Generated on May 17, 2024 via pnpm

Npm

Home

gatsby-plugin-netlify 3.9.0

A Gatsby plugin which generates a _headers file for netlify

gatsby

gatsby-plugin

http/2-server-push

netlify

Package summary

issues

licenses

Package created

20 Sep 2017

Version published

6 Jul 2021

Maintainers

Total deps

1435

Direct deps

License

MIT

Issues

6 critical severity issues

critical

parse-url@6.0.5

Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url

Recommendation: Upgrade to version 8.1.0 or later

via: gatsby@3.15.0

loader-utils@2.0.0

Prototype pollution in webpack loader-utils

Recommendation: Upgrade to version 2.0.3 or later

via: gatsby@3.15.0

shell-quote@1.7.2

Improper Neutralization of Special Elements used in a Command in Shell-quote

Recommendation: Upgrade to version 1.7.3 or later

via: gatsby@3.15.0

immer@8.0.1

Prototype Pollution in immer

Recommendation: Upgrade to version 9.0.6 or later

via: gatsby@3.15.0

trim@0.0.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: gatsby@3.15.0

valid-url@1.0.9

Package has no specified license

Recommendation: Check the package code and files for license information

via: gatsby@3.15.0

Collapse

Expand

38 high severity issues

high

parse-path@4.0.4

Authorization Bypass in parse-path

Recommendation: Upgrade to version 5.0.0 or later

via: gatsby@3.15.0

trim@0.0.1

Regular Expression Denial of Service in trim

Recommendation: Upgrade to version 0.0.3 or later

via: gatsby@3.15.0

dicer@0.2.5

Crash in HeaderParser in dicer

Recommendation: None

via: gatsby@3.15.0

socket.io-parser@4.0.5

Insufficient validation when decoding a Socket.IO packet

Recommendation: Upgrade to version 4.2.3 or later

via: gatsby@3.15.0

ansi-html@0.0.7

Uncontrolled Resource Consumption in ansi-html

Recommendation: Upgrade to version 0.0.8 or later

via: gatsby@3.15.0

loader-utils@2.0.0

loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable

Recommendation: Upgrade to version 2.0.4 or later

via: gatsby@3.15.0

node-fetch@2.6.1

node-fetch forwards secure headers to untrusted sites

Recommendation: Upgrade to version 2.6.7 or later

via: gatsby@3.15.0

object-path@0.11.5

Prototype Pollution in object-path

Recommendation: Upgrade to version 0.11.8 or later

via: gatsby@3.15.0

minimatch@3.0.4

minimatch ReDoS vulnerability

Recommendation: Upgrade to version 3.0.5 or later

via: gatsby@3.15.0

webpack-dev-middleware@4.3.0

Path traversal in webpack-dev-middleware

Recommendation: Upgrade to version 5.3.4 or later

via: gatsby@3.15.0

loader-utils@2.0.0

loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)

Recommendation: Upgrade to version 2.0.4 or later

via: gatsby@3.15.0

immer@8.0.1

Prototype Pollution in immer

Recommendation: Upgrade to version 9.0.6 or later

via: gatsby@3.15.0

caniuse-lite@1.0.30001620

Package uses an atypical license ("CC-BY-4.0")

Recommendation: Read and validate the license terms

via: gatsby@3.15.0 & others

rc@1.2.8

Package uses a custom license expression: `(BSD-2-Clause OR MIT OR Apache-2.0)`

Recommendation: Validate that the license expression complies with your license policy

via: gatsby@3.15.0

@hapi/address@2.1.4

Deprecated package

via: gatsby@3.15.0

@hapi/bourne@1.3.2

Deprecated package

via: gatsby@3.15.0

@hapi/hoek@8.5.1

Deprecated package

via: gatsby@3.15.0

@hapi/joi@15.1.1

Deprecated package

via: gatsby@3.15.0

@hapi/topo@3.1.6

Deprecated package

via: gatsby@3.15.0

async-cache@1.1.0

Deprecated package

via: gatsby@3.15.0

babel-eslint@10.1.0

Deprecated package

via: gatsby@3.15.0

core-js@3.37.1

Package uses postinstall script: "node -e "try{require('./postinstall')}catch(e){}""

via: gatsby@3.15.0

es5-ext@0.10.64

Package uses postinstall script: " node -e "try{require('./_postinstall')}catch(e){}" || exit 0"

via: gatsby@3.15.0

express-graphql@0.12.0

Deprecated package

via: gatsby@3.15.0

gatsby-cli@3.15.0

Package uses postinstall script: "node scripts/postinstall.js"

via: gatsby@3.15.0

gatsby-telemetry@2.15.0

Package uses postinstall script: "node src/postinstall.js || true"

via: gatsby@3.15.0

gatsby@3.15.0

Package uses postinstall script: "node scripts/postinstall.js"

via: gatsby@3.15.0

multer@1.4.4

Deprecated package

via: gatsby@3.15.0

querystring@0.2.1

Deprecated package

via: gatsby@3.15.0

resolve-url@0.2.1

Deprecated package

via: gatsby@3.15.0

source-map-resolve@0.5.3

Deprecated package

via: gatsby@3.15.0

source-map-url@0.4.1

Deprecated package

via: gatsby@3.15.0

stable@0.1.8

Deprecated package

via: gatsby@3.15.0

string-similarity@1.2.2

Deprecated package

via: gatsby@3.15.0

subscriptions-transport-ws@0.9.19

Deprecated package

via: gatsby@3.15.0

trim@0.0.1

Deprecated package

via: gatsby@3.15.0

urix@0.1.0

Deprecated package

via: gatsby@3.15.0

uuid@3.4.0

Deprecated package

via: gatsby@3.15.0

Collapse

Expand

14 moderate severity issues

moderate

cross-fetch@3.1.4

Incorrect Authorization in cross-fetch

Recommendation: Upgrade to version 3.1.5 or later

via: gatsby@3.15.0

got@9.6.0

Got allows a redirect to a UNIX socket

Recommendation: Upgrade to version 11.8.5 or later

via: gatsby@3.15.0

parse-url@6.0.5

parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing

Recommendation: Upgrade to version 8.1.0 or later

via: gatsby@3.15.0

engine.io@4.1.2

Uncaught exception in engine.io

Recommendation: Upgrade to version 6.2.1 or later

via: gatsby@3.15.0

ws@7.4.5

ReDoS in Sec-Websocket-Protocol header

Recommendation: Upgrade to version 7.4.6 or later

via: gatsby@3.15.0

browserslist@4.14.2

Regular Expression Denial of Service in browserslist

Recommendation: Upgrade to version 4.16.5 or later

via: gatsby@3.15.0

object-path@0.11.5

Prototype Pollution in object-path

Recommendation: Upgrade to version 0.11.6 or later

via: gatsby@3.15.0

gatsby@3.15.0

Gatsby develop server has Local File Inclusion vulnerability

Recommendation: Upgrade to version 4.25.7 or later

via: gatsby@3.15.0

semver@7.0.0

semver vulnerable to Regular Expression Denial of Service

Recommendation: Upgrade to version 7.5.2 or later

via: gatsby@3.15.0

axios@0.21.4

Axios Cross-Site Request Forgery Vulnerability

Recommendation: Upgrade to version 0.28.0 or later

via: gatsby@3.15.0

axe-core@4.7.0

Package uses a problematic Weakly Protective license ("MPL-2.0")

Recommendation: Validate that the package complies with your license policy

via: gatsby@3.15.0

@nicolo-ribaudo/eslint-scope-5-internals@5.1.1-v1

Package has no specified source code repository

via: gatsby@3.15.0

physical-cpu-count@2.0.0

Package has no specified source code repository

via: gatsby@3.15.0

trim@0.0.1

Package has no specified source code repository

via: gatsby@3.15.0

Collapse

Expand

3 low severity issues

low

language-subtag-registry@0.3.22

Package uses a license that is not OSI approved ("CC0-1.0")

Recommendation: Read and validate the license terms

via: gatsby@3.15.0

mdn-data@2.0.14

Package uses a license that is not OSI approved ("CC0-1.0")

Recommendation: Read and validate the license terms

via: gatsby@3.15.0

caniuse-lite@1.0.30001620

Package uses a license that is not OSI approved ("CC-BY-4.0")

Recommendation: Read and validate the license terms

via: gatsby@3.15.0 & others

Collapse

Expand

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

1261 Packages, Including:

@ardatan/aggregate-error@0.0.6

@babel/code-frame@7.10.4

@babel/code-frame@7.12.11

@babel/code-frame@7.24.2

@babel/compat-data@7.24.4

@babel/core@7.10.5

@babel/core@7.24.5

@babel/eslint-parser@7.24.5

@babel/generator@7.24.5

@babel/helper-annotate-as-pure@7.22.5

@babel/helper-builder-binary-assignment-operator-visitor@7.22.15

@babel/helper-compilation-targets@7.23.6

@babel/helper-create-class-features-plugin@7.24.5

@babel/helper-create-regexp-features-plugin@7.22.15

@babel/helper-define-polyfill-provider@0.6.2

@babel/helper-environment-visitor@7.22.20

@babel/helper-function-name@7.23.0

@babel/helper-hoist-variables@7.22.5

@babel/helper-member-expression-to-functions@7.24.5

@babel/helper-module-imports@7.24.3

@babel/helper-module-transforms@7.24.5

@babel/helper-optimise-call-expression@7.22.5

@babel/helper-plugin-utils@7.10.4

@babel/helper-plugin-utils@7.24.5

@babel/helper-remap-async-to-generator@7.22.20

@babel/helper-replace-supers@7.24.1

@babel/helper-simple-access@7.24.5

@babel/helper-skip-transparent-expression-wrappers@7.22.5

@babel/helper-split-export-declaration@7.24.5

@babel/helper-string-parser@7.24.1

@babel/helper-validator-identifier@7.24.5

@babel/helper-validator-option@7.23.5

@babel/helper-wrap-function@7.24.5

@babel/helpers@7.24.5

@babel/highlight@7.24.5

@babel/parser@7.24.5

@babel/plugin-bugfix-firefox-class-in-computed-class-key@7.24.5

@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@7.24.1

@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.24.1

@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly@7.24.1

@babel/plugin-proposal-class-properties@7.18.6

@babel/plugin-proposal-nullish-coalescing-operator@7.18.6

@babel/plugin-proposal-numeric-separator@7.18.6

@babel/plugin-proposal-object-rest-spread@7.10.4

@babel/plugin-proposal-optional-chaining@7.21.0

@babel/plugin-proposal-private-property-in-object@7.21.0-placeholder-for-preset-env.2

@babel/plugin-syntax-async-generators@7.8.4

@babel/plugin-syntax-class-properties@7.12.13

@babel/plugin-syntax-class-static-block@7.14.5

@babel/plugin-syntax-dynamic-import@7.8.3

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

76 Packages, Including:

@iarna/toml@2.2.5

@trysound/sax@0.2.0

ansi-align@3.0.1

anymatch@3.1.3

async-cache@1.1.0

boolbase@1.0.0

cli-width@3.0.0

cliui@6.0.0

css-declaration-sorter@6.4.1

d@1.0.2

electron-to-chromium@1.4.773

es5-ext@0.10.64

es6-symbol@3.1.4

es6-weak-map@2.0.3

esniff@2.0.1

ext@1.7.0

fastq@1.17.1

flatted@3.3.1

fs-exists-cached@1.0.0

fs.realpath@1.0.0

get-caller-file@2.0.5

glob-parent@5.1.2

glob@7.2.3

graceful-fs@4.2.11

hosted-git-info@3.0.8

icss-utils@5.1.0

inflight@1.0.6

inherits@2.0.4

ini@1.3.8

ini@2.0.0

isexe@2.0.0

lockfile@1.0.4

lru-cache@4.0.0

lru-cache@4.1.5

lru-cache@5.1.1

lru-cache@6.0.0

make-error@1.3.6

memoizee@0.4.15

minimatch@3.0.4

minimatch@3.1.2

mute-stream@0.0.8

next-tick@1.1.0

once@1.4.0

physical-cpu-count@2.0.0

picocolors@1.0.1

postcss-modules-extract-imports@3.1.0

postcss-modules-scope@3.2.0

postcss-modules-values@4.0.0

pseudomap@1.0.2

read@1.0.7

BSD 3-Clause "New" or "Revised" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

use-trademark

hold-liable

Must

include-copyright

include-license

33 Packages, Including:

@hapi/address@2.1.4

@hapi/bourne@1.3.2

@hapi/hoek@8.5.1

@hapi/hoek@9.3.0

@hapi/joi@15.1.1

@hapi/topo@3.1.6

@hapi/topo@5.1.0

@humanwhocodes/object-schema@1.2.1

@sideway/address@4.1.5

@sideway/formula@3.0.1

@sideway/pinpoint@2.0.0

@xtuc/ieee754@1.2.0

diff@4.0.2

diff@5.2.0

duplexer3@0.1.5

eslint-plugin-flowtype@5.10.0

esquery@1.5.0

filesize@6.1.0

flat@5.0.2

highlight.js@10.7.3

ieee754@1.2.1

joi@17.13.1

qs@6.11.0

qs@6.12.1

serialize-javascript@5.0.1

serialize-javascript@6.0.2

source-map-js@1.2.0

source-map@0.5.7

source-map@0.6.1

source-map@0.7.3

source-map@0.7.4

sprintf-js@1.0.3

table@6.8.2

BSD 2-Clause "Simplified" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

hold-liable

Must

include-copyright

include-license

27 Packages, Including:

@typescript-eslint/parser@4.33.0

@typescript-eslint/typescript-estree@4.33.0

configstore@5.0.1

css-select@4.3.0

css-what@6.1.0

damerau-levenshtein@1.0.8

domelementtype@2.3.0

domhandler@4.3.1

domutils@2.8.0

dotenv@8.6.0

entities@2.2.0

eslint-scope@5.1.1

espree@7.3.1

esprima@4.0.1

esrecurse@4.3.0

estraverse@4.3.0

estraverse@5.3.0

esutils@2.0.3

glob-to-regexp@0.4.1

http-cache-semantics@4.1.1

nth-check@2.1.1

regjsparser@0.9.1

terser@5.31.0

update-notifier@5.1.0

uri-js@4.4.1

webidl-conversions@3.0.1

yurnalist@2.1.0

Apache License 2.0

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

use-patent-claims

place-warranty

Cannot

hold-liable

use-trademark

Must

include-copyright

include-license

state-changes

include-notice

18 Packages, Including:

@ampproject/remapping@2.3.0

@humanwhocodes/config-array@0.5.0

@webassemblyjs/leb128@1.11.6

@xtuc/long@4.2.2

ansi-html-community@0.0.8

ansi-html@0.0.7

aria-query@5.3.0

axobject-query@3.2.1

doctrine@2.1.0

doctrine@3.0.0

eslint-visitor-keys@1.3.0

eslint-visitor-keys@2.1.0

human-signals@2.1.0

native-url@0.2.6

opentracing@0.14.7

rxjs@6.6.7

true-case-path@2.2.1

typescript@5.4.5

BSD Zero Clause License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

include-copyright

include-license

include-original

Cannot

hold-liable

Must

6 Packages, Including:

password-prompt@1.1.3

tslib@1.14.1

tslib@2.0.3

tslib@2.1.0

tslib@2.2.0

tslib@2.6.2

(MIT OR CC0-1.0)

Public Domain

4 Packages, Including:

type-fest@0.20.2

type-fest@0.21.3

type-fest@0.8.1

type-fest@2.19.0

The Unlicense

Public Domain

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

private-use

modify

Cannot

include-copyright

hold-liable

Must

2 Packages, Including:

fs-monkey@1.0.6

memfs@3.5.3

Creative Commons Zero v1.0 Universal

Public Domain

Not OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

Cannot

Must

2 Packages, Including:

language-subtag-registry@0.3.22

mdn-data@2.0.14

N/A

2 Packages, Including:

trim@0.0.1

valid-url@1.0.9

(MIT OR Apache-2.0)

Permissive

1 Packages, Including:

atob@2.1.2

Mozilla Public License 2.0

Weakly Protective

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

place-warranty

use-patent-claims

Cannot

use-trademark

hold-liable

Must

include-copyright

include-license

disclose-source

include-original

1 Packages, Including:

axe-core@4.7.0

Creative Commons Attribution 4.0 International

Uncategorized

Not OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

Cannot

Must

1 Packages, Including:

caniuse-lite@1.0.30001620

(BSD-2-Clause OR MIT OR Apache-2.0)

Expression

1 Packages, Including:

rc@1.2.8

Direct Dependencies

All Dependencies CSV

ⓘ This is a list of gatsby-plugin-netlify 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
@babel/runtime	7.24.5	256.12 kB	MIT	prod
fs-extra	8.1.0	31.77 kB	MIT	prod
gatsby	3.15.0	3.29 MB	MIT	prod peer	6 38 14 3
kebab-hash	0.1.2	2.36 kB	MIT	prod
lodash	4.17.21	311.49 kB	MIT	prod
webpack-assets-manifest	5.2.1	46.5 kB	MIT	prod	1 1