Skip to content
Tools / dify / Dependencies

Dependency Analysis

dify

Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.

Security Export CSV
66% Freshness
2383 Dependencies
595 Outdated
0 Stale
7.1 Avg Behind

Dependency List

Latest release 1.14.0

All 2382 Outdated 1003 Has CVE 9 GPL 26
Dependency Type Current Latest Behind CVE License
dompurify
npm
 Transitive 3.3.2 3.4.8 10 behind 4 medium (Apache-2.0 AND GPL-1.0-only AND MPL-2.0 AND MS-PL) OR (Apache-2.0 AND GPL-1.0-only AND MPL-2.0) OR (Apache-2.0 AND GPL-2.0-only AND MPL-2.0 AND MS-PL) OR (Apache-2.0 AND GPL-2.0-only AND MPL-2.0)
chardet
pypi
 Transitive 5.1.0 7.4.3 14 behind LGPL-2.1-or-later
lxml
pypi
 Transitive 6.1.0 6.1.1 1 behind BSD-3-Clause AND GPL-1.0-or-later AND LicenseRef-scancode-unknown-license-reference
mysql-connector-python
pypi
 Transitive 9.6.0 9.7.0 1 behind GPL-2.0-only AND LicenseRef-scancode-unknown-license-reference
psycopg
pypi
 Transitive 3.3.3 3.3.4 1 behind LGPL-3.0 AND LGPL-3.0-only
@img/sharp-libvips-darwin-arm64
npm
 Transitive 1.2.4 1.2.4 Current BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-darwin-x64
npm
 Transitive 1.2.4 1.2.4 Current BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linux-arm
npm
 Transitive 1.2.4 1.2.4 Current BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linux-arm64
npm
 Transitive 1.2.4 1.2.4 Current BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linux-ppc64
npm
 Transitive 1.2.4 1.2.4 Current BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linux-riscv64
npm
 Transitive 1.2.4 1.2.4 Current BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linux-s390x
npm
 Transitive 1.2.4 1.2.4 Current BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linux-x64
npm
 Transitive 1.2.4 1.2.4 Current BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linuxmusl-arm64
npm
 Transitive 1.2.4 1.2.4 Current BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linuxmusl-x64
npm
 Transitive 1.2.4 1.2.4 Current BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-win32-arm64
npm
 Transitive 0.34.5 0.34.5 Current Apache-2.0 AND BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-win32-ia32
npm
 Transitive 0.34.5 0.34.5 Current Apache-2.0 AND BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-win32-x64
npm
 Transitive 0.34.5 0.34.5 Current Apache-2.0 AND BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
crc32c
pypi
 Transitive 2.8 2.8.0 BSD-2-Clause AND BSD-3-Clause AND LGPL-2.1-only AND LGPL-2.1-or-later
eslint-plugin-sonarjs
npm
 Direct 4.0.3 4.0.3 Current LGPL-3.0-only
gitdb
pypi
 Transitive 4.0.12 4.0.12 Current BSD-2-Clause AND BSD-3-Clause AND GPL-1.0-or-later
lamejs
npm
 Direct 1.2.1 1.2.1 Current LGPL-3.0
odfpy
pypi
 Direct 1.4.1 1.4.1 Current Apache-2.0 AND GPL-1.0-or-later AND GPL-2.0-only
psycopg2-binary
pypi
 Direct 2.9.12 2.9.12 Current LGPL-2.0-or-later AND LGPL-3.0-or-later
pyxlsb
pypi
 Direct 1.0.10 1.0.10 Current GPL-3.0 AND GPL-3.0-or-later AND LGPL-3.0-or-later
typing-extensions
pypi
 Transitive 4.15.0 4.15.0 Current Python-2.0 AND GPL-1.0-or-later AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD

License Breakdown

MIT 1429
Unknown 487
Apache-2.0 150
ISC 76
BSD-3-Clause 52
BSD-2-Clause 30
BSD-2-Clause AND BSD-3-Clause 23
MPL-2.0 18
Apache-2.0 AND MIT 11
BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0 10
BlueOak-1.0.0 10
CC0-1.0 4
LicenseRef-scancode-generic-cla AND MIT 4
0BSD 3
Apache-2.0 AND BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0 3
CC0-1.0 AND MIT 3
ISC AND MIT 3
Apache-2.0 AND BSD-2-Clause 2
BSD-2-Clause AND BSD-3-Clause AND MIT 2
BSD-3-Clause AND LicenseRef-scancode-generic-cla AND MIT 2
BSD-3-Clause AND MIT 2
MIT AND MPL-2.0 2
PSF-2.0 2
Unlicense 2
(Apache-2.0 AND GPL-1.0-only AND MPL-2.0 AND MS-PL) OR (Apache-2.0 AND GPL-1.0-only AND MPL-2.0) OR (Apache-2.0 AND GPL-2.0-only AND MPL-2.0 AND MS-PL) OR (Apache-2.0 AND GPL-2.0-only AND MPL-2.0) 1
0BSD AND BSD-3-Clause AND LicenseRef-scancode-other-permissive AND MIT AND Python-2.0 1
0BSD AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference AND PSF-2.0 AND Python-2.0 1
0BSD AND MIT 1
Apache-2.0 AND BSD-3-Clause 1
Apache-2.0 AND BSD-3-Clause AND CC-BY-4.0 AND LicenseRef-scancode-warranty-disclaimer 1
Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference 1
Apache-2.0 AND BSD-3-Clause AND MIT 1
Apache-2.0 AND BSD-3-Clause AND MPL-2.0 1
Apache-2.0 AND GPL-1.0-or-later AND GPL-2.0-only 1
Apache-2.0 AND ISC 1
Apache-2.0 AND MIT AND MPL-2.0 1
Apache-2.0 OR BSD-2-Clause OR MIT OR (Apache-2.0 AND BSD-2-Clause) OR (Apache-2.0 AND MIT) OR (BSD-2-Clause AND MIT) 1
Apache-2.0 OR BSD-3-Clause OR (Apache-2.0 AND BSD-3-Clause) 1
Apache-2.0 OR MPL-2.0 1
BSD-2-Clause AND BSD-2-Clause-Views 1
BSD-2-Clause AND BSD-2-Clause-Views AND BSD-3-Clause 1
BSD-2-Clause AND BSD-3-Clause AND BSD-Advertising-Acknowledgement 1
BSD-2-Clause AND BSD-3-Clause AND GPL-1.0-or-later 1
BSD-2-Clause AND BSD-3-Clause AND JSON 1
BSD-2-Clause AND BSD-3-Clause AND LGPL-2.1-only AND LGPL-2.1-or-later 1
BSD-2-Clause AND BSD-3-Clause AND LicenseRef-scancode-public-domain AND Unlicense 1
BSD-2-Clause AND MIT AND Python-2.0 AND Python-2.0.1 1
BSD-3-Clause AND GPL-1.0-or-later AND LicenseRef-scancode-unknown-license-reference 1
BSD-3-Clause AND LicenseRef-scancode-protobuf 1
BSD-3-Clause OR Apache-2.0 1
CC-BY-3.0 1
CC-BY-4.0 1
CC-BY-4.0 AND LicenseRef-scancode-public-domain AND MIT 1
CC0-1.0 OR MIT OR (CC0-1.0 AND MIT) 1
CNRI-Python AND Apache-2.0 1
EPL-2.0 1
GPL-2.0-only AND LicenseRef-scancode-unknown-license-reference 1
GPL-3.0 AND GPL-3.0-or-later AND LGPL-3.0-or-later 1
JSON AND MIT 1
LGPL-2.0-or-later AND LGPL-3.0-or-later 1
LGPL-2.1-or-later 1
LGPL-3.0 1
LGPL-3.0 AND LGPL-3.0-only 1
LGPL-3.0-only 1
MIT AND HPND 1
MIT AND OSL-3.0 1
MIT AND PSF-2.0 AND Python-2.0 1
MIT AND Python-2.0 1
MIT AND Python-2.0 AND Python-2.0.1 AND BSD-2-Clause AND MIT AND Python-2.0 AND Python-2.0.1 AND BSD-2-Clause 1
MIT AND ZPL-2.1 1
MIT OR (MIT AND WTFPL) 1
MIT OR Apache-2.0 1
MIT-0 1
MIT-CMU 1
Python-2.0 1
Python-2.0 AND GPL-1.0-or-later AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD 1

CVE Severity

critical 1
high 3
medium 4
low 0
unknown 1

Beta — feedback welcome: [email protected]