Hold on, we're currently generating a fresh version of this report

Generated on Feb 16, 2024 via pnpm

fuge 1.0.2

microservices manager

Package summary

29

issues

8

licenses

Package created

16 Oct 2015

Version published

24 Feb 2017

Maintainers

5

Total deps

208

Direct deps

9

License

MIT

Issues

29

7 critical severity issues

parse-url@1.3.11

Server-Side Request Forgery in parse-url

Recommendation: Upgrade to version 6.0.1 or later

via: fuge-runner@1.0.2

parse-url@1.3.11

Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url

Recommendation: Upgrade to version 8.1.0 or later

via: fuge-runner@1.0.2

lodash@3.10.1

Prototype Pollution in lodash

Recommendation: Upgrade to version 4.17.12 or later

via: fuge-runner@1.0.2

bunyan@0.7.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: fuge-dns@1.0.0

cli-table@0.3.11

Package has no specified license

Recommendation: Check the package code and files for license information

via: cli-table@0.3.11

ipaddr.js@0.1.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: fuge-dns@1.0.0

map-stream@0.1.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: fuge-runner@1.0.2

14 high severity issues

parse-url@1.3.11

Hostname confusion in parse-url

Recommendation: Upgrade to version 6.0.1 or later

via: fuge-runner@1.0.2

lodash@3.10.1

Prototype Pollution in lodash

Recommendation: Upgrade to version 4.17.11 or later

via: fuge-runner@1.0.2

glob-parent@2.0.0

glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex

Recommendation: Upgrade to version 5.1.2 or later

via: fuge-runner@1.0.2

lodash@3.10.1

Prototype Pollution in lodash

Recommendation: Upgrade to version 4.17.19 or later

via: fuge-runner@1.0.2

lodash@3.10.1

Command Injection in lodash

Recommendation: Upgrade to version 4.17.21 or later

via: fuge-runner@1.0.2

pause-stream@0.0.11

Package uses an invalid SPDX license ("(MIT OR Apache2)")

Recommendation: Validate that the package complies with your license policy

via: fuge-runner@1.0.2

chokidar@1.7.0

Deprecated package

via: fuge-runner@1.0.2

coffee-script@1.12.7

Deprecated package

via: fuge-dns@1.0.0

fsevents@1.2.13

Deprecated package

via: fuge-runner@1.0.2

fsevents@1.2.13

Package uses install script: "node install.js"

via: fuge-runner@1.0.2

resolve-url@0.2.1

Deprecated package

via: fuge-runner@1.0.2

source-map-resolve@0.5.3

Deprecated package

via: fuge-runner@1.0.2

source-map-url@0.4.1

Deprecated package

via: fuge-runner@1.0.2

urix@0.1.0

Deprecated package

via: fuge-runner@1.0.2

5 moderate severity issues

lodash@3.10.1

Regular Expression Denial of Service (ReDoS) in lodash

Recommendation: Upgrade to version 4.17.11 or later

via: fuge-runner@1.0.2

parse-url@1.3.11

Cross site scripting in parse-url

Recommendation: Upgrade to version 6.0.1 or later

via: fuge-runner@1.0.2

parse-url@1.3.11

Cross site scripting in parse-url

Recommendation: Upgrade to version 6.0.1 or later

via: fuge-runner@1.0.2

parse-url@1.3.11

parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing

Recommendation: Upgrade to version 8.1.0 or later

via: fuge-runner@1.0.2

lodash@3.10.1

Regular Expression Denial of Service (ReDoS) in lodash

Recommendation: Upgrade to version 4.17.21 or later

via: fuge-runner@1.0.2

3 low severity issues

braces@1.8.5

Regular Expression Denial of Service in braces

Recommendation: Upgrade to version 2.3.1 or later

via: fuge-runner@1.0.2

lodash@3.10.1

Prototype Pollution in lodash

Recommendation: Upgrade to version 4.17.5 or later

via: fuge-runner@1.0.2

braces@1.8.5

Regular Expression Denial of Service (ReDoS) in braces

Recommendation: Upgrade to version 2.3.1 or later

via: fuge-runner@1.0.2

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

184 Packages, Including:

ansi-regex@2.1.1

ansi-styles@2.2.1

argparse@1.0.10

arr-diff@2.0.0

arr-diff@4.0.0

arr-flatten@1.1.0

arr-union@3.1.0

array-unique@0.2.1

array-unique@0.3.2

assign-symbols@1.0.0

async-each@1.0.6

async@0.9.2

base@0.11.2

binary-extensions@1.13.1

bindings@1.5.0

bl@1.2.3

braces@1.8.5

braces@2.3.2

buffer-alloc-unsafe@1.1.0

buffer-alloc@1.2.0

buffer-fill@1.0.0

buffer-from@1.1.2

cache-base@1.0.1

chalk@1.1.3

chokidar-child@0.1.3

chokidar@1.7.0

class-utils@0.3.6

coffee-script@1.12.7

collection-visit@1.0.0

colors@1.0.3

colors@1.4.0

commist@1.1.0

component-emitter@1.3.1

concat-stream@1.6.2

copy-descriptor@0.1.1

core-util-is@1.0.3

death@1.1.0

debug@2.6.9

debug@3.2.7

decode-uri-component@0.2.2

define-property@0.2.5

define-property@1.0.0

define-property@2.0.2

duplexer@0.1.2

end-of-stream@1.4.4

escape-string-regexp@1.0.5

event-stream@3.3.4

expand-brackets@0.1.5

expand-brackets@2.1.4

expand-range@1.8.2

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

11 Packages, Including:

anymatch@1.3.2

chownr@1.1.4

glob-parent@2.0.0

graceful-fs@4.2.11

inherits@2.0.4

once@1.4.0

remove-trailing-separator@1.1.0

simple-grep@0.0.1

split-ca@1.0.1

split2@2.2.0

wrappy@1.0.2

N/A

N/A

4 Packages, Including:

bunyan@0.7.0

cli-table@0.3.11

ipaddr.js@0.1.1

map-stream@0.1.0

(MIT OR Apache-2.0)

Permissive

2 Packages, Including:

JSONStream@1.3.2

atob@2.1.2

Apache License 2.0

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

use-patent-claims

place-warranty

Cannot

hold-liable

use-trademark

Must

include-copyright

include-license

state-changes

include-notice

2 Packages, Including:

docker-modem@1.0.9

dockerode@2.5.8

BSD 2-Clause "Simplified" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

hold-liable

Must

include-copyright

include-license

2 Packages, Including:

dotenv@2.0.0

esprima@4.0.1

BSD 3-Clause "New" or "Revised" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

use-trademark

hold-liable

Must

include-copyright

include-license

2 Packages, Including:

source-map@0.5.7

sprintf-js@1.0.3

(MIT OR Apache2)

Invalid

1 Packages, Including:

pause-stream@0.0.11

Direct Dependencies

9

All Dependencies CSV

ⓘ This is a list of fuge 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
cli-table	0.3.11	5.94 kB	UNKNOWN	prod	1
colors	1.4.0	11 kB	MIT	prod
commist	1.1.0	3.24 kB	MIT	prod
death	1.1.0	-	MIT	prod
fuge-config	1.0.3	12.73 kB	MIT	prod
fuge-dns	1.0.0	2.99 kB	MIT	prod	2 1
fuge-runner	1.0.2	16.63 kB	MIT	prod	4 13 5 3
lodash	4.17.21	311.49 kB	MIT	prod
tpmorp	1.0.5	2.51 kB	MIT	prod

Recent Versions