Home
Docs
GitHub
Pricing
Blog
Log In
DOCS
GITHUB
PRICING
BLOG
Log In

Run Sandworm Audit for your App

Get started
Hold on, we're currently generating a fresh version of this report
Generated on Apr 25, 2024 via pnpm
Repo
Npm
Home

monitor-dashboard 0.6.7

Dashboard UI for node monitor
monitor
dashboard
node-monitor
remote control
monitoring
control
realtime
control panel
Package summary
Share
36
issues
21
critical severity
vulnerability
3
license
18
7
high severity
vulnerability
3
license
1
meta
3
6
moderate severity
vulnerability
3
meta
3
2
low severity
vulnerability
2
4
licenses
22
MIT
18
N/A
1
(MIT OR GPL)
1
BSD-3-Clause
Package created
7 Nov 2013
Version published
17 Jan 2014
Maintainers
1
Total deps
42
Direct deps
5
License
UNKNOWN

Issues

36

21 critical severity issues

critical
uglify-js@1.2.5
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js
Recommendation: Upgrade to version 2.4.24 or later
via: core-monitor@0.6.3 & others
xmlhttprequest@1.4.2
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection
Recommendation: Upgrade to version 1.7.0 or later
via: core-monitor@0.6.3 & others
underscore@1.4.4
Arbitrary Code Execution in underscore
Recommendation: Upgrade to version 1.12.1 or later
via: backbone-callbacks@0.1.7 & others
active-x-obfuscator@0.0.1
Package has no specified license
Recommendation: Check the package code and files for license information
via: core-monitor@0.6.3 & others
backbone-callbacks@0.1.7
Package has no specified license
Recommendation: Check the package code and files for license information
via: backbone-callbacks@0.1.7 & others
backbone@0.9.10
Package has no specified license
Recommendation: Check the package code and files for license information
via: backbone-callbacks@0.1.7 & others
backbone@0.9.9
Package has no specified license
Recommendation: Check the package code and files for license information
via: core-monitor@0.6.3 & others
base64id@0.1.0
Package has no specified license
Recommendation: Check the package code and files for license information
via: core-monitor@0.6.3 & others
commander@2.1.0
Package has no specified license
Recommendation: Check the package code and files for license information
via: core-monitor@0.6.3 & others
connect@1.7.3
Package has no specified license
Recommendation: Check the package code and files for license information
via: connect@1.7.3 & others
core-monitor@0.6.3
Package has no specified license
Recommendation: Check the package code and files for license information
via: core-monitor@0.6.3
options@0.0.6
Package has no specified license
Recommendation: Check the package code and files for license information
via: core-monitor@0.6.3 & others
redis@0.7.3
Package has no specified license
Recommendation: Check the package code and files for license information
via: core-monitor@0.6.3 & others
socket.io-client@0.9.16
Package has no specified license
Recommendation: Check the package code and files for license information
via: core-monitor@0.6.3 & others
socket.io-client@0.9.17
Package has no specified license
Recommendation: Check the package code and files for license information
via: core-monitor@0.6.3 & others
socket.io@0.9.19
Package has no specified license
Recommendation: Check the package code and files for license information
via: core-monitor@0.6.3 & others
tinycolor@0.0.1
Package has no specified license
Recommendation: Check the package code and files for license information
via: core-monitor@0.6.3 & others
uglify-js@1.2.5
Package has no specified license
Recommendation: Check the package code and files for license information
via: core-monitor@0.6.3 & others
underscore@1.4.4
Package has no specified license
Recommendation: Check the package code and files for license information
via: backbone-callbacks@0.1.7 & others
ws@0.4.32
Package has no specified license
Recommendation: Check the package code and files for license information
via: core-monitor@0.6.3 & others
zeparser@0.0.5
Package has no specified license
Recommendation: Check the package code and files for license information
via: core-monitor@0.6.3 & others
Collapse
Expand

7 high severity issues

high
ws@0.4.32
DoS due to excessively large websocket message in ws
Recommendation: Upgrade to version 1.1.1 or later
via: core-monitor@0.6.3 & others
ws@0.4.32
Denial of Service in ws
Recommendation: Upgrade to version 1.1.5 or later
via: core-monitor@0.6.3 & others
uglify-js@1.2.5
Regular Expression Denial of Service in uglify-js
Recommendation: Upgrade to version 2.6.0 or later
via: core-monitor@0.6.3 & others
cron@0.1.3
Package uses an invalid SPDX license ("(MIT OR GPL)")
Recommendation: Validate that the package complies with your license policy
via: core-monitor@0.6.3 & others
connect@1.7.3
Deprecated package
via: connect@1.7.3 & others
nodeunit@0.5.2
Deprecated package
via: core-monitor@0.6.3 & others
ws@0.4.32
Package uses install script: "(node-gyp rebuild 2> builderror.log) || (exit 0)"
via: core-monitor@0.6.3 & others
Collapse
Expand

6 moderate severity issues

moderate
connect@1.7.3
Cross-Site Scripting in connect
Recommendation: Upgrade to version 2.14.0 or later
via: connect@1.7.3 & others
connect@1.7.3
Node Connect Reflected Cross-Site Scripting in Sencha Labs Connect middleware
Recommendation: Upgrade to version 2.8.2 or later
via: connect@1.7.3 & others
socket.io@0.9.19
CORS misconfiguration in socket.io
Recommendation: Upgrade to version 2.4.0 or later
via: core-monitor@0.6.3 & others
backbone@0.9.10
Package has no specified source code repository
via: backbone-callbacks@0.1.7 & others
backbone@0.9.9
Package has no specified source code repository
via: core-monitor@0.6.3 & others
policyfile@0.0.4
Package has no specified source code repository
via: core-monitor@0.6.3 & others
Collapse
Expand

2 low severity issues

low
connect@1.7.3
methodOverride Middleware Reflected Cross-Site Scripting in connect
Recommendation: Upgrade to version 2.8.1 or later
via: connect@1.7.3 & others
ws@0.4.32
Remote Memory Disclosure in ws
Recommendation: Upgrade to version 1.0.1 or later
via: core-monitor@0.6.3 & others
Collapse
Expand

Licenses

MIT
22
N/A
18
(MIT OR GPL)
1
BSD-3-Clause
1

MIT License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
Cannot
hold-liable
Must
include-copyright
include-license
22 Packages, Including:
call-bind@1.0.7
config@0.4.37
define-data-property@1.1.4
es-define-property@1.0.0
es-errors@1.3.0
function-bind@1.1.2
get-intrinsic@1.2.4
gopd@1.0.1
has-property-descriptors@1.0.2
has-proto@1.0.3
has-symbols@1.0.3
hasown@2.0.2
mime@4.0.3
monitor-dashboard@0.6.7
monitor@0.6.10
nan@1.0.0
nodeunit@0.5.2
object-inspect@1.13.1
policyfile@0.0.4
set-function-length@1.2.2
side-channel@1.0.6
xmlhttprequest@1.4.2

N/A

N/A
18 Packages, Including:
active-x-obfuscator@0.0.1
backbone-callbacks@0.1.7
backbone@0.9.10
backbone@0.9.9
base64id@0.1.0
commander@2.1.0
connect@1.7.3
core-monitor@0.6.3
options@0.0.6
redis@0.7.3
socket.io-client@0.9.16
socket.io-client@0.9.17
socket.io@0.9.19
tinycolor@0.0.1
uglify-js@1.2.5
underscore@1.4.4
ws@0.4.32
zeparser@0.0.5

(MIT OR GPL)

Invalid
1 Packages, Including:
cron@0.1.3

BSD 3-Clause "New" or "Revised" License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
place-warranty
Cannot
use-trademark
hold-liable
Must
include-copyright
include-license
1 Packages, Including:
qs@6.12.1
Disclaimer

This deed highlights only some of the key features and terms of the actual license. It is not a license and has no legal value. You should carefully review all of the terms and conditions of the actual license before using the licensed material.

Sandworm is not a law firm and does not provide legal services. Distributing, displaying, or linking to this deed or the license that it summarizes does not create a lawyer-client or any other relationship.

Direct Dependencies

5
All Dependencies CSV
β“˜ This is a list of monitor-dashboard 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.
NameVersionSizeLicenseTypeVulnerabilities
backbone-callbacks0.1.74.52 kBUNKNOWN
prod
4
1
config0.4.37137 kBMIT
prod
connect1.7.380 kBUNKNOWN
prod
1
1
2
1
core-monitor0.6.3662.5 kBUNKNOWN
prod
21
7
6
2
monitor0.6.10240.72 kBMIT
prod
19
6
4
1

Visualizations

Tree
Treemap

All Versions

Sandworm Dunes
Ready to start?

Scan your app for security vulnerabilities and license issues

Start Free With GitHub
Sandworm Open Source
Sandworm
Getting Started Issue Types Resolve Issues License Policies Sandworm Guard
Explore
Npm Package List Composer Package List Npm Categories List Npm Security Vulnerabilities Composer Security Vulnerabilities
Support
Sponsor Discuss Terms of Use Privacy Policy Security
More from Sandworm
Newsletter 𝕏 / Twitter 𝕏 / Twitter Security Alerts Knowledge Base Blog Contact