Dependency Analysis
NodeBB
Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.
91%
Freshness
163
Dependencies
10
Outdated
0
Stale
1.7
Avg Behind
Dependency List
Latest release v4.11.2
| Dependency | Type | Current | Latest | Behind | CVE | License |
|---|---|---|---|---|---|---|
|
express
npm
|
Direct | 4.22.1 | 5.2.1 | 53 behind | — | MIT |
|
husky
npm
|
Direct | 8.0.3 | 9.1.7 | 19 behind | — | MIT |
|
mocha
npm
|
Direct | 11.7.5 | 11.7.6 | 18 behind | — | MIT |
|
chalk
npm
|
Direct | 4.1.2 | 5.6.2 | 12 behind | — | MIT |
|
mime
npm
|
Direct | 3.0.0 | 4.1.0 | 11 behind | — | MIT |
|
yargs
npm
|
Direct | 17.7.2 | 18.0.0 | 11 behind | — | MIT |
|
lint-staged
npm
|
Direct | 16.4.0 | 17.0.7 | 8 behind | — | MIT |
|
@apidevtools/swagger-parser
npm
|
Direct | 10.1.0 | 12.1.0 | 5 behind | — | MIT |
|
jquery
npm
|
Direct | 3.7.1 | 4.0.0 | 5 behind | — | MIT |
|
lru-cache
npm
|
Direct | 11.3.5 | 11.5.1 | 4 behind | — | BlueOak-1.0.0 |
|
undici
npm
|
Direct | 8.1.0 | 8.3.0 | 4 behind | — | MIT |
|
postcss
npm
|
Direct | 8.5.12 | 8.5.15 | 3 behind | — | MIT |
|
commander
npm
|
Direct | 14.0.3 | 15.0.0 | 2 behind | — | MIT |
|
semver
npm
|
Direct | 7.7.4 | 7.8.1 | 2 behind | — | ISC |
|
terser-webpack-plugin
npm
|
Direct | 5.5.0 | 5.6.1 | 2 behind | — | MIT |
|
@isaacs/ttlcache
npm
|
Direct | 2.1.4 | 2.1.5 | 1 behind | — | BlueOak-1.0.0 |
|
ace-builds
npm
|
Direct | 1.43.6 | 1.44.0 | 1 behind | — | BSD-3-Clause |
|
archiver
npm
|
Direct | 7.0.1 | 8.0.0 | 1 behind | — | MIT |
|
fs-extra
npm
|
Direct | 11.3.4 | 11.3.5 | 1 behind | — | MIT |
|
globals
npm
|
Direct | 17.5.0 | 17.6.0 | 1 behind | — | MIT |
|
ipaddr.js
npm
|
Direct | 2.3.0 | 2.4.0 | 1 behind | — | MIT |
|
morgan
npm
|
Direct | 1.10.1 | 1.11.0 | 1 behind | — | MIT |
|
pg
npm
|
Direct | 8.20.0 | 8.21.0 | 1 behind | — | MIT |
|
qs
npm
|
Direct | 6.15.1 | 6.15.2 | 1 behind | — | BSD-3-Clause |
|
redis
npm
|
Direct | 5.12.1 | 6.0.0 | 1 behind | — | MIT |
|
sanitize-html
npm
|
Direct | 2.17.3 | 2.17.4 | 1 behind | — | MIT |
|
sass
npm
|
Direct | 1.99.0 | 1.100.0 | 1 behind | — | Apache-2.0 AND BSD-3-Clause AND MIT |
|
@adactive/bootstrap-tagsinput
npm
|
Direct | 0.8.2 | — | — | — | MIT |
|
@commitlint/cli
npm
|
Direct | 20.5.3 | — | — | — | MIT |
|
@commitlint/config-angular
npm
|
Direct | 20.5.3 | — | — | — | MIT |
|
@eslint/js
npm
|
Direct | 10.0.1 | 10.0.1 | Current | — | MIT |
|
@fontsource-utils/scss
npm
|
Direct | 0.2.2 | — | — | — | MIT |
|
@fontsource/inter
npm
|
Direct | 5.2.8 | — | — | — | Apache-2.0 AND OFL-1.1 AND Ubuntu-font-1.0 |
|
@fontsource/poppins
npm
|
Direct | 5.2.7 | — | — | — | OFL-1.1 |
|
@fortawesome/fontawesome-free
npm
|
Direct | 6.7.2 | — | — | — | CC-BY-4.0 AND MIT AND OFL-1.1 |
|
@nodebb/spider-detector
npm
|
Direct | 2.0.3 | — | — | — | MIT |
|
@popperjs/core
npm
|
Direct | 2.11.8 | 2.11.8 | Current | — | MIT |
|
@socket.io/redis-adapter
npm
|
Direct | 8.3.0 | 8.3.0 | Current | — | MIT |
|
@stylistic/eslint-plugin
npm
|
Direct | 5.10.0 | 5.10.0 | Current | — | MIT |
|
@textcomplete/contenteditable
npm
|
Direct | 0.1.13 | — | — | — | MIT |
|
@textcomplete/core
npm
|
Direct | 0.1.13 | — | — | — | MIT |
|
@textcomplete/textarea
npm
|
Direct | 0.1.13 | — | — | — | MIT |
|
actions/cache
githubactions
|
Direct | 5.*.* | — | — | — | Unknown |
|
actions/checkout
githubactions
|
Direct | 6.*.* | — | — | — | Unknown |
|
actions/download-artifact
githubactions
|
Direct | 8.*.* | — | — | — | Unknown |
|
actions/setup-node
githubactions
|
Direct | 6.*.* | — | — | — | Unknown |
|
actions/upload-artifact
githubactions
|
Direct | 7.*.* | — | — | — | Unknown |
|
async
npm
|
Direct | 3.2.6 | 3.2.6 | Current | — | MIT |
|
autoprefixer
npm
|
Direct | 10.5.0 | 10.5.0 | Current | — | MIT |
|
bahmutov/npm-install
githubactions
|
Direct | 1.*.* | — | — | — | Unknown |
|
bcryptjs
npm
|
Direct | 3.0.3 | 3.0.3 | Current | — | BSD-3-Clause |
|
benchpressjs
npm
|
Direct | 2.5.5 | — | — | — | MIT |
|
body-parser
npm
|
Direct | 2.2.2 | 2.2.2 | Current | — | MIT |
|
bootbox
npm
|
Direct | 6.0.4 | — | — | — | MIT |
|
bootstrap
npm
|
Direct | 5.3.8 | 5.3.8 | Current | — | CC-BY-3.0 AND MIT |
|
bootswatch
npm
|
Direct | 5.3.8 | — | — | — | MIT |
|
chart.js
npm
|
Direct | 4.5.1 | 4.5.1 | Current | — | MIT |
|
cli-graph
npm
|
Direct | 3.2.2 | — | — | — | MIT |
|
clipboard
npm
|
Direct | 2.0.11 | 2.0.11 | Current | — | MIT |
|
compare-versions
npm
|
Direct | 6.1.1 | 6.1.1 | Current | — | MIT |
|
compression
npm
|
Direct | 1.8.1 | 1.8.1 | Current | — | MIT |
|
connect-flash
npm
|
Direct | 0.1.1 | — | — | — | MIT |
|
connect-mongo
npm
|
Direct | 6.0.0 | — | — | — | MIT |
|
connect-pg-simple
npm
|
Direct | 10.0.0 | 10.0.0 | Current | — | MIT |
|
connect-redis
npm
|
Direct | 9.0.0 | — | — | — | MIT |
|
cookie-parser
npm
|
Direct | 1.4.7 | 1.4.7 | Current | — | MIT |
|
coveralls
npm
|
Direct | 3.1.1 | — | — | — | BSD-2-Clause |
|
coverallsapp/github-action
githubactions
|
Direct | 648a8eb78e6d50909eff900e4ec85cab4524a45b | — | — | — | Unknown |
|
cron
npm
|
Direct | 4.4.0 | — | — | — | MIT |
|
cronstrue
npm
|
Direct | 3.14.0 | 3.14.0 | Current | — | LicenseRef-scancode-free-unknown AND MIT |
|
cropperjs
npm
|
Direct | 1.6.2 | — | — | — | MIT |
|
csrf-sync
npm
|
Direct | 4.2.1 | 4.2.1 | Current | — | ISC |
|
csv-parse
npm
|
Direct | 6.2.1 | 6.2.1 | Current | — | MIT |
|
daemon
npm
|
Direct | 1.1.0 | — | — | — | MIT |
|
diff
npm
|
Direct | 9.0.0 | — | — | — | BSD-3-Clause |
|
docker/build-push-action
githubactions
|
Direct | 7.*.* | — | — | — | Unknown |
|
docker/login-action
githubactions
|
Direct | 4.*.* | — | — | — | Unknown |
|
docker/metadata-action
githubactions
|
Direct | 6.*.* | — | — | — | Unknown |
|
docker/setup-buildx-action
githubactions
|
Direct | 4.*.* | — | — | — | Unknown |
|
esbuild
npm
|
Direct | 0.28.0 | 0.28.0 | Current | — | MIT |
|
eslint-config-nodebb
npm
|
Direct | 2.0.1 | — | — | — | ISC |
|
express-session
npm
|
Direct | 1.19.0 | — | — | — | MIT |
|
express-useragent
npm
|
Direct | 2.1.0 | — | — | — | MIT |
|
fetch-cookie
npm
|
Direct | 3.2.0 | 3.2.0 | Current | — | Unlicense |
|
file-loader
npm
|
Direct | 6.2.0 | 6.2.0 | Current | — | MIT |
|
graceful-fs
npm
|
Direct | 4.2.11 | 4.2.11 | Current | — | ISC |
|
grunt
npm
|
Direct | 1.6.2 | — | — | — | MIT |
|
grunt-contrib-watch
npm
|
Direct | 1.1.0 | — | — | — | MIT |
|
helmet
npm
|
Direct | 7.2.0 | — | — | — | MIT |
|
html-to-text
npm
|
Direct | 10.0.0 | — | — | — | MIT |
|
imagesloaded
npm
|
Direct | 5.0.0 | — | — | — | MIT |
|
jquery-deserialize
npm
|
Direct | 2.0.0 | — | — | — | MIT OR (GPL-2.0 AND MIT) |
|
jquery-form
npm
|
Direct | 4.3.0 | — | — | — | (LGPL-2.1 AND LGPL-2.1+ AND MIT) OR (LGPL-2.1 AND MIT) |
|
jquery-serializeobject
npm
|
Direct | 1.0.0 | — | — | — | MIT |
|
jquery-ui
npm
|
Direct | 1.14.1 | — | — | — | CC0-1.0 AND MIT |
|
jsdom
npm
|
Direct | 29.1.1 | — | — | — | MIT |
|
jsesc
npm
|
Direct | 3.1.0 | 3.1.0 | Current | — | MIT |
|
json2csv
npm
|
Direct | 5.0.7 | — | — | — | MIT |
|
jsonwebtoken
npm
|
Direct | 9.0.3 | 9.0.3 | Current | — | MIT |
|
lodash
npm
|
Direct | 4.18.1 | 4.18.1 | Current | — | CC0-1.0 AND MIT |
|
logrotate-stream
npm
|
Direct | 0.2.9 | — | — | — | BSD-2-Clause |
|
mkdirp
npm
|
Direct | 3.0.1 | 3.0.1 | Current | — | MIT |
|
mocha-lcov-reporter
npm
|
Direct | 1.3.0 | — | — | — | BSD-2-Clause AND BSD-2-Clause-Views |
|
mockdate
npm
|
Direct | 3.0.5 | 3.0.5 | Current | — | MIT |
|
mongodb
npm
|
Direct | 7.2.0 | — | — | — | Apache-2.0 |
|
mousetrap
npm
|
Direct | 1.6.5 | 1.6.5 | Current | — | Apache-2.0 AND Apache-2.0 WITH LLVM-exception |
|
multer
npm
|
Direct | 2.1.1 | 2.1.1 | Current | — | MIT |
|
nconf
npm
|
Direct | 0.13.0 | — | — | — | MIT AND MIT-0 |
|
nodebb-plugin-2factor
npm
|
Direct | 7.6.1 | — | — | — | MIT |
|
nodebb-plugin-composer-default
npm
|
Direct | 10.3.28 | — | — | — | MIT |
|
nodebb-plugin-dbsearch
npm
|
Direct | 6.5.0 | — | — | — | BSD-2-Clause |
|
nodebb-plugin-emoji
npm
|
Direct | 6.0.6 | — | — | — | MIT |
|
nodebb-plugin-emoji-android
npm
|
Direct | 4.1.1 | — | — | — | MIT |
|
nodebb-plugin-link-preview
npm
|
Direct | 2.2.4 | — | — | — | MIT |
|
nodebb-plugin-markdown
npm
|
Direct | 13.2.4 | — | — | — | MIT |
|
nodebb-plugin-mentions
npm
|
Direct | 4.8.18 | — | — | — | MIT |
|
nodebb-plugin-spam-be-gone
npm
|
Direct | 2.3.2 | — | — | — | MIT |
|
nodebb-plugin-web-push
npm
|
Direct | 0.7.7 | — | — | — | MIT |
|
nodebb-rewards-essentials
npm
|
Direct | 1.0.2 | — | — | — | BSD-2-Clause |
|
nodebb-theme-harmony
npm
|
Direct | 2.2.66 | — | — | — | MIT |
|
nodebb-theme-lavender
npm
|
Direct | 7.1.21 | — | — | — | BSD-2-Clause |
|
nodebb-theme-peace
npm
|
Direct | 2.2.58 | — | — | — | BSD-2-Clause |
|
nodebb-theme-persona
npm
|
Direct | 14.2.35 | — | — | — | BSD-2-Clause |
|
nodebb-widget-essentials
npm
|
Direct | 7.0.43 | — | — | — | BSD-2-Clause |
|
nodemailer
npm
|
Direct | 8.0.7 | — | — | — | MIT AND MIT-0 |
|
nprogress
npm
|
Direct | 0.2.0 | 0.2.0 | Current | — | MIT |
|
nyc
npm
|
Direct | 18.0.0 | — | — | — | ISC |
|
passport
npm
|
Direct | 0.7.0 | 0.7.0 | Current | — | MIT |
|
passport-http-bearer
npm
|
Direct | 1.0.1 | 1.0.1 | Current | — | MIT |
|
passport-local
npm
|
Direct | 1.0.0 | 1.0.0 | Current | — | MIT |
|
pg-cursor
npm
|
Direct | 2.19.0 | — | — | — | MIT |
|
postcss-clean
npm
|
Direct | 1.2.0 | — | — | — | MIT |
|
pretty
npm
|
Direct | ^2.0.0 | — | — | — | Unknown |
|
progress-webpack-plugin
npm
|
Direct | 1.0.16 | 1.0.16 | Current | — | MIT |
|
prompt
npm
|
Direct | 1.3.0 | — | — | — | MIT |
|
rimraf
npm
|
Direct | 6.1.3 | 6.1.3 | Current | — | BlueOak-1.0.0 |
|
rss
npm
|
Direct | 1.2.2 | 1.2.2 | Current | — | MIT |
|
rtlcss
npm
|
Direct | 4.3.0 | 4.3.0 | Current | — | MIT |
|
sass-embedded
npm
|
Direct | 1.99.0 | — | — | — | MIT |
|
satori
npm
|
Direct | 0.26.0 | 0.26.0 | Current | — | MPL-2.0 |
|
sbd
npm
|
Direct | ^1.0.19 | — | — | — | Unknown |
|
serve-favicon
npm
|
Direct | 2.5.1 | 2.5.1 | Current | — | MIT |
|
sharp
npm
|
Direct | 0.34.5 | 0.34.5 | Current | — | Apache-2.0 |
|
sitemap
npm
|
Direct | 9.0.1 | 9.0.1 | Current | — | MIT |
|
smtp-server
npm
|
Direct | 3.18.4 | — | — | — | MIT-0 |
|
socket.io
npm
|
Direct | 4.8.3 | — | — | — | MIT |
|
socket.io-client
npm
|
Direct | 4.8.3 | 4.8.3 | Current | — | MIT |
|
sortablejs
npm
|
Direct | 1.15.7 | 1.15.7 | Current | — | MIT |
|
spdx-license-list
npm
|
Direct | 6.11.0 | — | — | — | CC0-1.0 |
|
textcomplete
npm
|
Direct | 0.18.2 | — | — | — | MIT |
|
textcomplete.contenteditable
npm
|
Direct | 0.1.1 | — | — | — | MIT |
|
timeago
npm
|
Direct | 1.6.7 | — | — | — | MIT |
|
tinycon
npm
|
Direct | 0.6.8 | — | — | — | MIT |
|
toobusy-js
npm
|
Direct | 0.5.1 | — | — | — | WTFPL |
|
tough-cookie
npm
|
Direct | 6.0.1 | 6.0.1 | Current | — | BSD-3-Clause |
|
validator
npm
|
Direct | 13.15.35 | 13.15.35 | Current | — | MIT |
|
webpack
npm
|
Direct | 5.106.2 | — | — | — | MIT |
|
webpack-merge
npm
|
Direct | 6.0.1 | 6.0.1 | Current | — | MIT |
|
winston
npm
|
Direct | 3.19.0 | 3.19.0 | Current | — | MIT |
|
workerpool
npm
|
Direct | 10.0.2 | — | — | — | Apache-2.0 |
|
xml
npm
|
Direct | 1.0.1 | 1.0.1 | Current | — | MIT |
|
zxcvbn
npm
|
Direct | 4.4.2 | — | — | — | MIT |
License Breakdown
MIT
106
Unknown
13
BSD-2-Clause
8
BSD-3-Clause
5
ISC
5
Apache-2.0
3
BlueOak-1.0.0
3
CC0-1.0 AND MIT
2
MIT AND MIT-0
2
(LGPL-2.1 AND LGPL-2.1+ AND MIT) OR (LGPL-2.1 AND MIT)
1
Apache-2.0 AND Apache-2.0 WITH LLVM-exception
1
Apache-2.0 AND BSD-3-Clause AND MIT
1
Apache-2.0 AND OFL-1.1 AND Ubuntu-font-1.0
1
BSD-2-Clause AND BSD-2-Clause-Views
1
CC-BY-3.0 AND MIT
1
CC-BY-4.0 AND MIT AND OFL-1.1
1
CC0-1.0
1
LicenseRef-scancode-free-unknown AND MIT
1
MIT OR (GPL-2.0 AND MIT)
1
MIT-0
1
MPL-2.0
1
OFL-1.1
1
Unlicense
1
WTFPL
1
CVE Severity
critical
0
high
0
medium
0
low
0
unknown
0