Dependency Analysis
Deepfence ThreatMapper
Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.
60%
Freshness
3546
Dependencies
1200
Outdated
0
Stale
25.9
Avg Behind
Dependency List
Latest release v2.5.8
| Dependency | Type | Current | Latest | Behind | CVE | License |
|---|---|---|---|---|---|---|
|
basic-ftp
npm
|
Transitive | 5.1.0 | — | — | 4 critical | Apache-2.0 AND MIT |
|
gevent
pypi
|
Direct | 21.12.0 | — | — | 1 critical | MIT AND Python-2.0 |
|
github.com/docker/docker
golang
|
Direct | 20.10.22+incompatible | — | — | 4 critical | Apache-2.0 |
|
golang.org/x/crypto
golang
|
Direct | 0.1.0 | — | — | 6 critical | BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang |
|
google.golang.org/grpc
golang
|
Transitive | v1.77.0 | — | — | 1 critical | Apache-2.0 |
|
google.golang.org/grpc
golang
|
Direct | v1.77.0 | — | — | 1 critical | Apache-2.0 |
|
google.golang.org/grpc
golang
|
Direct | v1.77.0 | — | — | 1 critical | Apache-2.0 |
|
storybook
npm
|
Transitive | 8.6.15 | 10.4.2 | 405 behind | 1 high | MIT |
|
path-to-regexp
npm
|
Transitive | 0.1.7 | 8.4.2 | 50 behind | 3 high | MIT |
|
minimatch
npm
|
Transitive | 10.1.1 | 10.2.5 | 30 behind | 3 high | BlueOak-1.0.0 |
|
@babel/plugin-transform-modules-systemjs
npm
|
Transitive | 7.25.0 | 7.29.7 | 24 behind | 1 high | MIT |
|
http-proxy-middleware
npm
|
Transitive | 2.0.6 | 4.0.0 | 22 behind | 3 high | MIT |
|
rollup
npm
|
Transitive | 4.54.0 | 4.61.0 | 18 behind | 1 high | 0BSD AND ISC AND MIT |
|
gunicorn
pypi
|
Direct | 20.1.0 | 26.0.0 | 17 behind | 2 high | MIT |
|
axios
npm
|
Transitive | 1.13.2 | 1.17.0 | 15 behind | 16 high | MIT |
|
body-parser
npm
|
Transitive | 1.20.2 | 2.2.2 | 10 behind | 1 high | MIT |
|
svgo
npm
|
Transitive | 3.3.2 | 4.0.1 | 8 behind | 1 high | MIT |
|
image-size
npm
|
Transitive | 1.1.1 | 2.0.2 | 6 behind | 1 high | MIT |
|
serialize-javascript
npm
|
Transitive | 6.0.2 | 7.0.5 | 6 behind | 2 high | BSD-3-Clause |
|
flatted
npm
|
Transitive | 3.3.3 | 3.4.2 | 4 behind | 2 high | ISC |
|
path-to-regexp
npm
|
Transitive | 8.3.0 | 8.4.2 | 4 behind | 2 high | MIT |
|
cross-spawn
npm
|
Transitive | 7.0.3 | 7.0.6 | 3 behind | 1 high | MIT |
|
lodash
npm
|
Transitive | 4.17.21 | 4.18.1 | 3 behind | 3 high | CC0-1.0 AND MIT |
|
lodash
npm
|
Transitive | 4.17.21 | 4.18.1 | 3 behind | 3 high | CC0-1.0 AND MIT |
|
node-forge
npm
|
Transitive | 1.3.1 | 1.4.0 | 3 behind | 7 high | BSD-3-Clause OR GPL-2.0 OR (BSD-3-Clause AND GPL-2.0) |
|
picomatch
npm
|
Transitive | 4.0.3 | 4.0.4 | 3 behind | 2 high | MIT |
|
@isaacs/brace-expansion
npm
|
Transitive | 5.0.0 | 5.0.1 | 1 behind | 1 high | MIT |
|
braces
npm
|
Transitive | 3.0.2 | 3.0.3 | 1 behind | 1 high | MIT |
|
@remix-run/router
npm
|
Transitive | 1.23.1 | — | — | 1 high | MIT |
|
certifi
pypi
|
Direct | 2022.5.18.1 | — | — | 3 high | MPL-2.0 |
|
flask
pypi
|
Direct | 1.0.0 | — | — | 2 high | Unknown |
|
flask-cors
pypi
|
Direct | 3.0.10 | — | — | 5 high | MIT |
|
github.com/containerd/containerd
golang
|
Direct | 1.7.2 | — | — | 5 high | Apache-2.0 |
|
github.com/docker/cli
golang
|
Transitive | v29.1.2+incompatible | — | — | 1 high | Apache-2.0 |
|
github.com/docker/distribution
golang
|
Direct | 2.8.1+incompatible | — | — | 1 high | Apache-2.0 |
|
github.com/docker/docker
golang
|
Transitive | v28.5.2+incompatible | — | — | 2 high | Apache-2.0 |
|
github.com/docker/docker
golang
|
Transitive | v1.4.2-0.20180827131323-0c5f8d2b9b23 | — | — | 18 high | Apache-2.0 |
|
github.com/docker/docker
golang
|
Direct | v28.5.2+incompatible | — | — | 2 high | Apache-2.0 |
|
github.com/docker/docker
golang
|
Transitive | v28.5.2+incompatible | — | — | 2 high | Apache-2.0 |
|
github.com/gorilla/websocket
golang
|
Transitive | v0.0.0-20160221213430-5c91b59efa23 | — | — | 1 high | BSD-2-Clause |
|
github.com/hashicorp/go-getter
golang
|
Transitive | v1.8.3 | — | — | 1 high | MPL-2.0 |
|
github.com/opencontainers/runc
golang
|
Direct | 1.1.5 | — | — | 5 high | Apache-2.0 |
|
github.com/opencontainers/selinux
golang
|
Direct | 1.11.0 | — | — | 1 high | Apache-2.0 |
|
github.com/sirupsen/logrus
golang
|
Direct | 1.9.0 | — | — | 1 high | MIT |
|
go.opentelemetry.io/otel
golang
|
Direct | v1.39.0 | — | — | 1 high | Apache-2.0 AND BSD-3-Clause |
|
go.opentelemetry.io/otel
golang
|
Transitive | v1.39.0 | — | — | 1 high | Apache-2.0 AND BSD-3-Clause |
|
go.opentelemetry.io/otel
golang
|
Direct | v1.39.0 | — | — | 1 high | Apache-2.0 AND BSD-3-Clause |
|
go.opentelemetry.io/otel
golang
|
Direct | v1.39.0 | — | — | 1 high | Apache-2.0 AND BSD-3-Clause |
|
go.opentelemetry.io/otel/sdk
golang
|
Direct | v1.39.0 | — | — | 2 high | Apache-2.0 AND BSD-3-Clause |
|
go.opentelemetry.io/otel/sdk
golang
|
Direct | v1.39.0 | — | — | 2 high | Apache-2.0 AND BSD-3-Clause |
|
golang.org/x/net
golang
|
Direct | 0.3.1-0.20221206200815-1e63c2f08a10 | — | — | 11 high | BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang |
|
golang.org/x/oauth2
golang
|
Direct | 0.0.0-20220223155221-ee480838109b | — | — | 1 high | BSD-3-Clause |
|
google.golang.org/grpc
golang
|
Direct | 1.55.0 | — | — | 2 high | Apache-2.0 |
|
pycryptodome
pypi
|
Direct | 3.14.1 | — | — | 1 high | BSD-2-Clause AND Unlicense |
|
redis
pypi
|
Direct | 4.3.1 | — | — | 2 high | MIT |
|
urllib3
pypi
|
Direct | 1.26.9 | — | — | 7 high | MIT |
|
ws
npm
|
Transitive | 8.16.0 | — | — | 1 high | MIT |
|
ajv
npm
|
Transitive | 6.12.6 | 8.20.0 | 67 behind | 1 medium | MIT |
|
ajv
npm
|
Transitive | 6.12.6 | 8.20.0 | 67 behind | 1 medium | MIT |
|
yaml
npm
|
Transitive | 1.10.2 | 2.9.0 | 49 behind | 1 medium | ISC |
|
webpack
npm
|
Transitive | 5.90.3 | 5.107.2 | 44 behind | 3 medium | MIT |
|
qs
npm
|
Transitive | 6.11.0 | 6.15.2 | 42 behind | 2 medium | BSD-3-Clause |
|
@babel/runtime
npm
|
Transitive | 7.26.0 | 7.29.7 | 30 behind | 1 medium | MIT |
|
esbuild
npm
|
Transitive | 0.21.5 | 0.28.0 | 28 behind | 1 medium | MIT |
|
nanoid
npm
|
Transitive | 3.3.7 | 5.1.11 | 24 behind | 1 medium | MIT |
|
express
npm
|
Transitive | 4.18.3 | 5.2.1 | 15 behind | 2 medium | MIT |
|
brace-expansion
npm
|
Transitive | 2.0.2 | 5.0.6 | 11 behind | 1 medium | MIT |
|
estree-util-value-to-estree
npm
|
Transitive | 3.0.1 | 3.5.0 | 11 behind | 1 medium | MIT |
|
webpack-dev-server
npm
|
Transitive | 4.15.2 | 5.2.4 | 6 behind | 2 medium | MIT |
|
js-yaml
npm
|
Transitive | 4.1.0 | 4.2.0 | 3 behind | 1 medium | MIT |
|
micromatch
npm
|
Transitive | 4.0.5 | 4.0.8 | 3 behind | 1 medium | MIT |
|
ip-address
npm
|
Transitive | 10.1.0 | 10.2.0 | 2 behind | 1 medium | MIT |
|
mdast-util-to-hast
npm
|
Transitive | 13.1.0 | 13.2.1 | 2 behind | 1 medium | MIT |
|
follow-redirects
npm
|
Transitive | 1.15.11 | 1.16.0 | 1 behind | 1 medium | MIT |
|
prismjs
npm
|
Transitive | 1.29.0 | 1.30.0 | 1 behind | 1 medium | MIT |
|
@babel/helpers
npm
|
Transitive | 7.26.0 | — | — | 1 medium | MIT |
|
@babel/runtime-corejs3
npm
|
Transitive | 7.26.0 | — | — | 1 medium | MIT |
|
@nestjs/core
npm
|
Transitive | 11.1.11 | — | — | 1 medium | MIT |
|
dnspython
pypi
|
Direct | 2.2.1 | — | — | 1 medium | ISC |
|
eventlet
pypi
|
Direct | 0.33.1 | — | — | 2 medium | MIT |
|
file-type
npm
|
Transitive | 21.2.0 | — | — | 2 medium | MIT |
|
github.com/anchore/syft
golang
|
Direct | v1.39.0 | — | — | 1 medium | Apache-2.0 AND CC-BY-4.0 AND EPL-2.0 |
|
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream
golang
|
Transitive | v1.6.10 | — | — | 1 medium | Apache-2.0 |
|
github.com/aws/aws-sdk-go-v2/service/s3
golang
|
Transitive | v1.80.1 | — | — | 1 medium | Apache-2.0 |
|
github.com/cyphar/filepath-securejoin
golang
|
Direct | 0.2.3 | — | — | 2 medium | BSD-3-Clause |
|
github.com/gin-gonic/gin
golang
|
Direct | 1.8.2 | — | — | 2 medium | MIT |
|
github.com/go-chi/chi/v5
golang
|
Direct | v5.1.0 | — | — | 1 medium | MIT |
|
github.com/go-chi/chi/v5
golang
|
Direct | v5.1.0 | — | — | 1 medium | MIT |
|
github.com/hashicorp/go-retryablehttp
golang
|
Direct | 0.7.1 | — | — | 1 medium | MPL-2.0 |
|
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
golang
|
Direct | v1.39.0 | — | — | 1 medium | Apache-2.0 AND BSD-3-Clause |
|
golang.org/x/image
golang
|
Transitive | v0.25.0 | — | — | 3 medium | BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang |
|
google.golang.org/protobuf
golang
|
Direct | 1.30.0 | — | — | 1 medium | BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang |
|
idna
pypi
|
Direct | 3.3 | — | — | 1 medium | BSD-2-Clause AND BSD-3-Clause |
|
requests
pypi
|
Direct | 2.27.1 | — | — | 4 medium | Apache-2.0 |
|
vue-template-compiler
npm
|
Transitive | 2.7.16 | 2.7.16 | Current | 1 medium | MIT |
|
brace-expansion
npm
|
Transitive | 1.1.11 | 5.0.6 | 18 behind | 1 low | MIT |
|
cookie
npm
|
Transitive | 0.5.0 | 1.1.1 | 9 behind | 1 low | MIT |
|
serve-static
npm
|
Transitive | 1.15.0 | 2.2.1 | 9 behind | 1 low | MIT |
|
send
npm
|
Transitive | 0.18.0 | 1.2.1 | 8 behind | 1 low | MIT |
|
on-headers
npm
|
Transitive | 1.0.2 | 1.1.0 | 1 behind | 1 low | MIT |
|
github.com/aws/aws-sdk-go
golang
|
Direct | v1.55.8 | — | — | 2 unknown | Apache-2.0 |
|
github.com/aws/aws-sdk-go
golang
|
Direct | v1.55.8 | — | — | 2 unknown | Apache-2.0 |
|
golang.org/x/net
golang
|
Transitive | v0.48.0 | — | — | 1 unknown | BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang |
|
golang.org/x/net
golang
|
Transitive | v0.48.0 | — | — | 1 unknown | BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang |
|
golang.org/x/net
golang
|
Direct | v0.48.0 | — | — | 1 unknown | BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang |
License Breakdown
MIT
2471
Apache-2.0
324
Unknown
161
BSD-3-Clause
144
ISC
124
BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang
72
BSD-2-Clause
68
MPL-2.0
23
Apache-2.0 AND BSD-3-Clause
22
CC0-1.0 AND MIT
13
Apache-2.0 AND BSD-3-Clause AND MIT
11
Apache-2.0 AND MIT
10
BSD-2-Clause AND BSD-3-Clause
8
BSD-3-Clause AND MIT
7
BlueOak-1.0.0
7
CC0-1.0
5
Unlicense
5
0BSD
4
Apache-2.0 AND LicenseRef-scancode-unknown-license-reference
4
CC-BY-4.0
4
LicenseRef-scancode-public-domain AND Unlicense
4
Apache-2.0 AND BSD-2-Clause
3
Apache-2.0 AND CC-BY-SA-4.0
3
ISC AND MIT
3
Apache-2.0 AND Apache-2.0 WITH LLVM-exception AND LicenseRef-scancode-generic-cla AND LicenseRef-scancode-unknown-license-reference AND MIT
2
Apache-2.0 AND CC-BY-4.0
2
Apache-2.0 AND LGPL-2.0-or-later AND LGPL-3.0-only
2
Apache-2.0 AND LicenseRef-scancode-dco-1.1 AND MIT
2
BSD-2-Clause AND BSD-2-Clause-Views
2
CC-BY-4.0 AND MIT
2
Python-2.0
2
(Apache-2.0 OR GPL-2.0-or-later) AND CC-BY-4.0
1
0BSD AND ISC AND MIT
1
0BSD AND LicenseRef-scancode-public-domain
1
Apache-2.0 AND BSD-2-Clause AND BlueOak-1.0.0 AND CC0-1.0 AND ISC AND MIT
1
Apache-2.0 AND BSD-3-Clause AND ISC AND MIT
1
Apache-2.0 AND CC-BY-4.0 AND EPL-2.0
1
Apache-2.0 AND CC-BY-4.0 AND MIT
1
Apache-2.0 AND GPL-2.0-only AND GPL-2.0-only WITH Bison-exception-2.2 AND GPL-2.0-or-later AND MIT
1
Apache-2.0 AND LicenseRef-scancode-dco-1.1
1
Apache-2.0 OR BSD-2-Clause OR MIT OR (Apache-2.0 AND BSD-2-Clause) OR (Apache-2.0 AND MIT) OR (BSD-2-Clause AND MIT)
1
BSD-2-Clause AND Unlicense
1
BSD-3-Clause AND CC-BY-4.0
1
BSD-3-Clause AND LicenseRef-scancode-public-domain AND LicenseRef-scancode-unknown-license-reference
1
BSD-3-Clause AND MPL-2.0
1
BSD-3-Clause OR GPL-2.0 OR (BSD-3-Clause AND GPL-2.0)
1
BSD-3-Clause-Modification
1
CC-BY-3.0 AND MIT
1
CC0-1.0 OR MIT OR (CC0-1.0 AND MIT)
1
FTL AND MIT
1
GPL-3.0-or-later
1
LGPL-2.1-or-later
1
LicenseRef-scancode-dco-1.1 AND LicenseRef-scancode-generic-cla AND MIT
1
LicenseRef-scancode-free-unknown AND MIT
1
LicenseRef-scancode-warranty-disclaimer AND MIT
1
MIT AND Python-2.0
1
MIT AND WTFPL
1
MIT OR (CC0-1.0 AND MIT)
1
MIT OR WTFPL OR (MIT AND WTFPL)
1
MIT-0
1
PSF-2.0
1
Zlib
1
CVE Severity
critical
7
high
50
medium
38
low
5
unknown
5