Tools / zitadel / Dependencies

Dependency Analysis

zitadel

Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.

Security Export CSV

67% Freshness

3507 Dependencies

929 Outdated

0 Stale

8.2 Avg Behind

Dependency List

Latest release v3.4.10

All 3506 Outdated 1337 Has CVE 20 GPL 17

Dependency	Type	Current	Latest	Behind	CVE	License
@opentelemetry/api npm	Transitive	1.9.0	1.9.1	1 behind	—	Apache-2.0 OR (Apache-2.0 AND LGPL-3.0-only)
@img/sharp-libvips-darwin-arm64 npm	Transitive	1.2.4	1.2.4	Current	—	BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-darwin-x64 npm	Transitive	1.2.4	1.2.4	Current	—	BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linux-arm npm	Transitive	1.2.4	1.2.4	Current	—	BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linux-arm64 npm	Transitive	1.2.4	1.2.4	Current	—	BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linux-ppc64 npm	Transitive	1.2.4	1.2.4	Current	—	BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linux-riscv64 npm	Transitive	1.2.4	1.2.4	Current	—	BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linux-s390x npm	Transitive	1.2.4	1.2.4	Current	—	BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linux-x64 npm	Transitive	1.2.4	1.2.4	Current	—	BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linuxmusl-arm64 npm	Transitive	1.2.4	1.2.4	Current	—	BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-libvips-linuxmusl-x64 npm	Transitive	1.2.4	1.2.4	Current	—	BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-win32-arm64 npm	Transitive	0.34.5	0.34.5	Current	—	Apache-2.0 AND BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-win32-ia32 npm	Transitive	0.34.5	0.34.5	Current	—	Apache-2.0 AND BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@img/sharp-win32-x64 npm	Transitive	0.34.5	0.34.5	Current	—	Apache-2.0 AND BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0
@opentelemetry/api npm	Transitive	1.9.1	1.9.1	Current	—	Apache-2.0 OR (Apache-2.0 AND LGPL-3.0-only)
connectrpc.com/connect golang	Direct	v1.19.2	—	—	—	Apache-2.0 OR (Apache-2.0 AND LGPL-3.0-only)
node-forge npm	Direct	1.4.0	1.4.0	Current	—	BSD-3-Clause OR GPL-2.0-only

License Breakdown

MIT 2436

Unknown 338

Apache-2.0 291

ISC 149

BSD-3-Clause 79

BSD-2-Clause 54

Apache-2.0 AND MIT 19

BlueOak-1.0.0 15

Apache-2.0 AND BSD-3-Clause 14

BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang 14

MPL-2.0 14

BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0 10

CC0-1.0 AND MIT 8

ISC AND MIT 7

Apache-2.0 AND BSD-3-Clause AND MIT 4

Unlicense 4

Apache-2.0 AND BSD-2-Clause AND LGPL-2.0-only AND LGPL-2.1-only AND LGPL-3.0-only AND LGPL-3.0-or-later AND LicenseRef-scancode-other-permissive AND MIT AND MPL-2.0 3

Apache-2.0 OR (Apache-2.0 AND LGPL-3.0-only) 3

CC-BY-4.0 3

0BSD 2

0BSD AND ISC AND MIT 2

0BSD AND MIT 2

BSD-2-Clause AND BSD-2-Clause-Views 2

BSD-2-Clause AND BSD-3-Clause 2

BSD-3-Clause AND LicenseRef-scancode-generic-cla AND MIT 2

BSD-3-Clause AND LicenseRef-scancode-protobuf 2

BSD-3-Clause AND MIT 2

CC0-1.0 2

(Apache-2.0 AND LicenseRef-scancode-unknown-license-reference AND MIT) OR (Apache-2.0 AND LicenseRef-scancode-unknown-license-reference) 1

(BSD-3-Clause AND Apache-2.0) 1

(CC-BY-4.0 AND MIT) 1

(MIT OR CC0-1.0) 1

AFL-2.1 AND AFL-3.0 AND BSD-3-Clause 1

Apache-2.0 AND BSD-2-Clause 1

Apache-2.0 OR MPL-2.0 1

BSD-2-Clause AND CC0-1.0 AND ISC AND MIT 1

BSD-2-Clause AND JSON 1

BSD-3-Clause AND ISC 1

BSD-3-Clause AND ISC AND MIT 1

BSD-3-Clause OR GPL-2.0-only 1

CC-BY-3.0 1

CC-BY-3.0 AND MIT 1

CC0-1.0 OR MIT OR (CC0-1.0 AND MIT) 1

LicenseRef-scancode-dco-1.1 AND MIT 1

LicenseRef-scancode-public-domain-disclaimer 1

LicenseRef-scancode-unknown-license-reference AND MIT 1

MIT AND MIT-0 1

MIT AND WTFPL 1

MIT OR (CC0-1.0 AND MIT) 1

MIT-0 1

Python-2.0 1

CVE Severity

critical 0

high 7

medium 11

low 1

unknown 1