Dependency Analysis
cerbos
Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.
84%
Freshness
836
Dependencies
101
Outdated
0
Stale
3.9
Avg Behind
Dependency List
Latest release v0.53.0
| Dependency | Type | Current | Latest | Behind | CVE | License |
|---|---|---|---|---|---|---|
|
minimatch
npm
|
Transitive | 7.4.6 | 10.2.5 | 42 behind | 3 high | ISC |
|
lodash
npm
|
Transitive | 4.17.21 | 4.18.1 | 3 behind | 3 high | CC0-1.0 AND MIT |
|
fast-uri
npm
|
Transitive | 3.1.0 | 3.1.2 | 2 behind | 2 high | BSD-3-Clause |
|
ajv
npm
|
Transitive | 8.17.1 | 8.20.0 | 4 behind | 1 medium | MIT |
|
express-rate-limit
npm
|
Transitive | 5.5.1 | 8.5.2 | 56 behind | — | MIT |
|
express
npm
|
Transitive | 4.22.1 | 5.2.1 | 53 behind | — | MIT |
|
cacheable-request
npm
|
Transitive | 7.0.2 | 13.0.19 | 49 behind | — | MIT |
|
lru-cache
npm
|
Transitive | 7.18.3 | 11.5.1 | 49 behind | — | ISC |
|
tldts
npm
|
Transitive | 6.1.86 | 7.4.2 | 43 behind | — | MIT |
|
tldts-core
npm
|
Transitive | 6.1.86 | 7.4.2 | 43 behind | — | MIT |
|
@verdaccio/core
npm
|
Transitive | 8.0.0-next-8.21 | 8.1.1 | 38 behind | — | MIT |
|
whatwg-url
npm
|
Transitive | 5.0.0 | 16.0.1 | 36 behind | — | MIT |
|
qs
npm
|
Transitive | 6.14.2 | 6.15.2 | 31 behind | — | BSD-3-Clause |
|
mime
npm
|
Transitive | 1.6.0 | 4.1.0 | 30 behind | — | MIT |
|
undici-types
npm
|
Transitive | 7.18.2 | 8.3.0 | 27 behind | — | MIT |
|
keyv
npm
|
Transitive | 4.5.4 | 5.6.0 | 26 behind | — | MIT |
|
@sindresorhus/is
npm
|
Transitive | 4.6.0 | 8.1.0 | 25 behind | — | MIT |
|
debug
npm
|
Transitive | 2.6.9 | 4.4.3 | 25 behind | — | MIT |
|
node-fetch
npm
|
Transitive | 2.6.7 | 3.3.2 | 24 behind | — | MIT |
|
lowdb
npm
|
Transitive | 1.0.0 | 7.0.1 | 20 behind | — | MIT |
|
@verdaccio/file-locking
npm
|
Transitive | 10.3.1 | 13.0.1 | 18 behind | — | MIT |
|
@types/node
npm
|
Transitive | 25.5.2 | 25.9.1 | 16 behind | — | MIT |
|
form-data-encoder
npm
|
Transitive | 1.7.2 | 4.1.0 | 15 behind | — | MIT |
|
pako
npm
|
Transitive | 0.2.9 | 2.1.0 | 15 behind | — | MIT |
|
uuid
npm
|
Transitive | 8.3.2 | 14.0.0 | 15 behind | — | MIT |
|
tr46
npm
|
Transitive | 0.0.3 | 6.0.0 | 14 behind | — | MIT |
|
https-proxy-agent
npm
|
Transitive | 5.0.1 | 9.0.0 | 13 behind | — | MIT |
|
normalize-url
npm
|
Transitive | 6.1.0 | 9.0.1 | 13 behind | — | MIT |
|
@verdaccio/auth
npm
|
Transitive | 8.0.0-next-8.37 | 8.0.2 | 12 behind | — | MIT |
|
@verdaccio/config
npm
|
Transitive | 8.0.0-next-8.37 | 8.1.1 | 12 behind | — | MIT |
|
@verdaccio/core
npm
|
Transitive | 8.0.0-next-8.37 | 8.1.1 | 12 behind | — | MIT |
|
@verdaccio/hooks
npm
|
Transitive | 8.0.0-next-8.37 | 8.0.2 | 12 behind | — | MIT |
|
@verdaccio/loaders
npm
|
Transitive | 8.0.0-next-8.27 | 8.0.2 | 12 behind | — | MIT |
|
@verdaccio/logger
npm
|
Transitive | 8.0.0-next-8.37 | 8.0.2 | 12 behind | — | MIT |
|
@verdaccio/middleware
npm
|
Transitive | 8.0.0-next-8.37 | 8.0.2 | 12 behind | — | MIT |
|
@verdaccio/package-filter
npm
|
Transitive | 13.0.0-next-8.5 | 13.0.2 | 12 behind | — | MIT |
|
@verdaccio/signature
npm
|
Transitive | 8.0.0-next-8.29 | 8.0.2 | 12 behind | — | MIT |
|
@verdaccio/tarball
npm
|
Transitive | 13.0.0-next-8.37 | 13.0.2 | 12 behind | — | MIT |
|
@verdaccio/url
npm
|
Transitive | 13.0.0-next-8.37 | 13.0.2 | 12 behind | — | MIT |
|
mkdirp
npm
|
Transitive | 1.0.4 | 3.0.1 | 12 behind | — | MIT |
|
verdaccio-audit
npm
|
Transitive | 13.0.0-next-8.37 | 13.0.2 | 12 behind | — | MIT |
|
verdaccio-htpasswd
npm
|
Transitive | 13.0.0-next-8.37 | 13.0.2 | 12 behind | — | MIT |
|
mime
npm
|
Transitive | 3.0.0 | 4.1.0 | 11 behind | — | MIT |
|
quick-lru
npm
|
Transitive | 5.1.1 | 7.3.0 | 11 behind | — | MIT |
|
steno
npm
|
Transitive | 0.4.4 | 4.0.2 | 11 behind | — | MIT |
|
agent-base
npm
|
Transitive | 6.0.2 | 9.0.0 | 10 behind | — | MIT |
|
iconv-lite
npm
|
Transitive | 0.4.24 | 0.7.2 | 10 behind | — | MIT |
|
process-warning
npm
|
Transitive | 1.0.0 | 5.0.0 | 10 behind | — | MIT |
|
readable-stream
npm
|
Transitive | 2.3.8 | 4.7.0 | 10 behind | — | MIT |
|
webidl-conversions
npm
|
Transitive | 3.0.1 | 8.0.1 | 9 behind | — | BSD-2-Clause |
|
get-stream
npm
|
Transitive | 5.2.0 | 9.0.1 | 8 behind | — | MIT |
|
source-map
npm
|
Transitive | 0.6.1 | 0.7.6 | 8 behind | — | BSD-3-Clause |
|
through2
npm
|
Transitive | 2.0.5 | 5.0.1 | 8 behind | — | MIT |
|
verdaccio
npm
|
Direct | 6.5.2 | 6.7.2 | 8 behind | — | MIT |
|
balanced-match
npm
|
Transitive | 1.0.2 | 4.0.4 | 6 behind | — | MIT |
|
get-stream
npm
|
Transitive | 6.0.1 | 9.0.1 | 6 behind | — | MIT |
|
ipaddr.js
npm
|
Transitive | 1.9.1 | 2.4.0 | 6 behind | — | MIT |
|
isarray
npm
|
Transitive | 1.0.0 | 2.0.5 | 6 behind | — | MIT |
|
minimatch
npm
|
Transitive | 7.4.9 | 10.2.5 | 6 behind | — | ISC |
|
pino
npm
|
Transitive | 9.14.0 | 10.3.1 | 6 behind | — | MIT |
|
sonic-boom
npm
|
Transitive | 3.8.1 | 5.0.0 | 6 behind | — | MIT |
|
@verdaccio/file-locking
npm
|
Transitive | 13.0.0-next-8.7 | 13.0.1 | 5 behind | — | MIT |
|
@verdaccio/local-storage-legacy
npm
|
Transitive | 11.1.1 | 11.3.3 | 5 behind | — | MIT |
|
array-flatten
npm
|
Transitive | 1.1.1 | 3.0.0 | 5 behind | — | MIT |
|
bcryptjs
npm
|
Transitive | 2.4.3 | 3.0.3 | 5 behind | — | MIT |
|
content-disposition
npm
|
Transitive | 0.5.4 | 2.0.1 | 5 behind | — | MIT |
|
cookie
npm
|
Transitive | 0.7.2 | 1.1.1 | 5 behind | — | MIT |
|
decompress-response
npm
|
Transitive | 6.0.0 | 10.0.0 | 5 behind | — | MIT |
|
duplexify
npm
|
Transitive | 3.7.1 | 4.1.3 | 5 behind | — | MIT |
|
media-typer
npm
|
Transitive | 0.3.0 | 2.0.0 | 5 behind | — | MIT |
|
mimic-response
npm
|
Transitive | 1.0.1 | 4.0.0 | 5 behind | — | MIT |
|
pify
npm
|
Transitive | 3.0.0 | 6.1.0 | 5 behind | — | MIT |
|
pump
npm
|
Transitive | 2.0.1 | 3.0.4 | 5 behind | — | MIT |
|
signal-exit
npm
|
Transitive | 3.0.7 | 4.1.0 | 5 behind | — | ISC |
|
tough-cookie
npm
|
Transitive | 5.1.2 | 6.0.1 | 5 behind | — | BSD-3-Clause |
|
tweetnacl
npm
|
Transitive | 0.14.5 | 1.0.3 | 5 behind | — | Unlicense |
|
@types/responselike
npm
|
Transitive | 1.0.0 | 1.0.3 | 4 behind | — | MIT |
|
@verdaccio/logger-commons
npm
|
Transitive | 8.0.0-next-8.37 | 8.0.2 | 4 behind | — | MIT |
|
@verdaccio/search-indexer
npm
|
Transitive | 8.0.0-next-8.6 | 8.0.2 | 4 behind | — | MIT |
|
@verdaccio/streams
npm
|
Transitive | 10.2.1 | 10.2.5 | 4 behind | — | MIT |
|
@verdaccio/utils
npm
|
Transitive | 8.1.0-next-8.37 | 8.1.2 | 4 behind | — | MIT |
|
brace-expansion
npm
|
Transitive | 2.0.3 | 5.0.6 | 4 behind | — | MIT |
|
ms
npm
|
Transitive | 2.0.0 | 2.1.3 | 4 behind | — | MIT |
|
raw-body
npm
|
Transitive | 2.5.3 | 3.0.2 | 4 behind | — | MIT |
|
responselike
npm
|
Transitive | 2.0.1 | 4.0.2 | 4 behind | — | MIT |
|
semver
npm
|
Transitive | 7.7.2 | 7.8.1 | 4 behind | — | ISC |
|
ajv
npm
|
Transitive | 8.18.0 | 8.20.0 | 3 behind | — | MIT |
|
bare-events
npm
|
Transitive | 2.8.2 | 2.9.1 | 3 behind | — | Apache-2.0 |
|
dayjs
npm
|
Transitive | 1.11.18 | 1.11.21 | 3 behind | — | MIT |
|
event-target-shim
npm
|
Transitive | 5.0.1 | 6.0.2 | 3 behind | — | MIT |
|
lowercase-keys
npm
|
Transitive | 2.0.0 | 4.0.1 | 3 behind | — | MIT |
|
mime-types
npm
|
Transitive | 2.1.35 | 3.0.2 | 3 behind | — | MIT |
|
p-cancelable
npm
|
Transitive | 2.1.1 | 4.0.1 | 3 behind | — | MIT |
|
path-to-regexp
npm
|
Transitive | 0.1.13 | 8.4.2 | 3 behind | — | MIT |
|
tar-stream
npm
|
Transitive | 3.1.7 | 3.2.0 | 3 behind | — | MIT |
|
thread-stream
npm
|
Transitive | 3.1.0 | 4.2.0 | 3 behind | — | MIT |
|
type-is
npm
|
Transitive | 1.6.18 | 2.1.0 | 3 behind | — | MIT |
|
@cypress/request
npm
|
Transitive | 3.0.10 | 4.0.1 | 2 behind | — | Apache-2.0 |
|
@szmarczak/http-timer
npm
|
Transitive | 4.0.6 | 5.0.1 | 2 behind | — | MIT |
|
@verdaccio/logger-prettify
npm
|
Transitive | 8.0.0-next-8.5 | 8.0.1 | 2 behind | — | MIT |
|
extsprintf
npm
|
Transitive | 1.3.0 | 1.4.1 | 2 behind | — | MIT |
|
hasown
npm
|
Transitive | 2.0.2 | 2.0.4 | 2 behind | — | MIT |
|
is-promise
npm
|
Transitive | 2.2.2 | 4.0.0 | 2 behind | — | MIT |
|
js-yaml
npm
|
Transitive | 4.1.1 | 4.2.0 | 2 behind | — | MIT |
|
mime-db
npm
|
Transitive | 1.52.0 | 1.54.0 | 2 behind | — | MIT |
|
pino-abstract-transport
npm
|
Transitive | 1.2.0 | 3.0.0 | 2 behind | — | MIT |
|
pumpify
npm
|
Transitive | 1.5.1 | 2.0.1 | 2 behind | — | MIT |
|
safe-buffer
npm
|
Transitive | 5.1.2 | 5.2.1 | 2 behind | — | MIT |
|
semver
npm
|
Transitive | 7.7.4 | 7.8.1 | 2 behind | — | ISC |
|
string_decoder
npm
|
Transitive | 1.1.1 | 1.3.0 | 2 behind | — | MIT |
|
asynckit
npm
|
Transitive | 0.4.0 | 0.5.0 | 1 behind | — | MIT |
|
b4a
npm
|
Transitive | 1.8.0 | 1.8.1 | 1 behind | — | Apache-2.0 |
|
body-parser
npm
|
Transitive | 1.20.4 | 2.2.2 | 1 behind | — | MIT |
|
browserify-zlib
npm
|
Transitive | 0.1.4 | 0.2.0 | 1 behind | — | MIT |
|
cacheable-lookup
npm
|
Transitive | 6.1.0 | 7.0.0 | 1 behind | — | MIT |
|
clone-response
npm
|
Transitive | 1.0.3 | 2.0.0 | 1 behind | — | MIT |
|
content-type
npm
|
Transitive | 1.0.5 | 2.0.0 | 1 behind | — | MIT |
|
cookie-signature
npm
|
Transitive | 1.0.7 | 1.2.2 | 1 behind | — | MIT |
|
core-util-is
npm
|
Transitive | 1.0.2 | 1.0.3 | 1 behind | — | MIT |
|
dashdash
npm
|
Transitive | 1.14.1 | 2.0.0 | 1 behind | — | MIT |
|
debug
npm
|
Transitive | 4.4.1 | 4.4.3 | 1 behind | — | MIT |
|
ecc-jsbn
npm
|
Transitive | 0.1.2 | 0.2.0 | 1 behind | — | MIT |
|
es-object-atoms
npm
|
Transitive | 1.1.1 | 1.1.2 | 1 behind | — | MIT |
|
finalhandler
npm
|
Transitive | 1.3.2 | 2.1.1 | 1 behind | — | MIT |
|
http-errors
npm
|
Transitive | 2.0.0 | 2.0.1 | 1 behind | — | MIT |
|
is-gzip
npm
|
Transitive | 1.0.0 | 2.0.0 | 1 behind | — | MIT |
|
jsbn
npm
|
Transitive | 0.1.1 | 1.1.0 | 1 behind | — | MIT |
|
merge-descriptors
npm
|
Transitive | 1.0.3 | 2.0.0 | 1 behind | — | MIT |
|
mimic-response
npm
|
Transitive | 3.1.0 | 4.0.0 | 1 behind | — | MIT |
|
negotiator
npm
|
Transitive | 0.6.3 | 1.0.0 | 1 behind | — | MIT |
|
negotiator
npm
|
Transitive | 0.6.4 | 1.0.0 | 1 behind | — | MIT |
|
pino-abstract-transport
npm
|
Transitive | 2.0.0 | 3.0.0 | 1 behind | — | MIT |
|
real-require
npm
|
Transitive | 0.2.0 | 1.0.0 | 1 behind | — | MIT |
|
send
npm
|
Transitive | 0.19.2 | 1.2.1 | 1 behind | — | MIT |
|
serve-static
npm
|
Transitive | 1.16.3 | 2.2.1 | 1 behind | — | MIT |
|
side-channel-list
npm
|
Transitive | 1.0.0 | 1.0.1 | 1 behind | — | MIT |
|
sonic-boom
npm
|
Transitive | 4.2.1 | 5.0.0 | 1 behind | — | MIT |
|
statuses
npm
|
Transitive | 2.0.1 | 2.0.2 | 1 behind | — | MIT |
|
streamx
npm
|
Transitive | 2.25.0 | 2.26.0 | 1 behind | — | MIT |
|
validator
npm
|
Transitive | 13.15.26 | 13.15.35 | 1 behind | — | MIT |
|
verror
npm
|
Transitive | 1.10.0 | 1.10.1 | 1 behind | — | MIT |
License Breakdown
MIT
385
Unknown
143
Apache-2.0
131
BSD-3-Clause
62
BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang
42
ISC
18
Apache-2.0 AND BSD-3-Clause
15
Apache-2.0 AND MIT
8
BSD-2-Clause
7
CC0-1.0 AND MIT
6
Apache-2.0 OR (Apache-2.0 AND LGPL-3.0-only)
3
BSD-3-Clause AND MPL-2.0
3
BSD-2-Clause AND ISC
2
BSD-3-Clause AND CC0-1.0 AND LicenseRef-scancode-public-domain AND LicenseRef-scancode-unknown-license-reference AND LicenseRef-scancode-w3c-03-bsd-license AND MIT
2
BSD-3-Clause AND MIT
2
GPL-3.0 AND GPL-3.0-only
2
LicenseRef-scancode-unknown-license-reference AND MIT
2
MPL-2.0
2
AFL-2.1 AND AFL-3.0 AND BSD-3-Clause
1
Apache-2.0 AND BSD-3-Clause AND MIT
1
Apache-2.0 AND CC-BY-3.0 AND MIT
1
Apache-2.0 AND CC-BY-SA-4.0
1
Apache-2.0 AND LicenseRef-scancode-dco-1.1 AND MIT
1
BSD-2-Clause AND BSD-3-Clause
1
BSD-3-Clause AND ISC
1
LicenseRef-scancode-public-domain AND Unlicense
1
LicenseRef-scancode-public-domain-disclaimer
1
MIT-0
1
MPL-1.1 AND MPL-2.0
1
Python-2.0
1
Unlicense
1
CVE Severity
critical
0
high
3
medium
2
low
1
unknown
2