Generated on Apr 3, 2024 via pnpm

Npm

Home

node-red 2.1.1

Low-code programming for event-driven applications

editor

messaging

iot

flow

Package summary

issues

licenses

Package created

27 Sep 2013

Version published

22 Oct 2021

Maintainers

Total deps

280

Direct deps

License

Apache-2.0

Issues

4 critical severity issues

critical

jsonata@1.8.5

JSONata expression can pollute the "Object" prototype

Recommendation: Upgrade to version 1.8.7 or later

via: @node-red/editor-api@2.1.1 & others

cli-table@0.3.11

Package has no specified license

Recommendation: Check the package code and files for license information

via: node-red-admin@2.2.4

pause@0.0.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: @node-red/editor-api@2.1.1

retry@0.6.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: @node-red/nodes@2.1.1

Collapse

Expand

5 high severity issues

high

dicer@0.2.5

Crash in HeaderParser in dicer

Recommendation: None

via: @node-red/editor-api@2.1.1 & others

qs@6.7.0

qs vulnerable to Prototype Pollution

Recommendation: Upgrade to version 6.7.3 or later

via: @node-red/editor-api@2.1.1 & others

axios@0.27.0

Deprecated package

via: node-red-admin@2.2.4

bcrypt@5.0.1

Package uses install script: "node-pre-gyp install --fallback-to-build"

via: @node-red/editor-api@2.1.1 & others

multer@1.4.3

Deprecated package

via: @node-red/editor-api@2.1.1 & others

Collapse

Expand

9 moderate severity issues

moderate

moment-timezone@0.5.33

Cleartext Transmission of Sensitive Information in moment-timezone

Recommendation: Upgrade to version 0.5.35 or later

via: @node-red/editor-api@2.1.1 & others

got@11.8.2

Got allows a redirect to a UNIX socket

Recommendation: Upgrade to version 11.8.5 or later

via: @node-red/nodes@2.1.1

passport@0.5.0

Passport vulnerable to session regeneration when a users logs in or out

Recommendation: Upgrade to version 0.6.0 or later

via: @node-red/editor-api@2.1.1

semver@7.3.5

semver vulnerable to Regular Expression Denial of Service

Recommendation: Upgrade to version 7.5.2 or later

via: @node-red/editor-api@2.1.1 & others

axios@0.27.0

Axios Cross-Site Request Forgery Vulnerability

Recommendation: Upgrade to version 0.28.0 or later

via: node-red-admin@2.2.4

tough-cookie@4.0.0

tough-cookie Prototype Pollution vulnerability

Recommendation: Upgrade to version 4.1.3 or later

via: @node-red/nodes@2.1.1

xml2js@0.4.23

xml2js is vulnerable to prototype pollution

Recommendation: Upgrade to version 0.5.0 or later

via: @node-red/nodes@2.1.1

express@4.17.1

Express.js Open Redirect in malformed URLs

Recommendation: Upgrade to version 4.19.2 or later

via: @node-red/editor-api@2.1.1 & others

pause@0.0.1

Package has no specified source code repository

via: @node-red/editor-api@2.1.1

Collapse

Expand

1 low severity issue

low

moment-timezone@0.5.33

Command Injection in moment-timezone

Recommendation: Upgrade to version 0.5.35 or later

via: @node-red/editor-api@2.1.1 & others

Collapse

Expand

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

205 Packages, Including:

@babel/runtime@7.24.1

@sindresorhus/is@4.6.0

@szmarczak/http-timer@4.0.6

@types/cacheable-request@6.0.3

@types/http-cache-semantics@4.0.4

@types/keyv@3.1.4

@types/node@20.12.3

@types/responselike@1.0.3

accepts@1.3.8

acorn-walk@8.2.0

acorn@8.5.0

agent-base@6.0.2

ajv@8.6.3

ansi-colors@4.1.3

ansi-regex@5.0.1

append-field@1.0.0

argparse@1.0.10

array-flatten@1.1.1

async-mutex@0.3.2

async@0.1.22

asynckit@0.4.0

axios@0.27.0

balanced-match@1.0.2

base64-js@1.5.1

basic-auth@2.0.1

bcrypt@5.0.1

bcryptjs@2.4.3

bl@4.1.0

body-parser@1.19.0

brace-expansion@1.1.11

buffer-from@1.1.2

buffer@5.7.1

busboy@0.2.14

bytes@3.1.0

cacheable-lookup@5.0.4

cacheable-request@7.0.4

cheerio@1.0.0-rc.10

clone-response@1.0.3

clone@2.1.2

colors@1.0.3

combined-stream@1.0.8

commist@1.1.0

concat-map@0.0.1

concat-stream@1.6.2

concat-stream@2.0.0

content-disposition@0.5.3

content-type@1.0.4

content-type@1.0.5

cookie-parser@1.4.5

cookie-signature@1.0.6

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

43 Packages, Including:

abbrev@1.1.1

aproba@2.0.0

are-we-there-yet@2.0.0

boolbase@1.0.0

chownr@2.0.0

color-support@1.1.3

console-control-strings@1.1.0

cronosjs@1.7.1

fs-minipass@2.1.0

fs.realpath@1.0.0

gauge@3.0.2

glob@7.2.3

graceful-fs@4.2.11

has-unicode@2.0.1

inflight@1.0.6

inherits@2.0.3

inherits@2.0.4

json-stringify-safe@5.0.1

lru-cache@4.1.5

lru-cache@6.0.0

minimatch@3.1.2

minipass@3.3.6

minipass@5.0.0

mute-stream@0.0.8

nopt@5.0.0

npmlog@5.0.1

once@1.4.0

pseudomap@1.0.2

read@1.0.7

rimraf@3.0.2

sax@1.3.0

semver@6.3.1

semver@7.3.5

set-blocking@2.0.0

setprototypeof@1.1.1

signal-exit@3.0.7

split2@3.2.2

tar@6.1.11

tar@6.2.1

wide-align@1.1.5

wrappy@1.0.2

yallist@2.1.2

yallist@4.0.0

BSD 2-Clause "Simplified" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

hold-liable

Must

include-copyright

include-license

13 Packages, Including:

cheerio-select@1.6.0

css-select@4.3.0

css-what@6.1.0

domelementtype@2.3.0

domhandler@4.3.1

domutils@2.8.0

entities@2.2.0

esprima@4.0.1

http-cache-semantics@4.1.1

nth-check@2.1.1

uglify-js@3.14.2

uri-js@4.4.1

webidl-conversions@3.0.1

Apache License 2.0

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

use-patent-claims

place-warranty

Cannot

hold-liable

use-trademark

Must

include-copyright

include-license

state-changes

include-notice

10 Packages, Including:

@node-red/editor-api@2.1.1

@node-red/editor-client@2.1.1

@node-red/nodes@2.1.1

@node-red/registry@2.1.1

@node-red/runtime@2.1.1

@node-red/util@2.1.1

denque@2.0.1

detect-libc@2.0.3

node-red-admin@2.2.4

node-red@2.1.1

BSD 3-Clause "New" or "Revised" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

use-trademark

hold-liable

Must

include-copyright

include-license

5 Packages, Including:

@mapbox/node-pre-gyp@1.0.11

ieee754@1.2.1

qs@6.7.0

sprintf-js@1.0.3

tough-cookie@4.0.0

N/A

3 Packages, Including:

cli-table@0.3.11

pause@0.0.1

retry@0.6.1

BSD Zero Clause License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

include-copyright

include-license

include-original

Cannot

hold-liable

Must

1 Packages, Including:

tslib@2.6.2

Direct Dependencies

All Dependencies CSV

ⓘ This is a list of node-red 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
@node-red/editor-api	2.1.1	22.18 kB	Apache-2.0	prod	2 4 5 1
@node-red/nodes	2.1.1	446.08 kB	Apache-2.0	prod	1 3 3
@node-red/runtime	2.1.1	100.67 kB	Apache-2.0	prod	1 1 3 1
@node-red/util	2.1.1	17.38 kB	Apache-2.0	prod	1 1 1
basic-auth	2.0.1	3.66 kB	MIT	prod
bcrypt	5.0.1	32.94 kB	MIT	prod optional	1 1
bcryptjs	2.4.3	76.21 kB	MIT	prod
express	4.17.1	53.43 kB	MIT	prod	1 1
fs-extra	10.0.0	32.9 kB	MIT	prod
node-red-admin	2.2.4	30.27 kB	Apache-2.0	prod	1 2 2
nopt	5.0.0	9.12 kB	ISC	prod optional
semver	7.3.5	25.68 kB	ISC	prod optional	1