Generated on May 18, 2024 via pnpm

npm-stats 1.2.0

Convenience module for getting back data from an NPM registry

Package summary

56

issues

11

licenses

Package created

24 Mar 2013

Version published

2 Feb 2016

Maintainers

4

Total deps

121

Direct deps

7

License

MIT

Issues

56

14 critical severity issues

JSONStream@0.6.4

Package has no specified license

Recommendation: Check the package code and files for license information

via: JSONStream@0.6.4

asn1@0.1.11

Package has no specified license

Recommendation: Check the package code and files for license information

via: request@2.45.0

assert-plus@0.1.5

Package has no specified license

Recommendation: Check the package code and files for license information

via: request@2.45.0

aws-sign2@0.5.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: request@2.45.0

browser-request@0.3.3

Package has no specified license

Recommendation: Check the package code and files for license information

via: nano@6.4.4

combined-stream@0.0.7

Package has no specified license

Recommendation: Check the package code and files for license information

via: request@2.45.0

ctype@0.5.3

Package has no specified license

Recommendation: Check the package code and files for license information

via: request@2.45.0

delayed-stream@0.0.5

Package has no specified license

Recommendation: Check the package code and files for license information

via: request@2.45.0

errs@0.3.2

Package has no specified license

Recommendation: Check the package code and files for license information

via: nano@6.4.4

event-stream@3.0.20

Package has no specified license

Recommendation: Check the package code and files for license information

via: event-stream@3.0.20

forever-agent@0.5.2

Package has no specified license

Recommendation: Check the package code and files for license information

via: request@2.45.0

mime@1.2.11

Package has no specified license

Recommendation: Check the package code and files for license information

via: request@2.45.0

oauth-sign@0.4.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: request@2.45.0

split@0.2.10

Package has no specified license

Recommendation: Check the package code and files for license information

via: event-stream@3.0.20

29 high severity issues

lodash.merge@3.3.2

Prototype Pollution in lodash.merge

Recommendation: Upgrade to version 4.6.1 or later

via: lodash.merge@3.3.2

lodash.merge@3.3.2

Prototype Pollution in lodash.merge

Recommendation: Upgrade to version 4.6.2 or later

via: lodash.merge@3.3.2

qs@1.2.2

Prototype Pollution Protection Bypass in qs

Recommendation: Upgrade to version 6.0.4 or later

via: request@2.45.0

hawk@1.1.1

Regular Expression Denial of Service in hawk

Recommendation: Upgrade to version 3.1.3 or later

via: request@2.45.0

mime@1.2.11

mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input

Recommendation: Upgrade to version 1.4.1 or later

via: request@2.45.0

hoek@0.9.1

Prototype Pollution in hoek

Recommendation: Upgrade to version 4.2.1 or later

via: request@2.45.0

hawk@1.1.1

Uncontrolled Resource Consumption in Hawk

Recommendation: Upgrade to version 9.0.1 or later

via: request@2.45.0

hoek@0.9.1

hoek subject to prototype pollution via the clone function.

Recommendation: None

via: request@2.45.0

qs@1.2.2

qs vulnerable to Prototype Pollution

Recommendation: Upgrade to version 6.2.4 or later

via: request@2.45.0

boom@0.4.2

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: request@2.45.0

caseless@0.6.0

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: request@2.45.0

cryptiles@0.2.2

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: request@2.45.0

hawk@1.1.1

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: request@2.45.0

hoek@0.9.1

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: request@2.45.0

qs@1.2.2

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: request@2.45.0

sntp@0.2.4

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: request@2.45.0

pause-stream@0.0.11

Package uses an invalid SPDX license ("(MIT OR Apache2)")

Recommendation: Validate that the package complies with your license policy

via: event-stream@3.0.20

stream-reduce@1.0.3

Package uses an invalid SPDX license ("Public Domain")

Recommendation: Validate that the package complies with your license policy

via: stream-reduce@1.0.3

boom@0.4.2

Deprecated package

via: request@2.45.0

cloudant-follow@0.17.0

Deprecated package

via: nano@6.4.4

cryptiles@0.2.2

Deprecated package

via: request@2.45.0

har-validator@5.1.5

Deprecated package

via: nano@6.4.4

hawk@1.1.1

Deprecated package

via: request@2.45.0

hoek@0.9.1

Deprecated package

via: request@2.45.0

node-uuid@1.4.8

Deprecated package

via: request@2.45.0

request@2.45.0

Deprecated package

via: request@2.45.0

request@2.88.2

Deprecated package

via: nano@6.4.4

sntp@0.2.4

Deprecated package

via: request@2.45.0

uuid@3.4.0

Deprecated package

via: nano@6.4.4

5 moderate severity issues

tunnel-agent@0.4.3

Memory Exposure in tunnel-agent

Recommendation: Upgrade to version 0.6.0 or later

via: request@2.45.0

bl@0.9.5

Remote Memory Exposure in bl

Recommendation: Upgrade to version 1.2.3 or later

via: request@2.45.0

request@2.45.0

Remote Memory Exposure in request

Recommendation: Upgrade to version 2.68.0 or later

via: request@2.45.0

tough-cookie@2.5.0

tough-cookie Prototype Pollution vulnerability

Recommendation: Upgrade to version 4.1.3 or later

via: nano@6.4.4

request@2.88.2

Server-Side Request Forgery in Request

Recommendation: None

via: nano@6.4.4 & others

8 low severity issues

boom@0.4.2

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: request@2.45.0

caseless@0.6.0

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: request@2.45.0

cryptiles@0.2.2

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: request@2.45.0

hawk@1.1.1

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: request@2.45.0

hoek@0.9.1

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: request@2.45.0

qs@1.2.2

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: request@2.45.0

sntp@0.2.4

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: request@2.45.0

stream-reduce@1.0.3

Package uses a license that is not OSI approved ("Public Domain")

Recommendation: Read and validate the license terms

via: stream-reduce@1.0.3

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

78 Packages, Including:

ajv@6.12.6

asn1@0.2.6

assert-plus@1.0.0

async@0.9.2

asynckit@0.4.0

aws4@1.12.0

bl@0.9.5

combined-stream@1.0.8

core-util-is@1.0.2

core-util-is@1.0.3

dashdash@1.14.1

debug@2.6.9

debug@3.2.7

delayed-stream@1.0.0

duplexer@0.1.2

ecc-jsbn@0.1.2

extend@3.0.2

extsprintf@1.3.0

fast-deep-equal@3.1.3

fast-json-stable-stringify@2.1.0

form-data@0.1.4

form-data@2.3.3

from@0.1.7

getpass@0.1.7

har-validator@5.1.5

http-signature@0.10.1

http-signature@1.2.0

is-typedarray@1.0.0

isarray@0.0.1

isstream@0.1.2

jsbn@0.1.1

json-schema-traverse@0.4.1

jsonparse@0.0.5

jsprim@1.4.2

lodash._arraycopy@3.0.0

lodash._arrayeach@3.0.0

lodash._basecopy@3.0.1

lodash._basefor@3.0.3

lodash._bindcallback@3.0.1

lodash._createassigner@3.1.1

lodash._getnative@3.9.1

lodash._isiterateecall@3.0.9

lodash.isarguments@3.1.0

lodash.isarray@3.0.4

lodash.isempty@4.4.0

lodash.isplainobject@3.2.0

lodash.istypedarray@3.0.6

lodash.keys@3.1.2

lodash.keysin@3.0.8

lodash.merge@3.3.2

N/A

N/A

14 Packages, Including:

JSONStream@0.6.4

asn1@0.1.11

assert-plus@0.1.5

aws-sign2@0.5.0

browser-request@0.3.3

combined-stream@0.0.7

ctype@0.5.3

delayed-stream@0.0.5

errs@0.3.2

event-stream@3.0.20

forever-agent@0.5.2

mime@1.2.11

oauth-sign@0.4.0

split@0.2.10

Apache License 2.0

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

use-patent-claims

place-warranty

Cannot

hold-liable

use-trademark

Must

include-copyright

include-license

state-changes

include-notice

10 Packages, Including:

aws-sign2@0.7.0

caseless@0.12.0

cloudant-follow@0.17.0

forever-agent@0.6.1

nano@6.4.4

oauth-sign@0.9.0

request@2.45.0

request@2.88.2

tunnel-agent@0.4.3

tunnel-agent@0.6.0

BSD

Invalid

Not OSI Approved

7 Packages, Including:

boom@0.4.2

caseless@0.6.0

cryptiles@0.2.2

hawk@1.1.1

hoek@0.9.1

qs@1.2.2

sntp@0.2.4

BSD 3-Clause "New" or "Revised" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

use-trademark

hold-liable

Must

include-copyright

include-license

4 Packages, Including:

bcrypt-pbkdf@1.0.2

qs@6.5.3

tough-cookie@2.5.0

tough-cookie@4.1.4

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

3 Packages, Including:

har-schema@2.0.0

inherits@2.0.4

json-stringify-safe@5.0.1

(AFL-2.1 OR BSD-3-Clause)

Permissive

1 Packages, Including:

json-schema@0.4.0

(MIT OR Apache2)

Invalid

1 Packages, Including:

pause-stream@0.0.11

Public Domain

Invalid

Not OSI Approved

1 Packages, Including:

stream-reduce@1.0.3

The Unlicense

Public Domain

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

private-use

modify

Cannot

include-copyright

hold-liable

Must

1 Packages, Including:

tweetnacl@0.14.5

BSD 2-Clause "Simplified" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

hold-liable

Must

include-copyright

include-license

1 Packages, Including:

uri-js@4.4.1

Direct Dependencies

7

All Dependencies CSV

ⓘ This is a list of npm-stats 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
JSONStream	0.6.4	131.33 kB	UNKNOWN	prod	1
event-stream	3.0.20	12.26 kB	UNKNOWN	prod	2 1
lodash.merge	3.3.2	4.1 kB	MIT	prod	2
nano	6.4.4	51.83 kB	Apache-2.0	prod	2 4 2
request	2.45.0	67.84 kB	Apache-2.0	prod	9 21 4 7
stream-reduce	1.0.3	1.11 kB	Public Domain	prod	1 1
through	2.3.8	4.36 kB	MIT	prod

All Versions