Dependency Analysis
komga
Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.
61%
Freshness
1950
Dependencies
655
Outdated
0
Stale
26.9
Avg Behind
Dependency List
Latest release 1.24.4
| Dependency | Type | Current | Latest | Behind | CVE | License |
|---|---|---|---|---|---|---|
|
form-data
npm
|
Transitive | 2.3.3 | 4.0.5 | 18 behind | 1 critical | MIT |
|
org.apache.tika:tika-core
maven
|
Transitive | 2.9.2 | — | — | 1 critical | Unknown |
|
axios
npm
|
Direct | 1.15.0 | 1.17.0 | 8 behind | 13 high | MIT |
|
cross-spawn
npm
|
Transitive | 6.0.5 | 7.0.6 | 7 behind | 1 high | MIT |
|
serialize-javascript
npm
|
Transitive | 6.0.2 | 7.0.5 | 6 behind | 2 high | BSD-3-Clause |
|
fast-uri
npm
|
Transitive | 3.1.0 | 3.1.2 | 2 behind | 2 high | BSD-3-Clause |
|
@babel/plugin-transform-modules-systemjs
npm
|
Transitive | 7.22.11 | — | — | 1 high | MIT |
|
io.netty:netty-codec
maven
|
Direct | 4.1.132.Final | — | — | 1 high | Apache-2.0 |
|
io.netty:netty-codec-dns
maven
|
Direct | 4.1.132.Final | — | — | 1 high | Apache-2.0 |
|
io.netty:netty-codec-http
maven
|
Direct | 4.1.132.Final | — | — | 6 high | Apache-2.0 |
|
io.netty:netty-codec-http2
maven
|
Direct | 4.1.132.Final | — | — | 1 high | Apache-2.0 |
|
io.netty:netty-transport-native-epoll
maven
|
Direct | 4.1.132.Final | — | — | 1 high | Apache-2.0 |
|
minimatch
npm
|
Transitive | 9.0.1 | — | — | 3 high | ISC |
|
org.bouncycastle:bcpg-jdk18on
maven
|
Transitive | 1.81 | — | — | 1 high | Unknown |
|
org.bouncycastle:bcprov-jdk18on
maven
|
Transitive | 1.81 | — | — | 2 high | Unknown |
|
org.codehaus.plexus:plexus-utils
maven
|
Transitive | 3.2.1 | — | — | 1 high | Unknown |
|
path-to-regexp
npm
|
Transitive | 0.1.10 | — | — | 2 high | MIT |
|
pdfjs-dist
npm
|
Transitive | 2.14.305 | — | — | 1 high | Apache-2.0 |
|
vuetify
npm
|
Direct | 2.7.1 | — | — | 2 high | MIT |
|
yaml
npm
|
Transitive | 1.10.2 | 2.9.0 | 49 behind | 1 medium | ISC |
|
qs
npm
|
Transitive | 6.13.0 | 6.15.2 | 35 behind | 2 medium | BSD-3-Clause |
|
tough-cookie
npm
|
Transitive | 2.5.0 | 6.0.1 | 23 behind | 1 medium | BSD-3-Clause |
|
webpack-dev-server
npm
|
Transitive | 4.15.1 | 5.2.4 | 12 behind | 2 medium | MIT |
|
micromatch
npm
|
Transitive | 4.0.5 | 4.0.8 | 3 behind | 1 medium | MIT |
|
ch.qos.logback:logback-core
maven
|
Transitive | 1.3.15 | — | — | 2 medium | EPL-1.0 OR LGPL-2.1-only |
|
com.fasterxml.jackson.core:jackson-core
maven
|
Transitive | 2.19.1 | — | — | 1 medium | Unknown |
|
com.github.junrar:junrar
maven
|
Direct | 7.5.5 | — | — | 2 medium | Unknown |
|
org.apache.commons:commons-lang3
maven
|
Transitive | 3.17.0 | — | — | 1 medium | Unknown |
|
org.bouncycastle:bcpkix-jdk18on
maven
|
Transitive | 1.81 | — | — | 1 medium | Unknown |
|
org.eclipse.jgit:org.eclipse.jgit
maven
|
Transitive | 5.13.3.202401111512-r | — | — | 1 medium | Unknown |
|
postcss
npm
|
Transitive | 8.4.29 | — | — | 2 medium | MIT |
|
request
npm
|
Transitive | 2.88.2 | 2.88.2 | Current | 1 medium | Apache-2.0 |
|
vue-template-compiler
npm
|
Direct | 2.7.14 | — | — | 1 medium | MIT |
|
@tootallnate/once
npm
|
Transitive | 1.1.2 | 3.0.1 | 3 behind | 1 low | MIT |
|
io.netty:netty-handler-proxy
maven
|
Direct | 4.1.132.Final | — | — | 1 low | Apache-2.0 |
|
vue
npm
|
Direct | 2.7.14 | — | — | 1 low | MIT |
License Breakdown
MIT
1141
Unknown
329
Apache-2.0
234
ISC
74
BSD-3-Clause
55
BSD-2-Clause
34
Apache-2.0 AND BSD-3-Clause AND EPL-1.0 AND LicenseRef-scancode-other-copyleft
11
CC0-1.0 AND MIT
6
LicenseRef-scancode-unknown-license-reference AND EPL-2.0
6
BlueOak-1.0.0
5
CC0-1.0
5
Apache-2.0 AND LicenseRef-scancode-unknown-license-reference
4
EPL-2.0
4
Apache-2.0 AND BSD-2-Clause
3
ISC AND MIT
3
Unlicense
3
0BSD
2
Apache-2.0 AND MIT
2
EPL-1.0 OR LGPL-2.1-only
2
EPL-2.0 AND LGPL-2.1 AND LGPL-2.1-only
2
GPL-2.0-only WITH Classpath-exception-2.0
2
MIT OR (CC0-1.0 AND MIT)
2
AFL-2.1 AND AFL-3.0 AND BSD-3-Clause
1
Apache-2.0 AND BSD-3-Clause
1
Apache-2.0 AND BSD-3-Clause AND OFL-1.1
1
BSD-2-Clause AND BSD-2-Clause-Views
1
BSD-2-Clause AND BSD-3-Clause
1
BSD-2-Clause AND BSD-3-Clause AND CC0-1.0
1
BSD-3-Clause AND ISC
1
BSD-3-Clause OR GPL-2.0-only
1
BSD-3-Clause-No-Nuclear-License
1
BSD-3-Clause-No-Nuclear-Warranty
1
CC-BY-3.0
1
CC-BY-4.0
1
EPL-1.0
1
EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0
1
LicenseRef-scancode-free-unknown AND MIT
1
LicenseRef-scancode-public-domain AND Unlicense
1
LicenseRef-scancode-unicode AND LicenseRef-scancode-unknown-license-reference AND Unicode-3.0
1
LicenseRef-scancode-unknown-license-reference AND Apache-2.0 AND EPL-2.0
1
MIT OR WTFPL OR (MIT AND WTFPL)
1
MPL-2.0
1
CVE Severity
critical
2
high
17
medium
14
low
3
unknown
0