Tools / owncast / Dependencies

Dependency Analysis

owncast

Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.

Security Export CSV

57% Freshness

4241 Dependencies

1497 Outdated

0 Stale

11.6 Avg Behind

Dependency List

Latest release v0.2.5

All 4240 Outdated 2059 Has CVE 46 GPL 22

Dependency	Type	Current	Latest	Behind	CVE	License
fast-xml-parser npm	Transitive	5.2.5	5.8.0	35 behind	7 critical	MIT
protobufjs npm	Transitive	7.5.4	8.5.0	20 behind	1 critical	BSD-3-Clause AND LicenseRef-scancode-protobuf
form-data npm	Transitive	2.3.3	4.0.5	18 behind	1 critical	MIT
next npm	Direct	14.2.35	16.2.7	269 behind	5 high	MIT
minimatch npm	Transitive	3.1.2	10.2.5	91 behind	3 high	ISC
minimatch npm	Transitive	3.1.2	10.2.5	91 behind	3 high	ISC
minimatch npm	Transitive	3.1.2	10.2.5	91 behind	3 high	ISC
semver npm	Transitive	6.3.0	7.8.1	38 behind	1 high	ISC
tar npm	Transitive	6.2.1	7.5.16	27 behind	6 high	ISC
glob npm	Transitive	10.3.10	13.0.6	26 behind	1 high	CC-BY-SA-4.0 AND ISC
tar-fs npm	Transitive	2.1.1	3.1.2	20 behind	3 high	MIT
serialize-javascript npm	Transitive	4.0.0	7.0.5	11 behind	2 high	BSD-3-Clause
@babel/plugin-transform-modules-systemjs npm	Transitive	7.29.0	7.29.7	8 behind	1 high	MIT
basic-ftp npm	Transitive	5.2.0	6.0.1	6 behind	4 high	Apache-2.0 AND MIT
@xmldom/xmldom npm	Transitive	0.8.11	0.9.10	4 behind	5 high	MIT
cross-spawn npm	Transitive	7.0.3	7.0.6	3 behind	1 high	MIT
cross-spawn npm	Transitive	7.0.3	7.0.6	3 behind	1 high	MIT
cross-spawn npm	Transitive	7.0.3	7.0.6	3 behind	1 high	MIT
defu npm	Transitive	6.1.4	6.1.7	3 behind	1 high	MIT
lodash npm	Transitive	4.17.21	4.18.1	3 behind	3 high	CC0-1.0 AND MIT
fast-uri npm	Transitive	3.1.0	3.1.2	2 behind	2 high	BSD-3-Clause
fast-uri npm	Transitive	3.1.0	3.1.2	2 behind	2 high	BSD-3-Clause
lodash-es npm	Transitive	4.17.23	4.18.1	2 behind	2 high	MIT
github.com/golang-jwt/jwt/v5 golang	Transitive	v5.2.1	—	—	1 high	MIT
lodash.set npm	Transitive	4.3.2	4.3.2	Current	1 high	MIT
ws npm	Transitive	8.5.0	—	—	1 high	MIT
got npm	Transitive	9.6.0	15.0.5	107 behind	1 medium	MIT
qs npm	Transitive	6.10.4	6.15.2	44 behind	2 medium	BSD-3-Clause
@babel/helpers npm	Transitive	7.24.7	7.29.7	38 behind	1 medium	MIT
brace-expansion npm	Transitive	1.1.12	5.0.6	10 behind	1 medium	MIT
dompurify npm	Transitive	3.3.3	3.4.8	9 behind	4 medium	(Apache-2.0 AND GPL-1.0-only AND MPL-2.0 AND MS-PL) OR (Apache-2.0 AND GPL-1.0-only AND MPL-2.0) OR (Apache-2.0 AND GPL-2.0-only AND MPL-2.0 AND MS-PL) OR (Apache-2.0 AND GPL-2.0-only AND MPL-2.0)
postcss npm	Transitive	8.5.6	8.5.15	9 behind	1 medium	MIT
uuid npm	Transitive	11.1.0	14.0.0	3 behind	1 medium	MIT
ip-address npm	Transitive	10.1.0	10.2.0	2 behind	1 medium	MIT
micromatch npm	Transitive	4.0.7	4.0.8	1 behind	1 medium	MIT
micromatch npm	Transitive	4.0.7	4.0.8	1 behind	1 medium	MIT
@cypress/request npm	Transitive	2.88.12	—	—	1 medium	Apache-2.0
cookiejar npm	Transitive	2.1.3	—	—	1 medium	MIT
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream golang	Transitive	v1.7.5	—	—	1 medium	Apache-2.0
github.com/aws/aws-sdk-go-v2/service/s3 golang	Direct	v1.96.1	—	—	1 medium	Unknown
brace-expansion npm	Transitive	1.1.11	5.0.6	18 behind	1 low	MIT
brace-expansion npm	Transitive	1.1.11	5.0.6	18 behind	1 low	MIT
cookie npm	Transitive	0.4.2	1.1.1	10 behind	1 low	MIT
elliptic npm	Transitive	6.6.1	6.6.1	Current	1 low	MIT
formidable npm	Transitive	2.1.1	—	—	1 low	MIT
github.com/go-chi/chi/v5 golang	Direct	v5.2.3	—	—	1 unknown	MIT

License Breakdown

MIT 3093

Apache-2.0 363

ISC 302

BSD-3-Clause 139

Unknown 71

BSD-2-Clause 65

MPL-2.0 23

BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang 18

BlueOak-1.0.0 18

CC0-1.0 AND MIT 18

ISC AND MIT 13

Apache-2.0 AND MIT 10

BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0 10

BSD-3-Clause AND MIT 9

BSD-2-Clause AND BSD-3-Clause 8

0BSD 6

CC0-1.0 5

GPL-3.0 AND GPL-3.0-only 5

MIT OR (CC0-1.0 AND MIT) 4

Apache-2.0 AND BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0 3

Artistic-2.0 3

CC-BY-4.0 3

MIT-0 3

Unlicense 3

AFL-2.1 AND AFL-3.0 AND BSD-3-Clause 2

Apache-2.0 AND BSD-2-Clause 2

Apache-2.0 AND BSD-3-Clause AND MIT 2

Apache-2.0 OR BSD-2-Clause OR MIT OR (Apache-2.0 AND BSD-2-Clause) OR (Apache-2.0 AND MIT) OR (BSD-2-Clause AND MIT) 2

BSD-3-Clause AND CC-BY-3.0 2

BSD-3-Clause AND ISC 2

CC0-1.0 OR MIT OR (CC0-1.0 AND MIT) 2

LicenseRef-scancode-public-domain AND Unlicense 2

LicenseRef-scancode-unicode AND MIT 2

MIT AND Zlib 2

(Apache-2.0 AND GPL-1.0-only AND MPL-2.0 AND MS-PL) OR (Apache-2.0 AND GPL-1.0-only AND MPL-2.0) OR (Apache-2.0 AND GPL-2.0-only AND MPL-2.0 AND MS-PL) OR (Apache-2.0 AND GPL-2.0-only AND MPL-2.0) 1

(MIT OR CC0-1.0) 1

Apache-2.0 AND BSD-3-Clause 1

Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-warranty-disclaimer 1

Apache-2.0 AND ISC 1

Apache-2.0 AND LicenseRef-scancode-unknown-license-reference 1

Apache-2.0 AND OFL-1.1 AND Ubuntu-font-1.0 1

BSD-2-Clause AND BSD-2-Clause-Views 1

BSD-3-Clause AND LicenseRef-scancode-generic-cla AND MIT 1

BSD-3-Clause AND LicenseRef-scancode-protobuf 1

BSD-3-Clause AND LicenseRef-scancode-public-domain AND LicenseRef-scancode-unknown-license-reference 1

CC-BY-3.0 1

CC-BY-SA-4.0 AND ISC 1

GPL-1.0-or-later AND GPL-3.0 AND GPL-3.0-only 1

GPL-2.0 OR MIT OR (GPL-2.0 AND MIT) 1

LGPL-3.0-only 1

LicenseRef-scancode-dco-1.1 AND MIT 1

LicenseRef-scancode-unknown-license-reference AND MIT 1

MIT AND MITNFA 1

MIT AND WTFPL 1

MIT OR (MIT AND Unlicense) 1

MIT OR WTFPL OR (MIT AND WTFPL) 1

OFL-1.1 1

Python-2.0 1

WTFPL 1

CVE Severity

critical 3

high 23

medium 14

low 5

unknown 1