Tau

Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.

Security Export CSV

48% Freshness

1483 Dependencies

698 Outdated

0 Stale

14.1 Avg Behind

Dependency List

Latest release v1.1.10

All 1482 Outdated 774 Has CVE 65 GPL 1

Dependency	Type	Current	Latest	Behind	CVE	License
form-data npm	Transitive	4.0.1	4.0.5	9 behind	1 critical	MIT
form-data npm	Transitive	4.0.1	4.0.5	9 behind	1 critical	MIT
form-data npm	Transitive	4.0.1	4.0.5	9 behind	1 critical	MIT
github.com/docker/docker golang	Direct	v25.0.3+incompatible	—	—	5 critical	Apache-2.0
github.com/go-git/go-git/v5 golang	Direct	v5.4.2	—	—	8 critical	Apache-2.0
golang.org/x/crypto golang	Transitive	v0.1.0	—	—	6 critical	BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang
google.golang.org/grpc golang	Direct	v1.73.0	—	—	1 critical	Apache-2.0
undici npm	Transitive	5.28.4	8.3.0	93 behind	7 high	MIT
undici npm	Transitive	5.28.4	8.3.0	93 behind	7 high	MIT
undici npm	Transitive	5.28.4	8.3.0	93 behind	7 high	MIT
minimatch npm	Transitive	3.1.2	10.2.5	91 behind	3 high	ISC
minimatch npm	Transitive	3.1.2	10.2.5	91 behind	3 high	ISC
axios npm	Direct	1.7.7	1.17.0	35 behind	18 high	MIT
axios npm	Transitive	1.7.7	1.17.0	35 behind	18 high	MIT
axios npm	Direct	1.7.7	1.17.0	35 behind	18 high	MIT
@babel/plugin-transform-modules-systemjs npm	Transitive	7.25.9	7.29.7	21 behind	1 high	MIT
@babel/plugin-transform-modules-systemjs npm	Transitive	7.25.9	7.29.7	21 behind	1 high	MIT
tar npm	Direct	7.4.3	7.5.16	18 behind	6 high	ISC
tar npm	Transitive	7.4.3	7.5.16	18 behind	6 high	ISC
tar npm	Direct	7.4.3	7.5.16	18 behind	6 high	ISC
glob npm	Transitive	10.4.5	13.0.6	13 behind	1 high	ISC
glob npm	Transitive	10.4.5	13.0.6	13 behind	1 high	ISC
glob npm	Transitive	10.4.5	13.0.6	13 behind	1 high	ISC
picomatch npm	Transitive	2.3.1	4.0.4	9 behind	2 high	MIT
picomatch npm	Transitive	2.3.1	4.0.4	9 behind	2 high	MIT
cross-spawn npm	Transitive	7.0.3	7.0.6	3 behind	1 high	MIT
cross-spawn npm	Transitive	7.0.3	7.0.6	3 behind	1 high	MIT
cross-spawn npm	Transitive	7.0.3	7.0.6	3 behind	1 high	MIT
axios npm	Direct	1.6.5	—	—	1 high	MIT
axios npm	Direct	1.6.5	—	—	1 high	MIT
axios npm	Direct	1.6.5	—	—	1 high	MIT
github.com/cloudflare/circl golang	Transitive	v1.3.3	—	—	4 high	BSD-3-Clause
github.com/dgrijalva/jwt-go golang	Transitive	v3.2.0+incompatible	—	—	1 high	MIT
github.com/ethereum/go-ethereum golang	Direct	v1.12.0	—	—	8 high	GPL-3.0 AND GPL-3.0-only AND LGPL-3.0-only
github.com/moby/moby golang	Direct	v27.1.1+incompatible	—	—	2 high	Apache-2.0
github.com/modelcontextprotocol/go-sdk golang	Direct	v1.0.0	—	—	5 high	MIT
go.opentelemetry.io/otel golang	Transitive	v1.37.0	—	—	1 high	Apache-2.0
@babel/helpers npm	Transitive	7.25.7	7.29.7	32 behind	1 medium	MIT
@babel/helpers npm	Transitive	7.25.7	7.29.7	32 behind	1 medium	MIT
tar npm	Direct	6.2.0	7.5.16	28 behind	1 medium	ISC
tar npm	Direct	6.2.0	7.5.16	28 behind	1 medium	ISC
tar npm	Direct	6.2.0	7.5.16	28 behind	1 medium	ISC
esbuild npm	Transitive	0.23.1	0.28.0	25 behind	1 medium	MIT
esbuild npm	Transitive	0.23.1	0.28.0	25 behind	1 medium	MIT
esbuild npm	Transitive	0.23.1	0.28.0	25 behind	1 medium	MIT
brace-expansion npm	Transitive	1.1.11	5.0.6	18 behind	2 medium	MIT
brace-expansion npm	Transitive	1.1.11	5.0.6	18 behind	2 medium	MIT
follow-redirects npm	Transitive	1.15.9	1.16.0	3 behind	1 medium	MIT
follow-redirects npm	Transitive	1.15.9	1.16.0	3 behind	1 medium	MIT
follow-redirects npm	Transitive	1.15.9	1.16.0	3 behind	1 medium	MIT
js-yaml npm	Direct	4.1.0	4.2.0	3 behind	1 medium	MIT
js-yaml npm	Direct	4.1.0	4.2.0	3 behind	1 medium	MIT
@babel/runtime npm	Transitive	7.25.9	—	—	1 medium	MIT
@babel/runtime npm	Transitive	7.25.9	—	—	1 medium	MIT
follow-redirects npm	Transitive	1.15.5	—	—	1 medium	MIT
follow-redirects npm	Transitive	1.15.5	—	—	1 medium	MIT
follow-redirects npm	Transitive	1.15.5	—	—	1 medium	MIT
github.com/ipld/go-ipld-prime golang	Transitive	v0.21.0	—	—	2 medium	MIT
github.com/pion/dtls/v2 golang	Transitive	v2.2.12	—	—	1 medium	MIT
github.com/pion/dtls/v3 golang	Transitive	v3.0.6	—	—	1 medium	MIT
github.com/quic-go/webtransport-go golang	Transitive	v0.9.0	—	—	3 medium	MIT
diff npm	Transitive	4.0.2	9.0.0	18 behind	1 low	BSD-3-Clause
diff npm	Transitive	4.0.2	9.0.0	18 behind	1 low	BSD-3-Clause
github.com/libp2p/go-libp2p-kad-dht golang	Direct	v0.33.1	—	—	1 unknown	MIT
golang.org/x/net golang	Direct	v0.47.0	—	—	1 unknown	BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang

License Breakdown

MIT 1057

Apache-2.0 117

ISC 111

BSD-3-Clause 65

Unknown 26

BSD-2-Clause 18

Apache-2.0 AND MIT 15

BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang 15

BlueOak-1.0.0 15

MPL-2.0 8

Apache-2.0 AND BSD-3-Clause 7

ISC AND MIT 4

BSD-2-Clause AND BSD-3-Clause 3

Apache-2.0 AND LicenseRef-scancode-unknown-spdx AND MIT 2

BSD-3-Clause AND MPL-2.0 2

CC-BY-4.0 2

CC0-1.0 AND MIT 2

LicenseRef-scancode-free-unknown AND MIT 2

Python-2.0 2

Apache-2.0 AND Apache-2.0 WITH LLVM-exception AND LicenseRef-scancode-generic-cla AND LicenseRef-scancode-unknown-license-reference AND MIT 1

Apache-2.0 AND BSD-3-Clause AND MIT 1

Apache-2.0 AND CC-BY-4.0 1

Apache-2.0 AND CC-BY-SA-4.0 1

BSD-2-Clause AND ISC 1

BSD-3-Clause AND CC0-1.0 AND LicenseRef-scancode-public-domain AND LicenseRef-scancode-unknown-license-reference AND MIT 1

BSD-3-Clause AND MIT 1

GPL-3.0 AND GPL-3.0-only AND LGPL-3.0-only 1

Unlicense 1

CVE Severity

critical 7

high 30

medium 24

low 2

unknown 2