Hold on, we're currently generating a fresh version of this report

Generated on Apr 16, 2024 via pnpm

x-ray 1.0.4

structure any website

Package summary

46

issues

7

licenses

Package created

6 Oct 2014

Version published

8 Mar 2015

Maintainers

4

Total deps

63

Direct deps

7

License

UNKNOWN

Issues

46

19 critical severity issues

lodash@2.4.2

Prototype Pollution in lodash

Recommendation: Upgrade to version 4.17.12 or later

via: cheerio@0.17.0 & others

catch-stdout@0.0.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: catch-stdout@0.0.1

cheerio@0.17.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: cheerio@0.17.0

cheerio@0.18.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: x-ray-select@1.1.0

combined-stream@0.0.7

Package has no specified license

Recommendation: Check the package code and files for license information

via: superagent@0.21.0

component-emitter@1.1.2

Package has no specified license

Recommendation: Check the package code and files for license information

via: superagent@0.21.0

delayed-stream@0.0.5

Package has no specified license

Recommendation: Check the package code and files for license information

via: superagent@0.21.0

dom-serializer@0.0.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: cheerio@0.17.0 & others

domelementtype@1.1.3

Package has no specified license

Recommendation: Check the package code and files for license information

via: cheerio@0.17.0 & others

domhandler@2.2.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: cheerio@0.17.0

domhandler@2.3.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: x-ray-select@1.1.0

domutils@1.4.3

Package has no specified license

Recommendation: Check the package code and files for license information

via: cheerio@0.17.0 & others

domutils@1.5.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: cheerio@0.17.0 & others

extend@1.2.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: superagent@0.21.0

formidable@1.0.14

Package has no specified license

Recommendation: Check the package code and files for license information

via: superagent@0.21.0

mime@1.2.11

Package has no specified license

Recommendation: Check the package code and files for license information

via: superagent@0.21.0

superagent@0.21.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: superagent@0.21.0

x-ray@1.0.4

Package has no specified license

Recommendation: Check the package code and files for license information

via: x-ray@1.0.4

yieldly@0.0.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: yieldly@0.0.1

14 high severity issues

qs@1.2.0

Prototype Pollution Protection Bypass in qs

Recommendation: Upgrade to version 6.0.4 or later

via: superagent@0.21.0

mime@1.2.11

mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input

Recommendation: Upgrade to version 1.4.1 or later

via: superagent@0.21.0

lodash@2.4.2

Prototype Pollution in lodash

Recommendation: Upgrade to version 4.17.11 or later

via: cheerio@0.17.0 & others

qs@1.2.0

qs vulnerable to Prototype Pollution

Recommendation: Upgrade to version 6.2.4 or later

via: superagent@0.21.0

lodash@2.4.2

Command Injection in lodash

Recommendation: Upgrade to version 4.17.21 or later

via: cheerio@0.17.0 & others

CSSselect@0.4.1

Package uses an invalid SPDX license ("BSD-like")

Recommendation: Validate that the package complies with your license policy

via: cheerio@0.17.0 & others

CSSwhat@0.4.7

Package uses an invalid SPDX license ("BSD-like")

Recommendation: Validate that the package complies with your license policy

via: cheerio@0.17.0 & others

entities@1.0.0

Package uses an invalid SPDX license ("BSD-like")

Recommendation: Validate that the package complies with your license policy

via: cheerio@0.17.0 & others

qs@1.2.0

Package uses an invalid SPDX license ("BSD")

Recommendation: Validate that the package complies with your license policy

via: superagent@0.21.0

reduce-component@1.0.1

Package uses an invalid SPDX license ("Apache, Version 2.0")

Recommendation: Validate that the package complies with your license policy

via: superagent@0.21.0

CSSselect@0.4.1

Deprecated package

via: cheerio@0.17.0 & others

CSSwhat@0.4.7

Deprecated package

via: cheerio@0.17.0 & others

formidable@1.0.14

Deprecated package

via: superagent@0.21.0

superagent@0.21.0

Deprecated package

via: superagent@0.21.0

7 moderate severity issues

lodash@2.4.2

Regular Expression Denial of Service (ReDoS) in lodash

Recommendation: Upgrade to version 4.17.11 or later

via: cheerio@0.17.0 & others

extend@1.2.1

Prototype Pollution in extend

Recommendation: Upgrade to version 2.0.2 or later

via: superagent@0.21.0

cookiejar@2.0.1

cookiejar Regular Expression Denial of Service via Cookie.parse function

Recommendation: Upgrade to version 2.1.4 or later

via: superagent@0.21.0

superagent@0.21.0

superagent vulnerable to zip bomb attacks

Recommendation: Upgrade to version 3.7.0 or later

via: superagent@0.21.0

lodash@2.4.2

Regular Expression Denial of Service (ReDoS) in lodash

Recommendation: Upgrade to version 4.17.21 or later

via: cheerio@0.17.0 & others

format-parser@0.0.2

Package has no specified source code repository

via: x-ray-select@1.1.0

x-ray-select@1.1.0

Package has no specified source code repository

via: x-ray-select@1.1.0

6 low severity issues

lodash@2.4.2

Prototype Pollution in lodash

Recommendation: Upgrade to version 4.17.5 or later

via: cheerio@0.17.0 & others

CSSselect@0.4.1

Package uses a license that is not OSI approved ("BSD-like")

Recommendation: Read and validate the license terms

via: cheerio@0.17.0 & others

CSSwhat@0.4.7

Package uses a license that is not OSI approved ("BSD-like")

Recommendation: Read and validate the license terms

via: cheerio@0.17.0 & others

entities@1.0.0

Package uses a license that is not OSI approved ("BSD-like")

Recommendation: Read and validate the license terms

via: cheerio@0.17.0 & others

qs@1.2.0

Package uses a license that is not OSI approved ("BSD")

Recommendation: Read and validate the license terms

via: superagent@0.21.0

reduce-component@1.0.1

Package uses a license that is not OSI approved ("Apache, Version 2.0")

Recommendation: Read and validate the license terms

via: superagent@0.21.0

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

37 Packages, Including:

async@0.9.2

component-type@1.2.2

cookiejar@2.0.1

core-util-is@1.0.3

debug@2.6.9

form-data@0.1.3

format-parser@0.0.2

htmlparser2@3.7.3

htmlparser2@3.8.3

is-browser@2.0.1

isarray@0.0.1

lodash._arraymap@3.0.0

lodash._basedifference@3.0.3

lodash._baseflatten@3.1.4

lodash._basefor@3.0.3

lodash._baseindexof@3.1.0

lodash._bindcallback@3.0.1

lodash._cacheindexof@3.0.2

lodash._createcache@3.1.2

lodash._getnative@3.9.1

lodash._pickbyarray@3.0.2

lodash._pickbycallback@3.0.0

lodash.isarguments@3.1.0

lodash.isarray@3.0.4

lodash.keysin@3.0.8

lodash.omit@3.1.0

lodash.restparam@3.6.1

lodash.unzip@3.4.0

lodash.zip@3.1.0

lodash@2.4.2

methods@1.0.1

ms@2.0.0

object-assign@2.1.1

readable-stream@1.0.27-1

readable-stream@1.1.14

string_decoder@0.10.31

x-ray-select@1.1.0

N/A

N/A

18 Packages, Including:

catch-stdout@0.0.1

cheerio@0.17.0

cheerio@0.18.0

combined-stream@0.0.7

component-emitter@1.1.2

delayed-stream@0.0.5

dom-serializer@0.0.1

domelementtype@1.1.3

domhandler@2.2.1

domhandler@2.3.0

domutils@1.4.3

domutils@1.5.1

extend@1.2.1

formidable@1.0.14

mime@1.2.11

superagent@0.21.0

x-ray@1.0.4

yieldly@0.0.1

BSD-like

Invalid

Not OSI Approved

3 Packages, Including:

CSSselect@0.4.1

CSSwhat@0.4.7

entities@1.0.0

BSD 2-Clause "Simplified" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

hold-liable

Must

include-copyright

include-license

2 Packages, Including:

domelementtype@1.3.1

entities@1.1.2

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

1 Packages, Including:

inherits@2.0.4

BSD

Invalid

Not OSI Approved

1 Packages, Including:

qs@1.2.0

Apache, Version 2.0

Invalid

Not OSI Approved

1 Packages, Including:

reduce-component@1.0.1

Direct Dependencies

7

All Dependencies CSV

ⓘ This is a list of x-ray 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
catch-stdout	0.0.1	1.62 kB	UNKNOWN	prod	1
cheerio	0.17.0	42.51 kB	UNKNOWN	prod	7 7 2 4
debug	2.6.9	16.13 kB	MIT	prod
object-assign	2.1.1	1.85 kB	MIT	prod
superagent	0.21.0	29 kB	UNKNOWN	prod	7 7 3 2
x-ray-select	1.1.0	4.91 kB	MIT	prod	7 7 4 4
yieldly	0.0.1	1.9 kB	UNKNOWN	prod	1

All Versions