Home
Docs
GitHub
Pricing
Blog
Log In
DOCS
GITHUB
PRICING
BLOG
Log In

Run Sandworm Audit for your App

Get started
Generated on Oct 1, 2023 via pnpm
Repo
Npm
Home

node-gyp 3.4.0

Node.js native addon build tool
native
addon
module
c
c++
bindings
gyp
Package summary
Share
12
issues
10
high severity
vulnerability
5
meta
5
2
moderate severity
vulnerability
2
7
licenses
63
MIT
36
ISC
6
Apache-2.0
6
other licenses
BSD-3-Clause
3
(AFL-2.1 OR BSD-3-Clause)
1
Unlicense
1
BSD-2-Clause
1
Package created
5 Feb 2012
Version published
28 Jun 2016
Maintainers
3
Total versions
140
License
MIT

Issues

12

10 high severity issues

high
tar@2.2.2
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
Recommendation: Upgrade to version 3.2.2 or later
via: tar@2.2.2
tar@2.2.2
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
Recommendation: Upgrade to version 3.2.3 or later
via: tar@2.2.2
tar@2.2.2
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
Recommendation: Upgrade to version 4.4.16 or later
via: tar@2.2.2
tar@2.2.2
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
Recommendation: Upgrade to version 4.4.18 or later
via: tar@2.2.2
tar@2.2.2
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
Recommendation: Upgrade to version 4.4.18 or later
via: tar@2.2.2
es5-ext@0.10.62
Package uses postinstall script: " node -e "try{require('./_postinstall')}catch(e){}" || exit 0"
via: path-array@1.0.1
har-validator@5.1.5
Deprecated package
via: request@2.88.2
request@2.88.2
Deprecated package
via: request@2.88.2
tar@2.2.2
Deprecated package
via: tar@2.2.2
uuid@3.4.0
Deprecated package
via: request@2.88.2
Collapse
Expand

2 moderate severity issues

moderate
tough-cookie@2.5.0
tough-cookie Prototype Pollution vulnerability
Recommendation: Upgrade to version 4.1.3 or later
via: request@2.88.2
request@2.88.2
Server-Side Request Forgery in Request
Recommendation: None
via: request@2.88.2
Collapse
Expand

Licenses

MIT
63
ISC
36
Apache-2.0
6
BSD-3-Clause
3
(AFL-2.1 OR BSD-3-Clause)
1
Unlicense
1
BSD-2-Clause
1

MIT License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
Cannot
hold-liable
Must
include-copyright
include-license
Packages
ajv@6.12.6
ansi-regex@2.1.1
array-index@1.0.0
asn1@0.2.6
assert-plus@1.0.0
asynckit@0.4.0
aws4@1.12.0
balanced-match@1.0.2
brace-expansion@1.1.11
code-point-at@1.1.0
combined-stream@1.0.8
concat-map@0.0.1
core-util-is@1.0.2
core-util-is@1.0.3
dashdash@1.14.1
debug@2.6.9
delayed-stream@1.0.0
delegates@1.0.0
ecc-jsbn@0.1.2
es6-iterator@2.0.3
extend@3.0.2
extsprintf@1.3.0
fast-deep-equal@3.1.3
fast-json-stable-stringify@2.1.0
form-data@2.3.3
getpass@0.1.7
har-validator@5.1.5
has-color@0.1.7
http-signature@1.2.0
is-fullwidth-code-point@1.0.0
is-typedarray@1.0.0
isarray@1.0.0
isstream@0.1.2
jsbn@0.1.1
json-schema-traverse@0.4.1
jsprim@1.4.2
mime-db@1.52.0
mime-types@2.1.35
minimist@1.2.8
mkdirp@0.5.6
ms@2.0.0
node-gyp@3.4.0
number-is-nan@1.0.1
object-assign@4.1.1
os-homedir@1.0.2
os-tmpdir@1.0.2
path-array@1.0.1
path-is-absolute@1.0.1
performance-now@2.1.0
process-nextick-args@2.0.1
psl@1.9.0
punycode@2.3.0
readable-stream@2.3.8
safe-buffer@5.1.2
safe-buffer@5.2.1
safer-buffer@2.1.2
sshpk@1.17.0
string-width@1.0.2
string_decoder@1.1.1
strip-ansi@3.0.1
util-deprecate@1.0.2
uuid@3.4.0
verror@1.10.0

ISC License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
Cannot
hold-liable
Must
include-copyright
include-license
Packages
abbrev@1.1.1
aproba@1.2.0
are-we-there-yet@1.1.7
block-stream@0.0.9
console-control-strings@1.1.0
d@1.0.1
es5-ext@0.10.62
es6-symbol@3.1.3
ext@1.7.0
fs.realpath@1.0.0
fstream@1.0.12
gauge@2.6.0
glob@7.2.3
graceful-fs@4.2.11
har-schema@2.0.0
has-unicode@2.0.1
inflight@1.0.6
inherits@2.0.4
isexe@2.0.0
json-stringify-safe@5.0.1
minimatch@3.1.2
next-tick@1.1.0
nopt@3.0.6
npmlog@3.1.2
once@1.4.0
osenv@0.1.5
rimraf@2.7.1
semver@5.7.2
set-blocking@2.0.0
signal-exit@3.0.7
tar@2.2.2
type@1.2.0
type@2.7.2
which@1.3.1
wide-align@1.1.5
wrappy@1.0.2

Apache License 2.0

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
use-patent-claims
place-warranty
Cannot
hold-liable
use-trademark
Must
include-copyright
include-license
state-changes
include-notice
Packages
aws-sign2@0.7.0
caseless@0.12.0
forever-agent@0.6.1
oauth-sign@0.9.0
request@2.88.2
tunnel-agent@0.6.0

BSD 3-Clause "New" or "Revised" License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
place-warranty
Cannot
use-trademark
hold-liable
Must
include-copyright
include-license
Packages
bcrypt-pbkdf@1.0.2
qs@6.5.3
tough-cookie@2.5.0

(AFL-2.1 OR BSD-3-Clause)

Permissive
Packages
json-schema@0.4.0

The Unlicense

Public Domain
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
private-use
modify
Cannot
include-copyright
hold-liable
Must
Packages
tweetnacl@0.14.5

BSD 2-Clause "Simplified" License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
place-warranty
Cannot
hold-liable
Must
include-copyright
include-license
Packages
uri-js@4.4.1
Disclaimer

This deed highlights only some of the key features and terms of the actual license. It is not a license and has no legal value. You should carefully review all of the terms and conditions of the actual license before using the licensed material.

Sandworm is not a law firm and does not provide legal services. Distributing, displaying, or linking to this deed or the license that it summarizes does not create a lawyer-client or any other relationship.

Dependencies

111
Get CSV
Name Version Size License Type Vulnerabilities
abbrev 1.1.1 2.25 kB ISC prod
ajv 6.12.6 197.63 kB MIT prod
ansi-regex 2.1.1 2.29 kB MIT prod
aproba 1.2.0 3.44 kB ISC prod
are-we-there-yet 1.1.7 5.11 kB ISC prod
array-index 1.0.0 5.52 kB MIT prod 1
asn1 0.2.6 5.84 kB MIT prod
assert-plus 1.0.0 3.85 kB MIT prod
asynckit 0.4.0 7.92 kB MIT prod
aws-sign2 0.7.0 5.04 kB Apache-2.0 prod
aws4 1.12.0 8.06 kB MIT prod
balanced-match 1.0.2 2.61 kB MIT prod
bcrypt-pbkdf 1.0.2 10.85 kB BSD-3-Clause prod
block-stream 0.0.9 3.64 kB ISC prod
brace-expansion 1.1.11 4.14 kB MIT prod
caseless 0.12.0 5.2 kB Apache-2.0 prod
code-point-at 1.1.0 1.73 kB MIT prod
combined-stream 1.0.8 3.97 kB MIT prod
concat-map 0.0.1 2.21 kB MIT prod
console-control-strings 1.1.0 3.26 kB ISC prod
core-util-is 1.0.2 6.85 kB MIT prod
core-util-is 1.0.3 1.85 kB MIT prod
d 1.0.1 6.28 kB ISC prod 1
dashdash 1.14.1 22.99 kB MIT prod
debug 2.6.9 16.13 kB MIT prod
delayed-stream 1.0.0 3.38 kB MIT prod
delegates 1.0.0 2.78 kB MIT prod
ecc-jsbn 0.1.2 7.91 kB MIT prod
es5-ext 0.10.62 92.79 kB ISC prod 1
es6-iterator 2.0.3 8.07 kB MIT prod
es6-symbol 3.1.3 7.21 kB ISC prod 1
ext 1.7.0 8.35 kB ISC prod
extend 3.0.2 7.09 kB MIT prod
extsprintf 1.3.0 8.8 kB MIT prod
fast-deep-equal 3.1.3 3.57 kB MIT prod
fast-json-stable-stringify 2.1.0 6.17 kB MIT prod
forever-agent 0.6.1 4.92 kB Apache-2.0 prod
form-data 2.3.3 33.47 kB MIT prod
fs.realpath 1.0.0 4.33 kB ISC prod
fstream 1.0.12 16.61 kB ISC prod
gauge 2.6.0 20.13 kB ISC prod
getpass 0.1.7 2.54 kB MIT prod
glob 7.2.3 15.08 kB ISC prod
graceful-fs 4.2.11 9.57 kB ISC prod
har-schema 2.0.0 3.54 kB ISC prod
har-validator 5.1.5 2.54 kB MIT prod 1
has-color 0.1.7 986 B MIT prod
has-unicode 2.0.1 1.92 kB ISC prod
http-signature 1.2.0 14.85 kB MIT prod
inflight 1.0.6 1.99 kB ISC prod
inherits 2.0.4 1.98 kB ISC prod
is-fullwidth-code-point 1.0.0 2.07 kB MIT prod
is-typedarray 1.0.0 1.84 kB MIT prod
isarray 1.0.0 1.97 kB MIT prod
isexe 2.0.0 3.67 kB ISC prod
isstream 0.1.2 3.67 kB MIT prod
jsbn 0.1.1 13.39 kB MIT prod
json-schema-traverse 0.4.1 5.02 kB MIT prod
json-schema 0.4.0 8.73 kB (AFL-2.1 OR BSD-3-Clause) prod
json-stringify-safe 5.0.1 3.92 kB ISC prod
jsprim 1.4.2 10.63 kB MIT prod
mime-db 1.52.0 26.36 kB MIT prod
mime-types 2.1.35 5.46 kB MIT prod
minimatch 3.1.2 11.66 kB ISC prod
minimist 1.2.8 15.16 kB MIT prod
mkdirp 0.5.6 2.95 kB MIT prod
ms 2.0.0 2.81 kB MIT prod
next-tick 1.1.0 3.67 kB ISC prod
node-gyp 3.4.0 394.7 kB MIT prod
nopt 3.0.6 10.07 kB ISC prod
npmlog 3.1.2 6.08 kB ISC prod
number-is-nan 1.0.1 1.43 kB MIT prod
oauth-sign 0.9.0 5.07 kB Apache-2.0 prod
object-assign 4.1.1 2.61 kB MIT prod
once 1.4.0 1.93 kB ISC prod
os-homedir 1.0.2 1.72 kB MIT prod
os-tmpdir 1.0.2 1.75 kB MIT prod
osenv 0.1.5 2.25 kB ISC prod
path-array 1.0.1 3.9 kB MIT prod 1
path-is-absolute 1.0.1 1.84 kB MIT prod
performance-now 2.1.0 4.46 kB MIT prod
process-nextick-args 2.0.1 1.62 kB MIT prod
psl 1.9.0 139.49 kB MIT prod
punycode 2.3.0 7.21 kB MIT prod
qs 6.5.3 27.47 kB BSD-3-Clause prod
readable-stream 2.3.8 25.14 kB MIT prod
request 2.88.2 57.83 kB Apache-2.0 prod 32
rimraf 2.7.1 5.53 kB ISC prod
safe-buffer 5.1.2 9.59 kB MIT prod
safe-buffer 5.2.1 9.74 kB MIT prod
safer-buffer 2.1.2 11.75 kB MIT prod
semver 5.7.2 17.45 kB ISC prod
set-blocking 2.0.0 2.16 kB ISC prod
signal-exit 3.0.7 3.76 kB ISC prod
sshpk 1.17.0 54.41 kB MIT prod
string-width 1.0.2 2.03 kB MIT prod
string_decoder 1.1.1 4.72 kB MIT prod
strip-ansi 3.0.1 1.69 kB MIT prod
tar 2.2.2 211.58 kB ISC prod 6
tough-cookie 2.5.0 23.87 kB BSD-3-Clause prod 1
tunnel-agent 0.6.0 5.69 kB Apache-2.0 prod
tweetnacl 0.14.5 48.5 kB Unlicense prod
type 1.2.0 17.68 kB ISC prod
type 2.7.2 19.86 kB ISC prod
uri-js 4.4.1 128.91 kB BSD-2-Clause prod
util-deprecate 1.0.2 2.19 kB MIT prod
uuid 3.4.0 11.87 kB MIT prod 1
verror 1.10.0 11.99 kB MIT prod
which 1.3.1 4.08 kB ISC prod
wide-align 1.1.5 1.95 kB ISC prod
wrappy 1.0.2 1.64 kB ISC prod

Visualizations

Tree
Treemap

Frequently Asked Questions

What does node-gyp do?

Node-gyp is a cross-platform command-line tool created with Node.js that is used for compiling native addon modules for Node.js. It's designed to work on multiple target versions of Node.js, irrespective of which version of Node.js is installed on your system. Node-gyp achieves this by downloading the required development files or headers for the targeted version. It's important to note that while node-gyp aids in the development of Node.js native addons, it is not utilized for building Node.js itself.

How do you use node-gyp?

Utilizing node-gyp requires a few steps. First, you need to install it through npm by running npm install -g node-gyp in your terminal. Node-gyp has dependencies on Python, make and a C/C++ compiler toolchain like GCC on Unix, Python and XCode Command Line Tools on macOS, and Python and Visual C++ Build Environment on Windows, so ensure these are correctly installed on your system.

Once installed and dependencies are resolved, using node-gyp involves generating project build files and then invoking the build command. Here's a simple usage example for your native addon:

cd my_node_addon
node-gyp configure
node-gyp build

In this example, you first navigate to the root directory of your native addon, generate the necessary project build files for your platform using the configure command, and then build your native addon with the build command. The compiled bindings will be found in build/Debug/ or build/Release/ depending on your build mode.

Where are the node-gyp docs?

You can access the detailed and extensive node-gyp documentation in the docs directory on the package's GitHub repository link: node-gyp Github repository. This documentation provides additional information on specific node-gyp topics which can come in handy when installing or building addons using node-gyp. It also has the command and configuration options for finer control over your builds.

Recent Versions

Ready to start?

Get real-time protection against malicious scripts

Get started with Sandworm
Install Sandworm Audit
Sandworm Audit
Getting Started Issue Types Resolve Issues License Policies Npm Package List Composer Package List
Sandworm GUARD
Getting Started Supported Methods Describing Permissions Enforcing Permissions
TOS
Terms of Use Privacy Policy Security Cybersecurity Glossary
Get in touch
Sponsor Discuss Contact
More from Sandworm
Newsletter Blog