Is node-static safe to use?

node-static has 2 known vulnerabilities on the latest version (0.7.11). DepScope rates its health at 47/100 (high risk).

What is the latest version of node-static?

The latest version of node-static is 0.7.11, released 2018-09-23.

Does node-static have known vulnerabilities?

Yes. node-static has 2 known vulnerabilities. See depscope.dev/pkg/npm/node-static for details.

Is node-static deprecated?

No, node-static is actively maintained. Latest release: 0.7.11 (2018-09-23).

What are alternatives to node-static?

Popular alternatives to node-static in npm include: semver, ansi-styles, debug, minimatch, brace-expansion.

What license does node-static use?

node-static is licensed under MIT.

node-static

npmv0.7.11

simple, compliant file streaming module for node

License MITpermissive26 versions3 maintainers3 deps71,680 weekly dl

ssh://[email protected]/cloudhead/node-static

/ 100

Health

update required

[email protected] has vulnerabilities — update to latest

1 high severity vulnerabilities

Health breakdown0 – 100

0/25

maintenance

10/20

popularity

18/25

security

15/15

maturity

4/15

community

Vulnerabilities

1 high1 medium

Advisories (2)

Severity	ID	Summary	Fixed in
high	CVE-2023-26111	node-static and @nubosoftware/node-static vulnerable to Directory Traversal	—
medium	GHSA-8r4g-cg4m-x23c	Denial of Service in node-static	—

Bundle & TypeScript

🌟

TypeScript

7/10typed

Types from @types/node-static (DefinitelyTyped)

Health History

Dependency Tree

License Audit

Dependencies (3)

optimist colors mime

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/node-static