express-microservice-starter 0.5.21

Arbitrary Code Execution in underscore

Recommendation: Upgrade to version 4.17.12 or later

via: express-validator@2.21.0

underscore@1.4.4

Recommendation: Upgrade to version 1.12.1 or later

via: zoologist@0.4.14

debug@1.0.5

Package has no specified license

Recommendation: Check the package code and files for license information

via: express-cache-response-directive@0.2.0

requirefresh@1.1.2

Package has no specified license

Recommendation: Check the package code and files for license information

via: konfig@0.2.1

underscore@1.4.4

Package has no specified license

Recommendation: Check the package code and files for license information

via: zoologist@0.4.14

debug Inefficient Regular Expression Complexity vulnerability

12 high severity issues

high

debug@1.0.5

Recommendation: Upgrade to version 2.6.9 or later

via: express-cache-response-directive@0.2.0

lodash@4.16.6

Code Injection in js-yaml

Recommendation: Upgrade to version 4.17.11 or later

via: express-validator@2.21.0

js-yaml@3.2.7

Recommendation: Upgrade to version 3.13.1 or later

via: konfig@0.2.1

lodash@4.16.6

Command Injection in lodash

Recommendation: Upgrade to version 4.17.19 or later

via: express-validator@2.21.0

lodash@4.16.6

Recommendation: Upgrade to version 4.17.21 or later

via: express-validator@2.21.0

esprima@2.0.0

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: konfig@0.2.1

express-enrouten@1.3.0

Package uses an invalid SPDX license ("Apache 2.0")

Recommendation: Validate that the package complies with your license policy

via: express-enrouten@1.3.0

coffee-script@1.12.7

Deprecated package

via: konfig@0.2.1

coffee-script@1.9.3

Deprecated package

via: konfig@0.2.1

dtrace-provider@0.8.8

Package uses install script: "node-gyp rebuild || node suppress-error.js"

via: bunyan@1.8.15 & others

node-uuid@1.4.8

Deprecated package

via: node-uuid@1.4.8 & others

uuid@2.0.3

Deprecated package

via: zoologist@0.4.14

Regular Expression Denial of Service (ReDoS) in lodash

6 moderate severity issues

moderate

lodash@4.16.6

Recommendation: Upgrade to version 4.17.11 or later

via: express-validator@2.21.0

js-yaml@3.2.7

Denial of Service in js-yaml

Recommendation: Upgrade to version 3.13.0 or later

via: konfig@0.2.1

lodash@4.16.6

Regular Expression Denial of Service (ReDoS) in lodash

Recommendation: Upgrade to version 4.17.21 or later

via: express-validator@2.21.0

validator@5.7.0

Inefficient Regular Expression Complexity in validator.js

Recommendation: Upgrade to version 13.7.0 or later

via: express-validator@2.21.0

ip@0.3.3

NPM IP package incorrectly identifies some private IP addresses as public

Recommendation: Upgrade to version 1.1.9 or later

via: ip@0.3.3

konfig@0.2.1

Package uses a problematic Weakly Protective license ("LGPL-3.0")

Recommendation: Validate that the package complies with your license policy

via: konfig@0.2.1

5 low severity issues

low

lodash@4.16.6

Regular Expression Denial of Service in debug

Recommendation: Upgrade to version 4.17.5 or later

via: express-validator@2.21.0

debug@1.0.5

Recommendation: Upgrade to version 2.6.9 or later

via: express-cache-response-directive@0.2.0

esprima@2.0.0

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: konfig@0.2.1

express-enrouten@1.3.0

Package uses a license that is not OSI approved ("Apache 2.0")

Recommendation: Read and validate the license terms

via: express-enrouten@1.3.0

konfig@0.2.1

Package uses a deprecated license ("LGPL-3.0")

via: konfig@0.2.1