Home
Docs
GitHub
Pricing
Blog
Log In
DOCS
GITHUB
PRICING
BLOG
Log In

Run Sandworm Audit for your App

Get started
Hold on, we're currently generating a fresh version of this report
Generated on Apr 21, 2024 via pnpm
Repo
Npm
Home

sails 0.12.11

API-driven framework for building realtime apps, using MVC conventions (based on Express and Socket.io)
mvc
web-framework
express
sailsjs
sails.js
REST
API
orm
socket.io
Package summary
Share
147
issues
41
critical severity
vulnerability
14
license
27
61
high severity
vulnerability
30
license
11
meta
20
34
moderate severity
vulnerability
16
meta
18
11
low severity
vulnerability
3
license
8
20
licenses
481
MIT
42
ISC
27
N/A
46
other licenses
BSD-3-Clause
13
Apache-2.0
12
BSD-2-Clause
5
MIT/X11
2
+ 13 more
Package created
16 Jan 2013
Version published
24 Nov 2016
Maintainers
4
Total deps
596
Direct deps
60
License
MIT

Issues

147

41 critical severity issues

critical
sails@0.12.11
Prototype Pollution in Sails.js
Recommendation: None
via: sails@0.12.11
sails@0.12.11
Prototype Pollution in Sails.js
Recommendation: None
via: sails@0.12.11
ejs@2.3.4
ejs template injection vulnerability
Recommendation: Upgrade to version 3.1.7 or later
via: consolidate@0.14.1 & others
getobject@0.1.0
Prototype pollution in getobject
Recommendation: Upgrade to version 1.0.0 or later
via: grunt@1.0.1 & others
ejs@2.3.4
ejs is vulnerable to remote code execution due to weak input validation
Recommendation: Upgrade to version 2.5.5 or later
via: consolidate@0.14.1 & others
morgan@1.6.1
Code Injection in morgan
Recommendation: Upgrade to version 1.9.1 or later
via: express@3.21.2
lodash@3.10.1
Prototype Pollution in lodash
Recommendation: Upgrade to version 4.17.12 or later
via: captains-log@1.0.0 & others
deep-extend@0.2.11
Prototype Pollution in deep-extend
Recommendation: Upgrade to version 0.5.1 or later
via: captains-log@1.0.0 & others
xmlhttprequest-ssl@1.5.3
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection
Recommendation: Upgrade to version 1.6.2 or later
via: sails-hook-sockets@0.13.14
xmlhttprequest-ssl@1.5.3
Improper Certificate Validation in xmlhttprequest-ssl
Recommendation: Upgrade to version 1.6.1 or later
via: sails-hook-sockets@0.13.14
underscore@1.6.0
Arbitrary Code Execution in underscore
Recommendation: Upgrade to version 1.12.1 or later
via: sails-hook-orm@1.0.9 & others
socket.io-parser@2.3.1
Insufficient validation when decoding a Socket.IO packet
Recommendation: Upgrade to version 3.3.3 or later
via: sails-hook-sockets@0.13.14
minimist@0.0.10
Prototype Pollution in minimist
Recommendation: Upgrade to version 0.2.4 or later
via: captains-log@1.0.0 & others
minimist@1.2.0
Prototype Pollution in minimist
Recommendation: Upgrade to version 1.2.6 or later
via: sails-hook-orm@1.0.9 & others
arraybuffer.slice@0.0.6
Package has no specified license
Recommendation: Check the package code and files for license information
via: sails-hook-sockets@0.13.14
better-assert@1.0.2
Package has no specified license
Recommendation: Check the package code and files for license information
via: sails-hook-sockets@0.13.14
blob@0.0.4
Package has no specified license
Recommendation: Check the package code and files for license information
via: sails-hook-sockets@0.13.14
callsite@1.0.0
Package has no specified license
Recommendation: Check the package code and files for license information
via: sails-hook-sockets@0.13.14
colors@0.6.2
Package has no specified license
Recommendation: Check the package code and files for license information
via: captains-log@1.0.0 & others
component-bind@1.0.0
Package has no specified license
Recommendation: Check the package code and files for license information
via: sails-hook-sockets@0.13.14
component-emitter@1.1.2
Package has no specified license
Recommendation: Check the package code and files for license information
via: sails-hook-sockets@0.13.14
component-inherit@0.0.3
Package has no specified license
Recommendation: Check the package code and files for license information
via: sails-hook-sockets@0.13.14
cookie@0.1.2
Package has no specified license
Recommendation: Check the package code and files for license information
via: cookie@0.1.2
cycle@1.0.3
Package has no specified license
Recommendation: Check the package code and files for license information
via: prompt@0.2.14 & others
dot-access@1.0.0
Package has no specified license
Recommendation: Check the package code and files for license information
via: skipper@0.6.5
ejs-locals@1.0.2
Package has no specified license
Recommendation: Check the package code and files for license information
via: ejs-locals@1.0.2
ejs@0.8.8
Package has no specified license
Recommendation: Check the package code and files for license information
via: ejs-locals@1.0.2
extendr@2.1.0
Package has no specified license
Recommendation: Check the package code and files for license information
via: i18n@0.8.1
extract-opts@2.2.0
Package has no specified license
Recommendation: Check the package code and files for license information
via: i18n@0.8.1
grunt-sync@0.5.2
Package has no specified license
Recommendation: Check the package code and files for license information
via: grunt-sync@0.5.2
indexof@0.0.1
Package has no specified license
Recommendation: Check the package code and files for license information
via: sails-hook-sockets@0.13.14
ini@1.1.0
Package has no specified license
Recommendation: Check the package code and files for license information
via: captains-log@1.0.0 & others
jsonlint-lines@1.7.1
Package has no specified license
Recommendation: Check the package code and files for license information
via: sails-hook-orm@1.0.9 & others
ms@0.7.1
Package has no specified license
Recommendation: Check the package code and files for license information
via: compression@1.6.2 & others
nomnom@1.8.1
Package has no specified license
Recommendation: Check the package code and files for license information
via: sails-hook-orm@1.0.9 & others
object-component@0.0.3
Package has no specified license
Recommendation: Check the package code and files for license information
via: sails-hook-sockets@0.13.14
options@0.0.6
Package has no specified license
Recommendation: Check the package code and files for license information
via: sails-hook-sockets@0.13.14
prompt@0.2.14
Package has no specified license
Recommendation: Check the package code and files for license information
via: prompt@0.2.14 & others
trim@0.0.1
Package has no specified license
Recommendation: Check the package code and files for license information
via: sails-hook-orm@1.0.9 & others
uid2@0.0.3
Package has no specified license
Recommendation: Check the package code and files for license information
via: sails-hook-sockets@0.13.14
utile@0.2.1
Package has no specified license
Recommendation: Check the package code and files for license information
via: prompt@0.2.14 & others
Collapse
Expand

61 high severity issues

high
sails@0.12.11
DoS vulnerability for apps with sockets enabled
Recommendation: Upgrade to version 1.5.7 or later
via: sails@0.12.11
qs@6.1.0
Prototype Pollution Protection Bypass in qs
Recommendation: Upgrade to version 6.1.2 or later
via: skipper@0.6.5
qs@4.0.0
Prototype Pollution Protection Bypass in qs
Recommendation: Upgrade to version 6.0.4 or later
via: express@3.21.2 & others
engine.io@1.8.3
Resource exhaustion in engine.io
Recommendation: Upgrade to version 3.6.0 or later
via: sails-hook-sockets@0.13.14
socket.io-parser@2.3.1
Resource exhaustion in socket.io-parser
Recommendation: Upgrade to version 3.3.2 or later
via: sails-hook-sockets@0.13.14
grunt@1.0.1
Arbitrary Code Execution in grunt
Recommendation: Upgrade to version 1.3.0 or later
via: grunt@1.0.1 & others
trim@0.0.1
Regular Expression Denial of Service in trim
Recommendation: Upgrade to version 0.0.3 or later
via: sails-hook-orm@1.0.9 & others
sails-hook-sockets@0.13.14
Improper Input Validation in sails-hook-sockets
Recommendation: Upgrade to version 1.5.5 or later
via: sails-hook-sockets@0.13.14
parsejson@0.0.3
Regular Expression Denial of Service in parsejson
Recommendation: None
via: sails-hook-sockets@0.13.14
base64-url@1.2.1
Out-of-bounds Read in base64-url
Recommendation: Upgrade to version 2.0.0 or later
via: express@3.21.2 & others
negotiator@0.5.3
Regular Expression Denial of Service in negotiator
Recommendation: Upgrade to version 0.6.1 or later
via: express@3.21.2
ws@1.1.2
Denial of Service in ws
Recommendation: Upgrade to version 1.1.5 or later
via: sails-hook-sockets@0.13.14
grunt@1.0.1
Race Condition in Grunt
Recommendation: Upgrade to version 1.5.3 or later
via: grunt@1.0.1 & others
ini@1.1.0
ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse
Recommendation: Upgrade to version 1.3.6 or later
via: captains-log@1.0.0 & others
express-handlebars@3.0.0
Insecure template handling in Express-handlebars
Recommendation: Upgrade to version 5.3.1 or later
via: express-handlebars@3.0.0
ejs@2.3.4
ejs vulnerable to DoS due to weak input validation
Recommendation: Upgrade to version 2.5.5 or later
via: consolidate@0.14.1 & others
fresh@0.3.0
Regular Expression Denial of Service in fresh
Recommendation: Upgrade to version 0.5.2 or later
via: express@3.21.2 & others
method-override@2.3.5
method-override ReDoS when untrusted user input passed into X-HTTP-Method-Override header
Recommendation: Upgrade to version 2.3.10 or later
via: express@3.21.2 & others
minimatch@2.0.10
Regular Expression Denial of Service in minimatch
Recommendation: Upgrade to version 3.0.2 or later
via: grunt-sync@0.5.2
mime@1.3.4
mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input
Recommendation: Upgrade to version 1.4.1 or later
via: express@3.21.2 & others
debug@2.2.0
debug Inefficient Regular Expression Complexity vulnerability
Recommendation: Upgrade to version 2.6.9 or later
via: compression@1.6.2 & others
lodash@3.10.1
Prototype Pollution in lodash
Recommendation: Upgrade to version 4.17.11 or later
via: captains-log@1.0.0 & others
sails@0.12.11
DoS vulnerability for apps with sockets enabled
Recommendation: Upgrade to version 1.5.7 or later
via: sails@0.12.11
js-yaml@3.5.5
Code Injection in js-yaml
Recommendation: Upgrade to version 3.13.1 or later
via: grunt@1.0.1 & others
trim-newlines@1.0.0
Uncontrolled Resource Consumption in trim-newlines
Recommendation: Upgrade to version 3.0.1 or later
via: grunt@1.0.1 & others
lodash@3.10.1
Prototype Pollution in lodash
Recommendation: Upgrade to version 4.17.19 or later
via: captains-log@1.0.0 & others
qs@4.0.0
qs vulnerable to Prototype Pollution
Recommendation: Upgrade to version 6.2.4 or later
via: express@3.21.2 & others
async@2.1.2
Prototype Pollution in async
Recommendation: Upgrade to version 2.6.4 or later
via: skipper@0.6.5
minimatch@2.0.10
minimatch ReDoS vulnerability
Recommendation: Upgrade to version 3.0.5 or later
via: grunt-sync@0.5.2
lodash@3.10.1
Command Injection in lodash
Recommendation: Upgrade to version 4.17.21 or later
via: captains-log@1.0.0 & others
optimist@0.6.1
Package uses an invalid SPDX license ("MIT/X11")
Recommendation: Validate that the package complies with your license policy
via: sails-util@0.11.0
wordwrap@0.0.2
Package uses an invalid SPDX license ("MIT/X11")
Recommendation: Validate that the package complies with your license policy
via: grunt-contrib-uglify@1.0.1
rc@0.3.5
Package uses a custom license expression: `(BSD OR MIT OR Apache2)`
Recommendation: Validate that the license expression complies with your license policy
via: captains-log@1.0.0 & others
rc@1.0.1
Package uses a custom license expression: `(BSD OR MIT OR Apache2)`
Recommendation: Validate that the license expression complies with your license policy
via: rc@1.0.1
JSV@4.0.2
Package uses an invalid SPDX license ("FreeBSD")
Recommendation: Validate that the package complies with your license policy
via: sails-hook-orm@1.0.9 & others
foreachasync@3.0.0
Package uses an invalid SPDX license ("Apache2")
Recommendation: Validate that the package complies with your license policy
via: walk@2.3.9
promised-io@0.3.3
Package uses an invalid SPDX license ("(AFLv2.1 OR BSD)")
Recommendation: Validate that the package complies with your license policy
via: grunt-sync@0.5.2
revalidator@0.1.8
Package uses an invalid SPDX license ("Apache 2.0")
Recommendation: Validate that the package complies with your license policy
via: prompt@0.2.14 & others
spdx-exceptions@2.5.0
Package uses an atypical license ("CC-BY-3.0")
Recommendation: Read and validate the license terms
via: grunt@1.0.1 & others
stream-counter@0.2.0
Package uses an invalid SPDX license ("BSD")
Recommendation: Validate that the package complies with your license policy
via: express@3.21.2 & others
walk@2.3.9
Package uses an invalid SPDX license ("(MIT OR Apache2)")
Recommendation: Validate that the package complies with your license policy
via: walk@2.3.9
@mapbox/geojsonhint@2.0.1
Deprecated package
via: sails-hook-orm@1.0.9 & others
coffee-script@1.10.0
Deprecated package
via: grunt@1.0.1 & others
connect@2.30.2
Deprecated package
via: express@3.21.2
cross-spawn-async@2.2.5
Deprecated package
via: sails-generate@0.13.0
ejs@0.8.8
Deprecated package
via: ejs-locals@1.0.2
ejs@2.3.4
Deprecated package
via: consolidate@0.14.1 & others
har-validator@5.1.5
Deprecated package
via: grunt-contrib-less@1.3.0
ini@1.1.0
Deprecated package
via: captains-log@1.0.0 & others
json3@3.3.2
Deprecated package
via: sails-hook-sockets@0.13.14
minimatch@2.0.10
Deprecated package
via: grunt-sync@0.5.2
mkdirp@0.3.5
Deprecated package
via: sails-generate@0.13.0 & others
mkdirp@0.5.1
Deprecated package
via: express@3.21.2
native-or-bluebird@1.1.2
Deprecated package
via: uid-safe@1.1.0
node-uuid@1.4.8
Deprecated package
via: skipper@0.6.5
nomnom@1.8.1
Deprecated package
via: sails-hook-orm@1.0.9 & others
request@2.88.2
Deprecated package
via: grunt-contrib-less@1.3.0
sails@0.12.11
Package uses preinstall script: "node ./lib/preinstall_npmcheck.js"
via: sails@0.12.11
trim@0.0.1
Deprecated package
via: sails-hook-orm@1.0.9 & others
typechecker@2.0.8
Package uses preinstall script: "node ./cyclic.js"
via: i18n@0.8.1
uuid@3.4.0
Deprecated package
via: grunt-contrib-less@1.3.0
Collapse
Expand

34 moderate severity issues

moderate
lodash@3.10.1
Regular Expression Denial of Service (ReDoS) in lodash
Recommendation: Upgrade to version 4.17.11 or later
via: captains-log@1.0.0 & others
underscore.string@3.2.3
Regular Expression Denial of Service in underscore.string
Recommendation: Upgrade to version 3.3.5 or later
via: grunt@1.0.1 & others
js-yaml@3.5.5
Denial of Service in js-yaml
Recommendation: Upgrade to version 3.13.0 or later
via: grunt@1.0.1 & others
engine.io@1.8.3
Uncaught exception in engine.io
Recommendation: Upgrade to version 3.6.1 or later
via: sails-hook-sockets@0.13.14
grunt@1.0.1
Path Traversal in Grunt
Recommendation: Upgrade to version 1.5.2 or later
via: grunt@1.0.1 & others
ejs@2.3.4
mde ejs vulnerable to XSS
Recommendation: Upgrade to version 2.5.5 or later
via: consolidate@0.14.1 & others
socket.io@1.7.3
CORS misconfiguration in socket.io
Recommendation: Upgrade to version 2.4.0 or later
via: sails-hook-sockets@0.13.14
ms@0.7.1
Vercel ms Inefficient Regular Expression Complexity vulnerability
Recommendation: Upgrade to version 2.0.0 or later
via: compression@1.6.2 & others
lodash@3.10.1
Regular Expression Denial of Service (ReDoS) in lodash
Recommendation: Upgrade to version 4.17.21 or later
via: captains-log@1.0.0 & others
validator@4.4.0
Inefficient Regular Expression Complexity in validator.js
Recommendation: Upgrade to version 13.7.0 or later
via: sails-hook-orm@1.0.9 & others
minimist@1.2.0
Prototype Pollution in minimist
Recommendation: Upgrade to version 1.2.3 or later
via: sails-hook-orm@1.0.9 & others
minimist@0.0.10
Prototype Pollution in minimist
Recommendation: Upgrade to version 0.2.1 or later
via: captains-log@1.0.0 & others
semver@5.1.0
semver vulnerable to Regular Expression Denial of Service
Recommendation: Upgrade to version 5.7.2 or later
via: grunt@1.0.1 & others
tough-cookie@2.5.0
tough-cookie Prototype Pollution vulnerability
Recommendation: Upgrade to version 4.1.3 or later
via: grunt-contrib-less@1.3.0
request@2.88.2
Server-Side Request Forgery in Request
Recommendation: None
via: grunt-contrib-less@1.3.0
express@3.21.2
Express.js Open Redirect in malformed URLs
Recommendation: Upgrade to version 4.19.2 or later
via: express@3.21.2
JSV@4.0.2
Package has no specified source code repository
via: sails-hook-orm@1.0.9 & others
callsite@1.0.0
Package has no specified source code repository
via: sails-hook-sockets@0.13.14
eyes@0.1.8
Package has no specified source code repository
via: prompt@0.2.14 & others
has-binary@0.1.7
Package has no specified source code repository
via: sails-hook-sockets@0.13.14
indexof@0.0.1
Package has no specified source code repository
via: sails-hook-sockets@0.13.14
object-component@0.0.3
Package has no specified source code repository
via: sails-hook-sockets@0.13.14
sails-generate-adapter@0.10.7
Package has no specified source code repository
via: sails-generate@0.13.0
sails-generate-api@0.10.1
Package has no specified source code repository
via: sails-generate@0.13.0
sails-generate-controller@0.10.9
Package has no specified source code repository
via: sails-generate@0.13.0
sails-generate-frontend@0.12.3
Package has no specified source code repository
via: sails-generate@0.13.0
sails-generate-gruntfile@0.10.11
Package has no specified source code repository
via: sails-generate@0.13.0
sails-generate-model@0.10.12
Package has no specified source code repository
via: sails-generate@0.13.0
sails-generate-new@0.10.29
Package has no specified source code repository
via: sails-generate@0.13.0
sails-generate-sails.io.js@0.13.4
Package has no specified source code repository
via: sails-generate@0.13.0
sails-generate-sails.io.js@0.14.0
Package has no specified source code repository
via: sails-generate@0.13.0
sails-generate-views@0.10.8
Package has no specified source code repository
via: sails-generate@0.13.0
trim@0.0.1
Package has no specified source code repository
via: sails-hook-orm@1.0.9 & others
uid2@0.0.3
Package has no specified source code repository
via: sails-hook-sockets@0.13.14
Collapse
Expand

11 low severity issues

low
lodash@3.10.1
Prototype Pollution in lodash
Recommendation: Upgrade to version 4.17.5 or later
via: captains-log@1.0.0 & others
clean-css@3.4.28
Regular Expression Denial of Service in clean-css
Recommendation: Upgrade to version 4.1.11 or later
via: grunt-contrib-cssmin@1.0.1
debug@2.2.0
Regular Expression Denial of Service in debug
Recommendation: Upgrade to version 2.6.9 or later
via: compression@1.6.2 & others
optimist@0.6.1
Package uses a license that is not OSI approved ("MIT/X11")
Recommendation: Read and validate the license terms
via: sails-util@0.11.0
wordwrap@0.0.2
Package uses a license that is not OSI approved ("MIT/X11")
Recommendation: Read and validate the license terms
via: grunt-contrib-uglify@1.0.1
JSV@4.0.2
Package uses a license that is not OSI approved ("FreeBSD")
Recommendation: Read and validate the license terms
via: sails-hook-orm@1.0.9 & others
foreachasync@3.0.0
Package uses a license that is not OSI approved ("Apache2")
Recommendation: Read and validate the license terms
via: walk@2.3.9
revalidator@0.1.8
Package uses a license that is not OSI approved ("Apache 2.0")
Recommendation: Read and validate the license terms
via: prompt@0.2.14 & others
spdx-exceptions@2.5.0
Package uses a license that is not OSI approved ("CC-BY-3.0")
Recommendation: Read and validate the license terms
via: grunt@1.0.1 & others
spdx-license-ids@3.0.17
Package uses a license that is not OSI approved ("CC0-1.0")
Recommendation: Read and validate the license terms
via: grunt@1.0.1 & others
stream-counter@0.2.0
Package uses a license that is not OSI approved ("BSD")
Recommendation: Read and validate the license terms
via: express@3.21.2 & others
Collapse
Expand

Licenses

MIT
481
ISC
42
N/A
27
BSD-3-Clause
13
Apache-2.0
12
BSD-2-Clause
5
MIT/X11
2
(BSD OR MIT OR Apache2)
2
FreeBSD
1
BSD-3-Clause OR MIT
1
Apache2
1
(AFL-2.1 OR BSD-3-Clause)
1
(AFLv2.1 OR BSD)
1
Apache 2.0
1
CC-BY-3.0
1
CC0-1.0
1
BSD
1
Unlicense
1
WTFPL OR MIT
1
(MIT OR Apache2)
1

MIT License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
Cannot
hold-liable
Must
include-copyright
include-license
481 Packages, Including:
@sailshq/lodash@3.10.6
accepts@1.2.13
accepts@1.3.3
accepts@1.3.8
after@0.8.2
ajv@6.12.6
align-text@0.1.4
ambi@2.5.0
anchor@0.10.5
anchor@0.11.6
ansi-regex@1.1.1
ansi-regex@2.1.1
ansi-styles@1.0.0
ansi-styles@2.2.1
argparse@1.0.10
array-buffer-byte-length@1.0.1
array-find-index@1.0.2
asap@2.0.6
asn1@0.2.6
assert-plus@1.0.0
async@0.2.10
async@1.2.1
async@1.5.0
async@1.5.2
async@2.1.2
asynckit@0.4.0
available-typed-arrays@1.0.7
aws4@1.12.0
backo2@1.0.2
balanced-match@1.0.2
base64-arraybuffer@0.1.5
base64id@1.0.0
basic-auth-connect@1.0.0
basic-auth@1.0.4
batch@0.5.3
bluebird@3.2.1
bluebird@3.7.2
body-parser@1.13.3
body-parser@1.14.2
body-parser@1.15.1
brace-expansion@1.1.11
browserify-zlib@0.1.4
buffer-from@1.1.2
bytes@2.1.0
bytes@2.2.0
bytes@2.3.0
bytes@2.4.0
call-bind@1.0.7
camelcase-keys@2.1.0
camelcase@1.2.1

ISC License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
Cannot
hold-liable
Must
include-copyright
include-license
42 Packages, Including:
@mapbox/geojsonhint@2.0.1
abbrev@1.1.1
base64-url@1.2.1
cliui@2.1.0
fs.realpath@1.0.0
glob@4.5.3
glob@5.0.15
glob@6.0.4
glob@7.0.6
glob@7.1.7
glob@7.2.3
graceful-fs@4.2.11
har-schema@2.0.0
hosted-git-info@2.8.9
inflight@1.0.6
inherits@2.0.1
inherits@2.0.3
inherits@2.0.4
ini@1.3.8
isexe@2.0.0
json-stringify-safe@5.0.1
lru-cache@4.1.5
make-plural@3.0.6
minimatch@2.0.10
minimatch@3.0.8
minimatch@3.1.2
mute-stream@0.0.8
nopt@3.0.6
once@1.4.0
pseudomap@1.0.2
read@1.0.7
rimraf@2.7.1
semver@4.3.6
semver@5.0.3
semver@5.1.0
semver@6.3.1
setprototypeof@1.0.2
signal-exit@3.0.7
which@1.2.14
which@1.3.1
wrappy@1.0.2
yallist@2.1.2

N/A

N/A
27 Packages, Including:
arraybuffer.slice@0.0.6
better-assert@1.0.2
blob@0.0.4
callsite@1.0.0
colors@0.6.2
component-bind@1.0.0
component-emitter@1.1.2
component-inherit@0.0.3
cookie@0.1.2
cycle@1.0.3
dot-access@1.0.0
ejs-locals@1.0.2
ejs@0.8.8
extendr@2.1.0
extract-opts@2.2.0
grunt-sync@0.5.2
indexof@0.0.1
ini@1.1.0
jsonlint-lines@1.7.1
ms@0.7.1
nomnom@1.8.1
object-component@0.0.3
options@0.0.6
prompt@0.2.14
trim@0.0.1
uid2@0.0.3
utile@0.2.1

BSD 3-Clause "New" or "Revised" License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
place-warranty
Cannot
use-trademark
hold-liable
Must
include-copyright
include-license
13 Packages, Including:
bcrypt-pbkdf@1.0.2
express-handlebars@3.0.0
qs@4.0.0
qs@5.1.0
qs@5.2.0
qs@6.1.0
qs@6.5.3
source-map@0.4.4
source-map@0.5.7
source-map@0.6.1
sprintf-js@1.0.3
sprintf-js@1.1.3
tough-cookie@2.5.0

Apache License 2.0

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
use-patent-claims
place-warranty
Cannot
hold-liable
use-trademark
Must
include-copyright
include-license
state-changes
include-notice
12 Packages, Including:
aws-sign2@0.7.0
caseless@0.12.0
ejs@2.3.4
forever-agent@0.6.1
less@2.6.1
oauth-sign@0.9.0
request@2.88.2
spdx-correct@3.2.0
tunnel-agent@0.6.0
validate-npm-package-license@3.0.4
websocket-driver@0.7.4
websocket-extensions@0.1.4

BSD 2-Clause "Simplified" License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
place-warranty
Cannot
hold-liable
Must
include-copyright
include-license
5 Packages, Including:
esprima@2.7.3
normalize-package-data@2.5.0
uglify-js@2.6.4
uglify-js@3.17.4
uri-js@4.4.1

MIT/X11

Invalid
Not OSI Approved
2 Packages, Including:
optimist@0.6.1
wordwrap@0.0.2

(BSD OR MIT OR Apache2)

Expression
2 Packages, Including:
rc@0.3.5
rc@1.0.1

FreeBSD

Invalid
Not OSI Approved
1 Packages, Including:
JSV@4.0.2

BSD-3-Clause OR MIT

Permissive
1 Packages, Including:
amdefine@1.0.1

Apache2

Invalid
Not OSI Approved
1 Packages, Including:
foreachasync@3.0.0

(AFL-2.1 OR BSD-3-Clause)

Permissive
1 Packages, Including:
json-schema@0.4.0

(AFLv2.1 OR BSD)

Invalid
1 Packages, Including:
promised-io@0.3.3

Apache 2.0

Invalid
Not OSI Approved
1 Packages, Including:
revalidator@0.1.8

Creative Commons Attribution 3.0 Unported

Uncategorized
Not OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
Cannot
Must
1 Packages, Including:
spdx-exceptions@2.5.0

Creative Commons Zero v1.0 Universal

Public Domain
Not OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
Cannot
Must
1 Packages, Including:
spdx-license-ids@3.0.17

BSD

Invalid
Not OSI Approved
1 Packages, Including:
stream-counter@0.2.0

The Unlicense

Public Domain
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
private-use
modify
Cannot
include-copyright
hold-liable
Must
1 Packages, Including:
tweetnacl@0.14.5

WTFPL OR MIT

Permissive
1 Packages, Including:
uri-path@1.0.0

(MIT OR Apache2)

Invalid
1 Packages, Including:
walk@2.3.9
Disclaimer

This deed highlights only some of the key features and terms of the actual license. It is not a license and has no legal value. You should carefully review all of the terms and conditions of the actual license before using the licensed material.

Sandworm is not a law firm and does not provide legal services. Distributing, displaying, or linking to this deed or the license that it summarizes does not create a lawyer-client or any other relationship.

Direct Dependencies

60
All Dependencies CSV
β“˜ This is a list of sails 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.
NameVersionSizeLicenseTypeVulnerabilities
@sailshq/lodash3.10.6418.69 kBMIT
prod
anchor0.10.51.36 MBMIT
prod
async1.5.037.22 kBMIT
prod
captains-log1.0.013.33 kBMIT
prod
5
6
3
1
chalk1.1.35.11 kBMIT
prod
commander2.9.013.11 kBMIT
prod
compression1.6.27.08 kBMIT
prod
1
1
1
1
connect-flash0.1.13.02 kBMIT
prod
connect3.4.124.39 kBMIT
prod
1
1
1
1
consolidate0.14.110.33 kBMIT
prod
2
2
1
cookie-parser1.3.53.32 kBMIT
prod
cookie-signature1.0.62.06 kBMIT
prod
cookie0.1.22.41 kBUNKNOWN
prod
1
csurf1.9.06.87 kBMIT
prod
ejs-locals1.0.211.77 kBUNKNOWN
prod
4
2
1
ejs2.3.430.58 kBApache-2.0
prod
2
2
1
express-handlebars3.0.019.02 kBBSD-3-Clause
prod
1
express-session1.14.217.61 kBMIT
prod
1
1
1
1
express3.21.242.38 kBMIT
prod
3
11
3
2
flaverr1.10.019.14 kBMIT
prod
glob5.0.1514.45 kBISC
prod
grunt-cli1.2.03.75 kBMIT
prod
grunt-contrib-clean1.0.03.54 kBMIT
prod
2
9
6
3
grunt-contrib-coffee1.0.05.46 kBMIT
prod
2
9
6
3
grunt-contrib-concat1.0.17.83 kBMIT
prod
2
9
6
3
grunt-contrib-copy1.0.04.79 kBMIT
prod
grunt-contrib-cssmin1.0.13.61 kBMIT
prod
2
1
3
grunt-contrib-jst1.0.04.14 kBMIT
prod
1
2
2
1
grunt-contrib-less1.3.06.09 kBMIT
prod
3
2
grunt-contrib-uglify1.0.110.68 kBMIT
prod
3
1
3
grunt-contrib-watch1.0.014.14 kBMIT
prod
2
6
3
2
grunt-sails-linker0.10.14.17 kBMIT
prod
grunt-sync0.5.26.45 kBUNKNOWN
prod
2
7
2
1
grunt1.0.122.31 kBMIT
prod peer
2
9
6
3
i18n0.8.167.91 kBMIT
prod
2
1
include-all1.0.810.5 kBMIT
prod
1
3
2
1
merge-defaults0.2.24.76 kBMIT
prod
method-override2.3.55.08 kBMIT
prod
1
2
1
1
mock-req0.2.03.2 kBMIT
prod
mock-res0.3.03.42 kBMIT
prod
parseurl1.3.13.3 kBMIT
prod
path-to-regexp1.5.37.51 kBMIT
prod
pluralize1.2.15.27 kBMIT
prod
prompt0.2.1421.82 kBUNKNOWN
prod
4
1
1
1
rc1.0.16.17 kB(BSD OR MIT OR Apache2)
prod
2
1
1
reportback0.1.91.76 kBMIT
prod
5
5
3
1
rttc9.3.348.23 kBMIT
prod
1
3
2
1
sails-disk0.10.108.63 kBMIT
prod
1
3
2
1
sails-generate0.13.010.39 kBMIT
prod
5
8
14
1
sails-hook-orm1.0.919.04 kBMIT
prod
10
9
7
3
sails-hook-sockets0.13.1424.46 kBMIT
prod
16
10
11
2
sails-stringfile0.3.34.69 kBMIT
prod
sails-util0.11.0274.28 kBMIT
prod
2
5
4
2
semver5.1.020.13 kBISC
prod
1
serve-favicon2.3.04.8 kBMIT
prod
1
1
1
serve-static1.10.26.68 kBMIT
prod
1
3
1
1
skipper0.6.539.77 kBMIT
prod
3
9
4
3
uid-safe1.1.02.75 kBMIT
prod
2
walk2.3.96.36 kB(MIT OR Apache2)
prod
2
1
waterline0.11.1288.79 kBMIT
prod
10
9
7
3

Visualizations

Tree
Treemap

Recent Versions

Sandworm Dunes
Ready to start?

Scan your app for security vulnerabilities and license issues

Start Free With GitHub
Sandworm Open Source
Sandworm
Getting Started Issue Types Resolve Issues License Policies Sandworm Guard
Explore
Npm Package List Composer Package List Npm Categories List Npm Security Vulnerabilities Composer Security Vulnerabilities
Support
Sponsor Discuss Terms of Use Privacy Policy Security
More from Sandworm
Newsletter 𝕏 / Twitter 𝕏 / Twitter Security Alerts Knowledge Base Blog Contact