Home
Docs
GitHub
Pricing
Blog
Log In

Run Sandworm Audit for your App

Get started
Hold on, we're currently generating a fresh version of this report
Generated on Feb 13, 2024 via pnpm

pngquant 4.2.0

The pngquant utility as a readable/writable stream
Package summary
Share
10
issues
6
high severity
vulnerability
2
license
2
meta
2
1
moderate severity
vulnerability
1
3
low severity
vulnerability
1
license
2
7
licenses
152
MIT
14
ISC
4
BSD-3-Clause
5
other licenses
Apache-2.0
2
BSD-2-Clause
1
BSD
1
GPL-3.0+
1
Package created
1 Dec 2012
Version published
20 Jul 2023
Maintainers
2
Total deps
175
Direct deps
3
License
BSD-3-Clause

Issues

10

6 high severity issues

high
Recommendation: Upgrade to version 4.1.1 or later
via: pngquant-bin@6.0.1
Recommendation: Upgrade to version 3.1.3 or later
via: pngquant-bin@6.0.1
Recommendation: Validate that the package complies with your license policy
via: memoizeasync@1.1.0
Recommendation: Validate that the package complies with your license policy
via: pngquant-bin@6.0.1
via: pngquant-bin@6.0.1
via: pngquant-bin@6.0.1
Collapse
Expand

1 moderate severity issue

moderate
Recommendation: Upgrade to version 11.8.5 or later
via: pngquant-bin@6.0.1
Collapse
Expand

3 low severity issues

low
Recommendation: Upgrade to version 3.1.4 or later
via: pngquant-bin@6.0.1
Recommendation: Read and validate the license terms
via: memoizeasync@1.1.0
via: pngquant-bin@6.0.1
Collapse
Expand

Licenses

MIT License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
Cannot
hold-liable
Must
include-copyright
include-license
152 Packages, Including:
@sindresorhus/is@0.7.0
@types/keyv@3.1.4
@types/node@20.11.17
@types/responselike@1.0.3
arch@2.2.0
archive-type@4.0.0
base64-js@1.5.1
bin-build@3.0.0
bin-check@4.1.0
bin-version-check@4.0.0
bin-version@3.1.0
bin-wrapper@4.1.0
bl@1.2.3
buffer-alloc-unsafe@1.1.0
buffer-alloc@1.2.0
buffer-crc32@0.2.13
buffer-fill@1.0.0
buffer@5.7.1
cacheable-request@2.1.4
caw@2.0.1
clone-response@1.0.2
commander@2.20.3
config-chain@1.1.13
content-disposition@0.5.4
core-util-is@1.0.3
cross-spawn@5.1.0
cross-spawn@6.0.5
cross-spawn@7.0.3
decode-uri-component@0.2.2
decompress-response@3.3.0
decompress-tar@4.1.1
decompress-tarbz2@4.1.1
decompress-targz@4.1.1
decompress-unzip@4.0.1
decompress@4.2.1
download@6.2.5
download@7.1.0
end-of-stream@1.4.4
escape-string-regexp@1.0.5
execa@0.7.0
execa@1.0.0
execa@4.1.0
executable@4.1.1
ext-list@2.2.2
ext-name@5.0.0
fd-slicer@1.1.0
file-type@3.9.0
file-type@4.4.0
file-type@5.2.0
file-type@6.2.0

ISC License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
Cannot
hold-liable
Must
include-copyright
include-license
14 Packages, Including:
graceful-fs@4.2.11
inherits@2.0.4
ini@1.3.8
isexe@2.0.0
lru-cache@4.1.5
once@1.4.0
proto-list@1.2.4
pseudomap@1.0.2
semver@5.7.2
signal-exit@3.0.7
which@1.3.1
which@2.0.2
wrappy@1.0.2
yallist@2.1.2

BSD 3-Clause "New" or "Revised" License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
place-warranty
Cannot
use-trademark
hold-liable
Must
include-copyright
include-license
4 Packages, Including:
duplexer3@0.1.5
ieee754@1.2.1
passerror@1.1.1
pngquant@4.2.0

Apache License 2.0

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
use-patent-claims
place-warranty
Cannot
hold-liable
use-trademark
Must
include-copyright
include-license
state-changes
include-notice
2 Packages, Including:
human-signals@1.1.1
tunnel-agent@0.6.0

BSD 2-Clause "Simplified" License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
place-warranty
Cannot
hold-liable
Must
include-copyright
include-license
1 Packages, Including:
http-cache-semantics@3.8.1

BSD

Invalid
Not OSI Approved
1 Packages, Including:
memoizeasync@1.1.0

GNU General Public License v3.0 or later

Strongly Protective
OSI Approved
Deprecated
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
place-warranty
use-patent-claims
Cannot
sublicense
hold-liable
Must
include-original
state-changes
disclose-source
include-license
include-copyright
include-install-instructions
1 Packages, Including:
pngquant-bin@6.0.1
Disclaimer

This deed highlights only some of the key features and terms of the actual license. It is not a license and has no legal value. You should carefully review all of the terms and conditions of the actual license before using the licensed material.

Sandworm is not a law firm and does not provide legal services. Distributing, displaying, or linking to this deed or the license that it summarizes does not create a lawyer-client or any other relationship.

Direct Dependencies

3
All Dependencies CSV
β“˜ This is a list of pngquant 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.
NameVersionSizeLicenseTypeVulnerabilities
memoizeasync1.1.010.67 kBBSD
prod
1
1
pngquant-bin6.0.1154.88 kBGPL-3.0+
prod optional
5
1
2
which2.0.24.39 kBISC
prod optional

Visualizations