Generated on May 31, 2024 via pnpm

Npm

Home

prebuild 7.2.0

A command line tool for easily doing prebuilds for multiple versions of node/iojs or electron on a specific platform

prebuilt

binaries

native

Package summary

issues

licenses

Package created

25 Jul 2015

Version published

19 Jan 2018

Maintainers

Total deps

159

Direct deps

License

MIT

Issues

1 critical severity issue

critical

simple-mime@0.1.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: ghreleases@1.0.7

Collapse

Expand

10 high severity issues

high

tar@2.2.2

Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization

Recommendation: Upgrade to version 3.2.2 or later

via: node-gyp@3.8.0 & others

tar@2.2.2

Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization

Recommendation: Upgrade to version 4.4.18 or later

via: node-gyp@3.8.0 & others

duplexer2@0.0.2

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: ghreleases@1.0.7

url-template@2.0.8

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: ghreleases@1.0.7

rc@1.2.8

Package uses a custom license expression: `(BSD-2-Clause OR MIT OR Apache-2.0)`

Recommendation: Validate that the license expression complies with your license policy

via: rc@1.2.8

es5-ext@0.10.64

Package uses postinstall script: " node -e "try{require('./_postinstall')}catch(e){}" || exit 0"

via: node-ninja@1.0.2

har-validator@5.1.5

Deprecated package

via: node-gyp@3.8.0 & others

request@2.88.2

Deprecated package

via: node-gyp@3.8.0 & others

tar@2.2.2

Deprecated package

via: node-gyp@3.8.0 & others

uuid@3.4.0

Deprecated package

via: node-gyp@3.8.0 & others

Collapse

Expand

5 moderate severity issues

moderate

semver@5.3.0

semver vulnerable to Regular Expression Denial of Service

Recommendation: Upgrade to version 5.7.2 or later

via: node-gyp@3.8.0

tough-cookie@2.5.0

tough-cookie Prototype Pollution vulnerability

Recommendation: Upgrade to version 4.1.3 or later

via: node-gyp@3.8.0 & others

request@2.88.2

Server-Side Request Forgery in Request

Recommendation: None

via: node-gyp@3.8.0 & others

tar@2.2.2

Denial of service while parsing a tar file due to lack of folders count validation

Recommendation: Upgrade to version 6.2.1 or later

via: node-gyp@3.8.0 & others

node-ninja@1.0.2

Package uses a problematic Weakly Protective license ("MPL-2.0")

Recommendation: Validate that the package complies with your license policy

via: node-ninja@1.0.2

Collapse

Expand

2 low severity issues

low

duplexer2@0.0.2

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: ghreleases@1.0.7

url-template@2.0.8

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: ghreleases@1.0.7

Collapse

Expand

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

101 Packages, Including:

after@0.8.2

ajv@6.12.6

ansi-regex@2.1.1

ansi@0.3.1

array-index@1.0.0

asn1@0.2.6

assert-plus@1.0.0

async@2.6.4

asynckit@0.4.0

aws4@1.13.0

balanced-match@1.0.2

bl@1.2.3

bl@3.0.1

brace-expansion@1.1.11

buffer-alloc-unsafe@1.1.0

buffer-alloc@1.2.0

buffer-fill@1.0.0

buffer-from@0.1.2

code-point-at@1.1.0

combined-stream@1.0.8

concat-map@0.0.1

core-util-is@1.0.2

core-util-is@1.0.3

dashdash@1.14.1

debug@2.6.9

deep-extend@0.6.0

delayed-stream@1.0.0

delegates@1.0.0

ecc-jsbn@0.1.2

end-of-stream@1.4.4

es6-iterator@2.0.3

event-emitter@0.3.5

execspawn@1.0.1

extend@3.0.2

extsprintf@1.3.0

fast-deep-equal@3.1.3

fast-json-stable-stringify@2.1.0

form-data@2.3.3

fs-constants@1.0.0

getpass@0.1.7

ghreleases@1.0.7

ghrepos@2.1.0

ghutils@3.2.6

github-from-package@0.0.0

har-validator@5.1.5

http-signature@1.2.0

hyperquest@2.1.3

is-fullwidth-code-point@1.0.0

is-typedarray@1.0.0

isarray@0.0.1

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

40 Packages, Including:

abbrev@1.1.1

aproba@1.2.0

are-we-there-yet@1.1.7

block-stream@0.0.9

console-control-strings@1.1.0

d@1.0.2

es5-ext@0.10.64

es6-symbol@3.1.4

esniff@2.0.1

ext@1.7.0

fs.realpath@1.0.0

fstream@1.0.12

gauge@1.2.7

gauge@2.7.4

glob@7.2.3

graceful-fs@4.2.11

har-schema@2.0.0

has-unicode@2.0.1

inflight@1.0.6

inherits@2.0.4

ini@1.3.8

isexe@2.0.0

json-stringify-safe@5.0.1

minimatch@3.1.2

next-tick@1.1.0

nopt@3.0.6

npmlog@2.0.4

npmlog@4.1.2

once@1.4.0

osenv@0.1.5

rimraf@2.7.1

semver@5.3.0

semver@5.7.2

set-blocking@2.0.0

signal-exit@3.0.7

tar@2.2.2

type@2.7.3

which@1.3.1

wide-align@1.1.5

wrappy@1.0.2

Apache License 2.0

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

use-patent-claims

place-warranty

Cannot

hold-liable

use-trademark

Must

include-copyright

include-license

state-changes

include-notice

7 Packages, Including:

aws-sign2@0.7.0

caseless@0.12.0

detect-libc@1.0.3

forever-agent@0.6.1

oauth-sign@0.9.0

request@2.88.2

tunnel-agent@0.6.0

BSD 3-Clause "New" or "Revised" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

use-trademark

hold-liable

Must

include-copyright

include-license

3 Packages, Including:

bcrypt-pbkdf@1.0.2

qs@6.5.3

tough-cookie@2.5.0

BSD

Invalid

Not OSI Approved

2 Packages, Including:

duplexer2@0.0.2

url-template@2.0.8

(AFL-2.1 OR BSD-3-Clause)

Permissive

1 Packages, Including:

json-schema@0.4.0

Mozilla Public License 2.0

Weakly Protective

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

place-warranty

use-patent-claims

Cannot

use-trademark

hold-liable

Must

include-copyright

include-license

disclose-source

include-original

1 Packages, Including:

node-ninja@1.0.2

(BSD-2-Clause OR MIT OR Apache-2.0)

Expression

1 Packages, Including:

rc@1.2.8

N/A

1 Packages, Including:

simple-mime@0.1.0

The Unlicense

Public Domain

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

private-use

modify

Cannot

include-copyright

hold-liable

Must

1 Packages, Including:

tweetnacl@0.14.5

BSD 2-Clause "Simplified" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

hold-liable

Must

include-copyright

include-license

1 Packages, Including:

uri-js@4.4.1

Direct Dependencies

All Dependencies CSV

ⓘ This is a list of prebuild 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
async	2.6.4	120.04 kB	MIT	prod
detect-libc	1.0.3	6.13 kB	Apache-2.0	prod
execspawn	1.0.1	1.92 kB	MIT	prod
ghreleases	1.0.7	27.5 kB	MIT	prod	1 2 2
github-from-package	0.0.0	2.07 kB	MIT	prod
minimist	1.2.8	15.16 kB	MIT	prod
mkdirp	0.5.6	2.95 kB	MIT	prod
node-abi	2.30.1	8.42 kB	MIT	prod
node-gyp	3.8.0	384.33 kB	MIT	prod	6 4
node-ninja	1.0.2	393.75 kB	MPL-2.0	prod	7 4
noop-logger	0.1.1	1.29 kB	MIT	prod
npmlog	4.1.2	6.36 kB	ISC	prod
osenv	0.1.5	2.25 kB	ISC	prod
rc	1.2.8	6.98 kB	(BSD-2-Clause OR MIT OR Apache-2.0)	prod	1
tar-stream	1.6.2	8.13 kB	MIT	prod
xtend	4.0.2	2.47 kB	MIT	prod