ConScan Image Scan Dashboard

ConScan, A tool from Peek8.io, Scans everything in an Image !

Image Information

Image Name
ghcr.io/peek8/conscan-sample/node-nodemon:v0.1.1-alpha1
Base OS
alpine 3.22.2
Architecture
linux/amd64
Size
141 MB
Scan Date
2025-10-17 09:39:00 UTC
Scanner Version
ConScan v0.01.1
0
Critical Vulnerabilities
1
High Vulnerabilities
0
Exposed Secrets
254
Installed Packages
4
CIS Violations
99.96%
Storage Efficiency
Package Vulnerabilities
8 Total
GHSA-3xgq-45jj-v275: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to R...
High
Package: cross-spawn
Installed Version: 7.0.3
Fixed Version: 7.0.5
CVSS Score: 7.50
GHSA-v6h2-p8h4-qcjw: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has...
Low
Package: brace-expansion
Installed Version: 2.0.1
Fixed Version: 2.0.2
CVSS Score: 3.10
CVE-2025-46394: In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through...
Low
Package: busybox
Installed Version: 1.37.0-r19
Fixed Version:
CVSS Score: 3.30
CVE-2025-46394: In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through...
Low
Package: busybox-binsh
Installed Version: 1.37.0-r19
Fixed Version:
CVSS Score: 3.30
CVE-2025-46394: In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through...
Low
Package: ssl_client
Installed Version: 1.37.0-r19
Fixed Version:
CVSS Score: 3.30
CVE-2024-58251: In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[...
Low
Package: busybox
Installed Version: 1.37.0-r19
Fixed Version:
CVSS Score: 2.50
CVE-2024-58251: In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[...
Low
Package: busybox-binsh
Installed Version: 1.37.0-r19
Fixed Version:
CVSS Score: 2.50
CVE-2024-58251: In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[...
Low
Package: ssl_client
Installed Version: 1.37.0-r19
Fixed Version:
CVSS Score: 2.50
Exposed Secrets
0 Found
CIS Benchmark Violations
4 Issues
CIS-DI-0001: Create a user for the container
WARN
Last user should not be root
CIS-DI-0005: Enable Content trust for Docker
INFO
export DOCKER_CONTENT_TRUST=1 before docker pull/build
CIS-DI-0006: Add HEALTHCHECK instruction to the container image
INFO
not found HEALTHCHECK statement
DKL-LI-0003: Only put necessary files
INFO
Suspicious directory : root/.npm
Storage Analysis
82 kB Wasted

Analysis Summary

Efficiency: 99.96%
Wasted Bytes: 82 kB
User Wasted Percent: 0.06%

Inefficient Files:

Count
Wasted Space
File Path
3
48 kB
/lib/apk/db/installed
3
31 kB
/lib/apk/db/scripts.tar
2
1.4 kB
/etc/passwd
2
1.0 kB
/etc/group
2
546 B
/etc/shadow
3
285 B
/lib/apk/db/triggers
3
242 B
/etc/apk/world

Results:

PASS highestUserWastedPercent
PASS lowestEfficiency
Result: PASS [Total:3] [Passed:2] [Failed:0] [Warn:0] [Skipped:1]
Installed Packages
254 Total
@isaacs/cliui
8.0.2
License: ISC
Description: easily create complex multi-column command-line-interfaces
Source: NOASSERTION
@isaacs/string-locale-compare
1.1.0
License: ISC
Description: Compare strings with Intl.Collator if available, falling back to String.localeCompare otherwise
Source: git+https://github.com/isaacs/string-locale-compare
@npmcli/agent
2.2.2
License: ISC
Description: the http/https agent used by the npm cli
Source: https://github.com/npm/agent.git
@npmcli/arborist
7.5.4
License: ISC
Description: Manage node_modules trees
Source: git+https://github.com/npm/cli.git
@npmcli/config
8.3.4
License: ISC
Description: Configuration management for the npm cli
Source: git+https://github.com/npm/cli.git
@npmcli/fs
3.1.1
License: ISC
Description: filesystem utilities for the npm cli
Source: git+https://github.com/npm/fs.git
@npmcli/git
5.0.8
License: ISC
Description: a util for spawning git from npm CLI contexts
Source: git+https://github.com/npm/git.git
@npmcli/installed-package-contents
2.1.0
License: ISC
Description: Get the list of files installed in a package in node_modules, including bundled dependencies
Source: https://github.com/npm/installed-package-contents.git
@npmcli/map-workspaces
3.0.6
License: ISC
Description: Retrieves a name:pathname Map for a given workspaces config
Source: https://github.com/npm/map-workspaces.git
@npmcli/metavuln-calculator
7.1.1
License: ISC
Description: Calculate meta-vulnerabilities from package security advisories
Source: git+https://github.com/npm/metavuln-calculator.git
@npmcli/name-from-folder
2.0.0
License: ISC
Description: Get the package name from a folder path
Source: https://github.com/npm/name-from-folder.git
@npmcli/node-gyp
3.0.0
License: ISC
Description: Tools for dealing with node-gyp packages
Source: https://github.com/npm/node-gyp.git
@npmcli/package-json
5.2.0
License: ISC
Description: Programmatic API to update package.json
Source: git+https://github.com/npm/package-json.git
@npmcli/promise-spawn
7.0.2
License: ISC
Description: spawn processes the way the npm cli likes to do
Source: git+https://github.com/npm/promise-spawn.git
@npmcli/query
3.1.0
License: ISC
Description: npm query parser and tools
Source: https://github.com/npm/query.git
@npmcli/redact
2.0.1
License: ISC
Description: Redact sensitive npm information from output
Source: https://github.com/npm/redact.git
@npmcli/run-script
8.1.0
License: ISC
Description: Run a lifecycle script for a package (descendant of npm-lifecycle)
Source: https://github.com/npm/run-script.git
@pkgjs/parseargs
0.11.0
License: MIT
Description: Polyfill of future proposal for `util.parseArgs()`
Source: NOASSERTION
@sigstore/bundle
2.3.2
License: Apache-2.0
Description: Sigstore bundle type
Source: git+https://github.com/sigstore/sigstore-js.git
@sigstore/core
1.1.0
License: Apache-2.0
Description: Base library for Sigstore
Source: git+https://github.com/sigstore/sigstore-js.git
@sigstore/protobuf-specs
0.3.2
License: Apache-2.0
Description: code-signing for npm packages
Source: git+https://github.com/sigstore/protobuf-specs.git
@sigstore/sign
2.3.2
License: Apache-2.0
Description: Sigstore signing library
Source: git+https://github.com/sigstore/sigstore-js.git
@sigstore/tuf
2.3.4
License: Apache-2.0
Description: Client for the Sigstore TUF repository
Source: git+https://github.com/sigstore/sigstore-js.git
@sigstore/verify
1.2.1
License: Apache-2.0
Description: Verification of Sigstore signatures
Source: git+https://github.com/sigstore/sigstore-js.git
@tufjs/canonical-json
2.0.0
License: MIT
Description: OLPC JSON canonicalization
Source: git+https://github.com/theupdateframework/tuf-js.git
@tufjs/models
2.0.1
License: MIT
Description: TUF metadata models
Source: git+https://github.com/theupdateframework/tuf-js.git
abbrev
2.0.0
License: ISC
Description: Like ruby's abbrev module, but in js
Source: https://github.com/npm/abbrev-js.git
agent-base
7.1.1
License: MIT
Description: Turn a function into an `http.Agent` instance
Source: https://github.com/TooTallNate/proxy-agents.git
aggregate-error
3.1.0
License: MIT
Description: Create an error from multiple errors
Source: NOASSERTION
alpine-baselayout
3.7.0-r0
License: GPL-2.0-only
Description: Alpine base dir structure and init scripts
Source: https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout
alpine-baselayout-data
3.7.0-r0
License: GPL-2.0-only
Description: Alpine base dir structure and init scripts
Source: https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout
alpine-keys
2.5-r0
License: MIT
Description: Public keys for Alpine Linux packages
Source: https://alpinelinux.org
alpine-release
3.22.2-r0
License: MIT
Description: Alpine release data
Source: https://alpinelinux.org
ansi-regex
5.0.1
License: MIT
Description: Regular expression for matching ANSI escape codes
Source: NOASSERTION
ansi-regex
6.0.1
License: MIT
Description: Regular expression for matching ANSI escape codes
Source: NOASSERTION
ansi-regex
6.0.1
License: MIT
Description: Regular expression for matching ANSI escape codes
Source: NOASSERTION
ansi-styles
4.3.0
License: MIT
Description: ANSI escape codes for styling strings in the terminal
Source: NOASSERTION
ansi-styles
6.2.1
License: MIT
Description: ANSI escape codes for styling strings in the terminal
Source: NOASSERTION
anymatch
3.1.3
License: ISC
Description: Matches strings against configurable strings, globs, regular expressions, and/or functions
Source: https://github.com/micromatch/anymatch
apk-tools
2.14.9-r3
License: GPL-2.0-only
Description: Alpine Package Keeper - package manager for alpine
Source: https://gitlab.alpinelinux.org/alpine/apk-tools
aproba
2.0.0
License: ISC
Description: A ridiculously light-weight argument validator (now browser friendly)
Source: https://github.com/iarna/aproba
archy
1.0.0
License: MIT
Description: render nested hierarchies `npm ls` style with unicode pipes
Source: http://github.com/substack/node-archy.git
balanced-match
1.0.2
License: MIT
Description: Match balanced character pairs, like "{" and "}"
Source: git://github.com/juliangruber/balanced-match.git
balanced-match
1.0.2
License: MIT
Description: Match balanced character pairs, like "{" and "}"
Source: git://github.com/juliangruber/balanced-match.git
bin-links
4.0.4
License: ISC
Description: JavaScript package binary linker
Source: git+https://github.com/npm/bin-links.git
binary-extensions
2.3.0
License: MIT
Description: List of binary file extensions
Source: NOASSERTION
binary-extensions
2.3.0
License: MIT
Description: List of binary file extensions
Source: NOASSERTION
brace-expansion
1.1.12
License: MIT
Description: Brace expansion as known from sh/bash
Source: git://github.com/juliangruber/brace-expansion.git
brace-expansion
2.0.1
License: MIT
Description: Brace expansion as known from sh/bash
Source: git://github.com/juliangruber/brace-expansion.git
braces
3.0.3
License: MIT
Description: Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support for the Bash 4.3 braces specification, without sacrificing speed.
Source: NOASSERTION
busybox
1.37.0-r19
License: GPL-2.0-only
Description: Size optimized toolbox of many common UNIX utilities
Source: https://busybox.net/
busybox-binsh
1.37.0-r19
License: GPL-2.0-only
Description: busybox ash /bin/sh
Source: https://busybox.net/
ca-certificates-bundle
20250911-r0
License: (MPL-2.0 AND MIT)
Description: Pre generated bundle of Mozilla certificates
Source: https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/
cacache
18.0.3
License: ISC
Description: Fast, fault-tolerant, cross-platform, disk-based, data-agnostic, content-addressable cache.
Source: git+https://github.com/npm/cacache.git
chalk
5.3.0
License: MIT
Description: Terminal string styling done right
Source: NOASSERTION
chokidar
3.6.0
License: MIT
Description: Minimal and efficient cross-platform file watching library
Source: git+https://github.com/paulmillr/chokidar.git
chownr
2.0.0
License: ISC
Description: like `chown -R`
Source: git://github.com/isaacs/chownr.git
ci-info
4.0.0
License: MIT
Description: Get details about the current Continuous Integration environment
Source: https://github.com/watson/ci-info.git
cidr-regex
4.1.1
License: BSD-2-Clause
Description: Regular expression for matching IP addresses in CIDR notation
Source: NOASSERTION
clean-stack
2.2.0
License: MIT
Description: Clean up error stack traces
Source: NOASSERTION
cli-columns
4.0.0
License: MIT
Description: Columnated lists for the CLI.
Source: NOASSERTION
cmd-shim
6.0.3
License: ISC
Description: Used in npm for command line application support
Source: git+https://github.com/npm/cmd-shim.git
color-convert
2.0.1
License: MIT
Description: Plain color conversion functions
Source: NOASSERTION
color-name
1.1.4
License: MIT
Description: A list of color names and its values
Source: NOASSERTION
common-ancestor-path
1.0.1
License: ISC
Description: Find the common ancestor of 2 or more paths on Windows or Unix
Source: git+https://github.com/isaacs/common-ancestor-path
concat-map
0.0.1
License: MIT
Description: concatenative mapdashery
Source: git://github.com/substack/node-concat-map.git
corepack
0.33.0
License: MIT
Description: -
Source: https://github.com/nodejs/corepack.git
cross-spawn
7.0.3
License: MIT
Description: Cross platform child_process#spawn and child_process#spawnSync
Source: NOASSERTION
cssesc
3.0.0
License: MIT
Description: A JavaScript library for escaping CSS strings and identifiers while generating the shortest possible ASCII-only output.
Source: https://github.com/mathiasbynens/cssesc.git
debug
4.3.5
License: MIT
Description: Lightweight debugging utility for Node.js and the browser
Source: git://github.com/debug-js/debug.git
debug
4.4.3
License: MIT
Description: Lightweight debugging utility for Node.js and the browser
Source: git://github.com/debug-js/debug.git
diff
5.2.0
License: BSD-3-Clause
Description: A JavaScript text diff implementation.
Source: git://github.com/kpdecker/jsdiff.git
eastasianwidth
0.2.0
License: MIT
Description: Get East Asian Width from a character.
Source: git://github.com/komagata/eastasianwidth.git
emoji-regex
8.0.0
License: MIT
Description: A regular expression to match all Emoji-only symbols as per the Unicode Standard.
Source: https://github.com/mathiasbynens/emoji-regex.git
emoji-regex
9.2.2
License: MIT
Description: A regular expression to match all Emoji-only symbols as per the Unicode Standard.
Source: https://github.com/mathiasbynens/emoji-regex.git
emoji-regex
9.2.2
License: MIT
Description: A regular expression to match all Emoji-only symbols as per the Unicode Standard.
Source: https://github.com/mathiasbynens/emoji-regex.git
encoding
0.1.13
License: MIT
Description: Convert encodings, uses iconv-lite
Source: https://github.com/andris9/encoding.git
env-paths
2.2.1
License: MIT
Description: Get paths for storing things like data, config, cache, etc
Source: NOASSERTION
err-code
2.0.3
License: MIT
Description: Create an error with a code
Source: git://github.com/IndigoUnited/js-err-code.git
exponential-backoff
3.1.1
License: Apache-2.0
Description: A utility that allows retrying a function with an exponential delay between attempts.
Source: git+https://github.com/coveo/exponential-backoff.git
fastest-levenshtein
1.0.16
License: MIT
Description: Fastest Levenshtein distance implementation in JS.
Source: git+https://github.com/ka-weihe/fastest-levenshtein.git
fill-range
7.1.1
License: MIT
Description: Fill in a range of numbers or letters, optionally passing an increment or `step` to use, or create a regex-compatible range with `options.toRegex`
Source: NOASSERTION
foreground-child
3.2.1
License: ISC
Description: Run a child as if it's the foreground process. Give it stdio. Exit when it exits.
Source: git+https://github.com/tapjs/foreground-child.git
fs-minipass
2.1.0
License: ISC
Description: fs read and write streams based on minipass
Source: git+https://github.com/npm/fs-minipass.git
fs-minipass
3.0.3
License: ISC
Description: fs read and write streams based on minipass
Source: https://github.com/npm/fs-minipass.git
ghcr.io/peek8/conscan-sample/node-nodemon
v0.1.1-alpha1
License: NOASSERTION
Description: -
Source: NOASSERTION
glob
10.4.2
License: ISC
Description: the most correct and second fastest glob implementation in JavaScript
Source: git://github.com/isaacs/node-glob.git
glob-parent
5.1.2
License: ISC
Description: Extract the non-magic parent path from a glob string.
Source: NOASSERTION
graceful-fs
4.2.11
License: ISC
Description: A drop-in replacement for fs, making various improvements.
Source: https://github.com/isaacs/node-graceful-fs
has-flag
3.0.0
License: MIT
Description: Check if argv has a specific flag
Source: NOASSERTION
hosted-git-info
7.0.2
License: ISC
Description: Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab
Source: git+https://github.com/npm/hosted-git-info.git
http-cache-semantics
4.1.1
License: BSD-2-Clause
Description: Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies
Source: https://github.com/kornelski/http-cache-semantics.git
http-proxy-agent
7.0.2
License: MIT
Description: An HTTP(s) proxy `http.Agent` implementation for HTTP
Source: https://github.com/TooTallNate/proxy-agents.git
https-proxy-agent
7.0.5
License: MIT
Description: An HTTP(s) proxy `http.Agent` implementation for HTTPS
Source: https://github.com/TooTallNate/proxy-agents.git
iconv-lite
0.6.3
License: MIT
Description: Convert character encodings in pure javascript.
Source: git://github.com/ashtuchkin/iconv-lite.git
ignore-by-default
1.0.1
License: ISC
Description: A list of directories you should ignore by default
Source: git+https://github.com/novemberborn/ignore-by-default.git
ignore-walk
6.0.5
License: ISC
Description: Nested/recursive `.gitignore`/`.npmignore` parsing and filtering.
Source: git+https://github.com/npm/ignore-walk.git
imurmurhash
0.1.4
License: MIT
Description: An incremental implementation of MurmurHash3
Source: https://github.com/jensyt/imurmurhash-js
indent-string
4.0.0
License: MIT
Description: Indent each line in a string
Source: NOASSERTION
ini
4.1.3
License: ISC
Description: An ini encoder/decoder for node
Source: git+https://github.com/npm/ini.git
init-package-json
6.0.3
License: ISC
Description: A node module to get your node module started
Source: git+https://github.com/npm/init-package-json.git
ip-address
9.0.5
License: MIT
Description: A library for parsing IPv4 and IPv6 IP addresses in node and the browser.
Source: git://github.com/beaugunderson/ip-address.git
ip-regex
5.0.0
License: MIT
Description: Regular expression for matching IP addresses (IPv4 & IPv6)
Source: NOASSERTION
is-binary-path
2.1.0
License: MIT
Description: Check if a file path is a binary file
Source: NOASSERTION
is-cidr
5.1.0
License: BSD-2-Clause
Description: Check if a string is an IP address in CIDR notation
Source: NOASSERTION
is-extglob
2.1.1
License: MIT
Description: Returns true if a string has an extglob.
Source: NOASSERTION
is-fullwidth-code-point
3.0.0
License: MIT
Description: Check if the character represented by a given Unicode code point is fullwidth
Source: NOASSERTION
is-glob
4.0.3
License: MIT
Description: Returns `true` if the given string looks like a glob pattern or an extglob pattern. This makes it easy to create code that only uses external modules like node-glob when necessary, resulting in much faster code execution and initialization time, and a better user experience.
Source: NOASSERTION
is-lambda
1.0.1
License: MIT
Description: Detect if your code is running on an AWS Lambda server
Source: https://github.com/watson/is-lambda.git
is-number
7.0.0
License: MIT
Description: Returns true if a number or string value is a finite number. Useful for regex matches, parsing, user input, etc.
Source: NOASSERTION
isexe
2.0.0
License: ISC
Description: Minimal module to check if a file is executable.
Source: git+https://github.com/isaacs/isexe.git
isexe
3.1.1
License: ISC
Description: Minimal module to check if a file is executable.
Source: https://github.com/isaacs/isexe
jackspeak
3.4.0
License: BlueOak-1.0.0
Description: A very strict and proper argument parser.
Source: git+https://github.com/isaacs/jackspeak.git
jsbn
1.1.0
License: MIT
Description: The jsbn library is a fast, portable implementation of large-number math in pure JavaScript, enabling public-key crypto and other applications on desktop and mobile browsers.
Source: https://github.com/andyperlitch/jsbn.git
json-parse-even-better-errors
3.0.2
License: MIT
Description: JSON.parse with context information on error
Source: git+https://github.com/npm/json-parse-even-better-errors.git
json-stringify-nice
1.1.4
License: ISC
Description: Stringify an object sorting scalars before objects, and defaulting to 2-space indent
Source: https://github.com/isaacs/json-stringify-nice
jsonparse
1.3.1
License: MIT
Description: This is a pure-js JSON streaming parser for node.js
Source: http://github.com/creationix/jsonparse.git
just-diff
6.0.2
License: MIT
Description: Return an object representing the diffs between two objects. Supports jsonPatch protocol
Source: https://github.com/angus-c/just
just-diff-apply
5.5.0
License: MIT
Description: Apply a diff to an object. Optionally supports jsonPatch protocol
Source: https://github.com/angus-c/just
libapk2
2.14.9-r3
License: GPL-2.0-only
Description: Alpine Package Keeper - package manager for alpine
Source: https://gitlab.alpinelinux.org/alpine/apk-tools
libcrypto3
3.5.4-r0
License: Apache-2.0
Description: Crypto library from openssl
Source: https://www.openssl.org/
libgcc
14.2.0-r6
License: (GPL-2.0-or-later AND LGPL-2.1-or-later)
Description: GNU C compiler runtime libraries
Source: https://gcc.gnu.org
libnpmaccess
8.0.6
License: ISC
Description: programmatic library for `npm access` commands
Source: git+https://github.com/npm/cli.git
libnpmdiff
6.1.4
License: ISC
Description: The registry diff
Source: git+https://github.com/npm/cli.git
libnpmexec
8.1.3
License: ISC
Description: npm exec (npx) programmatic API
Source: git+https://github.com/npm/cli.git
libnpmfund
5.0.12
License: ISC
Description: Programmatic API for npm fund
Source: git+https://github.com/npm/cli.git
libnpmhook
10.0.5
License: ISC
Description: programmatic API for managing npm registry hooks
Source: git+https://github.com/npm/cli.git
libnpmorg
6.0.6
License: ISC
Description: Programmatic api for `npm org` commands
Source: git+https://github.com/npm/cli.git
libnpmpack
7.0.4
License: ISC
Description: Programmatic API for the bits behind npm pack
Source: git+https://github.com/npm/cli.git
libnpmpublish
9.0.9
License: ISC
Description: Programmatic API for the bits behind npm publish and unpublish
Source: git+https://github.com/npm/cli.git
libnpmsearch
7.0.6
License: ISC
Description: Programmatic API for searching in npm and compatible registries.
Source: git+https://github.com/npm/cli.git
libnpmteam
6.0.5
License: ISC
Description: npm Team management APIs
Source: git+https://github.com/npm/cli.git
libnpmversion
6.0.3
License: ISC
Description: library to do the things that 'npm version' does
Source: git+https://github.com/npm/cli.git
libssl3
3.5.4-r0
License: Apache-2.0
Description: SSL shared libraries
Source: https://www.openssl.org/
libstdc++
14.2.0-r6
License: (GPL-2.0-or-later AND LGPL-2.1-or-later)
Description: GNU C++ standard runtime library
Source: https://gcc.gnu.org
lru-cache
10.2.2
License: ISC
Description: A cache object that deletes the least-recently-used items.
Source: git://github.com/isaacs/node-lru-cache.git
make-fetch-happen
13.0.1
License: ISC
Description: Opinionated, caching, retrying fetch client
Source: https://github.com/npm/make-fetch-happen.git
minimatch
3.1.2
License: ISC
Description: a glob matcher in javascript
Source: git://github.com/isaacs/minimatch.git
minimatch
9.0.5
License: ISC
Description: a glob matcher in javascript
Source: git://github.com/isaacs/minimatch.git
minipass
3.3.6
License: ISC
Description: minimal implementation of a PassThrough stream
Source: git+https://github.com/isaacs/minipass.git
minipass
3.3.6
License: ISC
Description: minimal implementation of a PassThrough stream
Source: git+https://github.com/isaacs/minipass.git
minipass
3.3.6
License: ISC
Description: minimal implementation of a PassThrough stream
Source: git+https://github.com/isaacs/minipass.git
minipass
3.3.6
License: ISC
Description: minimal implementation of a PassThrough stream
Source: git+https://github.com/isaacs/minipass.git
minipass
3.3.6
License: ISC
Description: minimal implementation of a PassThrough stream
Source: git+https://github.com/isaacs/minipass.git
minipass
5.0.0
License: ISC
Description: minimal implementation of a PassThrough stream
Source: git+https://github.com/isaacs/minipass.git
minipass
7.1.2
License: ISC
Description: minimal implementation of a PassThrough stream
Source: https://github.com/isaacs/minipass
minipass-collect
2.0.1
License: ISC
Description: A Minipass stream that collects all the data into a single chunk
Source: https://github.com/isaacs/minipass-collect
minipass-fetch
3.0.5
License: MIT
Description: An implementation of window.fetch in Node.js using Minipass streams
Source: git+https://github.com/npm/minipass-fetch.git
minipass-flush
1.0.5
License: ISC
Description: A Minipass stream that calls a flush function before emitting 'end'
Source: git+https://github.com/isaacs/minipass-flush.git
minipass-pipeline
1.2.4
License: ISC
Description: create a pipeline of streams using Minipass
Source: NOASSERTION
minipass-sized
1.0.3
License: ISC
Description: A Minipass stream that raises an error if you get a different number of bytes than expected
Source: git+https://github.com/isaacs/minipass-sized.git
minizlib
2.1.2
License: MIT
Description: A small fast zlib stream built on [minipass](http://npm.im/minipass) and Node.js's zlib binding.
Source: git+https://github.com/isaacs/minizlib.git
mkdirp
1.0.4
License: MIT
Description: Recursively mkdir, like `mkdir -p`
Source: https://github.com/isaacs/node-mkdirp.git
ms
2.1.2
License: MIT
Description: Tiny millisecond conversion utility
Source: NOASSERTION
ms
2.1.3
License: MIT
Description: Tiny millisecond conversion utility
Source: NOASSERTION
ms
2.1.3
License: MIT
Description: Tiny millisecond conversion utility
Source: NOASSERTION
musl
1.2.5-r10
License: MIT
Description: the musl c library (libc) implementation
Source: https://musl.libc.org/
musl-utils
1.2.5-r10
License: (MIT AND BSD-2-Clause AND GPL-2.0-or-later)
Description: the musl c library (libc) implementation
Source: https://musl.libc.org/
mute-stream
1.0.0
License: ISC
Description: Bytes go in, but they don't come out (when muted).
Source: https://github.com/npm/mute-stream.git
negotiator
0.6.3
License: MIT
Description: HTTP content negotiation
Source: NOASSERTION
node
20.19.5
License: NOASSERTION
Description: -
Source: NOASSERTION
node-gyp
10.1.0
License: MIT
Description: Node.js native addon build tool
Source: git://github.com/nodejs/node-gyp.git
nodemon
3.1.10
License: MIT
Description: Simple monitor script for use during development of a Node.js app.
Source: https://github.com/remy/nodemon.git
nopt
7.2.1
License: ISC
Description: Option parsing for Node, supporting types, shorthands, etc. Used by npm.
Source: git+https://github.com/npm/nopt.git
normalize-package-data
6.0.2
License: BSD-2-Clause
Description: Normalizes data that can be found in package.json files.
Source: git+https://github.com/npm/normalize-package-data.git
normalize-path
3.0.0
License: MIT
Description: Normalize slashes in a file path to be posix/unix-like forward slashes. Also condenses repeat slashes to a single slash and removes and trailing slashes, unless disabled.
Source: NOASSERTION
npm
10.8.2
License: Artistic-2.0
Description: a package manager for JavaScript
Source: git+https://github.com/npm/cli.git
npm-audit-report
5.0.0
License: ISC
Description: Given a response from the npm security api, render it into a variety of security reports
Source: https://github.com/npm/npm-audit-report.git
npm-bundled
3.0.1
License: ISC
Description: list things in node_modules that are bundledDependencies, or transitive dependencies thereof
Source: git+https://github.com/npm/npm-bundled.git
npm-install-checks
6.3.0
License: BSD-2-Clause
Description: Check the engines and platform fields in package.json
Source: https://github.com/npm/npm-install-checks.git
npm-normalize-package-bin
3.0.1
License: ISC
Description: Turn any flavor of allowable package.json bin into a normalized object
Source: https://github.com/npm/npm-normalize-package-bin.git
npm-package-arg
11.0.2
License: ISC
Description: Parse the things that can be arguments to `npm install`
Source: https://github.com/npm/npm-package-arg.git
npm-packlist
8.0.2
License: ISC
Description: Get a list of the files to add from a folder into an npm package
Source: https://github.com/npm/npm-packlist.git
npm-pick-manifest
9.1.0
License: ISC
Description: Resolves a matching manifest from a package metadata document according to standard npm semver resolution rules.
Source: git+https://github.com/npm/npm-pick-manifest.git
npm-profile
10.0.0
License: ISC
Description: Library for updating an npmjs.com profile
Source: https://github.com/npm/npm-profile.git
npm-registry-fetch
17.1.0
License: ISC
Description: Fetch-based http client for use with npm registry APIs
Source: git+https://github.com/npm/npm-registry-fetch.git
npm-user-validate
2.0.1
License: BSD-2-Clause
Description: User validations for npm
Source: git+https://github.com/npm/npm-user-validate.git
p-map
4.0.0
License: MIT
Description: Map over promises concurrently
Source: NOASSERTION
package-json-from-dist
1.0.0
License: BlueOak-1.0.0
Description: Load the local package.json from either src or dist folder
Source: git+https://github.com/isaacs/package-json-from-dist.git
pacote
18.0.6
License: ISC
Description: JavaScript package downloader
Source: git+https://github.com/npm/pacote.git
parse-conflict-json
3.0.1
License: ISC
Description: Parse a JSON string that has git merge conflicts, resolving if possible
Source: https://github.com/npm/parse-conflict-json.git
path-key
3.1.1
License: MIT
Description: Get the PATH environment variable key cross-platform
Source: NOASSERTION
path-scurry
1.11.1
License: BlueOak-1.0.0
Description: walk paths fast and efficiently
Source: git+https://github.com/isaacs/path-scurry
picomatch
2.3.1
License: MIT
Description: Blazing fast and accurate glob matcher written in JavaScript, with no dependencies and full support for standard and extended Bash glob features, including braces, extglobs, POSIX brackets, and regular expressions.
Source: NOASSERTION
postcss-selector-parser
6.1.0
License: MIT
Description: -
Source: NOASSERTION
proc-log
3.0.0
License: ISC
Description: just emit 'log' events on the process object
Source: https://github.com/npm/proc-log.git
proc-log
4.2.0
License: ISC
Description: just emit 'log' events on the process object
Source: https://github.com/npm/proc-log.git
proggy
2.0.0
License: ISC
Description: Progress bar updates at a distance
Source: https://github.com/npm/proggy.git
promise-all-reject-late
1.0.1
License: ISC
Description: Like Promise.all, but save rejections until all promises are resolved
Source: NOASSERTION
promise-call-limit
3.0.1
License: ISC
Description: Call an array of promise-returning functions, restricting concurrency to a specified limit.
Source: git+https://github.com/isaacs/promise-call-limit
promise-inflight
1.0.1
License: ISC
Description: One promise for multiple requests in flight to avoid async duplication
Source: git+https://github.com/iarna/promise-inflight.git
promise-retry
2.0.1
License: MIT
Description: Retries a function that returns a promise, leveraging the power of the retry module.
Source: git://github.com/IndigoUnited/node-promise-retry.git
promzard
1.0.2
License: ISC
Description: prompting wizardly
Source: git+https://github.com/npm/promzard.git
pstree.remy
1.1.8
License: MIT
Description: Collects the full tree of processes from /proc
Source: https://github.com/remy/pstree.git
qrcode-terminal
0.12.0
License: LicenseRef-Apache-2.0
Description: QRCodes, in the terminal
Source: https://github.com/gtanner/qrcode-terminal
read
3.0.1
License: ISC
Description: read(1) for node programs
Source: https://github.com/npm/read.git
read-cmd-shim
4.0.0
License: ISC
Description: Figure out what a cmd-shim is pointing at. This acts as the equivalent of fs.readlink.
Source: https://github.com/npm/read-cmd-shim.git
read-package-json-fast
3.0.2
License: ISC
Description: Like read-package-json, but faster
Source: https://github.com/npm/read-package-json-fast.git
readdirp
3.6.0
License: MIT
Description: Recursive version of fs.readdir with streaming API.
Source: git://github.com/paulmillr/readdirp.git
retry
0.12.0
License: MIT
Description: Abstraction for exponential and custom retry strategies for failed operations.
Source: git://github.com/tim-kos/node-retry.git
safer-buffer
2.1.2
License: MIT
Description: Modern Buffer API polyfill without footguns
Source: git+https://github.com/ChALkeR/safer-buffer.git
scanelf
1.3.8-r1
License: GPL-2.0-only
Description: Scan ELF binaries for stuff
Source: https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities
semver
7.6.2
License: ISC
Description: The semantic version parser used by npm.
Source: git+https://github.com/npm/node-semver.git
semver
7.7.3
License: ISC
Description: The semantic version parser used by npm.
Source: git+https://github.com/npm/node-semver.git
shebang-command
2.0.0
License: MIT
Description: Get the command from a shebang
Source: NOASSERTION
shebang-regex
3.0.0
License: MIT
Description: Regular expression for matching a shebang line
Source: NOASSERTION
signal-exit
4.1.0
License: ISC
Description: when you want to fire an event no matter how a process exits.
Source: https://github.com/tapjs/signal-exit.git
sigstore
2.3.1
License: Apache-2.0
Description: code-signing for npm packages
Source: git+https://github.com/sigstore/sigstore-js.git
simple-update-notifier
2.0.0
License: MIT
Description: Simple update notifier to check for npm updates for cli applications
Source: https://github.com/alexbrazier/simple-update-notifier.git
smart-buffer
4.2.0
License: MIT
Description: smart-buffer is a Buffer wrapper that adds automatic read & write offset tracking, string operations, data insertions, and more.
Source: https://github.com/JoshGlazebrook/smart-buffer.git
socks
2.8.3
License: MIT
Description: Fully featured SOCKS proxy client supporting SOCKSv4, SOCKSv4a, and SOCKSv5. Includes Bind and Associate functionality.
Source: https://github.com/JoshGlazebrook/socks.git
socks-proxy-agent
8.0.4
License: MIT
Description: A SOCKS proxy `http.Agent` implementation for HTTP and HTTPS
Source: https://github.com/TooTallNate/proxy-agents.git
spdx-correct
3.2.0
License: Apache-2.0
Description: correct invalid SPDX expressions
Source: NOASSERTION
spdx-exceptions
2.5.0
License: CC-BY-3.0
Description: list of SPDX standard license exceptions
Source: NOASSERTION
spdx-expression-parse
3.0.1
License: MIT
Description: parse SPDX license expressions
Source: NOASSERTION
spdx-expression-parse
3.0.1
License: MIT
Description: parse SPDX license expressions
Source: NOASSERTION
spdx-expression-parse
4.0.0
License: MIT
Description: parse SPDX license expressions
Source: NOASSERTION
spdx-license-ids
3.0.18
License: CC0-1.0
Description: A list of SPDX license identifiers
Source: NOASSERTION
sprintf-js
1.1.3
License: BSD-3-Clause
Description: JavaScript sprintf implementation
Source: https://github.com/alexei/sprintf.js.git
ssl_client
1.37.0-r19
License: GPL-2.0-only
Description: External ssl_client for busybox wget
Source: https://busybox.net/
ssri
10.0.6
License: ISC
Description: Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.
Source: git+https://github.com/npm/ssri.git
string-width
4.2.3
License: MIT
Description: Get the visual width of a string - the number of columns required to display it
Source: NOASSERTION
string-width
4.2.3
License: MIT
Description: Get the visual width of a string - the number of columns required to display it
Source: NOASSERTION
string-width
5.1.2
License: MIT
Description: Get the visual width of a string - the number of columns required to display it
Source: NOASSERTION
string-width
5.1.2
License: MIT
Description: Get the visual width of a string - the number of columns required to display it
Source: NOASSERTION
strip-ansi
6.0.1
License: MIT
Description: Strip ANSI escape codes from a string
Source: NOASSERTION
strip-ansi
6.0.1
License: MIT
Description: Strip ANSI escape codes from a string
Source: NOASSERTION
strip-ansi
7.1.0
License: MIT
Description: Strip ANSI escape codes from a string
Source: NOASSERTION
strip-ansi
7.1.0
License: MIT
Description: Strip ANSI escape codes from a string
Source: NOASSERTION
supports-color
5.5.0
License: MIT
Description: Detect whether a terminal supports color
Source: NOASSERTION
supports-color
9.4.0
License: MIT
Description: Detect whether a terminal supports color
Source: NOASSERTION
tar
6.2.1
License: ISC
Description: tar for node
Source: https://github.com/isaacs/node-tar.git
text-table
0.2.0
License: MIT
Description: borderless text tables with alignment
Source: git://github.com/substack/text-table.git
tiny-relative-date
1.3.0
License: MIT
Description: Tiny function that provides relative, human-readable dates.
Source: https://github.com/wildlyinaccurate/relative-date.git
to-regex-range
5.0.1
License: MIT
Description: Pass two numbers, get a regex-compatible source string for matching ranges. Validated against more than 2.78 million test assertions.
Source: NOASSERTION
touch
3.1.1
License: ISC
Description: like touch(1) in node
Source: git://github.com/isaacs/node-touch.git
treeverse
3.0.0
License: ISC
Description: Walk any kind of tree structure depth- or breadth-first. Supports promises and advanced map-reduce operations with a very small API.
Source: https://github.com/npm/treeverse.git
tuf-js
2.2.1
License: MIT
Description: JavaScript implementation of The Update Framework (TUF)
Source: git+https://github.com/theupdateframework/tuf-js.git
undefsafe
2.0.5
License: MIT
Description: Undefined safe way of extracting object properties
Source: https://github.com/remy/undefsafe.git
unique-filename
3.0.0
License: ISC
Description: Generate a unique filename for use in temporary directories or caches.
Source: https://github.com/npm/unique-filename.git
unique-slug
4.0.0
License: ISC
Description: Generate a unique character string suitible for use in files and URLs.
Source: https://github.com/npm/unique-slug.git
util-deprecate
1.0.2
License: MIT
Description: The Node.js `util.deprecate()` function with browser support
Source: git://github.com/TooTallNate/util-deprecate.git
validate-npm-package-license
3.0.4
License: Apache-2.0
Description: Give me a string and I'll tell you if it's a valid npm package license string
Source: NOASSERTION
validate-npm-package-name
5.0.1
License: ISC
Description: Give me a string and I'll tell you if it's a valid npm package name
Source: git+https://github.com/npm/validate-npm-package-name.git
walk-up-path
3.0.1
License: ISC
Description: Given a path string, return a generator that walks up the path, emitting each dirname.
Source: git+https://github.com/isaacs/walk-up-path
which
2.0.2
License: ISC
Description: Like which(1) unix command. Find the first instance of an executable in the PATH.
Source: git://github.com/isaacs/node-which.git
which
4.0.0
License: ISC
Description: Like which(1) unix command. Find the first instance of an executable in the PATH.
Source: https://github.com/npm/node-which.git
windows-kill
UNKNOWN
License: NOASSERTION
Description: -
Source: NOASSERTION
wrap-ansi
7.0.0
License: MIT
Description: Wordwrap a string with ANSI escape codes
Source: NOASSERTION
wrap-ansi
8.1.0
License: MIT
Description: Wordwrap a string with ANSI escape codes
Source: NOASSERTION
write-file-atomic
5.0.1
License: ISC
Description: Write files in an atomic fashion w/configurable ownership
Source: https://github.com/npm/write-file-atomic.git
yallist
4.0.0
License: ISC
Description: Yet Another Linked List
Source: git+https://github.com/isaacs/yallist.git
yarn
1.22.22
License: BSD-2-Clause
Description: 📦🐈 Fast, reliable, and secure dependency management.
Source: NOASSERTION
zlib
1.3.1-r2
License: Zlib
Description: A compression/decompression Library
Source: https://zlib.net/