Generated on Apr 14, 2024 via pnpm

prebuild 9.0.1

A command line tool for easily making prebuilt binaries for multiple versions of node, electron or node-webkit on a specific platform

prebuilt

binaries

native

Package summary

issues

licenses

Package created

25 Jul 2015

Version published

13 Jul 2019

Maintainers

Total deps

217

Direct deps

License

MIT

Issues

2 critical severity issues

critical

buffers@0.1.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: cmake-js@5.2.0

simple-mime@0.1.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: ghreleases@2.0.2

Collapse

Expand

14 high severity issues

high

tar@2.2.2

Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization

Recommendation: Upgrade to version 3.2.2 or later

via: node-gyp@3.8.0 & others

tar@2.2.2

Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization

Recommendation: Upgrade to version 4.4.18 or later

via: node-gyp@3.8.0 & others

duplexer2@0.0.2

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: ghreleases@2.0.2

source-map@0.1.32

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: cmake-js@5.2.0

url-template@2.0.8

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: ghreleases@2.0.2

chainsaw@0.1.0

Package uses an invalid SPDX license ("MIT/X11")

Recommendation: Validate that the package complies with your license policy

via: cmake-js@5.2.0

traverse@0.3.9

Package uses an invalid SPDX license ("MIT/X11")

Recommendation: Validate that the package complies with your license policy

via: cmake-js@5.2.0

memory-stream@0.0.3

Package uses an invalid SPDX license ("MMIT")

Recommendation: Validate that the package complies with your license policy

via: cmake-js@5.2.0

rc@1.2.8

Package uses a custom license expression: `(BSD-2-Clause OR MIT OR Apache-2.0)`

Recommendation: Validate that the license expression complies with your license policy

via: cmake-js@5.2.0 & others

es5-ext@0.10.64

Package uses postinstall script: " node -e "try{require('./_postinstall')}catch(e){}" || exit 0"

via: node-ninja@1.0.2

har-validator@5.1.5

Deprecated package

via: cmake-js@5.2.0 & others

request@2.88.2

Deprecated package

via: cmake-js@5.2.0 & others

tar@2.2.2

Deprecated package

via: node-gyp@3.8.0 & others

uuid@3.4.0

Deprecated package

via: cmake-js@5.2.0 & others

Collapse

Expand

5 moderate severity issues

moderate

semver@4.3.6

semver vulnerable to Regular Expression Denial of Service

Recommendation: Upgrade to version 5.7.2 or later

via: cmake-js@5.2.0 & others

tough-cookie@2.5.0

tough-cookie Prototype Pollution vulnerability

Recommendation: Upgrade to version 4.1.3 or later

via: cmake-js@5.2.0 & others

request@2.88.2

Server-Side Request Forgery in Request

Recommendation: None

via: cmake-js@5.2.0 & others

tar@4.4.19

Denial of service while parsing a tar file due to lack of folders count validation

Recommendation: Upgrade to version 6.2.1 or later

via: cmake-js@5.2.0 & others

node-ninja@1.0.2

Package uses a problematic Weakly Protective license ("MPL-2.0")

Recommendation: Validate that the package complies with your license policy

via: node-ninja@1.0.2

Collapse

Expand

6 low severity issues

low

duplexer2@0.0.2

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: ghreleases@2.0.2

source-map@0.1.32

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: cmake-js@5.2.0

url-template@2.0.8

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: ghreleases@2.0.2

chainsaw@0.1.0

Package uses a license that is not OSI approved ("MIT/X11")

Recommendation: Read and validate the license terms

via: cmake-js@5.2.0

traverse@0.3.9

Package uses a license that is not OSI approved ("MIT/X11")

Recommendation: Read and validate the license terms

via: cmake-js@5.2.0

memory-stream@0.0.3

Package uses a license that is not OSI approved ("MMIT")

Recommendation: Read and validate the license terms

via: cmake-js@5.2.0

Collapse

Expand

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

137 Packages, Including:

after@0.8.2

ajv@6.12.6

ansi-regex@2.1.1

ansi@0.3.1

array-index@1.0.0

asn1@0.2.6

assert-plus@1.0.0

async@2.6.4

asynckit@0.4.0

aws4@1.12.0

balanced-match@1.0.2

binary@0.3.0

bl@1.2.3

bl@3.0.1

bluebird@3.4.7

bluebird@3.7.2

brace-expansion@1.1.11

buffer-alloc-unsafe@1.1.0

buffer-alloc@1.2.0

buffer-fill@1.0.0

buffer-from@0.1.2

buffer-indexof-polyfill@1.0.2

buffer-shims@1.0.0

camelcase@2.1.1

cmake-js@5.2.0

code-point-at@1.1.0

combined-stream@1.0.8

commander@2.20.3

commander@2.9.0

concat-map@0.0.1

core-util-is@1.0.2

core-util-is@1.0.3

dashdash@1.14.1

debug@2.6.9

debug@4.3.4

decamelize@1.2.0

deep-extend@0.6.0

delayed-stream@1.0.0

delegates@1.0.0

ecc-jsbn@0.1.2

end-of-stream@1.4.4

es6-iterator@2.0.3

event-emitter@0.3.5

execspawn@1.0.1

extend@3.0.2

extsprintf@1.3.0

fast-deep-equal@3.1.3

fast-json-stable-stringify@2.1.0

form-data@2.3.3

fs-constants@1.0.0

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

53 Packages, Including:

abbrev@1.1.1

aproba@1.2.0

are-we-there-yet@1.0.6

are-we-there-yet@1.1.7

block-stream@0.0.9

chownr@1.1.4

cliui@3.2.0

console-control-strings@1.1.0

d@1.0.2

es5-ext@0.10.64

es6-symbol@3.1.4

esniff@2.0.1

ext@1.7.0

fs-minipass@1.2.7

fs.realpath@1.0.0

fstream@1.0.12

gauge@1.2.7

gauge@2.7.4

glob@5.0.15

glob@7.2.3

graceful-fs@4.2.11

har-schema@2.0.0

has-unicode@2.0.1

inflight@1.0.6

inherits@2.0.4

ini@1.3.8

isexe@2.0.0

json-stringify-safe@5.0.1

listenercount@1.0.1

minimatch@3.1.2

minipass@2.9.0

next-tick@1.1.0

nopt@3.0.6

npmlog@1.2.1

npmlog@2.0.4

npmlog@4.1.2

once@1.4.0

osenv@0.1.5

rimraf@2.7.1

semver@4.3.6

semver@5.3.0

semver@5.7.2

set-blocking@2.0.0

signal-exit@3.0.7

splitargs@0.0.7

tar@2.2.2

tar@4.4.19

type@2.7.2

which@1.3.1

wide-align@1.1.5

Apache License 2.0

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

use-patent-claims

place-warranty

Cannot

hold-liable

use-trademark

Must

include-copyright

include-license

state-changes

include-notice

8 Packages, Including:

aws-sign2@0.7.0

caseless@0.12.0

detect-libc@1.0.3

forever-agent@0.6.1

oauth-sign@0.9.0

request@2.88.2

traceur@0.0.111

tunnel-agent@0.6.0

BSD 3-Clause "New" or "Revised" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

use-trademark

hold-liable

Must

include-copyright

include-license

4 Packages, Including:

bcrypt-pbkdf@1.0.2

duplexer2@0.1.4

qs@6.5.3

tough-cookie@2.5.0

BSD

Invalid

Not OSI Approved

3 Packages, Including:

duplexer2@0.0.2

source-map@0.1.32

url-template@2.0.8

The Unlicense

Public Domain

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

private-use

modify

Cannot

include-copyright

hold-liable

Must

2 Packages, Including:

big-integer@1.6.52

tweetnacl@0.14.5

N/A

2 Packages, Including:

buffers@0.1.1

simple-mime@0.1.0

MIT/X11

Invalid

Not OSI Approved

2 Packages, Including:

chainsaw@0.1.0

traverse@0.3.9

BSD-3-Clause OR MIT

Permissive

1 Packages, Including:

amdefine@1.0.1

(AFL-2.1 OR BSD-3-Clause)

Permissive

1 Packages, Including:

json-schema@0.4.0

MMIT

Invalid

Not OSI Approved

1 Packages, Including:

memory-stream@0.0.3

Mozilla Public License 2.0

Weakly Protective

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

place-warranty

use-patent-claims

Cannot

use-trademark

hold-liable

Must

include-copyright

include-license

disclose-source

include-original

1 Packages, Including:

node-ninja@1.0.2

(BSD-2-Clause OR MIT OR Apache-2.0)

Expression

1 Packages, Including:

rc@1.2.8

BSD 2-Clause "Simplified" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

hold-liable

Must

include-copyright

include-license

1 Packages, Including:

uri-js@4.4.1

Direct Dependencies

All Dependencies CSV

ⓘ This is a list of prebuild 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
async	2.6.4	120.04 kB	MIT	prod
cmake-js	5.2.0	41.6 kB	MIT	prod	1 8 4 4
detect-libc	1.0.3	6.13 kB	Apache-2.0	prod
execspawn	1.0.1	1.92 kB	MIT	prod
ghreleases	2.0.2	27.56 kB	MIT	prod	1 2 2
github-from-package	0.0.0	2.07 kB	MIT	prod
minimist	1.2.8	15.16 kB	MIT	prod
mkdirp	0.5.6	2.95 kB	MIT	prod
napi-build-utils	1.0.2	4.47 kB	MIT	prod
node-abi	2.30.1	8.42 kB	MIT	prod
node-gyp	3.8.0	384.33 kB	MIT	prod	6 4
node-ninja	1.0.2	393.75 kB	MPL-2.0	prod	7 4
noop-logger	0.1.1	1.29 kB	MIT	prod
npm-which	3.0.1	4.62 kB	MIT	prod
npmlog	4.1.2	6.36 kB	ISC	prod
nw-gyp	3.6.6	43.59 MB	MIT	prod	6 4
osenv	0.1.5	2.25 kB	ISC	prod
rc	1.2.8	6.98 kB	(BSD-2-Clause OR MIT OR Apache-2.0)	prod	1
tar-stream	1.6.2	8.13 kB	MIT	prod