`basic-ftp`

Ecosystem:
npm

Package URL:
pkg:npm/basic-ftp

Total PRs:
2,117 Dependabot PRs

Latest PR:
about 1 hour ago

Unique Repositories:
1,509 repositories

Unique Repos (30 days):
164 repositories

Security Advisories

Basic FTP has Path Traversal Vulnerability in its downloadToDir() method

GHSA-5rq4-664w-9x2c CVE-2026-27699 CRITICAL published 3 months ago • updated about 15 hours ago

The `basic-ftp` library contains a path traversal vulnerability in the `downloadToDir()` method. A malicious FTP server can send directory listings...

basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering

GHSA-rpmf-866q-6p89 CVE-2026-44240 HIGH published 24 days ago • updated 8 days ago

## Summary `basic-ftp` is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compro...

basic-ftp has FTP Command Injection via CRLF

GHSA-chqc-8p9q-pq6q CVE-2026-39983 HIGH published about 2 months ago • updated 9 days ago

## Summary `basic-ftp` version `5.2.0` allows FTP command injection via CRLF sequences (`\r\n`) in file path parameters passed to high-level path ...

basic-ftp: Incomplete CRLF Injection Protection Allows Arbitrary FTP Command Execution via Credentials and MKD Commands

GHSA-6v7q-wjvx-w8wg HIGH published about 2 months ago • updated 24 days ago

## Summary basic-ftp's CRLF injection protection (added in commit 2ecc8e2 for GHSA-chqc-8p9q-pq6q) is incomplete. Two code paths bypass the `prote...

basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list()

GHSA-rp42-5vxx-qpwr CVE-2026-41324 HIGH published about 1 month ago • updated 4 days ago

### Summary `basic-ftp@5.2.2` is vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote ...

Recent PRs (filtered by: Patch PRs )

RSS Feed Clear filter

Bump the npm_and_yarn group across 9 directories with 5 updates

jgeofil/hash #43

5.2.0 → 5.2.2 Patch PR

Closed about 2 months ago 3 comments

Bump the npm_and_yarn group across 3 directories with 4 updates

jgeofil/hash #41

5.2.0 → 5.2.2 Patch PR

Closed about 2 months ago 3 comments

Bump basic-ftp from 5.2.1 to 5.2.2

emmsdan-inc/llf-worker #2

5.2.1 → 5.2.2 Patch PR

Closed about 2 months ago 1 comment

chore(deps): bump the npm_and_yarn group across 3 directories with 3 updates

lwhite702/Klutr_Primary #116

5.2.0 → 5.2.2 Patch PR

Closed about 2 months ago 4 comments

Bump the npm_and_yarn group across 2 directories with 1 update

reza-khojasteh/teaching-and-learning #67

5.2.0 → 5.2.2 Patch PR

Closed about 2 months ago 1 comment

chore(deps): bump the npm-minor-patch group across 1 directory with 119 updates

QQXIAOZHOU/VoiceHub-4805e #4

5.2.0 → 5.2.2 Patch PR

Closed about 2 months ago 3 comments

chore(deps): bump the npm-minor-patch group across 1 directory with 140 updates

qinchunhuan/VoiceHub #5

5.2.0 → 5.2.2 Patch PR

Open about 2 months ago 2 comments

chore(deps): bump the npm-minor-patch group across 1 directory with 119 updates

qinchunhuan/VoiceHub-fb544 #4

5.2.0 → 5.2.2 Patch PR

Open about 2 months ago 2 comments

chore(deps): bump the npm-minor-patch group with 27 updates

laoshuikaixue/VoiceHub #325

5.2.0 → 5.2.2 Patch PR

Open about 2 months ago 4 comments

chore(deps): bump the npm_and_yarn group across 75 directories with 5 updates

pkurri/crucible #47

5.2.0 → 5.2.2 Patch PR

Open about 2 months ago 1 comment

chore(deps): bump the npm_and_yarn group across 71 directories with 5 updates

pkurri/crucible #44

5.2.0 → 5.2.2 Patch PR

Closed about 2 months ago 2 comments

chore(deps): bump the npm_and_yarn group across 68 directories with 5 updates

pkurri/crucible #43

5.2.0 → 5.2.2 Patch PR

Closed about 2 months ago 2 comments

chore(deps): bump the npm_and_yarn group across 70 directories with 5 updates

pkurri/crucible #42

5.2.0 → 5.2.2 Patch PR

Open about 2 months ago 1 comment

chore(deps): bump the npm_and_yarn group across 65 directories with 5 updates

pkurri/crucible #41

5.2.0 → 5.2.2 Patch PR

Closed about 2 months ago 2 comments

chore(deps): bump the npm_and_yarn group across 66 directories with 5 updates

pkurri/crucible #40

5.2.0 → 5.2.2 Patch PR

Open about 2 months ago 1 comment

chore(deps): bump the npm_and_yarn group across 12 directories with 12 updates

arcjet/examples #160

5.2.0 → 5.2.2 Patch PR

Open about 2 months ago 1 comment

chore(deps): bump the npm_and_yarn group across 14 directories with 12 updates

jeremydh911/CRM #26

5.2.0 → 5.2.2 Patch PR

Closed about 2 months ago 2 comments

chore(deps-dev): bump basic-ftp from 5.2.1 to 5.2.2 in /tests/wdio

loft-sh/vcluster-docs #1912

5.2.1 → 5.2.2 Patch PR

Open about 2 months ago 3 comments

Bump basic-ftp from 5.2.1 to 5.2.2

erwindon/SaltGUI #861

5.2.1 → 5.2.2 Patch PR

Closed about 2 months ago 1 comment

chore(deps): bump basic-ftp from 5.2.0 to 5.2.2 in /packages/pi-wallet

0xKobold/0xkobolds #8

5.2.0 → 5.2.2 Patch PR

Closed about 2 months ago 1 comment

chore(deps-dev): bump basic-ftp from 5.2.1 to 5.2.2

JustinPaoletta/my_portfolio #257

5.2.1 → 5.2.2 Patch PR

Open about 2 months ago 4 comments

build(deps-dev): bump basic-ftp from 5.2.1 to 5.2.2

BrightspaceUI/lms-context-provider #531

5.2.1 → 5.2.2 Patch PR

Closed about 2 months ago 1 comment

build(deps-dev): bump basic-ftp from 5.2.1 to 5.2.2

canalplus/rx-player #1834

5.2.1 → 5.2.2 Patch PR

Open about 2 months ago 1 comment

chore: bump basic-ftp from 5.2.1 to 5.2.2

dequelabs/cauldron #2323

5.2.1 → 5.2.2 Patch PR

Open about 2 months ago 1 comment

Bump basic-ftp from 5.2.1 to 5.2.2

perrinjerome/theia-open #50

5.2.1 → 5.2.2 Patch PR

Closed about 2 months ago 1 comment

chore(deps): bump basic-ftp from 5.2.0 to 5.2.2

stephen-wm/nestwork #28

5.2.0 → 5.2.2 Patch PR

Closed about 2 months ago 2 comments

chore(deps-dev): bump basic-ftp from 5.2.1 to 5.2.2 in /backend

jerelle-rimando/nodebrain #13

5.2.1 → 5.2.2 Patch PR

Open about 2 months ago 1 comment

Bump basic-ftp from 5.2.1 to 5.2.2

walitoff/screen-orientation-test #123

5.2.1 → 5.2.2 Patch PR

Closed about 2 months ago 2 comments

Bump basic-ftp from 5.2.1 to 5.2.2 in /examples/kitchen-sink in the npm_and_yarn group across 1 directory

FortiShield/turborepo #85

5.2.1 → 5.2.2 Patch PR

Closed about 2 months ago 1 comment

Bump basic-ftp from 5.2.1 to 5.2.2

exploradoresdemadrid/decide #2053

5.2.1 → 5.2.2 Patch PR

Open about 2 months ago 1 comment

web: bump basic-ftp from 5.2.1 to 5.2.2 in /web

goauthentik/authentik #21543

5.2.1 → 5.2.2 Patch PR

Open about 2 months ago 3 comments

Bump basic-ftp from 5.2.0 to 5.2.2

cannaplan/Gaia-Commons-council-app-2.1 #57

5.2.0 → 5.2.2 Patch PR

Closed about 2 months ago 2 comments

Bump basic-ftp from 5.2.1 to 5.2.2

TimoStaudinger/sprite #195

5.2.1 → 5.2.2 Patch PR

Closed about 2 months ago 2 comments

Bump basic-ftp from 5.2.1 to 5.2.2

jkmartindale/echo #6

5.2.1 → 5.2.2 Patch PR

Open about 2 months ago 1 comment

chore(deps): bump basic-ftp from 5.2.1 to 5.2.2 in /worker in the npm_and_yarn group across 1 directory

danielgonzagat/whatsapp_saas #109

5.2.1 → 5.2.2 Patch PR

Closed about 2 months ago 1 comment

chore(deps-dev): bump basic-ftp from 5.2.1 to 5.2.2

Schubidu/schultstefan.de #642

5.2.1 → 5.2.2 Patch PR

Closed about 2 months ago 1 comment

chore(deps): bump basic-ftp from 5.2.0 to 5.2.2

mael-app/cv-generator-public #38

5.2.0 → 5.2.2 Patch PR

Open about 2 months ago 4 comments

build(deps): bump basic-ftp from 5.2.1 to 5.2.2

govuk-one-login/static-error-pages #41

5.2.1 → 5.2.2 Patch PR

Open about 2 months ago 1 comment

Bump basic-ftp from 5.2.0 to 5.2.2 in /sanity-studio

simplicreate/simplicreate-web #35

5.2.0 → 5.2.2 Patch PR

Closed about 2 months ago 2 comments

Bump basic-ftp from 5.2.1 to 5.2.2

oceanprotocol/ocean-node #1324

5.2.1 → 5.2.2 Patch PR

Closed about 2 months ago 1 comment

build(deps): bump basic-ftp from 5.2.1 to 5.2.2

salesforce/lwc #5778

5.2.1 → 5.2.2 Patch PR

Open about 2 months ago 1 comment

chore(deps-dev): bump basic-ftp from 5.2.1 to 5.2.2

IsmaelMartinez/ismaelmartinez.me.uk #67

5.2.1 → 5.2.2 Patch PR

Closed about 2 months ago 2 comments

Bump basic-ftp from 5.2.0 to 5.2.2 in /Frontend

XVX-016/F1-PREDICT #45

5.2.0 → 5.2.2 Patch PR

Open about 2 months ago 1 comment

build(deps-dev): bump basic-ftp from 5.2.0 to 5.2.2

M-Hammad-Faisal/code-mage #32

5.2.0 → 5.2.2 Patch PR

Open about 2 months ago 2 comments

Bump basic-ftp from 5.2.1 to 5.2.2

Automattic/color-studio #891

5.2.1 → 5.2.2 Patch PR

Closed about 2 months ago 1 comment

chore(deps-dev): bump basic-ftp from 5.2.1 to 5.2.2 in /tests

loft-sh/vcluster-docs #1911

5.2.1 → 5.2.2 Patch PR

Open about 2 months ago 1 comment

Bump basic-ftp from 5.2.1 to 5.2.2

mraible/infoq-mini-book #335

5.2.1 → 5.2.2 Patch PR

Closed about 2 months ago 1 comment

build(deps): bump basic-ftp from 5.2.0 to 5.2.2

ICJIA/viewcap-mcp #2

5.2.0 → 5.2.2 Patch PR

Closed about 2 months ago 1 comment

Bump basic-ftp from 5.2.1 to 5.2.2

opensearch-project/OpenSearch-Dashboards #11731

5.2.1 → 5.2.2 Patch PR

Open about 2 months ago 2 comments

deps(deps): bump basic-ftp from 5.2.1 to 5.2.2 in the npm_and_yarn group across 1 directory

Chloemlla/microsoft-tts #70

5.2.1 → 5.2.2 Patch PR

Closed about 2 months ago 1 comment

Package Details

Name:	`basic-ftp`
Ecosystem:	npm
PURL Type:	npm
Package URL:	`pkg:npm/basic-ftp`
JSON API:	View JSON

Security Advisories

5

Active advisories

CRITICAL 1

HIGH 4

View All npm Advisories

Package Information

Description:

FTP client for Node.js, supports FTPS over TLS, IPv6, Async/Await, and Typescript.

Repository:	https://github.com/patrickjuchli/basic-ftp
Homepage:	https://github.com/patrickjuchli/basic-ftp#readme
Latest Release:	`5.1.0` 5 months ago
Dependent Repos:	5,188
Dependent Packages:	271
Downloads:	50,604,527
Ranking:	Top 0.3186% by dependent repos Top 0.0583% by downloads Top 0.1842% by dependent pkgs

PR Status

Open 843 (39.8%)

Merged 0 (0.0%)

Closed 1,274 (60.2%)

PR Types

Major 5 (0.2%)

Minor 1,427 (67.4%)

Patch 685 (32.4%)