Tools / uncloud / Dependencies

Dependency Analysis

uncloud

Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.

Security Export CSV

61% Freshness

1816 Dependencies

565 Outdated

0 Stale

11.1 Avg Behind

Dependency List

Latest release v0.19.0

All 1815 Outdated 747 Has CVE 53 GPL 1

Dependency	Type	Current	Latest	Behind	CVE	License
github.com/smallstep/certificates golang	Transitive	v0.26.1	—	—	4 critical	Apache-2.0
google.golang.org/grpc golang	Direct	v1.74.2	—	—	1 critical	Apache-2.0
google.golang.org/grpc golang	Transitive	v1.74.2	—	—	1 critical	Apache-2.0
minimatch npm	Transitive	3.1.2	10.2.5	91 behind	3 high	ISC
minimatch npm	Transitive	3.1.2	10.2.5	91 behind	3 high	ISC
undici npm	Transitive	6.21.3	8.3.0	40 behind	6 high	MIT
@babel/plugin-transform-modules-systemjs npm	Transitive	7.27.1	7.29.7	15 behind	1 high	MIT
picomatch npm	Transitive	2.3.1	4.0.4	9 behind	2 high	MIT
picomatch npm	Transitive	2.3.1	4.0.4	9 behind	2 high	MIT
svgo npm	Transitive	3.3.2	4.0.1	8 behind	1 high	MIT
serialize-javascript npm	Transitive	6.0.2	7.0.5	6 behind	2 high	BSD-3-Clause
path-to-regexp npm	Transitive	0.1.12	8.4.2	5 behind	1 high	MIT
fast-uri npm	Transitive	3.0.6	3.1.2	3 behind	2 high	BSD-3-Clause
lodash npm	Transitive	4.17.21	4.18.1	3 behind	3 high	CC0-1.0 AND MIT
node-forge npm	Transitive	1.3.1	1.4.0	3 behind	7 high	BSD-3-Clause OR GPL-2.0 OR (BSD-3-Clause AND GPL-2.0)
github.com/caddyserver/caddy/v2 golang	Direct	v2.8.4	—	—	7 high	Unknown
github.com/containerd/containerd/v2 golang	Transitive	v2.1.4	—	—	2 high	Apache-2.0 AND CC-BY-4.0
github.com/distribution/distribution/v3 golang	Transitive	v3.0.0	—	—	3 high	Apache-2.0 AND CC-BY-4.0
github.com/docker/cli golang	Direct	v28.5.0+incompatible	—	—	1 high	Apache-2.0
github.com/docker/compose/v2 golang	Direct	v2.40.0	—	—	2 high	Apache-2.0
github.com/docker/docker golang	Direct	v28.5.0+incompatible	—	—	2 high	Apache-2.0
github.com/docker/docker golang	Direct	v28.5.0+incompatible	—	—	2 high	Apache-2.0
github.com/go-jose/go-jose/v3 golang	Transitive	v3.0.3	—	—	2 high	Apache-2.0
github.com/jackc/pgproto3/v2 golang	Transitive	v2.3.3	—	—	1 high	MIT
github.com/moby/buildkit golang	Transitive	v0.25.0	—	—	2 high	Apache-2.0
github.com/moby/spdystream golang	Transitive	v0.5.0	—	—	1 high	Apache-2.0
github.com/opencontainers/selinux golang	Transitive	v1.12.0	—	—	1 high	Apache-2.0
github.com/quic-go/quic-go golang	Transitive	v0.48.2	—	—	2 high	MIT
go.opentelemetry.io/otel golang	Transitive	v1.36.0	—	—	1 high	Apache-2.0
go.opentelemetry.io/otel golang	Transitive	v1.36.0	—	—	1 high	Apache-2.0
go.opentelemetry.io/otel/sdk golang	Transitive	v1.36.0	—	—	2 high	Apache-2.0
yaml npm	Transitive	1.10.2	2.9.0	49 behind	1 medium	ISC
qs npm	Transitive	6.13.0	6.15.2	35 behind	2 medium	BSD-3-Clause
brace-expansion npm	Transitive	1.1.12	5.0.6	10 behind	1 medium	MIT
postcss npm	Transitive	8.5.6	8.5.15	9 behind	1 medium	MIT
webpack-dev-server npm	Transitive	4.15.2	5.2.4	6 behind	2 medium	MIT
ajv npm	Transitive	8.17.1	8.20.0	4 behind	1 medium	MIT
follow-redirects npm	Transitive	1.15.9	1.16.0	3 behind	1 medium	MIT
js-yaml npm	Transitive	4.1.0	4.2.0	3 behind	1 medium	MIT
mdast-util-to-hast npm	Transitive	13.2.0	13.2.1	1 behind	1 medium	MIT
github.com/ipld/go-ipld-prime golang	Transitive	v0.21.0	—	—	2 medium	MIT
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp golang	Transitive	v0.8.0	—	—	1 medium	Apache-2.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp golang	Transitive	v1.35.0	—	—	1 medium	Apache-2.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp golang	Transitive	v1.35.0	—	—	1 medium	Apache-2.0
golang.org/x/crypto golang	Direct	v0.41.0	—	—	3 medium	BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang
golang.org/x/crypto golang	Transitive	v0.41.0	—	—	3 medium	BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang
brace-expansion npm	Transitive	1.1.11	5.0.6	18 behind	1 low	MIT
filippo.io/edwards25519 golang	Transitive	v1.1.0	—	—	1 low	BSD-3-Clause
github.com/jackc/pgx/v4 golang	Transitive	v4.18.3	—	—	1 low	MIT
webpack npm	Transitive	5.99.8	—	—	2 low	MIT
golang.org/x/net golang	Transitive	v0.48.0	—	—	1 unknown	BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang
golang.org/x/net golang	Direct	v0.43.0	—	—	2 unknown	BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang
golang.org/x/net golang	Transitive	v0.43.0	—	—	2 unknown	BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang

License Breakdown

MIT 1268

Apache-2.0 194

BSD-3-Clause 78

ISC 60

MIT-0 55

BSD-2-Clause 38

BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang 28

Unknown 19

MPL-2.0 18

Apache-2.0 AND MIT 11

Apache-2.0 AND BSD-3-Clause 5

Apache-2.0 AND BSD-3-Clause AND MIT 4

CC0-1.0 AND MIT 3

ISC AND MIT 3

Apache-2.0 AND CC-BY-4.0 2

Apache-2.0 AND CC-BY-SA-4.0 2

CC0-1.0 2

LicenseRef-scancode-public-domain AND Unlicense 2

0BSD 1

Apache-2.0 AND LicenseRef-scancode-dco-1.1 1

Apache-2.0 AND LicenseRef-scancode-dco-1.1 AND MIT 1

Apache-2.0 AND MIT AND Apache-2.0 AND MIT 1

Apache-2.0 OR BSD-2-Clause OR MIT OR (Apache-2.0 AND BSD-2-Clause) OR (Apache-2.0 AND MIT) OR (BSD-2-Clause AND MIT) 1

BSD-2-Clause AND BSD-2-Clause-Views 1

BSD-2-Clause AND BSD-3-Clause 1

BSD-2-Clause-Views 1

BSD-3-Clause AND LicenseRef-scancode-proprietary-license 1

BSD-3-Clause AND LicenseRef-scancode-public-domain AND LicenseRef-scancode-unknown-license-reference 1

BSD-3-Clause AND MIT 1

BSD-3-Clause OR GPL-2.0 OR (BSD-3-Clause AND GPL-2.0) 1

CC-BY-4.0 1

CC-BY-SA-4.0 AND ISC 1

CC0-1.0 AND LicenseRef-scancode-public-domain 1

CC0-1.0 OR MIT OR (CC0-1.0 AND MIT) 1

LicenseRef-scancode-dco-1.1 AND LicenseRef-scancode-generic-cla AND MIT 1

LicenseRef-scancode-free-unknown AND MIT 1

LicenseRef-scancode-free-unknown AND MPL-1.1 1

MIT AND WTFPL 1

MIT OR (CC0-1.0 AND MIT) 1

MIT OR WTFPL OR (MIT AND WTFPL) 1

Python-2.0 1

CVE Severity

critical 3

high 28

medium 15

low 4

unknown 3