Generated on Apr 20, 2024 via pnpm

Npm

Home

gulp-iconfont 10.0.0

Create icon fonts from several SVG icons

gulpplugin

gulp

icon

font

Package summary

issues

licenses

Package created

7 Jan 2014

Version published

13 Jun 2018

Maintainers

Total deps

267

Direct deps

License

MIT

Issues

2 critical severity issues

critical

xmldom@0.1.31

xmldom allows multiple root nodes in a DOM

Recommendation: None

via: gulp-svg2ttf@2.0.1

varstream@0.3.2

Package has no specified license

Recommendation: Check the package code and files for license information

via: gulp-svgicons2svgfont@5.0.1

Collapse

Expand

11 high severity issues

high

tar@2.2.2

Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization

Recommendation: Upgrade to version 3.2.2 or later

via: gulp-ttf2woff2@2.0.2

tar@2.2.2

Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization

Recommendation: Upgrade to version 4.4.18 or later

via: gulp-ttf2woff2@2.0.2

lodash.template@3.6.2

Command Injection in lodash

Recommendation: None

via: gulp-svg2ttf@2.0.1 & others

duplexer2@0.0.2

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: gulp-svg2ttf@2.0.1 & others

gulp-util@3.0.8

Deprecated package

via: gulp-svg2ttf@2.0.1 & others

har-validator@5.1.5

Deprecated package

via: gulp-ttf2woff2@2.0.2

request@2.88.2

Deprecated package

via: gulp-ttf2woff2@2.0.2

tar@2.2.2

Deprecated package

via: gulp-ttf2woff2@2.0.2

ttf2woff2@2.0.3

Package uses install script: "(node-gyp rebuild > builderror.log) || (exit 0)"

via: gulp-ttf2woff2@2.0.2

uuid@3.4.0

Deprecated package

via: gulp-ttf2woff2@2.0.2

xmldom@0.1.31

Deprecated package

via: gulp-svg2ttf@2.0.1

Collapse

Expand

6 moderate severity issues

moderate

xmldom@0.1.31

Misinterpretation of malicious XML input

Recommendation: Upgrade to version 0.5.0 or later

via: gulp-svg2ttf@2.0.1

semver@5.3.0

semver vulnerable to Regular Expression Denial of Service

Recommendation: Upgrade to version 5.7.2 or later

via: gulp-ttf2woff2@2.0.2

xmldom@0.1.31

Misinterpretation of malicious XML input

Recommendation: None

via: gulp-svg2ttf@2.0.1

tough-cookie@2.5.0

tough-cookie Prototype Pollution vulnerability

Recommendation: Upgrade to version 4.1.3 or later

via: gulp-ttf2woff2@2.0.2

request@2.88.2

Server-Side Request Forgery in Request

Recommendation: None

via: gulp-ttf2woff2@2.0.2

tar@2.2.2

Denial of service while parsing a tar file due to lack of folders count validation

Recommendation: Upgrade to version 6.2.1 or later

via: gulp-ttf2woff2@2.0.2

Collapse

Expand

1 low severity issue

low

duplexer2@0.0.2

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: gulp-svg2ttf@2.0.1 & others

Collapse

Expand

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

218 Packages, Including:

ajv@6.12.6

ansi-colors@1.1.0

ansi-gray@0.1.1

ansi-regex@2.1.1

ansi-styles@2.2.1

ansi-wrap@0.1.0

argparse@1.0.10

arr-diff@4.0.0

arr-union@3.1.0

array-buffer-byte-length@1.0.1

array-differ@1.0.0

array-uniq@1.0.3

array.prototype.flatmap@1.2.4

arraybuffer.prototype.slice@1.0.3

asn1@0.2.6

assert-plus@1.0.0

assign-symbols@1.0.0

asynckit@0.4.0

available-typed-arrays@1.0.7

aws4@1.12.0

balanced-match@1.0.2

beeper@1.1.1

bindings@1.5.0

brace-expansion@1.1.11

bufferstreams@1.1.3

call-bind@1.0.7

chalk@1.1.3

clone-buffer@1.0.0

clone-stats@0.0.1

clone-stats@1.0.0

clone@1.0.4

clone@2.1.2

cloneable-readable@1.1.3

code-point-at@1.1.0

combined-stream@1.0.8

commander@4.1.1

concat-map@0.0.1

core-util-is@1.0.2

core-util-is@1.0.3

cubic2quad@1.2.1

dashdash@1.14.1

data-view-buffer@1.0.1

data-view-byte-length@1.0.1

data-view-byte-offset@1.0.0

dateformat@2.2.0

define-data-property@1.1.4

define-properties@1.2.1

delayed-stream@1.0.0

delegates@1.0.0

ecc-jsbn@0.1.2

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

32 Packages, Including:

abbrev@1.1.1

aproba@1.2.0

are-we-there-yet@1.1.7

block-stream@0.0.9

color-support@1.1.3

console-control-strings@1.1.0

fs.realpath@1.0.0

fstream@1.0.12

gauge@2.7.4

glob@7.2.3

graceful-fs@4.2.11

har-schema@2.0.0

has-unicode@2.0.1

inflight@1.0.6

inherits@2.0.4

isexe@2.0.0

json-stringify-safe@5.0.1

minimatch@3.1.2

nopt@3.0.6

npmlog@4.1.2

once@1.4.0

osenv@0.1.5

remove-trailing-separator@1.1.0

rimraf@2.7.1

sax@1.3.0

semver@5.3.0

set-blocking@2.0.0

signal-exit@3.0.7

tar@2.2.2

which@1.3.1

wide-align@1.1.5

wrappy@1.0.2

Apache License 2.0

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

use-patent-claims

place-warranty

Cannot

hold-liable

use-trademark

Must

include-copyright

include-license

state-changes

include-notice

6 Packages, Including:

aws-sign2@0.7.0

caseless@0.12.0

forever-agent@0.6.1

oauth-sign@0.9.0

request@2.88.2

tunnel-agent@0.6.0

BSD 3-Clause "New" or "Revised" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

use-trademark

hold-liable

Must

include-copyright

include-license

4 Packages, Including:

bcrypt-pbkdf@1.0.2

qs@6.5.3

sprintf-js@1.0.3

tough-cookie@2.5.0

BSD

Invalid

Not OSI Approved

1 Packages, Including:

duplexer2@0.0.2

(AFL-2.1 OR BSD-3-Clause)

Permissive

1 Packages, Including:

json-schema@0.4.0

(MIT AND Zlib)

Permissive

1 Packages, Including:

pako@1.0.11

The Unlicense

Public Domain

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

private-use

modify

Cannot

include-copyright

hold-liable

Must

1 Packages, Including:

tweetnacl@0.14.5

BSD 2-Clause "Simplified" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

hold-liable

Must

include-copyright

include-license

1 Packages, Including:

uri-js@4.4.1

N/A

1 Packages, Including:

varstream@0.3.2

(LGPL-2.0 or MIT)

Permissive

1 Packages, Including:

xmldom@0.1.31

Direct Dependencies

All Dependencies CSV

ⓘ This is a list of gulp-iconfont 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
gulp-cond	1.0.0	3.28 kB	MIT	prod
gulp-spawn	0.4.5	4.06 kB	MIT	prod
gulp-svg2ttf	2.0.1	10.91 kB	MIT	prod	1 4 2 1
gulp-svgicons2svgfont	5.0.1	21.14 kB	MIT	prod	1
gulp-ttf2eot	1.1.2	5.43 kB	MIT	prod	3 1
gulp-ttf2woff2	2.0.2	6.63 kB	MIT	prod	10 4 1
gulp-ttf2woff	1.1.1	6.52 kB	MIT	prod	3 1
plexer	1.0.3	7.95 kB	MIT	prod
streamfilter	1.0.7	6.31 kB	MIT	prod