All hapi versions

[email protected] rejected Risk: 43 BSD-3-Clause

hapi @17.8.5

rejected
This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.
npm Repository Homepage Tarball
43
Risk Score
BSD-3-Clause
License
No
Install Scripts
18
Dependencies
6
Dev Dependencies
41.1 KB
Package Size
Published

HTTP Server framework

Maintainers

hueniverse

Keywords

frameworkhttpapiweb

Dependencies (18)

PackageConstraintRegistry Status
joi 14.x.x auto_approved
ammo 3.x.x No greenflagged match
boom 7.x.x auto_approved
call 5.x.x auto_approved
hoek 6.x.x No greenflagged match
shot 4.x.x auto_approved
topo 3.x.x auto_approved
heavy 6.x.x auto_approved
mimos 4.x.x auto_approved
accept 3.x.x auto_approved
bounce 1.x.x auto_approved
catbox 10.x.x auto_approved
podium 3.x.x auto_approved
somever 2.x.x auto_approved
subtext 6.x.x No greenflagged match
teamwork 3.x.x auto_approved
statehood 6.x.x auto_approved
catbox-memory 3.x.x auto_approved

Dev Dependencies (6)

PackageConstraintRegistry Status
lab 17.x.x auto_approved
code 5.x.x auto_approved
inert 5.x.x auto_approved
wreck 14.x.x auto_approved
vision 5.x.x auto_approved
handlebars 4.x.x No greenflagged match

Transitive Dependency Tree

26 transitive deps max depth 5
  ├─ accept 3.x.x → 3.1.3
  ├─ ammo 3.x.x
  ├─ boom 7.x.x → 7.3.0
  ├─ bounce 1.x.x → 1.2.3
  ├─ call 5.x.x → 5.0.3
  ├─ catbox 10.x.x → 10.0.6
  ├─ catbox-memory 3.x.x → 3.1.4
  ├─ heavy 6.x.x → 6.1.2
  ├─ hoek 6.x.x
  ├─ joi 14.x.x → 14.3.1
  ├─ mimos 4.x.x → 4.0.2
  ├─ podium 3.x.x → 3.2.0
  ├─ shot 4.x.x → 4.0.7
  ├─ somever 2.x.x → 2.0.0
  ├─ statehood 6.x.x → 6.0.9
  ├─ subtext 6.x.x
  ├─ teamwork 3.x.x → 3.2.0
├─ topo 3.x.x → 3.0.3
  ├─ big-time 2.x.x → 2.0.1
  ├─ boom 7.x.x → 7.3.0
  ├─ bounce 1.x.x → 1.2.3
  ├─ bourne 1.x.x → 1.3.3
  ├─ cryptiles 4.x.x → 4.1.3
  ├─ hoek 6.x.x
  ├─ hoek 6.x.x → 6.1.2
  ├─ hoek 6.x.x → 6.1.3
  ├─ iron 5.x.x → 5.0.6
  ├─ isemail 3.x.x → 3.2.0
  ├─ joi 14.x.x → 14.3.1
  ├─ mime-db 1.x.x → 1.54.0
├─ topo 3.x.x → 3.0.3
  ├─ b64 4.x.x → 4.1.2
  ├─ boom 7.x.x → 7.3.0
  ├─ cryptiles 4.x.x → 4.1.3
  ├─ hoek 6.x.x → 6.1.3
  ├─ hoek 6.x.x → 6.1.2
  ├─ isemail 3.x.x → 3.2.0
  ├─ punycode 2.x.x → 2.3.1
├─ topo 3.x.x → 3.0.3
  ├─ boom 7.x.x → 7.3.0
  ├─ hoek 6.x.x → 6.1.2
├─ punycode 2.x.x → 2.3.1
  ├─ hoek 6.x.x → 6.1.2

Changes from v16.7.0

Dependency Changes

ChangePackageVersion
added bounce 1.x.x
added teamwork 3.x.x
removed iron 4.x.x
removed items 2.x.x
removed cryptiles 3.x.x
changed joi 11.x.x → 14.x.x
changed ammo 2.x.x → 3.x.x
changed boom 5.x.x → 7.x.x
changed call 4.x.x → 5.x.x
changed hoek 4.x.x → 6.x.x
changed shot 3.x.x → 4.x.x
changed topo 2.x.x → 3.x.x
changed heavy 4.x.x → 6.x.x
changed mimos 3.x.x → 4.x.x
changed accept 2.x.x → 3.x.x
changed catbox 7.x.x → 10.x.x
changed podium 1.x.x → 3.x.x
changed somever 1.x.x → 2.x.x
changed subtext 5.x.x → 6.x.x
changed statehood 5.x.x → 6.x.x
changed catbox-memory 2.x.x → 3.x.x

Script Changes

+ test-tap+ test-cov-html

File Changes

5 added 7 removed 19 modified size delta: -2.7 KB

Risk Dispositions (1 applicable to this version, 0 other)

Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.

Rule Source Disposition Author Reason
osv:GHSA-7hx8-2rxv-66xv osv reject AI AI (osv): Advisory covers all versions of hapi with no fix; package is deprecated with no future patches. Verdict generalizes to every version of this package.

SAST Findings (2)

CRITICAL GHSA-7hx8-2rxv-66xv: Denial of Service in hapi osv

[Always reject] All Versions of `hapi` are vulnerable to Denial of Service. The CORS request handler has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. If no unhandled exception handler is available, the application will exist, allowing an attacker to shut down services. ## Recommendation This package is deprecated and is now maintained as `@hapi/hapi`. Please update your dependencies to use `@hapi/hapi`.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Review Summary

Risk score: 43. Findings: 1 critical (+40), 1 low (+3).

Commit: 8eeceea41099 Browse source

Published to npm: