osenv@0.1.5

remove-trailing-separator@1.1.0

require-main-filename@1.0.1

rimraf@2.7.1

rimraf@3.0.2

semver@5.7.2

semver@6.3.1

semver@7.6.0

set-blocking@2.0.0

setprototypeof@1.2.0

signal-exit@3.0.7

tar@2.2.2

Apache License 2.0

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

use-patent-claims

place-warranty

Cannot

hold-liable

use-trademark

Must

include-copyright

include-license

state-changes

include-notice

19 Packages, Including:

aws-sign2@0.7.0

caseless@0.12.0

cluster-key-slot@1.1.2

denque@1.5.1

ecdsa-sig-formatter@1.0.11

ejs@2.7.4

ejs@3.1.9

express-gateway@1.9.0

filelist@1.0.4

forever-agent@0.6.1

human-signals@1.1.1

jake@10.8.7

oauth-sign@0.9.0

puppeteer@1.20.0

request@2.88.2

rxjs@6.6.7

spdx-correct@3.2.0

tunnel-agent@0.6.0

validate-npm-package-license@3.0.4

BSD 3-Clause "New" or "Revised" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

use-trademark

hold-liable

Must

include-copyright

include-license

15 Packages, Including:

bcrypt-pbkdf@1.0.2

buffer-equal-constant-time@1.0.1

diff@3.5.0

diff@4.0.2

duplexer3@0.1.5

ieee754@1.2.1

node-pre-gyp@0.6.36

qs@6.11.0

qs@6.11.2

qs@6.5.3

shelljs@0.8.5

source-map@0.5.7

source-map@0.6.1

sprintf-js@1.0.3

tough-cookie@2.5.0

BSD 2-Clause "Simplified" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

hold-liable

Must

include-copyright

include-license

14 Packages, Including:

dotenv@16.4.5

escodegen@1.14.3

esprima@3.1.3

esprima@4.0.1

estraverse@4.3.0

esutils@2.0.3

extract-zip@1.7.0

normalize-package-data@2.5.0

tar-pack@3.4.1

uri-js@4.4.1

webidl-conversions@3.0.1

yeoman-environment@2.10.3

yeoman-generator@2.0.5

yeoman-generator@4.13.0

N/A

4 Packages, Including:

cli-table@0.3.11

cycle@1.0.3

flexbuffer@0.0.6

pause@0.0.1

(MIT OR Apache-2.0)

Permissive

2 Packages, Including:

JSONStream@1.3.5

atob@2.1.2

BSD Zero Clause License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

include-copyright

include-license

include-original

Cannot

hold-liable

Must

2 Packages, Including:

tslib@1.14.1

tslib@2.6.2

(MIT OR CC0-1.0)

Public Domain

2 Packages, Including:

type-fest@0.21.3

type-fest@0.6.0

BSD

Invalid

Not OSI Approved

1 Packages, Including:

glob-to-regexp@0.3.0

(AFL-2.1 OR BSD-3-Clause)

Permissive

1 Packages, Including:

json-schema@0.4.0

(BSD-2-Clause OR MIT OR Apache-2.0)

Expression

1 Packages, Including:

rc@1.2.8

Creative Commons Attribution 3.0 Unported

Uncategorized

Not OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

Cannot

Must

1 Packages, Including:

spdx-exceptions@2.5.0

Creative Commons Zero v1.0 Universal

Public Domain

Not OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

Cannot

Must

1 Packages, Including:

spdx-license-ids@3.0.17

The Unlicense

Public Domain

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

private-use

modify

Cannot

include-copyright

hold-liable

Must

1 Packages, Including:

tweetnacl@0.14.5

Do What The F*ck You Want To Public License

Permissive

Not OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

sublicense

distribute

modify

Cannot

Must

rename

1 Packages, Including:

yaml-js@0.1.5

Direct Dependencies

All Dependencies CSV

ⓘ This is a list of express-gateway 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
ajv	6.12.6	197.63 kB	MIT	prod optional
bcrypt	1.0.3	27.94 kB	MIT	prod optional	10 3
bcryptjs	2.4.3	76.21 kB	MIT	prod
chalk	2.4.2	9.63 kB	MIT	prod
chokidar	2.1.8	24.74 kB	MIT	prod	8
clone	2.1.2	5.68 kB	MIT	prod
color-convert	1.9.3	8.67 kB	MIT	prod
connect-ensure-login	0.1.1	2.94 kB	MIT	prod
cors	2.8.5	6.03 kB	MIT	prod
ejs	2.7.4	37.03 kB	Apache-2.0	prod	1 1
express-rate-limit	2.14.2	4.97 kB	MIT	prod
express-session	1.18.0	22.25 kB	MIT	prod
express	4.18.2	54.5 kB	MIT	prod
find-up	2.1.0	2.18 kB	MIT	prod
http-proxy	1.18.1	66.74 kB	MIT	prod
ioredis-mock	3.14.3	27.1 kB	MIT	prod	1 2
ioredis	3.2.2	46.49 kB	MIT	prod peer	1 1
js-yaml	3.14.1	75.07 kB	MIT	prod
json-schema-merge-allof	0.6.0	14.45 kB	MIT	prod
json-schema-ref-parser	5.1.3	527.79 kB	MIT	prod	1
jsonwebtoken	8.5.1	21.01 kB	MIT	prod	3
migrate	1.8.0	11.32 kB	MIT	prod
minimatch	3.1.2	11.66 kB	ISC	prod optional
oauth2orize	1.12.0	20.29 kB	MIT	prod
parent-require	1.0.0	2.75 kB	MIT	prod
passport-http-bearer	1.0.1	4.19 kB	MIT	prod
passport-http	0.3.0	5.82 kB	MIT	prod
passport-jwt	4.0.1	11.66 kB	MIT	prod
passport-local	1.0.0	3.28 kB	MIT	prod
passport-oauth2-client-password	0.1.2	2.74 kB	MIT	prod
passport	0.4.1	12.67 kB	MIT	prod	1 2
proxy-agent	3.1.1	7.35 kB	MIT	prod	1 2 2
puppeteer	1.20.0	135.1 kB	Apache-2.0	prod	2
semver	5.7.2	17.45 kB	ISC	prod optional
superagent-logger	1.1.0	263.86 kB	MIT	prod	2
superagent-prefix	0.0.2	806 B	MIT	prod
superagent	3.8.3	107.83 kB	MIT	prod peer	2
swagger-ui-express	3.0.10	2.65 MB	MIT	prod
util.promisify	1.1.2	8.27 kB	MIT	prod
uuid62	1.0.2	4.98 kB	MIT	prod
uuid	3.4.0	11.87 kB	MIT	prod optional	1
vhost	3.0.2	3.86 kB	MIT	prod
winston	2.4.7	40.46 kB	MIT	prod	1 1
yargs	11.1.1	58.23 kB	MIT	prod	1
yawn-yaml	1.5.0	30.65 kB	MIT	prod	1
yeoman-environment	2.10.3	25.14 kB	BSD-2-Clause	prod optional	2 8 2 3
yeoman-generator	2.0.5	16.4 kB	BSD-2-Clause	prod	2 8 2 3