Generated on Dec 2, 2023 via pnpm

peerflix 0.39.0

Streaming torrent client for Node.js

Package summary

46

issues

13

licenses

Package created

14 Mar 2013

Version published

9 Jun 2018

Maintainers

1

Total deps

266

Direct deps

17

License

MIT

Issues

46

18 critical severity issues

open@0.0.5

Command Injection in open

Recommendation: Upgrade to version 6.0.0 or later

via: open@0.0.5

xmldom@0.1.31

xmldom allows multiple root nodes in a DOM

Recommendation: None

via: airplayer@2.0.0

lodash@3.10.1

Prototype Pollution in lodash

Recommendation: Upgrade to version 4.17.12 or later

via: airplayer@2.0.0

minimist@0.0.10

Prototype Pollution in minimist

Recommendation: Upgrade to version 0.2.4 or later

via: optimist@0.6.1

plist@1.2.0

Prototype pollution in Plist before 3.0.5 can cause denial of service

Recommendation: Upgrade to version 3.0.5 or later

via: airplayer@2.0.0

bncode@0.2.3

Package has no specified license

Recommendation: Check the package code and files for license information

via: torrent-stream@1.2.1

bncode@0.5.3

Package has no specified license

Recommendation: Check the package code and files for license information

via: torrent-stream@1.2.1

clivas@0.2.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: clivas@0.2.0

cyclist@0.1.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: torrent-stream@1.2.1

flatten@0.0.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: torrent-stream@1.2.1

options@0.0.6

Package has no specified license

Recommendation: Check the package code and files for license information

via: torrent-stream@1.2.1

peer-wire-protocol@0.7.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: torrent-stream@1.2.1

peer-wire-swarm@0.12.2

Package has no specified license

Recommendation: Check the package code and files for license information

via: torrent-stream@1.2.1

speedometer@0.1.4

Package has no specified license

Recommendation: Check the package code and files for license information

via: torrent-stream@1.2.1

thirty-two@0.0.2

Package has no specified license

Recommendation: Check the package code and files for license information

via: torrent-stream@1.2.1

thirty-two@1.0.2

Package has no specified license

Recommendation: Check the package code and files for license information

via: parse-torrent@5.9.1

torrent-stream@1.2.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: torrent-stream@1.2.1

utp@0.0.7

Package has no specified license

Recommendation: Check the package code and files for license information

via: torrent-stream@1.2.1

15 high severity issues

ws@2.3.1

Denial of Service in ws

Recommendation: Upgrade to version 3.3.1 or later

via: torrent-stream@1.2.1

lodash@3.10.1

Prototype Pollution in lodash

Recommendation: Upgrade to version 4.17.19 or later

via: airplayer@2.0.0

lodash@3.10.1

Command Injection in lodash

Recommendation: Upgrade to version 4.17.21 or later

via: airplayer@2.0.0

lodash@3.10.1

Prototype Pollution in lodash

Recommendation: Upgrade to version 4.17.11 or later

via: airplayer@2.0.0

trim-newlines@1.0.0

Uncontrolled Resource Consumption in trim-newlines

Recommendation: Upgrade to version 3.0.1 or later

via: airplayer@2.0.0

hat@0.0.3

Package uses an invalid SPDX license ("MIT/X11")

Recommendation: Validate that the package complies with your license policy

via: torrent-stream@1.2.1

optimist@0.6.1

Package uses an invalid SPDX license ("MIT/X11")

Recommendation: Validate that the package complies with your license policy

via: optimist@0.6.1

bitfield@0.1.0

Package uses an invalid SPDX license ("-")

Recommendation: Validate that the package complies with your license policy

via: torrent-stream@1.2.1

compact2string@1.4.1

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: torrent-stream@1.2.1

rc@1.2.8

Package uses a custom license expression: `(BSD-2-Clause OR MIT OR Apache-2.0)`

Recommendation: Validate that the license expression complies with your license policy

via: rc@1.2.8

spdx-exceptions@2.3.0

Package uses an atypical license ("CC-BY-3.0")

Recommendation: Read and validate the license terms

via: airplayer@2.0.0

flatten@0.0.1

Deprecated package

via: torrent-stream@1.2.1

mkdirp@0.3.5

Deprecated package

via: torrent-stream@1.2.1

parse-torrent-file@2.1.4

Deprecated package

via: torrent-stream@1.2.1

xmldom@0.1.31

Deprecated package

via: airplayer@2.0.0

6 moderate severity issues

lodash@3.10.1

Regular Expression Denial of Service (ReDoS) in lodash

Recommendation: Upgrade to version 4.17.11 or later

via: airplayer@2.0.0

xmldom@0.1.31

Misinterpretation of malicious XML input

Recommendation: Upgrade to version 0.7.0 or later

via: airplayer@2.0.0

xmldom@0.1.31

Misinterpretation of malicious XML input

Recommendation: Upgrade to version 0.5.0 or later

via: airplayer@2.0.0

lodash@3.10.1

Regular Expression Denial of Service (ReDoS) in lodash

Recommendation: Upgrade to version 4.17.21 or later

via: airplayer@2.0.0

minimist@0.0.10

Prototype Pollution in minimist

Recommendation: Upgrade to version 0.2.1 or later

via: optimist@0.6.1

bep53-range@1.1.1

Package has no specified source code repository

via: parse-torrent@5.9.1

7 low severity issues

lodash@3.10.1

Prototype Pollution in lodash

Recommendation: Upgrade to version 4.17.5 or later

via: airplayer@2.0.0

hat@0.0.3

Package uses a license that is not OSI approved ("MIT/X11")

Recommendation: Read and validate the license terms

via: torrent-stream@1.2.1

optimist@0.6.1

Package uses a license that is not OSI approved ("MIT/X11")

Recommendation: Read and validate the license terms

via: optimist@0.6.1

bitfield@0.1.0

Package uses a license that is not OSI approved ("-")

Recommendation: Read and validate the license terms

via: torrent-stream@1.2.1

compact2string@1.4.1

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: torrent-stream@1.2.1

spdx-exceptions@2.3.0

Package uses a license that is not OSI approved ("CC-BY-3.0")

Recommendation: Read and validate the license terms

via: airplayer@2.0.0

spdx-license-ids@3.0.16

Package uses a license that is not OSI approved ("CC0-1.0")

Recommendation: Read and validate the license terms

via: airplayer@2.0.0

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

221 Packages, Including:

addr-to-ip-port@1.5.4

airplay-protocol@2.0.2

airplayer@2.0.0

ansi-escapes@3.2.0

ansi-regex@2.1.1

ansi-regex@3.0.1

ansi-styles@2.2.1

ansi-styles@3.2.1

appendable-cli-menu@2.0.0

array-find-index@1.0.2

array-flatten@2.1.2

balanced-match@1.0.2

base64-js@0.0.8

bencode@0.7.0

bencode@0.8.0

bencode@2.0.3

bep53-range@1.1.1

bittorrent-dht@6.4.2

bittorrent-tracker@7.7.0

blob-to-buffer@1.2.9

bn.js@4.12.0

bonjour@3.5.0

bplist-creator@0.0.6

bplist-parser@0.1.1

brace-expansion@1.1.11

buffer-alloc-unsafe@1.1.0

buffer-alloc@1.2.0

buffer-equal@0.0.1

buffer-equals@1.0.4

buffer-fill@1.0.0

buffer-from@1.1.2

buffer-indexof@1.1.1

call-bind@1.0.5

camelcase-keys@2.1.0

camelcase@2.1.1

chalk@1.1.3

chalk@2.4.2

chardet@0.4.2

chrome-dgram@3.0.6

chrome-dns@1.0.1

chrome-net@3.3.4

cli-cursor@2.1.0

code-point-at@1.1.0

color-convert@1.9.3

color-name@1.1.3

concat-map@0.0.1

concat-stream@1.6.2

consume-http-header@1.0.0

consume-until@1.0.0

core-util-is@1.0.3

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

17 Packages, Including:

cli-width@2.2.1

fs.realpath@1.0.0

glob@7.2.3

graceful-fs@4.2.11

hosted-git-info@2.8.9

inflight@1.0.6

inherits@2.0.4

ini@1.3.8

minimatch@3.1.2

mute-stream@0.0.7

once@1.3.3

once@1.4.0

rimraf@2.7.1

semver@5.7.2

server-destroy@1.0.1

signal-exit@3.0.7

wrappy@1.0.2

N/A

N/A

13 Packages, Including:

bncode@0.2.3

bncode@0.5.3

clivas@0.2.0

cyclist@0.1.1

flatten@0.0.1

options@0.0.6

peer-wire-protocol@0.7.1

peer-wire-swarm@0.12.2

speedometer@0.1.4

thirty-two@0.0.2

thirty-two@1.0.2

torrent-stream@1.2.1

utp@0.0.7

Apache License 2.0

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

use-patent-claims

place-warranty

Cannot

hold-liable

use-trademark

Must

include-copyright

include-license

state-changes

include-notice

3 Packages, Including:

rxjs@5.5.12

spdx-correct@3.2.0

validate-npm-package-license@3.0.4

The Unlicense

Public Domain

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

private-use

modify

Cannot

include-copyright

hold-liable

Must

2 Packages, Including:

big-integer@1.6.52

stream-buffers@2.2.0

MIT/X11

Invalid

Not OSI Approved

2 Packages, Including:

hat@0.0.3

optimist@0.6.1

BSD 2-Clause "Simplified" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

hold-liable

Must

include-copyright

include-license

2 Packages, Including:

normalize-package-data@2.5.0

winreg@1.2.4

-

Invalid

Not OSI Approved

1 Packages, Including:

bitfield@0.1.0

BSD

Invalid

Not OSI Approved

1 Packages, Including:

compact2string@1.4.1

(BSD-2-Clause OR MIT OR Apache-2.0)

Expression

1 Packages, Including:

rc@1.2.8

Creative Commons Attribution 3.0 Unported

Uncategorized

Not OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

Cannot

Must

1 Packages, Including:

spdx-exceptions@2.3.0

Creative Commons Zero v1.0 Universal

Public Domain

Not OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

Cannot

Must

1 Packages, Including:

spdx-license-ids@3.0.16

(LGPL-2.0 or MIT)

Permissive

1 Packages, Including:

xmldom@0.1.31

Direct Dependencies

17

All Dependencies CSV

ⓘ This is a list of peerflix 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
airplayer	2.0.0	3.48 kB	MIT	prod optional	3 6 4 3
buffer-from	1.1.2	2.26 kB	MIT	prod optional
clivas	0.2.0	2.26 kB	UNKNOWN	prod	1
inquirer	5.2.0	18.38 kB	MIT	prod
keypress	0.2.1	4.97 kB	MIT	prod optional
mime	2.6.0	18.29 kB	MIT	prod
network-address	1.1.2	2.16 kB	MIT	prod
numeral	2.0.6	44.32 kB	MIT	prod
open	0.0.5	7.31 kB	MIT	prod	1
optimist	0.6.1	12.06 kB	MIT/X11	prod	1 1 1 1
parse-torrent	5.9.1	10.65 kB	MIT	prod	1 1
pump	2.0.1	3.06 kB	MIT	prod
range-parser	1.2.1	3.52 kB	MIT	prod optional
rc	1.2.8	6.98 kB	(BSD-2-Clause OR MIT OR Apache-2.0)	prod	1
torrent-stream	1.2.1	66.86 kB	UNKNOWN	prod	11 7 3
winreg	1.2.4	9.79 kB	BSD-2-Clause	prod
xtend	4.0.2	2.47 kB	MIT	prod

Recent Versions