Home
Docs
GitHub
Get Sandworm Audit For Your App

🪱 Sandworm Audit For Your App

Run npx @sandworm/audit@latest in your app directory to generate an audit report.

We're launching Audit-as-a-service in the cloud soon! Register for early access:

Package Created
12 Jul 2013
Maintainers
6
Version Published
4 Nov 2016
Dependencies
227
Total Versions
517
License
Artistic-2.0

Issues

36

critical one critical severity issue

Insufficient Entropy in cryptiles
Recommendation: Upgrade to version 4.1.2 or later
cryptiles@2.0.5 via: node-gyp@3.4.0 & others

https://github.com/advisories/GHSA-rq8g-5pc5-wrhr

high 24 high severity issues

moderate 6 moderate severity issues

low 5 low severity issues

  • npm-user-validate@0.1.5
    Regular Expression Denial of Service in npm-user-validate Recommendation: Upgrade to version 1.0.1 or later
    via: npm-user-validate@0.1.5
  • chownr@1.0.1
    Time-of-check Time-of-use (TOCTOU) Race Condition in chownr Recommendation: Upgrade to version 1.1.0 or later
    via: chownr@1.0.1
  • sntp@1.0.9
    Package uses a license that is not OSI approved ("BSD") Recommendation: Read and validate the license terms
    via: node-gyp@3.4.0 & others
  • spdx-exceptions@2.3.0
    Package uses a license that is not OSI approved ("CC-BY-3.0") Recommendation: Read and validate the license terms
    via: init-package-json@1.9.6 & others
  • spdx-license-ids@3.0.13
    Package uses a license that is not OSI approved ("CC0-1.0") Recommendation: Read and validate the license terms
    via: init-package-json@1.9.6 & others

Licenses

MIT License

Permissive OSI Approved

Can: commercial-use modify distribute sublicense private-use
Cannot: hold-liable
Must: include-copyright include-license

ansi-regex@2.1.1 ansi-styles@2.2.1 ansicolors@0.3.2 ansistyles@0.1.3 archy@1.0.0 array-index@1.0.0 asap@2.0.6 asn1@0.2.6 assert-plus@0.2.0 assert-plus@1.0.0 asynckit@0.4.0 aws4@1.12.0 balanced-match@1.0.2 brace-expansion@1.1.11 buffer-from@1.1.2 buffer-shims@1.0.0 builtin-modules@1.1.1 builtins@0.0.7 builtins@1.0.3 chalk@1.1.3 clone@1.0.4 code-point-at@1.1.0 columnify@1.5.4 combined-stream@1.0.8 commander@2.20.3 concat-map@0.0.1 concat-stream@1.6.2 config-chain@1.1.13 core-util-is@1.0.2 core-util-is@1.0.3 dashdash@1.14.1 debug@2.6.9 debuglog@1.0.1 defaults@1.0.4 delayed-stream@1.0.0 delegates@1.0.0 duplexify@3.7.1 ecc-jsbn@0.1.2 editor@1.0.0 end-of-stream@1.4.4 es6-iterator@2.0.3 escape-string-regexp@1.0.5 extend@3.0.2 extsprintf@1.3.0 flush-write-stream@1.1.1 form-data@2.1.4 from2@1.3.0 from2@2.3.0 generate-function@2.3.1 generate-object-property@1.2.0 getpass@0.1.7 has-ansi@2.0.0 has-color@0.1.7 http-signature@1.1.1 iferr@0.1.5 imurmurhash@0.1.4 is-builtin-module@1.0.0 is-fullwidth-code-point@1.0.0 is-my-ip-valid@1.0.1 is-my-json-valid@2.20.6 is-property@1.0.2 is-typedarray@1.0.0 isarray@0.0.1 isarray@1.0.0 isstream@0.1.2 jsbn@0.1.1 json-parse-better-errors@1.0.2 jsonparse@1.3.1 jsonpointer@5.0.1 jsprim@1.4.2 lodash._baseuniq@4.6.0 lodash._createset@4.0.3 lodash._root@3.0.1 lodash.clonedeep@4.5.0 lodash.union@4.6.0 lodash.uniq@4.5.0 lodash.without@4.4.0 mime-db@1.52.0 mime-types@2.1.35 minimist@1.2.8 mkdirp@0.5.6 ms@2.0.0 node-gyp@3.4.0 node-uuid@1.4.8 number-is-nan@1.0.1 object-assign@4.1.1 os-homedir@1.0.2 os-tmpdir@1.0.2 path-array@1.0.1 path-is-absolute@1.0.1 pinkie-promise@2.0.1 pinkie@2.0.4 process-nextick-args@1.0.7 process-nextick-args@2.0.1 pump@1.0.3 pump@2.0.1 pumpify@1.5.1 punycode@1.4.1 readable-stream@1.1.14 readable-stream@2.1.5 readable-stream@2.3.8 retry@0.10.1 safe-buffer@5.1.2 safer-buffer@2.1.2 slash@1.0.0 sorted-union-stream@2.1.3 spdx-expression-parse@3.0.1 sshpk@1.17.0 stream-each@1.2.3 stream-iterate@1.2.0 stream-shift@1.0.1 string-width@1.0.2 string_decoder@0.10.31 string_decoder@1.1.1 stringstream@0.0.6 strip-ansi@3.0.1 supports-color@2.0.0 text-table@0.2.0 through@2.3.8 through2@2.0.5 typedarray@0.0.6 umask@1.1.0 unpipe@1.0.0 util-deprecate@1.0.2 util-extend@1.0.3 verror@1.10.0 wcwidth@1.0.1 xtend@4.0.2

ISC License

Permissive OSI Approved

Can: commercial-use modify distribute
Cannot: hold-liable
Must: include-copyright include-license

abbrev@1.0.9 aproba@1.0.4 are-we-there-yet@1.1.7 block-stream@0.0.9 chownr@1.0.1 console-control-strings@1.1.0 d@1.0.1 dezalgo@1.0.4 es5-ext@0.10.62 es6-symbol@3.1.3 ext@1.7.0 fs-vacuum@1.2.10 fs-write-stream-atomic@1.0.10 fs.realpath@1.0.0 fstream-ignore@1.0.5 fstream-npm@1.2.1 fstream@1.0.12 gauge@2.6.0 gauge@2.7.4 glob@7.1.7 graceful-fs@4.1.15 har-validator@2.0.6 has-unicode@2.0.1 hosted-git-info@2.1.5 inflight@1.0.6 inherits@2.0.4 ini@1.3.8 init-package-json@1.9.6 isexe@2.0.0 json-stringify-safe@5.0.1 lockfile@1.0.4 minimatch@3.1.2 mute-stream@0.0.8 next-tick@1.1.0 nopt@3.0.6 normalize-git-url@3.0.2 npm-cache-filename@1.0.2 npm-package-arg@4.2.1 npm-registry-client@7.3.0 npmlog@3.1.2 npmlog@4.0.2 once@1.4.0 osenv@0.1.5 promzard@0.3.0 proto-list@1.2.4 read-cmd-shim@1.0.5 read-installed@4.0.3 read-package-json@2.0.13 read-package-tree@5.1.6 read@1.0.7 readdir-scoped-modules@1.1.0 realize-package-specifier@3.0.3 rimraf@2.5.4 semver@5.3.0 set-blocking@2.0.0 signal-exit@3.0.7 slide@1.1.6 tar@2.2.2 type@1.2.0 type@2.7.2 uid-number@0.0.6 unique-filename@1.1.1 unique-slug@2.0.2 validate-npm-package-name@2.2.2 validate-npm-package-name@3.0.0 which@1.2.14 wide-align@1.1.5 wrappy@1.0.2 write-file-atomic@1.2.0

Apache License 2.0

Permissive OSI Approved

Can: commercial-use modify distribute sublicense private-use use-patent-claims place-warranty
Cannot: hold-liable use-trademark
Must: include-copyright include-license state-changes include-notice

aws-sign2@0.6.0 caseless@0.11.0 forever-agent@0.6.1 oauth-sign@0.8.2 request@2.78.0 spdx-correct@3.2.0 tunnel-agent@0.4.3 validate-npm-package-license@3.0.4

BSD 3-Clause "New" or "Revised" License

Permissive OSI Approved

Can: commercial-use modify distribute place-warranty
Cannot: use-trademark hold-liable
Must: include-copyright include-license

bcrypt-pbkdf@1.0.2 boom@2.10.1 cryptiles@2.0.5 hawk@3.1.3 hoek@2.16.3 qs@6.3.3 tough-cookie@2.3.4

BSD 2-Clause "Simplified" License

Permissive OSI Approved

Can: commercial-use modify distribute place-warranty
Cannot: hold-liable
Must: include-copyright include-license

cmd-shim@2.0.2 mississippi@1.2.0 normalize-package-data@2.3.8 npm-install-checks@3.0.2 npm-user-validate@0.1.5

(WTFPL OR MIT)

Permissive
opener@1.4.3 path-is-inside@1.0.2 sorted-object@2.0.1

(MIT OR Apache-2.0)

Permissive
JSONStream@1.2.1

(AFL-2.1 OR BSD-3-Clause)

Permissive
json-schema@0.4.0

(BSD-2-Clause OR MIT)

Permissive
sha@2.0.1

BSD

Invalid Not OSI Approved
sntp@1.0.9

Creative Commons Attribution 3.0 Unported

Uncategorized Not OSI Approved

Can:
Cannot:
Must:

spdx-exceptions@2.3.0

Creative Commons Zero v1.0 Universal

Public Domain Not OSI Approved

Can:
Cannot:
Must:

spdx-license-ids@3.0.13

The Unlicense

Public Domain OSI Approved

Can: commercial-use private-use modify
Cannot: include-copyright hold-liable
Must:

tweetnacl@0.14.5

Dependencies

227
Name Version Size License Type Vulnerabilities
JSONStream 1.2.1 135.32 kB (MIT OR Apache-2.0) prod
abbrev 1.0.9 1.76 kB ISC prod
ansi-regex 2.1.1 2.29 kB MIT prod dev
ansi-styles 2.2.1 2.39 kB MIT prod
ansicolors 0.3.2 2.8 kB MIT prod
ansistyles 0.1.3 2.57 kB MIT prod
aproba 1.0.4 2.45 kB ISC prod
archy 1.0.0 2.95 kB MIT prod
are-we-there-yet 1.1.7 5.11 kB ISC prod
array-index 1.0.0 5.52 kB MIT prod 1
asap 2.0.6 11.14 kB MIT prod
asn1 0.2.6 5.84 kB MIT prod
assert-plus 0.2.0 3.72 kB MIT prod
assert-plus 1.0.0 3.85 kB MIT prod
asynckit 0.4.0 7.92 kB MIT prod dev
aws-sign2 0.6.0 5.05 kB Apache-2.0 prod dev
aws4 1.12.0 8.06 kB MIT prod dev
balanced-match 1.0.2 2.61 kB MIT prod
bcrypt-pbkdf 1.0.2 10.85 kB BSD-3-Clause prod
block-stream 0.0.9 3.64 kB ISC prod
boom 2.10.1 38.57 kB BSD-3-Clause prod 21
brace-expansion 1.1.11 4.14 kB MIT prod
buffer-from 1.1.2 2.26 kB MIT prod
buffer-shims 1.0.0 2.11 kB MIT prod
builtin-modules 1.1.1 1.93 kB MIT prod
builtins 0.0.7 877 B MIT prod
builtins 1.0.3 1.59 kB MIT prod
caseless 0.11.0 5.05 kB Apache-2.0 prod dev
chalk 1.1.3 5.11 kB MIT prod dev
chownr 1.0.1 1.45 kB ISC prod 1
clone 1.0.4 4.35 kB MIT prod
cmd-shim 2.0.2 4.96 kB BSD-2-Clause prod
code-point-at 1.1.0 1.73 kB MIT prod dev
columnify 1.5.4 9.47 kB MIT prod
combined-stream 1.0.8 3.97 kB MIT prod dev
commander 2.20.3 18.26 kB MIT prod
concat-map 0.0.1 2.21 kB MIT prod
concat-stream 1.6.2 3.72 kB MIT prod dev
config-chain 1.1.13 5.84 kB MIT prod
console-control-strings 1.1.0 3.26 kB ISC prod
core-util-is 1.0.2 6.85 kB MIT prod
core-util-is 1.0.3 1.85 kB MIT prod
cryptiles 2.0.5 2.84 kB BSD-3-Clause prod 131
d 1.0.1 6.28 kB ISC prod dev 1
dashdash 1.14.1 22.99 kB MIT prod
debug 2.6.9 16.13 kB MIT prod dev peer
debuglog 1.0.1 1.88 kB MIT prod
defaults 1.0.4 1.93 kB MIT prod dev
delayed-stream 1.0.0 3.38 kB MIT prod
delegates 1.0.0 2.78 kB MIT prod
dezalgo 1.0.4 1.65 kB ISC prod
duplexify 3.7.1 4.92 kB MIT prod
ecc-jsbn 0.1.2 7.91 kB MIT prod
editor 1.0.0 1.82 kB MIT prod
end-of-stream 1.4.4 2.33 kB MIT prod
es5-ext 0.10.62 92.79 kB ISC prod dev 1
es6-iterator 2.0.3 8.07 kB MIT prod dev 1
es6-symbol 3.1.3 7.21 kB ISC prod dev 1
escape-string-regexp 1.0.5 1.54 kB MIT prod dev
ext 1.7.0 8.35 kB ISC prod
extend 3.0.2 7.09 kB MIT prod dev
extsprintf 1.3.0 8.8 kB MIT prod
flush-write-stream 1.1.1 2.47 kB MIT prod
forever-agent 0.6.1 4.92 kB Apache-2.0 prod dev
form-data 2.1.4 7.4 kB MIT prod dev
from2 1.3.0 3.26 kB MIT prod
from2 2.3.0 3.65 kB MIT prod
fs-vacuum 1.2.10 5.69 kB ISC prod
fs-write-stream-atomic 1.0.10 5.49 kB ISC prod
fs.realpath 1.0.0 4.33 kB ISC prod
fstream-ignore 1.0.5 3.81 kB ISC prod
fstream-npm 1.2.1 6.6 kB ISC prod
fstream 1.0.12 16.61 kB ISC prod
gauge 2.6.0 20.13 kB ISC prod
gauge 2.7.4 15.64 kB ISC prod
generate-function 2.3.1 3.55 kB MIT prod
generate-object-property 1.2.0 1.6 kB MIT prod
getpass 0.1.7 2.54 kB MIT prod
glob 7.1.7 15.41 kB ISC prod dev
graceful-fs 4.1.15 8 kB ISC prod dev optional
har-validator 2.0.6 5.76 kB ISC prod dev 1
has-ansi 2.0.0 1.66 kB MIT prod
has-color 0.1.7 986 B MIT prod
has-unicode 2.0.1 1.92 kB ISC prod
hawk 3.1.3 118.94 kB BSD-3-Clause prod dev 1711
hoek 2.16.3 63.68 kB BSD-3-Clause prod 11
hosted-git-info 2.1.5 4.39 kB ISC prod 1
http-signature 1.1.1 14.87 kB MIT prod dev
iferr 0.1.5 2.47 kB MIT prod
imurmurhash 0.1.4 4.21 kB MIT prod
inflight 1.0.6 1.99 kB ISC prod dev
inherits 2.0.4 1.98 kB ISC prod dev
ini 1.3.8 3.9 kB ISC prod
init-package-json 1.9.6 7.75 kB ISC prod 112
is-builtin-module 1.0.0 1.51 kB MIT prod
is-fullwidth-code-point 1.0.0 2.07 kB MIT prod dev
is-my-ip-valid 1.0.1 4.54 kB MIT prod
is-my-json-valid 2.20.6 9.57 kB MIT prod dev
is-property 1.0.2 4.39 kB MIT prod
is-typedarray 1.0.0 1.84 kB MIT prod dev
isarray 0.0.1 2.68 kB MIT prod
isarray 1.0.0 1.97 kB MIT prod dev
isexe 2.0.0 3.67 kB ISC prod
isstream 0.1.2 3.67 kB MIT prod dev
jsbn 0.1.1 13.39 kB MIT prod
json-parse-better-errors 1.0.2 2.98 kB MIT prod
json-schema 0.4.0 8.73 kB (AFL-2.1 OR BSD-3-Clause) prod
json-stringify-safe 5.0.1 3.92 kB ISC prod dev
jsonparse 1.3.1 8.35 kB MIT prod
jsonpointer 5.0.1 2.71 kB MIT prod
jsprim 1.4.2 10.63 kB MIT prod
lockfile 1.0.4 9.4 kB ISC prod
lodash._baseuniq 4.6.0 6.13 kB MIT prod
lodash._createset 4.0.3 4.02 kB MIT prod
lodash._root 3.0.1 2.08 kB MIT prod
lodash.clonedeep 4.5.0 11.36 kB MIT prod
lodash.union 4.6.0 8.31 kB MIT prod
lodash.uniq 4.5.0 6.78 kB MIT prod
lodash.without 4.4.0 7.59 kB MIT prod
mime-db 1.52.0 26.36 kB MIT prod
mime-types 2.1.35 5.46 kB MIT prod dev
minimatch 3.1.2 11.66 kB ISC prod dev
minimist 1.2.8 15.16 kB MIT prod dev
mississippi 1.2.0 4.37 kB BSD-2-Clause prod
mkdirp 0.5.6 2.95 kB MIT prod dev
ms 2.0.0 2.81 kB MIT prod
mute-stream 0.0.8 2.6 kB ISC prod
next-tick 1.1.0 3.67 kB ISC prod
node-gyp 3.4.0 394.7 kB MIT prod 11641
node-uuid 1.4.8 13.8 kB MIT prod 1
nopt 3.0.6 10.07 kB ISC prod
normalize-git-url 3.0.2 3.09 kB ISC prod
normalize-package-data 2.3.8 8.49 kB BSD-2-Clause prod 112
npm-cache-filename 1.0.2 1.69 kB ISC prod
npm-install-checks 3.0.2 3.24 kB BSD-2-Clause prod
npm-package-arg 4.2.1 4.33 kB ISC prod 1
npm-registry-client 7.3.0 104.28 kB ISC prod 11053
npm-user-validate 0.1.5 2.35 kB BSD-2-Clause prod 11
npmlog 3.1.2 6.08 kB ISC prod optional
npmlog 4.0.2 6.28 kB ISC prod
number-is-nan 1.0.1 1.43 kB MIT prod
oauth-sign 0.8.2 5.01 kB Apache-2.0 prod dev
object-assign 4.1.1 2.61 kB MIT prod dev
once 1.4.0 1.93 kB ISC prod dev
opener 1.4.3 2.84 kB (WTFPL OR MIT) prod dev
os-homedir 1.0.2 1.72 kB MIT prod dev
os-tmpdir 1.0.2 1.75 kB MIT prod
osenv 0.1.5 2.25 kB ISC prod
path-array 1.0.1 3.9 kB MIT prod 1
path-is-absolute 1.0.1 1.84 kB MIT prod dev
path-is-inside 1.0.2 1.78 kB (WTFPL OR MIT) prod dev
pinkie-promise 2.0.1 1.5 kB MIT prod 1
pinkie 2.0.4 3.84 kB MIT prod 1
process-nextick-args 1.0.7 1.88 kB MIT prod
process-nextick-args 2.0.1 1.62 kB MIT prod
promzard 0.3.0 8.95 kB ISC prod
proto-list 1.2.4 2.04 kB ISC prod
pump 1.0.3 2.92 kB MIT prod
pump 2.0.1 3.06 kB MIT prod
pumpify 1.5.1 3.4 kB MIT prod
punycode 1.4.1 7.87 kB MIT prod dev
qs 6.3.3 22.99 kB BSD-3-Clause prod dev
read-cmd-shim 1.0.5 2.07 kB ISC prod
read-installed 4.0.3 8.1 kB ISC prod 212
read-package-json 2.0.13 6.32 kB ISC prod 112
read-package-tree 5.1.6 3.9 kB ISC prod 312
read 1.0.7 2.61 kB ISC prod
readable-stream 1.1.14 20.15 kB MIT prod
readable-stream 2.1.5 36.75 kB MIT prod dev optional
readable-stream 2.3.8 25.14 kB MIT prod
readdir-scoped-modules 1.1.0 1.85 kB ISC prod 1
realize-package-specifier 3.0.3 4.95 kB ISC prod 1
request 2.78.0 55.95 kB Apache-2.0 prod dev 1941
retry 0.10.1 9.13 kB MIT prod
rimraf 2.5.4 5 kB ISC prod
safe-buffer 5.1.2 9.59 kB MIT prod
safer-buffer 2.1.2 11.75 kB MIT prod
semver 5.3.0 14.74 kB ISC prod
set-blocking 2.0.0 2.16 kB ISC prod
sha 2.0.1 3.49 kB (BSD-2-Clause OR MIT) prod
signal-exit 3.0.7 3.76 kB ISC prod dev
slash 1.0.0 1020 B MIT prod
slide 1.1.6 4.29 kB ISC prod
sntp 1.0.9 6.69 kB BSD prod 311
sorted-object 2.0.1 1.5 kB (WTFPL OR MIT) prod
sorted-union-stream 2.1.3 2.71 kB MIT prod
spdx-correct 3.2.0 7.07 kB Apache-2.0 prod 12
spdx-exceptions 2.3.0 1.34 kB CC-BY-3.0 prod 11
spdx-expression-parse 3.0.1 4.32 kB MIT prod 12
spdx-license-ids 3.0.13 3.75 kB CC0-1.0 prod 1
sshpk 1.17.0 54.41 kB MIT prod
stream-each 1.2.3 2.7 kB MIT prod
stream-iterate 1.2.0 2.36 kB MIT prod
stream-shift 1.0.1 1.8 kB MIT prod
string-width 1.0.2 2.03 kB MIT prod dev
string_decoder 0.10.31 3.52 kB MIT prod
string_decoder 1.1.1 4.72 kB MIT prod
stringstream 0.0.6 2.4 kB MIT prod dev
strip-ansi 3.0.1 1.69 kB MIT prod dev
supports-color 2.0.0 1.91 kB MIT prod peer
tar 2.2.2 211.58 kB ISC prod 6
text-table 0.2.0 3.81 kB MIT prod dev
through 2.3.8 4.36 kB MIT prod dev
through2 2.0.5 3.96 kB MIT prod
tough-cookie 2.3.4 61.15 kB BSD-3-Clause prod dev
tunnel-agent 0.4.3 5.64 kB Apache-2.0 prod dev 1
tweetnacl 0.14.5 48.5 kB Unlicense prod
type 1.2.0 17.68 kB ISC prod
type 2.7.2 19.86 kB ISC prod dev
typedarray 0.0.6 7.31 kB MIT prod
uid-number 0.0.6 2 kB ISC prod
umask 1.1.0 4.04 kB MIT prod
unique-filename 1.1.1 13.26 kB ISC prod
unique-slug 2.0.2 1.57 kB ISC prod
unpipe 1.0.0 2.05 kB MIT prod dev
util-deprecate 1.0.2 2.19 kB MIT prod
util-extend 1.0.3 1.57 kB MIT prod dev
validate-npm-package-license 3.0.4 5.54 kB Apache-2.0 prod 12
validate-npm-package-name 2.2.2 3.36 kB ISC prod
validate-npm-package-name 3.0.0 5.25 kB ISC prod
verror 1.10.0 11.99 kB MIT prod
wcwidth 1.0.1 5.68 kB MIT prod
which 1.2.14 4.06 kB ISC prod dev
wide-align 1.1.5 1.95 kB ISC prod
wrappy 1.0.2 1.64 kB ISC prod
write-file-atomic 1.2.0 2.56 kB ISC prod
xtend 4.0.2 2.47 kB MIT prod dev