Home
Docs
GitHub
Pricing
Blog
Log In

Run Sandworm Audit for your App

Get started
Generated on Feb 23, 2024 via pnpm
Package summary
Share
22
issues
1
critical severity
license
1
13
high severity
license
2
meta
11
7
moderate severity
vulnerability
3
meta
4
1
low severity
license
1
12
licenses
269
MIT
74
ISC
12
BSD-3-Clause
20
other licenses
Apache-2.0
7
BSD-2-Clause
6
N/A
1
(AFL-2.1 OR BSD-3-Clause)
1
+ 5 more
Package created
7 Dec 2015
Version published
1 Oct 2020
Maintainers
2
Total deps
375
Direct deps
21
License
BSD-3-Clause

Issues

22

1 critical severity issue

critical
Recommendation: Check the package code and files for license information
via: commerce.js@2.0.24
Collapse
Expand

13 high severity issues

high
Recommendation: Validate that the license expression complies with your license policy
via: commerce.js@2.0.24
Recommendation: Validate that the package complies with your license policy
via: commerce.js@2.0.24
via: @hanzo/react@0.0.18 & others
via: @hanzo/react@0.0.18
via: @hanzo/react@0.0.18 & others
via: commerce.js@2.0.24
via: @hanzo/react@0.0.18
via: commerce.js@2.0.24
via: commerce.js@2.0.24
via: @hanzo/react@0.0.18 & others
via: @hanzo/react@0.0.18 & others
via: commerce.js@2.0.24
via: commerce.js@2.0.24
Collapse
Expand

7 moderate severity issues

moderate
Recommendation: Upgrade to version 11.8.5 or later
via: commerce.js@2.0.24
Recommendation: None
via: commerce.js@2.0.24
Recommendation: Upgrade to version 4.1.3 or later
via: commerce.js@2.0.24
via: commerce.js@2.0.24
via: commerce.js@2.0.24
via: commerce.js@2.0.24
via: react-payment-inputs@1.1.9
Collapse
Expand

1 low severity issue

low
Recommendation: Read and validate the license terms
via: commerce.js@2.0.24
Collapse
Expand

Licenses

MIT License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
Cannot
hold-liable
Must
include-copyright
include-license
269 Packages, Including:
@babel/runtime@7.23.9
@date-io/core@1.3.13
@date-io/core@2.17.0
@date-io/moment@2.6.0
@emotion/hash@0.8.0
@emotion/is-prop-valid@1.2.1
@emotion/memoize@0.8.1
@emotion/unitless@0.8.0
@gar/promisify@1.1.3
@material-ui/core@4.12.4
@material-ui/icons@4.11.3
@material-ui/pickers@3.2.10
@material-ui/styles@4.11.5
@material-ui/system@4.12.2
@material-ui/types@5.1.0
@material-ui/utils@4.11.3
@npmcli/move-file@1.1.2
@sindresorhus/is@0.14.0
@szmarczak/http-timer@1.1.2
@tootallnate/once@1.1.2
@types/keyv@3.1.4
@types/node@20.11.20
@types/prop-types@15.7.11
@types/react-transition-group@4.4.10
@types/react@18.2.58
@types/responselike@1.0.3
@types/scheduler@0.16.8
@types/styled-jsx@2.2.9
@types/stylis@4.2.0
agent-base@6.0.2
agentkeepalive@4.5.0
aggregate-error@3.1.0
ajv@6.12.6
akasha@0.1.13
ansi-regex@2.1.1
ansi-regex@5.0.1
ansi-styles@4.3.0
argparse@1.0.10
asn1@0.2.6
assert-plus@1.0.0
asynckit@0.4.0
aws4@1.12.0
balanced-match@1.0.2
boxen@4.2.0
brace-expansion@1.1.11
broken@0.1.13
builtins@1.0.3
cacheable-request@6.1.0
camelcase@5.3.1
camelize@1.0.1

ISC License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
Cannot
hold-liable
Must
include-copyright
include-license
74 Packages, Including:
@hanzo/middleware@0.0.18
@hanzo/react@0.0.18
@hanzo/utils@0.0.18
@npmcli/fs@1.1.1
@npmcli/git@2.1.0
@npmcli/installed-package-contents@1.0.7
@npmcli/node-gyp@1.0.3
@npmcli/promise-spawn@1.3.2
@npmcli/run-script@1.8.6
abbrev@1.1.1
ansi-align@3.0.1
aproba@1.2.0
are-we-there-yet@1.1.7
cacache@15.3.0
chownr@2.0.0
cint@8.2.1
console-control-strings@1.1.0
css-color-keywords@1.0.0
figgy-pudding@3.5.2
fs-minipass@2.1.0
fs.realpath@1.0.0
gauge@2.7.4
glob@7.2.3
graceful-fs@4.2.11
har-schema@2.0.0
has-unicode@2.0.1
hosted-git-info@4.1.0
ignore-walk@3.0.4
infer-owner@1.0.4
inflight@1.0.6
inherits@2.0.4
ini@1.3.7
ini@1.3.8
isexe@2.0.0
json-stringify-safe@5.0.1
libnpmconfig@1.2.1
lru-cache@6.0.0
make-fetch-happen@9.1.0
minimatch@3.1.2
minipass-collect@1.0.2
minipass-flush@1.0.5
minipass-pipeline@1.2.4
minipass-sized@1.0.3
minipass@3.3.6
minipass@5.0.0
nopt@5.0.0
npm-bundled@1.1.2
npm-normalize-package-bin@1.0.1
npm-package-arg@8.1.5
npm-packlist@2.2.2

BSD 3-Clause "New" or "Revised" License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
place-warranty
Cannot
use-trademark
hold-liable
Must
include-copyright
include-license
12 Packages, Including:
bcrypt-pbkdf@1.0.2
duplexer3@0.1.5
hanzo.js@2.5.13
hoist-non-react-statics@3.3.2
hyphenate-style-name@1.0.4
qs@6.5.3
react-transition-group@4.4.5
shop.js@3.0.30
source-map-js@1.0.2
sprintf-js@1.0.3
sprintf-js@1.1.3
tough-cookie@2.5.0

Apache License 2.0

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
use-patent-claims
place-warranty
Cannot
hold-liable
use-trademark
Must
include-copyright
include-license
state-changes
include-notice
7 Packages, Including:
aws-sign2@0.7.0
caseless@0.12.0
forever-agent@0.6.1
npm-check-updates@7.0.1
oauth-sign@0.9.0
request@2.88.2
tunnel-agent@0.6.0

BSD 2-Clause "Simplified" License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
place-warranty
Cannot
hold-liable
Must
include-copyright
include-license
6 Packages, Including:
configstore@5.0.1
esprima@4.0.1
http-cache-semantics@4.1.1
npm-install-checks@4.0.0
update-notifier@4.1.3
uri-js@4.4.1

N/A

N/A
1 Packages, Including:
cli-table@0.3.11

(AFL-2.1 OR BSD-3-Clause)

Permissive
1 Packages, Including:
json-schema@0.4.0

(BSD-2-Clause OR MIT OR Apache-2.0)

Expression
1 Packages, Including:
rc@1.2.8

APACHEv2

Invalid
Not OSI Approved
1 Packages, Including:
semver-utils@1.1.4

BSD Zero Clause License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
include-copyright
include-license
include-original
Cannot
hold-liable
Must
1 Packages, Including:
tslib@2.5.0

The Unlicense

Public Domain
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
private-use
modify
Cannot
include-copyright
hold-liable
Must
1 Packages, Including:
tweetnacl@0.14.5

(MIT OR CC0-1.0)

Public Domain
1 Packages, Including:
type-fest@0.8.1
Disclaimer

This deed highlights only some of the key features and terms of the actual license. It is not a license and has no legal value. You should carefully review all of the terms and conditions of the actual license before using the licensed material.

Sandworm is not a law firm and does not provide legal services. Distributing, displaying, or linking to this deed or the license that it summarizes does not create a lawyer-client or any other relationship.

Direct Dependencies

21
All Dependencies CSV
β“˜ This is a list of shop.js 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.
NameVersionSizeLicenseTypeVulnerabilities
@hanzo/middleware0.0.18510.59 kBISC
prod
@hanzo/react0.0.181.73 MBISC
prod
6
@hanzo/utils0.0.1814.84 kBISC
prod
@material-ui/core4.12.4976.99 kBMIT
prod peer
4
@material-ui/icons4.11.31022.94 kBMIT
prod
4
akasha0.1.134.42 kBMIT
prod
classnames2.5.18.46 kBMIT
prod
commerce.js2.0.24348.59 kBMIT
prod
1
7
6
1
fast-memoize2.5.24.84 kBMIT
prod
midstream2.0.218.15 kBMIT
prod
mobx-react6.3.146.31 kBMIT
prod
2
mobx5.15.7245.9 kBMIT
prod
moment-timezone0.5.45234.53 kBMIT
prod peer
moment2.30.1698.76 kBMIT
prod peer
prop-types15.8.122.12 kBMIT
prod peer
raf3.4.13.63 kBMIT
prod
react-dom16.14.0722.53 kBMIT
prod peer
2
react-is16.13.15.33 kBMIT
prod
react-payment-inputs1.1.980.14 kBMIT
prod
2
1
react-virtualized9.22.5277.31 kBMIT
prod
2
react16.14.059.16 kBMIT
prod peer
1

Visualizations