Generated on May 18, 2024 via pnpm

Npm

Home

loopback 3.28.0

LoopBack: Open Source Framework for Node.js

web

restful

rest

Package summary

issues

licenses

Package created

13 Sep 2013

Version published

25 Nov 2020

Maintainers

Total deps

340

Direct deps

License

MIT

Issues

9 critical severity issues

critical

ejs@2.7.4

ejs template injection vulnerability

Recommendation: Upgrade to version 3.1.7 or later

via: ejs@2.7.4

underscore@1.7.0

Arbitrary Code Execution in underscore

Recommendation: Upgrade to version 1.12.1 or later

via: nodemailer-direct-transport@3.3.2

base64-js@0.0.2

Package has no specified license

Recommendation: Check the package code and files for license information

via: loopback-connector-remote@3.4.1 & others

duplex@1.0.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: loopback-connector-remote@3.4.1 & others

msgpack-js@0.3.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: loopback-connector-remote@3.4.1 & others

mux-demux@3.7.9

Package has no specified license

Recommendation: Check the package code and files for license information

via: loopback-connector-remote@3.4.1 & others

options@0.0.6

Package has no specified license

Recommendation: Check the package code and files for license information

via: loopback-connector-remote@3.4.1 & others

sse@0.0.8

Package has no specified license

Recommendation: Check the package code and files for license information

via: loopback-connector-remote@3.4.1 & others

uid2@0.0.3

Package has no specified license

Recommendation: Check the package code and files for license information

via: uid2@0.0.3

Collapse

Expand

6 high severity issues

high

canonical-json@0.0.4

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: canonical-json@0.0.4

ejs@2.7.4

Package uses postinstall script: "node ./postinstall.js"

via: ejs@2.7.4

har-validator@5.1.5

Deprecated package

via: loopback-connector-remote@3.4.1 & others

request@2.88.2

Deprecated package

via: loopback-connector-remote@3.4.1 & others

stable@0.1.8

Deprecated package

via: loopback-connector-remote@3.4.1 & others

uuid@3.4.0

Deprecated package

via: loopback-connector-remote@3.4.1 & others

Collapse

Expand

6 moderate severity issues

moderate

tough-cookie@2.5.0

tough-cookie Prototype Pollution vulnerability

Recommendation: Upgrade to version 4.1.3 or later

via: loopback-connector-remote@3.4.1 & others

xml2js@0.4.23

xml2js is vulnerable to prototype pollution

Recommendation: Upgrade to version 0.5.0 or later

via: loopback-connector-remote@3.4.1 & others

request@2.88.2

Server-Side Request Forgery in Request

Recommendation: None

via: loopback-connector-remote@3.4.1 & others

ejs@2.7.4

ejs lacks certain pollution protection

Recommendation: Upgrade to version 3.1.10 or later

via: ejs@2.7.4

eyes@0.1.8

Package has no specified source code repository

via: loopback-connector-remote@3.4.1 & others

uid2@0.0.3

Package has no specified source code repository

via: uid2@0.0.3

Collapse

Expand

1 low severity issue

low

canonical-json@0.0.4

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: canonical-json@0.0.4

Collapse

Expand

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

279 Packages, Including:

@types/body-parser@1.19.5

@types/connect@3.4.38

@types/express-serve-static-core@4.19.0

@types/express@4.17.21

@types/http-errors@2.0.4

@types/mime@1.3.5

@types/node@10.17.60

@types/node@20.12.12

@types/qs@6.9.15

@types/range-parser@1.2.7

@types/send@0.17.4

@types/serve-static@1.15.7

accept-language@3.0.18

accepts@1.3.8

ajv@6.12.6

ansi-styles@4.3.0

argparse@1.0.10

array-buffer-byte-length@1.0.1

array-flatten@1.1.1

arraybuffer.prototype.slice@1.0.3

asn1@0.2.6

assert-plus@1.0.0

async@2.6.4

async@3.2.5

asynckit@0.4.0

available-typed-arrays@1.0.7

aws4@1.12.0

balanced-match@1.0.2

base64-js@1.0.2

bcp47@1.1.2

bcryptjs@2.4.3

bl@2.2.1

bluebird@3.7.2

body-parser@1.20.2

bops@0.0.7

bops@1.0.0

brace-expansion@1.1.11

brace-expansion@2.0.1

bytes@3.1.2

call-bind@1.0.7

chalk@4.1.2

cldrjs@0.5.5

color-convert@2.0.1

color-name@1.1.4

combined-stream@1.0.8

commander@2.20.3

concat-map@0.0.1

content-disposition@0.5.4

content-type@1.0.5

cookie-signature@1.0.6

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

17 Packages, Including:

fs.realpath@1.0.0

glob@7.2.3

har-schema@2.0.0

inflight@1.0.6

inherits@2.0.4

isexe@2.0.0

json-stringify-safe@5.0.1

minimatch@3.1.2

minimatch@5.1.6

once@1.4.0

sax@1.3.0

semver@5.7.2

setprototypeof@1.2.0

signal-exit@3.0.7

which@1.3.1

which@2.0.2

wrappy@1.0.2

Apache License 2.0

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

use-patent-claims

place-warranty

Cannot

hold-liable

use-trademark

Must

include-copyright

include-license

state-changes

include-notice

15 Packages, Including:

aws-sign2@0.7.0

caseless@0.12.0

ejs@2.7.4

ejs@3.1.10

filelist@1.0.4

forever-agent@0.6.1

human-signals@1.1.1

jake@10.9.1

js2xmlparser@3.0.0

js2xmlparser@4.0.2

oauth-sign@0.9.0

request@2.88.2

tunnel-agent@0.6.0

xmlcreate@1.0.2

xmlcreate@2.0.4

BSD 3-Clause "New" or "Revised" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

use-trademark

hold-liable

Must

include-copyright

include-license

12 Packages, Including:

bcrypt-pbkdf@1.0.2

charenc@0.0.2

crypt@0.0.2

http-status@1.7.4

isemail@3.2.0

md5@2.3.0

qs@6.11.0

qs@6.12.1

qs@6.5.3

sprintf-js@1.0.3

sprintf-js@1.1.3

tough-cookie@2.5.0

N/A

7 Packages, Including:

base64-js@0.0.2

duplex@1.0.0

msgpack-js@0.3.0

mux-demux@3.7.9

options@0.0.6

sse@0.0.8

uid2@0.0.3

Artistic License 2.0

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

use-trademark

hold-liable

Must

rename

state-changes

include-original

include-install-instructions

4 Packages, Including:

strong-globalize@4.1.3

strong-globalize@5.1.0

strong-globalize@6.0.6

strong-remoting@3.17.0

(MIT OR Apache-2.0)

Permissive

1 Packages, Including:

JSONStream@1.3.5

BSD

Invalid

Not OSI Approved

1 Packages, Including:

canonical-json@0.0.4

(AFL-2.1 OR BSD-3-Clause)

Permissive

1 Packages, Including:

json-schema@0.4.0

MIT No Attribution

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

Cannot

Must

1 Packages, Including:

nodemailer@6.9.13

The Unlicense

Public Domain

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

private-use

modify

Cannot

include-copyright

hold-liable

Must

1 Packages, Including:

tweetnacl@0.14.5

BSD 2-Clause "Simplified" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

hold-liable

Must

include-copyright

include-license

1 Packages, Including:

uri-js@4.4.1

Direct Dependencies

All Dependencies CSV

ⓘ This is a list of loopback 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
async	2.6.4	120.04 kB	MIT	prod
bcryptjs	2.4.3	76.21 kB	MIT	prod
bluebird	3.7.2	136.03 kB	MIT	prod
body-parser	1.20.2	14.75 kB	MIT	prod
canonical-json	0.0.4	4.27 kB	BSD	prod	1 1
debug	2.6.9	16.13 kB	MIT	prod
depd	1.1.2	8.81 kB	MIT	prod
ejs	2.7.4	37.03 kB	Apache-2.0	prod	1 1 1
express	4.19.2	209.73 kB	MIT	prod
inflection	1.13.4	11.51 kB	MIT	prod
isemail	3.2.0	14.05 kB	BSD-3-Clause	prod
loopback-connector-remote	3.4.1	12.06 kB	MIT	prod	6 4 4
loopback-datasource-juggler	3.36.1	684.97 kB	MIT	prod	2
loopback-filters	1.1.1	9.92 kB	MIT	prod
loopback-phase	3.4.0	16.79 kB	MIT	prod	1
nodemailer-direct-transport	3.3.2	10.29 kB	MIT	prod	1
nodemailer-stub-transport	1.1.0	3.56 kB	MIT	prod
nodemailer	6.9.13	491.4 kB	MIT-0	prod
serve-favicon	2.5.0	6.67 kB	MIT	prod
stable	0.1.8	3.59 kB	MIT	prod	1
strong-globalize	4.1.3	440.68 kB	Artistic-2.0	prod	1
strong-remoting	3.17.0	121.71 kB	Artistic-2.0	prod	6 4 4
uid2	0.0.3	1.41 kB	UNKNOWN	prod	1 1
underscore.string	3.3.6	37.81 kB	MIT	prod