Hold on, we're currently generating a fresh version of this report

Generated on May 4, 2024 via pnpm

loadfire 3.0.1

A clean and simple load balancer

Package summary

41

issues

6

licenses

Package created

13 Jun 2013

Version published

4 Jun 2014

Maintainers

1

Total deps

41

Direct deps

7

License

MIT

Issues

41

16 critical severity issues

underscore@1.4.4

Arbitrary Code Execution in underscore

Recommendation: Upgrade to version 1.12.1 or later

via: underscore@1.4.4

buffer-crc32@0.2.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@2.11.0

bytes@0.2.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@2.11.0

cookie-signature@1.0.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@2.11.0

cookie@0.1.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@2.11.0

event-stream@3.1.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: event-stream@3.1.0

fresh@0.2.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@2.11.0

map-stream@0.1.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: event-stream@3.1.0

mime@1.2.11

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@2.11.0

pause@0.0.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@2.11.0

qs@0.6.5

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@2.11.0

range-parser@0.0.4

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@2.11.0

send@0.1.4

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@2.11.0

split@0.2.10

Package has no specified license

Recommendation: Check the package code and files for license information

via: event-stream@3.1.0

uid2@0.0.3

Package has no specified license

Recommendation: Check the package code and files for license information

via: connect@2.11.0

underscore@1.4.4

Package has no specified license

Recommendation: Check the package code and files for license information

via: underscore@1.4.4

12 high severity issues

qs@0.6.5

Prototype Pollution Protection Bypass in qs

Recommendation: Upgrade to version 6.0.4 or later

via: connect@2.11.0

qs@0.6.5

Denial-of-Service Extended Event Loop Blocking in qs

Recommendation: Upgrade to version 1.0.0 or later

via: connect@2.11.0

negotiator@0.3.0

Regular Expression Denial of Service in negotiator

Recommendation: Upgrade to version 0.6.1 or later

via: connect@2.11.0

qs@0.6.5

Denial-of-Service Memory Exhaustion in qs

Recommendation: Upgrade to version 1.0.0 or later

via: connect@2.11.0

fresh@0.2.0

Regular Expression Denial of Service in fresh

Recommendation: Upgrade to version 0.5.2 or later

via: connect@2.11.0

mime@1.2.11

mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input

Recommendation: Upgrade to version 1.4.1 or later

via: connect@2.11.0

http-proxy@1.0.2

Denial of Service in http-proxy

Recommendation: Upgrade to version 1.18.1 or later

via: http-proxy@1.0.2

qs@0.6.5

qs vulnerable to Prototype Pollution

Recommendation: Upgrade to version 6.2.4 or later

via: connect@2.11.0

optimist@0.3.0

Package uses an invalid SPDX license ("MIT/X11")

Recommendation: Validate that the package complies with your license policy

via: optimist@0.3.0

pause-stream@0.0.11

Package uses an invalid SPDX license ("(MIT OR Apache2)")

Recommendation: Validate that the package complies with your license policy

via: event-stream@3.1.0

stream-counter@0.2.0

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: connect@2.11.0

connect@2.11.0

Deprecated package

via: connect@2.11.0

10 moderate severity issues

cookie-signature@1.0.1

cookie-signature Timing Attack

Recommendation: Upgrade to version 1.0.4 or later

via: connect@2.11.0

connect@2.11.0

Cross-Site Scripting in connect

Recommendation: Upgrade to version 2.14.0 or later

via: connect@2.11.0

send@0.1.4

Root Path Disclosure in send

Recommendation: Upgrade to version 0.11.1 or later

via: connect@2.11.0

bytes@0.2.1

Package has no specified source code repository

via: connect@2.11.0

cookie-signature@1.0.1

Package has no specified source code repository

via: connect@2.11.0

http-proxy@1.0.2

Package has no specified source code repository

via: http-proxy@1.0.2

methods@0.0.1

Package has no specified source code repository

via: connect@2.11.0

pause@0.0.1

Package has no specified source code repository

via: connect@2.11.0

range-parser@0.0.4

Package has no specified source code repository

via: connect@2.11.0

uid2@0.0.3

Package has no specified source code repository

via: connect@2.11.0

3 low severity issues

send@0.1.4

Directory Traversal in send

Recommendation: Upgrade to version 0.8.4 or later

via: connect@2.11.0

optimist@0.3.0

Package uses a license that is not OSI approved ("MIT/X11")

Recommendation: Read and validate the license terms

via: optimist@0.3.0

stream-counter@0.2.0

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: connect@2.11.0

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

22 Packages, Including:

connect@2.11.0

core-util-is@1.0.3

debug@4.3.4

duplexer@0.1.2

eventemitter3@5.0.1

from@0.1.7

http-proxy@1.0.2

isarray@0.0.1

loadfire@3.0.1

methods@0.0.1

ms@2.1.2

multiparty@2.2.0

negotiator@0.3.0

q@0.9.6

q@0.9.7

qplus@0.1.0

raw-body@0.0.3

readable-stream@1.1.14

stream-combiner@0.0.4

string_decoder@0.10.31

through@2.3.8

wordwrap@0.0.3

N/A

N/A

15 Packages, Including:

buffer-crc32@0.2.1

bytes@0.2.1

cookie-signature@1.0.1

cookie@0.1.0

event-stream@3.1.0

fresh@0.2.0

map-stream@0.1.0

mime@1.2.11

pause@0.0.1

qs@0.6.5

range-parser@0.0.4

send@0.1.4

split@0.2.10

uid2@0.0.3

underscore@1.4.4

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

1 Packages, Including:

inherits@2.0.4

MIT/X11

Invalid

Not OSI Approved

1 Packages, Including:

optimist@0.3.0

(MIT OR Apache2)

Invalid

1 Packages, Including:

pause-stream@0.0.11

BSD

Invalid

Not OSI Approved

1 Packages, Including:

stream-counter@0.2.0

Direct Dependencies

7

All Dependencies CSV

ⓘ This is a list of loadfire 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
connect	2.11.0	75.54 kB	MIT	prod	11 9 9 2
event-stream	3.1.0	12.43 kB	UNKNOWN	prod	3 1
http-proxy	1.0.2	58.18 kB	MIT	prod	1 1
optimist	0.3.0	11.51 kB	MIT/X11	prod	1 1
q	0.9.6	23.22 kB	MIT	prod
qplus	0.1.0	2.54 kB	MIT	prod
underscore	1.4.4	40.78 kB	UNKNOWN	prod	2

All Versions