Home
Docs
GitHub
Pricing
Blog
Log In

Run Sandworm Audit for your App

Get started
Hold on, we're currently generating a fresh version of this report
Generated on Jun 6, 2024 via pnpm
Package summary
Share
52
issues
2
critical severity
license
2
11
high severity
vulnerability
2
license
2
meta
7
37
moderate severity
vulnerability
5
meta
32
2
low severity
license
2
14
licenses
231
MIT
38
Apache-2.0
29
ISC
43
other licenses
BSD-3-Clause
16
Apache-2.0 AND MIT
9
BSD-2-Clause
8
N/A
2
+ 7 more
Package created
8 May 2016
Version published
15 May 2022
Maintainers
2
Total deps
341
Direct deps
20
License
Apache-2.0

Issues

52

2 critical severity issues

critical
Recommendation: Check the package code and files for license information
via: open-graph@0.2.6
Recommendation: Check the package code and files for license information
via: file-box@1.4.15 & others
Collapse
Expand

11 high severity issues

high
Recommendation: Upgrade to version 2.0.1 or later
via: open-graph@0.2.6
Recommendation: None
via: open-graph@0.2.6
Recommendation: Validate that the package complies with your license policy
via: open-graph@0.2.6
Recommendation: Validate that the package complies with your license policy
via: open-graph@0.2.6
via: wechaty-puppet-wechat4u@1.14.14
via: wechaty-puppet-service@1.19.9
via: open-graph@0.2.6
via: wechaty-puppet-service@1.19.9
via: wechaty-puppet-service@1.19.9
via: open-graph@0.2.6
via: open-graph@0.2.6
Collapse
Expand

37 moderate severity issues

moderate
Recommendation: Upgrade to version 4.1.2 or later
via: wechaty-puppet-wechat4u@1.14.14
Recommendation: Upgrade to version 4.1.3 or later
via: open-graph@0.2.6
Recommendation: Upgrade to version 0.5.0 or later
via: wechaty-puppet-wechat4u@1.14.14
Recommendation: None
via: open-graph@0.2.6
Recommendation: Upgrade to version 3.7.1 or later
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: file-box@1.4.15 & others
via: cmd-ts@0.10.2
via: wechaty-puppet-service@1.19.9 & others
Collapse
Expand

2 low severity issues

low
Recommendation: Read and validate the license terms
via: open-graph@0.2.6
Recommendation: Read and validate the license terms
via: open-graph@0.2.6
Collapse
Expand

Licenses

MIT License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
Cannot
hold-liable
Must
include-copyright
include-license
231 Packages, Including:
@alloc/quick-lru@5.2.0
@babel/runtime@7.24.7
@jimp/bmp@0.16.13
@jimp/core@0.16.13
@jimp/custom@0.16.13
@jimp/gif@0.16.13
@jimp/jpeg@0.16.13
@jimp/plugin-blit@0.16.13
@jimp/plugin-blur@0.16.13
@jimp/plugin-circle@0.16.13
@jimp/plugin-color@0.16.13
@jimp/plugin-contain@0.16.13
@jimp/plugin-cover@0.16.13
@jimp/plugin-crop@0.16.13
@jimp/plugin-displace@0.16.13
@jimp/plugin-dither@0.16.13
@jimp/plugin-fisheye@0.16.13
@jimp/plugin-flip@0.16.13
@jimp/plugin-gaussian@0.16.13
@jimp/plugin-invert@0.16.13
@jimp/plugin-mask@0.16.13
@jimp/plugin-normalize@0.16.13
@jimp/plugin-print@0.16.13
@jimp/plugin-resize@0.16.13
@jimp/plugin-rotate@0.16.13
@jimp/plugin-scale@0.16.13
@jimp/plugin-shadow@0.16.13
@jimp/plugin-threshold@0.16.13
@jimp/plugins@0.16.13
@jimp/png@0.16.13
@jimp/tiff@0.16.13
@jimp/types@0.16.13
@jimp/utils@0.16.13
@js-sdsl/ordered-map@4.4.2
@pipeletteio/nop@1.0.5
@tokenizer/token@0.3.0
@types/node@13.13.52
@types/node@16.9.1
@types/node@20.14.2
abstract-leveldown@7.2.0
ajv@6.12.6
ansi-regex@5.0.1
ansi-styles@4.3.0
any-base@1.1.0
asn1@0.2.6
assert-plus@1.0.0
asynckit@0.4.0
aws4@1.13.0
axios@1.7.2
balanced-match@1.0.2

Apache License 2.0

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
use-patent-claims
place-warranty
Cannot
hold-liable
use-trademark
Must
include-copyright
include-license
state-changes
include-notice
38 Packages, Including:
@grpc/grpc-js@1.10.8
@grpc/proto-loader@0.7.13
@swc/core-linux-arm-gnueabihf@1.5.25
@swc/core@1.5.25
@swc/counter@0.1.3
@swc/types@0.1.7
async-map-like@0.2.5
async-map-like@1.0.2
aws-sign2@0.7.0
brolog@1.14.2
caseless@0.12.0
clone-class@1.1.3
didyoumean@1.2.2
ducks@1.0.2
file-box@1.4.15
file-box@1.5.5
flash-store@1.3.5
forever-agent@0.6.1
gerror@1.0.16
jsqr@1.4.0
long@5.2.3
memory-card@1.1.2
oauth-sign@0.9.0
request@2.88.2
rx-queue@1.0.5
rxjs@7.8.1
state-switch@0.14.1
state-switch@1.6.3
state-switch@1.7.1
tunnel-agent@0.6.0
watchdog@0.9.2
wechaty-grpc@1.5.2
wechaty-puppet-service@1.19.9
wechaty-puppet-wechat4u@1.14.14
wechaty-puppet@1.20.2
wechaty-redux@1.20.2
wechaty-token@1.1.2
wechaty@1.20.2

ISC License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
Cannot
hold-liable
Must
include-copyright
include-license
29 Packages, Including:
boolbase@1.0.0
cliui@6.0.0
cliui@8.0.1
fs.realpath@1.0.0
get-caller-file@2.0.5
glob@7.2.3
har-schema@2.0.0
inflight@1.0.6
inherits@2.0.4
isexe@2.0.0
json-rpc-peer@0.17.0
json-rpc-protocol@0.13.2
json-stringify-safe@5.0.1
make-error@1.3.6
minimatch@3.1.2
once@1.4.0
pixelmatch@4.0.2
require-main-filename@2.0.0
rimraf@3.0.2
sax@1.4.1
semver@7.6.2
set-blocking@2.0.0
which-module@2.0.1
which@2.0.2
wrappy@1.0.2
y18n@4.0.3
y18n@5.0.8
yargs-parser@18.1.3
yargs-parser@21.1.1

BSD 3-Clause "New" or "Revised" License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
place-warranty
Cannot
use-trademark
hold-liable
Must
include-copyright
include-license
16 Packages, Including:
@protobufjs/aspromise@1.1.2
@protobufjs/base64@1.1.2
@protobufjs/codegen@2.0.4
@protobufjs/eventemitter@1.1.0
@protobufjs/fetch@1.1.0
@protobufjs/float@1.0.2
@protobufjs/inquire@1.1.0
@protobufjs/path@1.1.2
@protobufjs/pool@1.1.0
@protobufjs/utf8@1.1.0
bcrypt-pbkdf@1.0.2
ieee754@1.2.1
jpeg-js@0.4.4
protobufjs@7.3.0
qs@6.5.3
tough-cookie@2.5.0

Apache-2.0 AND MIT

Permissive
9 Packages, Including:
@swc/core-darwin-arm64@1.5.25
@swc/core-darwin-x64@1.5.25
@swc/core-linux-arm64-gnu@1.5.25
@swc/core-linux-arm64-musl@1.5.25
@swc/core-linux-x64-gnu@1.5.25
@swc/core-linux-x64-musl@1.5.25
@swc/core-win32-arm64-msvc@1.5.25
@swc/core-win32-ia32-msvc@1.5.25
@swc/core-win32-x64-msvc@1.5.25

BSD 2-Clause "Simplified" License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
place-warranty
Cannot
hold-liable
Must
include-copyright
include-license
8 Packages, Including:
css-what@2.1.3
domelementtype@1.3.1
domhandler@2.4.2
domutils@1.7.0
dotenv@16.4.5
entities@1.1.2
nth-check@1.0.2
uri-js@4.4.1

N/A

N/A
2 Packages, Including:
domutils@1.5.1
exif-parser@0.1.12

BSD Zero Clause License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
include-copyright
include-license
include-original
Cannot
hold-liable
Must
2 Packages, Including:
tslib@2.1.0
tslib@2.6.3

BSD-like

Invalid
Not OSI Approved
1 Packages, Including:
css-select@1.2.0

(BSD-3-Clause AND Apache-2.0)

Permissive
1 Packages, Including:
google-protobuf@3.21.2

(AFL-2.1 OR BSD-3-Clause)

Permissive
1 Packages, Including:
json-schema@0.4.0

BSD

Invalid
Not OSI Approved
1 Packages, Including:
open-graph@0.2.6

(MIT AND Zlib)

Permissive
1 Packages, Including:
pako@1.0.11

The Unlicense

Public Domain
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
private-use
modify
Cannot
include-copyright
hold-liable
Must
1 Packages, Including:
tweetnacl@0.14.5
Disclaimer

This deed highlights only some of the key features and terms of the actual license. It is not a license and has no legal value. You should carefully review all of the terms and conditions of the actual license before using the licensed material.

Sandworm is not a law firm and does not provide legal services. Distributing, displaying, or linking to this deed or the license that it summarizes does not create a lawyer-client or any other relationship.

Direct Dependencies

20
All Dependencies CSV
ⓘ This is a list of wechaty 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.
NameVersionSizeLicenseTypeVulnerabilities
clone-class1.1.327.73 kBApache-2.0
prod
cmd-ts0.10.270.42 kBMIT
prod
1
cockatiel2.0.275.53 kBMIT
prod
cross-spawn7.0.37.3 kBMIT
prod
dotenv16.4.577.22 kBBSD-2-Clause
prod
file-box1.4.1571.91 kBApache-2.0
prod
1
31
fp-ts2.16.64.5 MBMIT
prod
gerror1.0.1624.04 kBApache-2.0
prod peer
get-port6.1.24.12 kBMIT
prod
json-rpc-peer0.17.08.45 kBISC
prod
memory-card1.1.241.17 kBApache-2.0
prod
open-graph0.2.62.83 kBBSD
prod
1
7
2
2
rx-queue1.0.524.88 kBApache-2.0
prod
state-switch1.6.340.45 kBApache-2.0
prod
uuid8.3.227.32 kBMIT
prod
wechaty-puppet-service1.19.9196.3 kBApache-2.0
prod
1
3
32
wechaty-puppet-wechat4u1.14.14112.93 kBApache-2.0
prod
1
1
33
wechaty-puppet1.20.2163.69 kBApache-2.0
prod peer
1
31
wechaty-token1.1.226.92 kBApache-2.0
prod
1
ws8.17.0137.22 kBMIT
prod

Visualizations