Shuffle

Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.

Security Export CSV

65% Freshness

1554 Dependencies

453 Outdated

0 Stale

15.8 Avg Behind

Dependency List

Latest release v2.2.1-nightly-1775748107

All 1553 Outdated 583 Has CVE 59 GPL 1

Dependency	Type	Current	Latest	Behind	CVE	License
loader-utils npm	Transitive	0.2.17	3.3.1	29 behind	1 critical	MIT
github.com/docker/docker golang	Direct	20.10.3-0.20210216175712-646072ed6524+incompatible	—	—	16 critical	Apache-2.0
github.com/go-git/go-git/v5 golang	Direct	5.0.0	—	—	5 critical	Apache-2.0
golang.org/x/crypto golang	Direct	0.0.0-20200622213623-75b288015ac9	—	—	10 critical	BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang
google.golang.org/grpc golang	Transitive	v1.72.2	—	—	1 critical	Apache-2.0
google.golang.org/grpc golang	Direct	v1.72.2	—	—	1 critical	Apache-2.0
google.golang.org/grpc golang	Transitive	v1.72.2	—	—	1 critical	Apache-2.0
gopkg.in/src-d/go-git.v4 golang	Direct	4.13.1	—	—	4 critical	Apache-2.0
rollup npm	Transitive	0.25.8	4.61.0	849 behind	1 high	MIT
minimatch npm	Transitive	3.1.2	10.2.5	91 behind	3 high	ISC
node-fetch npm	Transitive	1.7.3	3.3.2	56 behind	1 high	MIT
json5 npm	Transitive	0.5.1	2.2.3	20 behind	1 high	MIT
braces npm	Transitive	1.8.5	3.0.3	17 behind	1 high	MIT
rollup npm	Transitive	4.56.0	4.61.0	13 behind	1 high	MIT
picomatch npm	Transitive	2.3.1	4.0.4	9 behind	2 high	MIT
path-to-regexp npm	Transitive	0.1.12	8.4.2	5 behind	1 high	MIT
lodash npm	Transitive	4.17.23	4.18.1	2 behind	2 high	CC0-1.0 AND MIT
github.com/containerd/containerd golang	Direct	1.4.3	—	—	17 high	Apache-2.0
github.com/docker/distribution golang	Direct	2.7.1+incompatible	—	—	3 high	Apache-2.0
github.com/docker/docker golang	Direct	v28.3.3+incompatible	—	—	2 high	Apache-2.0
github.com/docker/docker golang	Direct	v28.3.3+incompatible	—	—	2 high	Apache-2.0
github.com/docker/docker golang	Direct	v28.3.3+incompatible	—	—	2 high	Apache-2.0
github.com/go-jose/go-jose/v4 golang	Transitive	v4.1.3	—	—	1 high	Apache-2.0
github.com/go-jose/go-jose/v4 golang	Transitive	v4.1.3	—	—	1 high	Apache-2.0
github.com/go-jose/go-jose/v4 golang	Transitive	v4.1.3	—	—	1 high	Apache-2.0
github.com/gogo/protobuf golang	Direct	1.3.1	—	—	1 high	BSD-3-Clause
github.com/sirupsen/logrus golang	Direct	1.7.0	—	—	1 high	MIT
go.opentelemetry.io/otel golang	Transitive	v1.36.0	—	—	1 high	Apache-2.0
go.opentelemetry.io/otel golang	Transitive	v1.36.0	—	—	1 high	Apache-2.0
go.opentelemetry.io/otel golang	Transitive	v1.36.0	—	—	1 high	Apache-2.0
go.opentelemetry.io/otel/sdk golang	Transitive	v1.36.0	—	—	2 high	Apache-2.0
go.opentelemetry.io/otel/sdk golang	Transitive	v1.36.0	—	—	2 high	Apache-2.0
go.opentelemetry.io/otel/sdk golang	Transitive	v1.36.0	—	—	2 high	Apache-2.0
golang.org/x/oauth2 golang	Direct	0.0.0-20210113160501-8b1d76fa0423	—	—	1 high	BSD-3-Clause
google.golang.org/grpc golang	Direct	1.34.1	—	—	2 high	Apache-2.0
gopkg.in/yaml.v3 golang	Direct	3.0.0-20210107192922-496545a6307b	—	—	1 high	Apache-2.0
postcss npm	Transitive	5.2.18	8.5.15	170 behind	1 medium	MIT
postcss npm	Transitive	7.0.39	8.5.15	69 behind	1 medium	MIT
ajv npm	Transitive	6.12.6	8.20.0	67 behind	1 medium	MIT
vite npm	Direct	5.4.21	8.0.16	51 behind	1 medium	Apache-2.0 AND BSD-2-Clause AND BlueOak-1.0.0 AND CC0-1.0 AND ISC AND MIT
yaml npm	Direct	1.10.2	2.9.0	49 behind	1 medium	ISC
esbuild npm	Transitive	0.21.5	0.28.0	28 behind	1 medium	MIT
micromatch npm	Transitive	2.3.11	4.0.8	26 behind	1 medium	MIT
brace-expansion npm	Transitive	1.1.12	5.0.6	10 behind	1 medium	MIT
postcss npm	Direct	8.5.6	8.5.15	9 behind	1 medium	MIT
i18next-http-backend npm	Direct	2.7.3	4.0.0	4 behind	1 medium	MIT
uuid npm	Direct	13.0.0	14.0.0	1 behind	1 medium	MIT
github.com/go-git/go-git/v5 golang	Transitive	v5.16.5	—	—	3 medium	Apache-2.0
github.com/go-git/go-git/v5 golang	Direct	v5.16.5	—	—	3 medium	Apache-2.0
github.com/go-git/go-git/v5 golang	Transitive	v5.16.5	—	—	3 medium	Apache-2.0
qs npm	Transitive	6.14.1	6.15.2	32 behind	1 low	BSD-3-Clause
cookie npm	Transitive	0.4.2	1.1.1	10 behind	1 low	MIT
github.com/cloudflare/circl golang	Transitive	v1.6.1	—	—	1 low	BSD-3-Clause
github.com/cloudflare/circl golang	Transitive	v1.6.1	—	—	1 low	BSD-3-Clause
github.com/cloudflare/circl golang	Transitive	v1.6.1	—	—	1 low	BSD-3-Clause
github.com/opencontainers/image-spec golang	Direct	1.0.1	—	—	1 low	Apache-2.0
golang.org/x/net golang	Transitive	v0.47.0	—	—	1 unknown	BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang
golang.org/x/net golang	Transitive	v0.47.0	—	—	1 unknown	BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang
golang.org/x/net golang	Transitive	v0.47.0	—	—	1 unknown	BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang

License Breakdown

MIT 1021

Apache-2.0 256

BSD-3-Clause 87

ISC 59

Unknown 36

BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang 28

BSD-2-Clause 13

Apache-2.0 AND MIT 12

Apache-2.0 AND BSD-3-Clause AND MIT 4

Apache-2.0 AND CC-BY-SA-4.0 3

Apache-2.0 AND LicenseRef-scancode-dco-1.1 AND MIT 3

BSD-2-Clause AND ISC 3

BSD-3-Clause AND MIT 3

CC0-1.0 AND MIT 3

LicenseRef-scancode-paypal-sdk-2013-2016 AND MIT 3

0BSD 2

ISC AND MIT 2

Apache-2.0 AND Apache-2.0 WITH LLVM-exception 1

Apache-2.0 AND BSD-2-Clause 1

Apache-2.0 AND BSD-2-Clause AND BlueOak-1.0.0 AND CC0-1.0 AND ISC AND MIT 1

Apache-2.0 AND BSD-3-Clause 1

Apache-2.0 OR MIT 1

BSD-2-Clause AND BSD-2-Clause-Views 1

BSD-3-Clause OR MIT OR (BSD-3-Clause AND MIT) 1

CC-BY-4.0 1

CC-BY-4.0 AND MIT AND OFL-1.1 1

CC0-1.0 1

GPL-3.0-only OR MIT 1

LicenseRef-scancode-dco-1.1 AND MIT 1

MIT AND MIT-0 1

MIT AND Zlib 1

Unlicense 1

CVE Severity

critical 8

high 28

medium 14

low 6

unknown 3