Skip to content
Tools / dify / Dependencies

Dependency Analysis

dify

Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.

Security Export CSV
66% Freshness
2383 Dependencies
595 Outdated
0 Stale
7.1 Avg Behind

Dependency List

Latest release 1.14.0

All 2382 Outdated 1002 Has CVE 9 GPL 26
Dependency Type Current Latest Behind CVE License
litellm
pypi
 Transitive 1.83.0 1.88.0.dev1 36 behind 3 critical Unknown
gitpython
pypi
 Transitive 3.1.47 3.1.50 3 behind 2 high Unknown
couchbase
pypi
 Transitive 4.6.0 4.6.1 2 behind 1 high Unknown
mako
pypi
 Transitive 1.3.11 1.3.12 1 behind 1 high MIT
postcss
npm
 Transitive 8.4.31 8.5.15 34 behind 1 medium MIT
dompurify
npm
 Transitive 3.3.2 3.4.8 10 behind 4 medium (Apache-2.0 AND GPL-1.0-only AND MPL-2.0 AND MS-PL) OR (Apache-2.0 AND GPL-1.0-only AND MPL-2.0) OR (Apache-2.0 AND GPL-2.0-only AND MPL-2.0 AND MS-PL) OR (Apache-2.0 AND GPL-2.0-only AND MPL-2.0)
hono
npm
 Transitive 4.12.15 4.12.23 8 behind 2 medium MIT
uuid
npm
 Transitive 11.1.0 14.0.0 3 behind 1 medium MIT
py
pypi
 Transitive 1.11.0 1.11.0 Current 1 unknown MIT

License Breakdown

MIT 1429
Unknown 487
Apache-2.0 150
ISC 76
BSD-3-Clause 52
BSD-2-Clause 30
BSD-2-Clause AND BSD-3-Clause 23
MPL-2.0 18
Apache-2.0 AND MIT 11
BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0 10
BlueOak-1.0.0 10
CC0-1.0 4
LicenseRef-scancode-generic-cla AND MIT 4
0BSD 3
Apache-2.0 AND BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0 3
CC0-1.0 AND MIT 3
ISC AND MIT 3
Apache-2.0 AND BSD-2-Clause 2
BSD-2-Clause AND BSD-3-Clause AND MIT 2
BSD-3-Clause AND LicenseRef-scancode-generic-cla AND MIT 2
BSD-3-Clause AND MIT 2
MIT AND MPL-2.0 2
PSF-2.0 2
Unlicense 2
(Apache-2.0 AND GPL-1.0-only AND MPL-2.0 AND MS-PL) OR (Apache-2.0 AND GPL-1.0-only AND MPL-2.0) OR (Apache-2.0 AND GPL-2.0-only AND MPL-2.0 AND MS-PL) OR (Apache-2.0 AND GPL-2.0-only AND MPL-2.0) 1
0BSD AND BSD-3-Clause AND LicenseRef-scancode-other-permissive AND MIT AND Python-2.0 1
0BSD AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference AND PSF-2.0 AND Python-2.0 1
0BSD AND MIT 1
Apache-2.0 AND BSD-3-Clause 1
Apache-2.0 AND BSD-3-Clause AND CC-BY-4.0 AND LicenseRef-scancode-warranty-disclaimer 1
Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference 1
Apache-2.0 AND BSD-3-Clause AND MIT 1
Apache-2.0 AND BSD-3-Clause AND MPL-2.0 1
Apache-2.0 AND GPL-1.0-or-later AND GPL-2.0-only 1
Apache-2.0 AND ISC 1
Apache-2.0 AND MIT AND MPL-2.0 1
Apache-2.0 OR BSD-2-Clause OR MIT OR (Apache-2.0 AND BSD-2-Clause) OR (Apache-2.0 AND MIT) OR (BSD-2-Clause AND MIT) 1
Apache-2.0 OR BSD-3-Clause OR (Apache-2.0 AND BSD-3-Clause) 1
Apache-2.0 OR MPL-2.0 1
BSD-2-Clause AND BSD-2-Clause-Views 1
BSD-2-Clause AND BSD-2-Clause-Views AND BSD-3-Clause 1
BSD-2-Clause AND BSD-3-Clause AND BSD-Advertising-Acknowledgement 1
BSD-2-Clause AND BSD-3-Clause AND GPL-1.0-or-later 1
BSD-2-Clause AND BSD-3-Clause AND JSON 1
BSD-2-Clause AND BSD-3-Clause AND LGPL-2.1-only AND LGPL-2.1-or-later 1
BSD-2-Clause AND BSD-3-Clause AND LicenseRef-scancode-public-domain AND Unlicense 1
BSD-2-Clause AND MIT AND Python-2.0 AND Python-2.0.1 1
BSD-3-Clause AND GPL-1.0-or-later AND LicenseRef-scancode-unknown-license-reference 1
BSD-3-Clause AND LicenseRef-scancode-protobuf 1
BSD-3-Clause OR Apache-2.0 1
CC-BY-3.0 1
CC-BY-4.0 1
CC-BY-4.0 AND LicenseRef-scancode-public-domain AND MIT 1
CC0-1.0 OR MIT OR (CC0-1.0 AND MIT) 1
CNRI-Python AND Apache-2.0 1
EPL-2.0 1
GPL-2.0-only AND LicenseRef-scancode-unknown-license-reference 1
GPL-3.0 AND GPL-3.0-or-later AND LGPL-3.0-or-later 1
JSON AND MIT 1
LGPL-2.0-or-later AND LGPL-3.0-or-later 1
LGPL-2.1-or-later 1
LGPL-3.0 1
LGPL-3.0 AND LGPL-3.0-only 1
LGPL-3.0-only 1
MIT AND HPND 1
MIT AND OSL-3.0 1
MIT AND PSF-2.0 AND Python-2.0 1
MIT AND Python-2.0 1
MIT AND Python-2.0 AND Python-2.0.1 AND BSD-2-Clause AND MIT AND Python-2.0 AND Python-2.0.1 AND BSD-2-Clause 1
MIT AND ZPL-2.1 1
MIT OR (MIT AND WTFPL) 1
MIT OR Apache-2.0 1
MIT-0 1
MIT-CMU 1
Python-2.0 1
Python-2.0 AND GPL-1.0-or-later AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD 1

CVE Severity

critical 1
high 3
medium 4
low 0
unknown 1

Beta — feedback welcome: [email protected]