Tools / NewsBlur / Dependencies

Dependency Analysis

NewsBlur

Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.

Security Export CSV

61% Freshness

1165 Dependencies

366 Outdated

0 Stale

9.7 Avg Behind

Dependency List

Latest release v0.1.0

All 1164 Outdated 457 Has CVE 88 GPL 11

Dependency	Type	Current	Latest	Behind	CVE	License
form-data npm	Transitive	2.3.3	4.0.5	18 behind	1 critical	MIT
fsevents npm	Transitive	1.2.9	2.3.3	16 behind	2 critical	MIT
pbkdf2 npm	Transitive	3.0.17	3.1.6	7 behind	2 critical	MIT
cipher-base npm	Transitive	1.0.4	1.0.7	3 behind	1 critical	MIT
sha.js npm	Transitive	2.4.11	2.4.12	1 behind	1 critical	BSD-3-Clause AND MIT
@babel/traverse npm	Transitive	7.5.0	—	—	1 critical	MIT
django pypi	Direct	3.1.10	—	—	10 critical	BSD-3-Clause
elliptic npm	Transitive	6.5.0	—	—	9 critical	MIT
gevent pypi	Direct	22.10.2	—	—	1 critical	MIT AND Python-2.0
json-schema npm	Transitive	0.2.3	—	—	1 critical	AFL-2.1 OR BSD-3-Clause
json-schema npm	Transitive	0.2.3	—	—	1 critical	AFL-2.1 OR BSD-3-Clause
loader-utils npm	Transitive	1.2.3	—	—	3 critical	MIT
minimist npm	Transitive	1.2.0	—	—	2 critical	MIT
pillow pypi	Direct	8.0.1	—	—	33 critical	MIT-CMU
pymysql pypi	Direct	0.10.1	—	—	1 critical	MIT
pyyaml pypi	Direct	5.3.1	—	—	1 critical	MIT
path-to-regexp npm	Transitive	0.1.7	8.4.2	50 behind	3 high	MIT
gunicorn pypi	Direct	21.2.0	26.0.0	13 behind	2 high	MIT
ansi-regex npm	Transitive	4.1.0	6.2.2	9 behind	1 high	MIT
python-multipart pypi	Direct	0.0.22	0.0.30	8 behind	2 high	Apache-2.0
cross-spawn npm	Transitive	6.0.5	7.0.6	7 behind	1 high	MIT
nth-check npm	Transitive	1.0.2	3.0.1	6 behind	1 high	BSD-2-Clause AND BSD-3-Clause
braces npm	Transitive	2.3.2	3.0.3	4 behind	1 high	MIT
socket.io-parser npm	Transitive	4.2.4	4.2.6	3 behind	1 high	MIT
acorn npm	Transitive	6.2.0	—	—	1 high	MIT
addressable gem	Direct	2.8.7	—	—	1 high	Apache-2.0
async npm	Transitive	3.1.0	—	—	1 high	MIT
body-parser npm	Transitive	1.19.0	—	—	1 high	MIT
browserify-sign npm	Transitive	4.0.4	—	—	1 high	ISC
celery pypi	Direct	4.4.7	—	—	1 high	BSD-2-Clause
certifi pypi	Direct	2020.12.5	—	—	2 high	MPL-2.0
cryptography pypi	Direct	3.4.7	—	—	9 high	Apache-2.0 AND BSD-3-Clause AND PSF-2.0 AND Python-2.0
decode-uri-component npm	Transitive	0.2.0	—	—	1 high	MIT
dicer npm	Transitive	0.3.0	—	—	1 high	MIT
future pypi	Direct	0.18.2	—	—	1 high	MIT
ini npm	Transitive	1.3.5	—	—	1 high	ISC
json5 npm	Transitive	1.0.1	—	—	1 high	MIT
kind-of npm	Transitive	6.0.2	—	—	1 high	MIT
lodash npm	Transitive	4.17.14	—	—	6 high	CC0-1.0 AND MIT
lodash.pick npm	Transitive	4.4.0	—	—	1 high	MIT
lxml pypi	Direct	5.1.0	—	—	1 high	BSD-2-Clause AND BSD-3-Clause
minimatch npm	Transitive	3.0.4	—	—	4 high	ISC
moment npm	Transitive	2.29.1	—	—	2 high	MIT
pyasn1 pypi	Direct	0.4.8	—	—	1 high	BSD-2-Clause
qs npm	Transitive	6.5.2	—	—	2 high	BSD-3-Clause
semver npm	Transitive	6.2.0	—	—	1 high	ISC
serialize-javascript npm	Transitive	1.7.0	—	—	4 high	BSD-3-Clause
sqlparse pypi	Direct	0.4.1	—	—	4 high	BSD-2-Clause AND BSD-3-Clause
ssri npm	Transitive	6.0.1	—	—	1 high	ISC
tar npm	Transitive	4.4.8	—	—	12 high	BlueOak-1.0.0 AND ISC
terser npm	Transitive	4.1.2	—	—	1 high	BSD-2-Clause
virtualenv pypi	Direct	20.4.6	—	—	2 high	MIT
ws npm	Direct	7.5.5	—	—	1 high	MIT
y18n npm	Transitive	4.0.0	—	—	1 high	ISC
brace-expansion npm	Transitive	1.1.11	5.0.6	18 behind	2 medium	MIT
micromatch npm	Transitive	3.1.10	4.0.8	9 behind	1 medium	MIT
authlib pypi	Direct	1.6.9	1.7.2	6 behind	1 medium	BSD-3-Clause
cryptography pypi	Direct	46.0.5	48.0.0	4 behind	2 medium	Apache-2.0 AND BSD-3-Clause
jinja2 pypi	Direct	3.1.3	3.1.6	3 behind	4 medium	BSD-2-Clause AND BSD-3-Clause
pytest pypi	Direct	9.0.2	9.0.3	1 behind	1 medium	MIT
@babel/runtime npm	Transitive	7.5.4	—	—	1 medium	MIT
@babel/runtime-corejs2 npm	Transitive	7.15.4	—	—	1 medium	MIT
ajv npm	Transitive	6.10.1	—	—	2 medium	MIT
bleach pypi	Direct	3.2.1	—	—	1 medium	Apache-2.0
bn.js npm	Transitive	4.11.8	—	—	1 medium	MIT
dnspython pypi	Direct	2.0.0	—	—	1 medium	ISC
express npm	Direct	4.17.1	—	—	2 medium	MIT
filelock pypi	Direct	3.0.12	—	—	2 medium	Unlicense
hosted-git-info npm	Transitive	2.7.1	—	—	1 medium	ISC
idna pypi	Direct	2.10	—	—	1 medium	BSD-2-Clause
moment-timezone npm	Direct	0.5.33	—	—	2 medium	MIT
path-parse npm	Transitive	1.0.6	—	—	1 medium	MIT
request npm	Transitive	2.88.0	—	—	1 medium	Apache-2.0
requests pypi	Direct	2.25.0	—	—	1 medium	Apache-2.0
tough-cookie npm	Transitive	2.4.3	—	—	1 medium	BSD-3-Clause
yargs-parser npm	Transitive	13.1.1	—	—	1 medium	ISC
tmp npm	Transitive	0.0.33	0.2.7	9 behind	1 low	MIT
pygments pypi	Direct	2.19.2	2.20.0	1 behind	1 low	BSD-2-Clause
cookie npm	Transitive	0.4.0	—	—	1 low	MIT
debug npm	Transitive	4.1.1	—	—	1 low	MIT
django-ses pypi	Direct	1.0.3	—	—	1 low	MIT
flask pypi	Direct	3.0.2	—	—	1 low	BSD-2-Clause AND BSD-3-Clause
pyopenssl pypi	Direct	20.0.1	—	—	1 low	Apache-2.0
qs npm	Direct	6.10.1	—	—	1 low	BSD-3-Clause
send npm	Transitive	0.17.1	—	—	1 low	MIT
sentry-sdk pypi	Direct	1.44.1	—	—	1 low	BSD-2-Clause AND MIT
serve-static npm	Transitive	1.14.1	—	—	1 low	MIT
py pypi	Direct	1.10.0	—	—	1 unknown	MIT

License Breakdown

MIT 751

Apache-2.0 117

ISC 76

Unknown 50

BSD-2-Clause 42

BSD-3-Clause 38

BSD-2-Clause AND BSD-3-Clause 17

BSD-2-Clause AND MIT 4

Apache-2.0 AND MIT 3

MIT AND Python-2.0 3

Unlicense 3

(BSD-2-Clause AND MIT AND Ruby) OR (BSD-2-Clause AND MIT) 2

AFL-2.1 OR BSD-3-Clause 2

Apache-2.0 AND BSD-2-Clause 2

BSD-3-Clause AND ISC 2

BSD-3-Clause AND MIT 2

CC0-1.0 AND MIT 2

ISC AND MIT 2

MIT OR (CC0-1.0 AND MIT) 2

MPL-2.0 2

PSF-2.0 2

ZPL-2.1 2

(BSD-2-Clause AND BSD-3-Clause AND Ruby) OR (BSD-2-Clause AND BSD-3-Clause) 1

0BSD 1

AFL-2.1 OR MIT 1

Apache-2.0 AND BSD-3-Clause 1

Apache-2.0 AND BSD-3-Clause AND PSF-2.0 AND Python-2.0 1

Apache-2.0 OR (Apache-2.0 AND LGPL-3.0-only) 1

Apache-2.0 OR BSD-2-Clause OR MIT OR (Apache-2.0 AND BSD-2-Clause) OR (Apache-2.0 AND MIT) OR (BSD-2-Clause AND MIT) 1

Apache-2.0 OR MIT 1

Artistic-1.0-Perl OR GPL-1.0-only OR GPL-2.0-or-later 1

Artistic-2.0 AND MIT 1

BSD-2-Clause AND BSD-2-Clause-Views 1

BSD-2-Clause AND BSD-3-Clause AND CC-PDDC AND GPL-1.0-or-later AND GPL-3.0-only AND GPL-3.0-or-later AND LicenseRef-scancode-free-unknown AND LicenseRef-scancode-other-copyleft AND LicenseRef-scancode-public-domain 1

BSD-2-Clause OR Ruby 1

BSD-2-Clause OR Ruby OR (BSD-2-Clause AND Ruby) 1

BlueOak-1.0.0 AND ISC 1

CC-BY-3.0 1

CC-BY-SA-4.0 AND ISC 1

CC0-1.0 1

CC0-1.0 AND Unlicense 1

GPL-3.0 AND GPL-3.0-only AND GPL-3.0-or-later AND LGPL-3.0-only 1

GPL-3.0-or-later AND LGPL-2.0-or-later 1

HPND AND MIT 1

ISC AND MPL-2.0 1

JSON AND MIT 1

LGPL-2.1-only 1

LGPL-2.1-or-later 1

LGPL-3.0-only AND LGPL-3.0-or-later 1

LGPL-3.0-or-later WITH openvpn-openssl-exception 1

LicenseRef-scancode-unknown-license-reference 1

LicenseRef-scancode-warranty-disclaimer AND MIT 1

MIT AND Ruby 1

MIT AND Zlib 1

MIT-0 1

MIT-CMU 1

Python-2.0 AND GPL-1.0-or-later AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD 1

Python-2.0.1 1

Ruby OR (GPL-2.0 AND GPL-2.0-only) OR (GPL-2.0 AND Ruby) OR (GPL-2.0-only AND Ruby) 1

WTFPL 1

CVE Severity

critical 16

high 38

medium 22

low 11

unknown 1