`hono`

Ecosystem:
npm

Package URL:
pkg:npm/hono

Total PRs:
15,917 Dependabot PRs

Latest PR:
about 14 hours ago

Unique Repositories:
5,729 repositories

Unique Repos (30 days):
366 repositories

Security Advisories

Hono vulnerable to Restricted Directory Traversal in serveStatic with deno

GHSA-3mpf-rcc7-5347 CVE-2024-32869 MODERATE published about 2 years ago • updated 5 days ago

### Summary When using serveStatic with deno, it is possible to directory traverse where main.ts is located. My environment is configured as per ...

hono Improperly Handles JSX Attribute Names Allows HTML Injection in hono/jsx SSR

GHSA-458j-xx4x-4375 CVE-2026-56761 MODERATE published 2 months ago • updated about 14 hours ago

## Summary Improper handling of JSX attribute names in hono/jsx allows malformed attribute keys to corrupt the generated HTML output. When untrus...

Hono: Non-breaking space prefix bypass in cookie name handling in getCookie()

GHSA-r5rp-j6wh-rvv4 CVE-2026-39410 MODERATE published 3 months ago • updated 6 days ago

## Summary A discrepancy between browser cookie parsing and `parse()` handling allows cookie prefix protections to be bypassed. Cookie names that...

Hono: Path traversal in toSSG() allows writing files outside the output directory

GHSA-xf4j-xp2r-rqqx CVE-2026-39408 MODERATE published 3 months ago • updated 6 days ago

## Summary A path traversal issue in `toSSG()` allows files to be written outside the configured output directory during static site generation. W...

Hono missing validation of cookie name on write path in setCookie()

GHSA-26pp-8wgv-hjvm MODERATE published 3 months ago • updated 3 months ago

## Summary Cookie names are not validated on the write path when using `setCookie()`, `serialize()`, or `serializeSigned()` to generate Set-Cookie...

View all 40 advisories

Recent PRs

RSS Feed

chore(deps): bump the production-dependencies group across 1 directory with 40 updates

sidereal-io/sidereal #185

4.12.25 → 4.12.27 Patch PR

Open about 14 hours ago 2 comments

chore(deps): Bump the node-dependencies group in /examples/node with 5 updates

edwardlthompson/trendalgo-bot #1

4.12.25 → 4.12.27 Patch PR

Closed about 17 hours ago 2 comments

chore(deps): bump the production-dependencies group across 3 directories with 9 updates

roziscoding/jack #30

4.12.25 → 4.12.27 Patch PR

Closed 2 days ago 5 comments

chore(deps): bump the production-dependencies group across 1 directory with 31 updates

buggyblues/shadow #406

4.12.25 → 4.12.27 Patch PR

Open 2 days ago 2 comments

chore(deps): bump hono from 4.12.18 to 4.12.27

samsunghappytree123/Portfolio #44

4.12.18 → 4.12.27 Patch PR

Open 3 days ago 1 comment

chore(deps): bump the production group across 1 directory with 3 updates

TheBeardedBearSAS/claude-craft #96

4.12.25 → 4.12.27 Patch PR

Closed 4 days ago 4 comments

build(deps): bump the npm_and_yarn group across 13 directories with 16 updates

alaaeldeeng/bun #80

4.7.2 → 4.12.25 Minor PR

Closed 4 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 3 directories with 12 updates

Sherlock999xxx/voltagent #103

4.9.1 → 4.12.25 Minor PR

Open 4 days ago 3 comments

deps(deps): bump the minor-and-patch group with 14 updates

kjfsm/notion-headless-cms #414

4.12.25 → 4.12.26 Patch PR

Open 5 days ago 6 comments

Bump the npm_and_yarn group across 11 directories with 8 updates

reevesc88/screenpipe #47

4.12.9 → 4.12.26 Patch PR

Closed 5 days ago 3 comments

chore(deps): Bump hono from 4.12.25 to 4.12.26

dipjyotimetia/restura #305

4.12.25 → 4.12.26 Patch PR

Open 5 days ago 3 comments

chore(deps): bump hono from 4.6.16 to 4.12.26 in /examples/auth/hono

Dustin4444/supabase #335

4.6.16 → 4.12.26 Minor PR

Open 6 days ago 5 comments

Bump the npm_and_yarn group across 1 directory with 8 updates

kkrzysztofik/finance-tracker #1

4.12.2 → 4.12.26 Patch PR

Closed 6 days ago 2 comments

deps(deps): Bump the minor-and-patch group across 1 directory with 7 updates

CallMarcus/security-scorecard-mcp #183

4.12.23 → 4.12.26 Patch PR

Open 6 days ago 1 comment

Build(deps): bump the npm_and_yarn group across 23 directories with 7 updates

selfagency/extensions #60

4.12.9 → 4.12.26 Patch PR

Open 6 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 1 directory with 12 updates

gastownhall/gastown #4305

4.12.15 → 4.12.26 Patch PR

Closed 6 days ago 3 comments

build(deps): bump hono from 4.12.23 to 4.12.26

Biguelini/prime-sofas #1

4.12.23 → 4.12.26 Patch PR

Open 6 days ago 1 comment

Bump hono from 4.12.14 to 4.12.26 in /Ui

TomasiDeveloping/PlayerManagement #60

4.12.14 → 4.12.26 Patch PR

Open 6 days ago 1 comment

build(deps): bump the npm_and_yarn group across 3 directories with 9 updates

mdjahid11978-design/clawback #14

4.12.14 → 4.12.25 Patch PR

Open 6 days ago 1 comment

chore(deps): bump hono from 4.12.23 to 4.12.26

trendmicro-frontend/tonic-ui #1165

4.12.23 → 4.12.26 Patch PR

Open 6 days ago 4 comments

Bump the npm_and_yarn group across 27 directories with 8 updates

ahump20/vercel #157

4.10.1 → 4.12.25 Minor PR

Open 6 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 9 directories with 17 updates

truffle-ai/dexto #853

4.12.12 → 4.12.25 Patch PR

Open 6 days ago 1 comment

build(deps): bump hono from 4.12.24 to 4.12.25 in /server

mowinckelb/alexandria #28

4.12.24 → 4.12.25 Patch PR

Open 6 days ago 1 comment

chore: bump hono from 4.12.18 to 4.12.26

hansschenker/rxjs-stack #13

4.12.18 → 4.12.26 Patch PR

Open 6 days ago 2 comments

Bump hono from 4.12.3 to 4.12.26 in /mcp_servers/google_maps

Sherlock999xxx/klavis #193

4.12.3 → 4.12.26 Patch PR

Open 6 days ago 3 comments

Bump hono from 4.11.7 to 4.12.26 in /mcp_servers/fetch_toolathlon

Sherlock999xxx/klavis #192

4.11.7 → 4.12.26 Minor PR

Open 6 days ago 3 comments

chore(deps): bump hono from 4.9.7 to 4.12.25

farcasterxyz/miniapps #618

4.9.7 → 4.12.25 Minor PR

Open 6 days ago 2 comments

Bump hono from 4.12.23 to 4.12.26

BASIC-BIT/drasil #157

4.12.23 → 4.12.26 Patch PR

Open 6 days ago 2 comments

Bump hono from 4.12.3 to 4.12.26

efekucuk/aso-kitchen #59

4.12.3 → 4.12.26 Patch PR

Open 7 days ago 1 comment

Bump the npm_and_yarn group across 2 directories with 16 updates

tabrezahmed51/Cloudflare-agents_0118 #10

4.10.7 → 4.12.26 Minor PR

Open 7 days ago 1 comment

chore(deps): bump hono from 4.12.9 to 4.12.25 in /apps/public-api

jakejarvis/sofa #41

4.12.9 → 4.12.25 Patch PR

Open 7 days ago 1 comment

chore(deps-dev): bump hono from 4.12.18 to 4.12.26

jinsan-t-j/Socket.IO-Studio #23

4.12.18 → 4.12.26 Patch PR

Closed 7 days ago 2 comments

chore(deps)(deps): bump hono from 4.12.22 to 4.12.26

kodiii/ctxloom #275

4.12.22 → 4.12.26 Patch PR

Open 7 days ago 3 comments

chore(deps): bump hono from 4.12.18 to 4.12.26

kthaisociety/landingpage-frontend #106

4.12.18 → 4.12.26 Patch PR

Open 7 days ago 5 comments

chore(deps): Bump hono from 4.12.18 to 4.12.26

decodedcreative/react-data-dashboard #27

4.12.18 → 4.12.26 Patch PR

Open 7 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 5 directories with 18 updates

EmiyaKiritsugu3/qwen-code #21

4.11.1 → 4.12.26 Minor PR

Open 7 days ago 1 comment

chore(deps): bump hono from 4.12.12 to 4.12.25 in /.repos/effect

govoel/voel #1353

4.12.12 → 4.12.25 Patch PR

Closed 7 days ago 1 comment

Bump hono from 4.12.12 to 4.12.26 in /frontend

pokiseler/gig-app #12

4.12.12 → 4.12.26 Patch PR

Open 7 days ago 1 comment

Bump hono from 4.12.23 to 4.12.26

ppfsoares/proponente #8

4.12.23 → 4.12.26 Patch PR

Open 7 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 15 directories with 12 updates

MDMAtk/TormentNexus #209

4.12.21 → 4.12.25 Patch PR

Open 7 days ago 10 comments

chore(deps): bump hono from 4.6.15 to 4.12.25

joelhooks/inngest-cloudflare-agentkit #8

4.6.15 → 4.12.25 Minor PR

Open 7 days ago 1 comment

chore(deps): Bump hono from 4.12.12 to 4.12.26

Skhaaall/codeguard #23

4.12.12 → 4.12.26 Patch PR

Open 7 days ago 1 comment

Bump hono from 4.11.7 to 4.12.26

alialobidm/tavily-mcp #10

4.11.7 → 4.12.26 Minor PR

Open 7 days ago 2 comments

chore(deps): bump the npm_and_yarn group across 2 directories with 10 updates

rafaelfiguereod-stack/get-shit-done #25

4.12.15 → 4.12.26 Patch PR

Closed 7 days ago 2 comments

Bump hono from 4.12.23 to 4.12.26

zepa-ui/zepa #13

4.12.23 → 4.12.26 Patch PR

Open 7 days ago 1 comment

chore(deps): bump the runtime-dependencies group across 1 directory with 11 updates

fyodoriv/minsky #1245

4.12.25 → 4.12.26 Patch PR

Open 7 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 1 directory with 5 updates

tehw0lf/yaft-admin #26

4.12.23 → 4.12.26 Patch PR

Closed 7 days ago 1 comment

Bump hono from 4.12.14 to 4.12.26 in /client-angular17+

doplerer/capgemini-tutorial #9

4.12.14 → 4.12.26 Patch PR

Open 7 days ago 1 comment

build(deps): bump hono from 4.12.9 to 4.12.26

Hendo10X/dispochat #12

4.12.9 → 4.12.26 Patch PR

Open 7 days ago 1 comment

chore(deps): bump hono from 4.12.18 to 4.12.25

labring/FastGPT #7150

4.12.18 → 4.12.25 Patch PR

Closed 7 days ago 2 comments

Package Details

Name:	`hono`
Ecosystem:	npm
PURL Type:	npm
Package URL:	`pkg:npm/hono`
JSON API:	View JSON

Security Advisories

40

Active advisories

HIGH 7

MODERATE 30

LOW 3

View All npm Advisories

Package Information

Description:

Web framework built on Web Standards

Repository:	https://github.com/honojs/hono
Homepage:	https://hono.dev
Latest Release:	`4.7.11` about 1 year ago
Dependent Repos:	668
Dependent Packages:	210
Downloads:	3,984,183
Ranking:	Top 0.6913% by dependent repos Top 0.5184% by downloads Top 0.2201% by dependent pkgs

PR Status

Open 7,256 (45.6%)

Merged 812 (5.1%)

Closed 7,392 (46.4%)

PR Types

Major 283 (1.8%)

Minor 8,002 (50.3%)

Patch 7,174 (45.1%)

Removal 1 (0.0%)