Hold on, we're currently generating a fresh version of this report

Generated on Nov 6, 2023 via pnpm

gulp-server-livereload 1.9.2

Gulp plugin to run a local webserver with livereload enabled via socket.io. Also comes with standalone command-line interface.

Package summary

62

issues

5

licenses

Package created

16 Aug 2014

Version published

4 Nov 2016

Maintainers

1

Total deps

176

Direct deps

16

License

MIT

Issues

62

23 critical severity issues

open@0.0.5

Command Injection in open

Recommendation: Upgrade to version 6.0.0 or later

via: open@0.0.5

socket.io-parser@2.3.1

Insufficient validation when decoding a Socket.IO packet

Recommendation: Upgrade to version 3.3.3 or later

via: socket.io@1.7.4

node.extend@1.0.10

Prototype Pollution in node.extend

Recommendation: Upgrade to version 1.1.7 or later

via: node.extend@1.0.10

lodash@1.0.2

Prototype Pollution in lodash

Recommendation: Upgrade to version 4.17.12 or later

via: vinyl-fs@1.0.0

arraybuffer.slice@0.0.6

Package has no specified license

Recommendation: Check the package code and files for license information

via: socket.io@1.7.4

batch@0.5.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: serve-index@1.1.6

better-assert@1.0.2

Package has no specified license

Recommendation: Check the package code and files for license information

via: socket.io@1.7.4

blob@0.0.4

Package has no specified license

Recommendation: Check the package code and files for license information

via: socket.io@1.7.4

callsite@1.0.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: socket.io@1.7.4

component-bind@1.0.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: socket.io@1.7.4

component-emitter@1.1.2

Package has no specified license

Recommendation: Check the package code and files for license information

via: socket.io@1.7.4

component-inherit@0.0.3

Package has no specified license

Recommendation: Check the package code and files for license information

via: socket.io@1.7.4

connect-inject@0.3.2

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect-inject@0.3.2

debug@1.0.4

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@3.1.1 & others

escape-html@1.0.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@3.1.1 & others

indexof@0.0.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: socket.io@1.7.4

inherits@1.0.2

Package has no specified license

Recommendation: Check the package code and files for license information

via: vinyl-fs@1.0.0

is@0.3.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: node.extend@1.0.10

mime@1.2.11

Package has no specified license

Recommendation: Check the package code and files for license information

via: serve-static@1.5.4

ms@0.6.2

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@3.1.1 & others

ms@0.7.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: socket.io@1.7.4

object-component@0.0.3

Package has no specified license

Recommendation: Check the package code and files for license information

via: socket.io@1.7.4

options@0.0.6

Package has no specified license

Recommendation: Check the package code and files for license information

via: socket.io@1.7.4

22 high severity issues

engine.io@1.8.5

Resource exhaustion in engine.io

Recommendation: Upgrade to version 3.6.0 or later

via: socket.io@1.7.4

socket.io-parser@2.3.1

Resource exhaustion in socket.io-parser

Recommendation: Upgrade to version 3.3.2 or later

via: socket.io@1.7.4

parsejson@0.0.3

Regular Expression Denial of Service in parsejson

Recommendation: None

via: socket.io@1.7.4

negotiator@0.4.7

Regular Expression Denial of Service in negotiator

Recommendation: Upgrade to version 0.6.1 or later

via: serve-index@1.1.6

fresh@0.2.2

Regular Expression Denial of Service in fresh

Recommendation: Upgrade to version 0.5.2 or later

via: serve-static@1.5.4

minimatch@2.0.10

Regular Expression Denial of Service in minimatch

Recommendation: Upgrade to version 3.0.2 or later

via: vinyl-fs@1.0.0

mime@1.2.11

mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input

Recommendation: Upgrade to version 1.4.1 or later

via: serve-static@1.5.4

minimatch@2.0.10

minimatch ReDoS vulnerability

Recommendation: Upgrade to version 3.0.5 or later

via: vinyl-fs@1.0.0

debug@1.0.4

debug Inefficient Regular Expression Complexity vulnerability

Recommendation: Upgrade to version 2.6.9 or later

via: connect@3.1.1 & others

lodash@1.0.2

Command Injection in lodash

Recommendation: Upgrade to version 4.17.21 or later

via: vinyl-fs@1.0.0

lodash@1.0.2

Prototype Pollution in lodash

Recommendation: Upgrade to version 4.17.11 or later

via: vinyl-fs@1.0.0

ms@0.6.2

Regular Expression Denial of Service in ms

Recommendation: Upgrade to version 0.7.1 or later

via: connect@3.1.1 & others

duplexer2@0.0.2

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: gulp-util@3.0.8

glob@3.1.21

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: vinyl-fs@1.0.0

graceful-fs@1.2.3

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: vinyl-fs@1.0.0

node.extend@1.0.10

Package uses an invalid SPDX license ("(MIT OR GPL)")

Recommendation: Validate that the package complies with your license policy

via: node.extend@1.0.10

graceful-fs@1.2.3

Deprecated package

via: vinyl-fs@1.0.0

gulp-util@3.0.8

Deprecated package

via: gulp-util@3.0.8

json3@3.3.2

Deprecated package

via: socket.io@1.7.4

minimatch@0.2.14

Deprecated package

via: vinyl-fs@1.0.0

minimatch@2.0.10

Deprecated package

via: vinyl-fs@1.0.0

natives@1.1.6

Deprecated package

via: vinyl-fs@1.0.0

12 moderate severity issues

lodash@1.0.2

Regular Expression Denial of Service (ReDoS) in lodash

Recommendation: Upgrade to version 4.17.11 or later

via: vinyl-fs@1.0.0

engine.io@1.8.5

Uncaught exception in engine.io

Recommendation: Upgrade to version 3.6.1 or later

via: socket.io@1.7.4

socket.io@1.7.4

CORS misconfiguration in socket.io

Recommendation: Upgrade to version 2.4.0 or later

via: socket.io@1.7.4

send@0.8.5

Root Path Disclosure in send

Recommendation: Upgrade to version 0.11.1 or later

via: serve-static@1.5.4

debug@1.0.4

Regular Expression Denial of Service in debug

Recommendation: Upgrade to version 2.6.9 or later

via: connect@3.1.1 & others

ms@0.6.2

Vercel ms Inefficient Regular Expression Complexity vulnerability

Recommendation: Upgrade to version 2.0.0 or later

via: connect@3.1.1 & others

lodash@1.0.2

Regular Expression Denial of Service (ReDoS) in lodash

Recommendation: Upgrade to version 4.17.21 or later

via: vinyl-fs@1.0.0

serve-index@1.1.6

Cross-Site Scripting in serve-index

Recommendation: Upgrade to version 1.6.3 or later

via: serve-index@1.1.6

callsite@1.0.0

Package has no specified source code repository

via: socket.io@1.7.4

has-binary@0.1.7

Package has no specified source code repository

via: socket.io@1.7.4

indexof@0.0.1

Package has no specified source code repository

via: socket.io@1.7.4

object-component@0.0.3

Package has no specified source code repository

via: socket.io@1.7.4

5 low severity issues

lodash@1.0.2

Prototype Pollution in lodash

Recommendation: Upgrade to version 4.17.5 or later

via: vinyl-fs@1.0.0

serve-static@1.5.4

Open Redirect in serve-static

Recommendation: Upgrade to version 1.7.2 or later

via: serve-static@1.5.4

duplexer2@0.0.2

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: gulp-util@3.0.8

glob@3.1.21

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: vinyl-fs@1.0.0

graceful-fs@1.2.3

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: vinyl-fs@1.0.0

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

142 Packages, Including:

accepts@1.0.7

accepts@1.3.3

after@0.8.2

ansi-gray@0.1.1

ansi-regex@2.1.1

ansi-styles@2.2.1

ansi-wrap@0.1.0

array-differ@1.0.0

array-uniq@1.0.3

backo2@1.0.2

balanced-match@1.0.2

base64-arraybuffer@0.1.5

base64id@1.0.0

beeper@1.1.1

brace-expansion@1.1.11

chalk@1.1.3

clone-stats@0.0.1

clone@0.2.0

clone@1.0.4

commander@2.20.3

component-emitter@1.2.1

concat-map@0.0.1

connect@3.1.1

cookie@0.3.1

core-util-is@1.0.3

dateformat@2.2.0

debug@2.2.0

debug@2.3.3

depd@0.4.4

destroy@1.0.3

duplexify@3.7.1

ee-first@1.0.5

end-of-stream@1.4.4

engine.io-client@1.8.6

engine.io-parser@1.3.2

engine.io@1.8.5

escape-string-regexp@1.0.5

fancy-log@1.3.3

finalhandler@0.1.0

find-index@0.1.1

first-chunk-stream@1.0.0

fresh@0.2.2

gaze@0.5.2

glob-stream@4.1.1

glob-watcher@0.0.8

glob2base@0.0.12

globule@0.1.0

glogg@1.0.2

gulp-server-livereload@1.9.2

gulp-util@3.0.8

N/A

N/A

19 Packages, Including:

arraybuffer.slice@0.0.6

batch@0.5.1

better-assert@1.0.2

blob@0.0.4

callsite@1.0.0

component-bind@1.0.0

component-emitter@1.1.2

component-inherit@0.0.3

connect-inject@0.3.2

debug@1.0.4

escape-html@1.0.1

indexof@0.0.1

inherits@1.0.2

is@0.3.0

mime@1.2.11

ms@0.6.2

ms@0.7.1

object-component@0.0.3

options@0.0.6

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

11 Packages, Including:

color-support@1.1.3

glob@4.5.3

graceful-fs@3.0.12

inflight@1.0.6

inherits@2.0.4

lru-cache@2.7.3

minimatch@2.0.10

natives@1.1.6

once@1.4.0

sigmund@1.0.1

wrappy@1.0.2

BSD

Invalid

Not OSI Approved

3 Packages, Including:

duplexer2@0.0.2

glob@3.1.21

graceful-fs@1.2.3

(MIT OR GPL)

Invalid

1 Packages, Including:

node.extend@1.0.10

Direct Dependencies

16

All Dependencies CSV

ⓘ This is a list of gulp-server-livereload 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
commander	2.20.3	18.26 kB	MIT	prod
connect-inject	0.3.2	3.29 kB	UNKNOWN	prod	1
connect	3.1.1	19.62 kB	MIT	prod	3 2 2
glogg	1.0.2	2.76 kB	MIT	prod
gulp-util	3.0.8	5.36 kB	MIT	prod	2 1
gulplog	1.0.0	2.1 kB	MIT	prod
lodash	4.17.21	311.49 kB	MIT	prod
node-watch	0.3.5	3.74 kB	MIT	prod
node.extend	1.0.10	2.55 kB	(MIT OR GPL)	prod	2 1
open	0.0.5	7.31 kB	MIT	prod	1
proxy-middleware	0.15.0	3.38 kB	MIT	prod
serve-index	1.1.6	58.79 kB	MIT	prod	1 1 1
serve-static	1.5.4	4.58 kB	MIT	prod	4 4 3 1
socket.io	1.7.4	19.67 kB	MIT	prod	12 5 8
through2	0.5.1	4.11 kB	MIT	prod
vinyl-fs	1.0.0	5.69 kB	MIT	prod	2 10 2 3

Recent Versions