Home
Docs
GitHub
Get Sandworm Audit For Your App

🪱 Sandworm Audit For Your App

Run npx @sandworm/audit@latest in your app directory to generate an audit report.

We're launching Audit-as-a-service in the cloud soon! Register for early access:

request 2.78.0

Simplified HTTP request client.
Package Created
22 Jan 2011
Maintainers
4
Version Published
3 Nov 2016
Dependencies
62
Total Versions
126
License
Apache-2.0

Issues

16

critical one critical severity issue

Insufficient Entropy in cryptiles
Recommendation: Upgrade to version 4.1.2 or later
cryptiles@2.0.5 via: hawk@3.1.3

https://github.com/advisories/GHSA-rq8g-5pc5-wrhr

high 9 high severity issues

  • hawk@3.1.3
    Uncontrolled Resource Consumption in Hawk Recommendation: Upgrade to version 9.0.1 or later
    via: hawk@3.1.3
  • sntp@1.0.9
    Package uses an invalid SPDX license ("BSD") Recommendation: Validate that the package complies with your license policy
    via: hawk@3.1.3
  • boom@2.10.1
    Deprecated package
    via: hawk@3.1.3
  • cryptiles@2.0.5
    Deprecated package
    via: hawk@3.1.3
  • hawk@3.1.3
    Deprecated package
    via: hawk@3.1.3
  • hoek@2.16.3
    Deprecated package
    via: hawk@3.1.3
  • node-uuid@1.4.8
    Deprecated package
    via: node-uuid@1.4.8
  • request@2.78.0
    Deprecated package
    via: request@2.78.0
  • sntp@1.0.9
    Deprecated package
    via: hawk@3.1.3

moderate 5 moderate severity issues

low one low severity issue

Package uses a license that is not OSI approved ("BSD")
Recommendation: Read and validate the license terms
sntp@1.0.9 via: hawk@3.1.3

Licenses

MIT License

Permissive OSI Approved

Can: commercial-use modify distribute sublicense private-use
Cannot: hold-liable
Must: include-copyright include-license

ansi-regex@2.1.1 ansi-styles@2.2.1 asn1@0.2.6 assert-plus@0.2.0 assert-plus@1.0.0 asynckit@0.4.0 aws4@1.12.0 chalk@1.1.3 combined-stream@1.0.8 commander@2.20.3 core-util-is@1.0.2 dashdash@1.14.1 delayed-stream@1.0.0 ecc-jsbn@0.1.2 escape-string-regexp@1.0.5 extend@3.0.2 extsprintf@1.3.0 form-data@2.1.4 generate-function@2.3.1 generate-object-property@1.2.0 getpass@0.1.7 has-ansi@2.0.0 http-signature@1.1.1 is-my-ip-valid@1.0.1 is-my-json-valid@2.20.6 is-property@1.0.2 is-typedarray@1.0.0 isstream@0.1.2 jsbn@0.1.1 jsonpointer@5.0.1 jsprim@1.4.2 mime-db@1.52.0 mime-types@2.1.35 node-uuid@1.4.8 pinkie-promise@2.0.1 pinkie@2.0.4 punycode@1.4.1 safer-buffer@2.1.2 sshpk@1.17.0 stringstream@0.0.6 strip-ansi@3.0.1 supports-color@2.0.0 verror@1.10.0 xtend@4.0.2

BSD 3-Clause "New" or "Revised" License

Permissive OSI Approved

Can: commercial-use modify distribute place-warranty
Cannot: use-trademark hold-liable
Must: include-copyright include-license

bcrypt-pbkdf@1.0.2 boom@2.10.1 cryptiles@2.0.5 hawk@3.1.3 hoek@2.16.3 qs@6.3.3 tough-cookie@2.3.4

Apache License 2.0

Permissive OSI Approved

Can: commercial-use modify distribute sublicense private-use use-patent-claims place-warranty
Cannot: hold-liable use-trademark
Must: include-copyright include-license state-changes include-notice

aws-sign2@0.6.0 caseless@0.11.0 forever-agent@0.6.1 oauth-sign@0.8.2 request@2.78.0 tunnel-agent@0.4.3

ISC License

Permissive OSI Approved

Can: commercial-use modify distribute
Cannot: hold-liable
Must: include-copyright include-license

har-validator@2.0.6 json-stringify-safe@5.0.1

(AFL-2.1 OR BSD-3-Clause)

Permissive
json-schema@0.4.0

BSD

Invalid Not OSI Approved
sntp@1.0.9

The Unlicense

Public Domain OSI Approved

Can: commercial-use private-use modify
Cannot: include-copyright hold-liable
Must:

tweetnacl@0.14.5

Dependencies

62
Name Version Size License Type Vulnerabilities
ansi-regex 2.1.1 2.29 kB MIT prod
ansi-styles 2.2.1 2.39 kB MIT prod
asn1 0.2.6 5.84 kB MIT prod
assert-plus 0.2.0 3.72 kB MIT prod
assert-plus 1.0.0 3.85 kB MIT prod
asynckit 0.4.0 7.92 kB MIT prod
aws-sign2 0.6.0 5.05 kB Apache-2.0 prod
aws4 1.12.0 8.06 kB MIT prod
bcrypt-pbkdf 1.0.2 10.85 kB BSD-3-Clause prod
boom 2.10.1 38.57 kB BSD-3-Clause prod 21
caseless 0.11.0 5.05 kB Apache-2.0 prod
chalk 1.1.3 5.11 kB MIT prod
combined-stream 1.0.8 3.97 kB MIT prod
commander 2.20.3 18.26 kB MIT prod
core-util-is 1.0.2 6.85 kB MIT prod
cryptiles 2.0.5 2.84 kB BSD-3-Clause prod 131
dashdash 1.14.1 22.99 kB MIT prod
delayed-stream 1.0.0 3.38 kB MIT prod
ecc-jsbn 0.1.2 7.91 kB MIT prod
escape-string-regexp 1.0.5 1.54 kB MIT prod
extend 3.0.2 7.09 kB MIT prod
extsprintf 1.3.0 8.8 kB MIT prod
forever-agent 0.6.1 4.92 kB Apache-2.0 prod
form-data 2.1.4 7.4 kB MIT prod
generate-function 2.3.1 3.55 kB MIT prod
generate-object-property 1.2.0 1.6 kB MIT prod
getpass 0.1.7 2.54 kB MIT prod
har-validator 2.0.6 5.76 kB ISC prod 1
has-ansi 2.0.0 1.66 kB MIT prod
hawk 3.1.3 118.94 kB BSD-3-Clause prod 1711
hoek 2.16.3 63.68 kB BSD-3-Clause prod 11
http-signature 1.1.1 14.87 kB MIT prod
is-my-ip-valid 1.0.1 4.54 kB MIT prod
is-my-json-valid 2.20.6 9.57 kB MIT prod
is-property 1.0.2 4.39 kB MIT prod
is-typedarray 1.0.0 1.84 kB MIT prod
isstream 0.1.2 3.67 kB MIT prod
jsbn 0.1.1 13.39 kB MIT prod
json-schema 0.4.0 8.73 kB (AFL-2.1 OR BSD-3-Clause) prod
json-stringify-safe 5.0.1 3.92 kB ISC prod
jsonpointer 5.0.1 2.71 kB MIT prod
jsprim 1.4.2 10.63 kB MIT prod
mime-db 1.52.0 26.36 kB MIT prod
mime-types 2.1.35 5.46 kB MIT prod
node-uuid 1.4.8 13.8 kB MIT prod 1
oauth-sign 0.8.2 5.01 kB Apache-2.0 prod
pinkie-promise 2.0.1 1.5 kB MIT prod 1
pinkie 2.0.4 3.84 kB MIT prod 1
punycode 1.4.1 7.87 kB MIT prod
qs 6.3.3 22.99 kB BSD-3-Clause prod
request 2.78.0 55.95 kB Apache-2.0 prod 12
safer-buffer 2.1.2 11.75 kB MIT prod
sntp 1.0.9 6.69 kB BSD prod 311
sshpk 1.17.0 54.41 kB MIT prod
stringstream 0.0.6 2.4 kB MIT prod
strip-ansi 3.0.1 1.69 kB MIT prod
supports-color 2.0.0 1.91 kB MIT prod
tough-cookie 2.3.4 61.15 kB BSD-3-Clause prod
tunnel-agent 0.4.3 5.64 kB Apache-2.0 prod 1
tweetnacl 0.14.5 48.5 kB Unlicense prod
verror 1.10.0 11.99 kB MIT prod
xtend 4.0.2 2.47 kB MIT prod