Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

hono

Ecosystem:
npm
Package URL:
pkg:npm/hono
Total PRs:
15,215 Dependabot PRs
Latest PR:
about 5 hours ago
Unique Repositories:
5,316 repositories
Unique Repos (30 days):
770 repositories
Security Advisories
Hono vulnerable to XSS through ErrorBoundary component
GHSA-9r54-q6cx-xmh5 CVE-2026-24771 MODERATE published 4 months ago • updated about 1 month ago
## Summary A Cross-Site Scripting (XSS) vulnerability exists in the `ErrorBoundary` component of the hono/jsx library. Under certain usage pattern...
Hono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter)
GHSA-w332-q679-j88p CVE-2026-24473 MODERATE published 4 months ago • updated about 1 month ago
## Summary Serve static Middleware for the Cloudflare Workers adapter contains an information disclosure vulnerability that may allow attackers to...
Hono cache middleware ignores "Cache-Control: private" leading to Web Cache Deception
GHSA-6wqw-2p9w-4vw4 CVE-2026-24472 MODERATE published 4 months ago • updated about 1 month ago
## Summary Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The mid...
Hono IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing
GHSA-r354-f388-2fhh CVE-2026-24398 MODERATE published 4 months ago • updated about 1 month ago
## Summary IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The `IPV4_REGEX` pattern and `convertIPv4ToBinary` ...
Hono Vulnerable to Cookie Attribute Injection via Unsanitized domain and path in setCookie()
GHSA-5pq2-9x2x-5p6w CVE-2026-29086 MODERATE published 2 months ago • updated 7 days ago
## Summary The `setCookie()` utility did not validate semicolons (`;`), carriage returns (`\r`), or newline characters (`\n`) in the `domain` and ...
View all 31 advisories
Recent PRs
RSS Feed
chore(deps): bump hono from 4.7.11 to 4.12.19

do-dorio/comment2434-2 #983

4.7.11 → 4.12.19 Minor PR
Open about 5 hours ago 1 comment
do-dorio
Bump the npm_and_yarn group across 1 directory with 8 updates

rubenvitt/bluelight-hub #765

4.12.14 → 4.12.19 Patch PR
Open about 12 hours ago 1 comment
rubenvitt
chore(deps): Bump the backend-deps group across 1 directory with 9 updates

marylin/whateverops #67

4.12.11 → 4.12.19 Patch PR
Open about 12 hours ago 1 comment
marylin
deps(deps): bump the all-dependencies group across 1 directory with 66 updates

nabashi404/saas-test #3

4.11.10 → 4.12.19 Minor PR
Open about 13 hours ago 1 comment
nabashi404
build(deps): bump the production-dependencies group with 6 updates

skittlz444/tripPlan #207

4.12.18 → 4.12.19 Patch PR
Open about 14 hours ago 4 comments
skittlz444
chore(deps): bump the minor-and-patch group across 1 directory with 16 updates

ComeOnOliver/skillshub #67

4.12.8 → 4.12.19 Patch PR
Open about 14 hours ago 1 comment
ComeOnOliver
chore(deps): bump hono from 4.12.18 to 4.12.19

omnifaced/url-shortener #98

4.12.18 → 4.12.19 Patch PR
Open about 15 hours ago 1 comment
omnifaced
build(deps): bump hono from 4.12.16 to 4.12.19

ytkg/ytkg.jp #279

4.12.16 → 4.12.19 Patch PR
Open about 15 hours ago 1 comment
ytkg
chore(deps): bump the all-minor-patch group across 1 directory with 25 updates

WuMingDao/zenith-image-generator #99

4.11.4 → 4.12.19 Minor PR
Open about 17 hours ago 4 comments
WuMingDao
chore(deps): Bump the minor-and-patch group across 1 directory with 19 updates

ephemere-io/oryzae #339

4.12.16 → 4.12.19 Patch PR
Open about 18 hours ago 1 comment
ephemere-io
chore(deps): Bump the production-dependencies group across 1 directory with 13 updates

hirokisakabe/pom #703

4.12.18 → 4.12.19 Patch PR
Open about 18 hours ago 6 comments
hirokisakabe
chore(deps): bump hono from 4.12.16 to 4.12.19

megasanjay/kato #60

4.12.16 → 4.12.19 Patch PR
Closed about 19 hours ago 1 comment
megasanjay
Bump hono from 4.12.12 to 4.12.19

Jadens-arc/jadenarceneaux.com #42

4.12.12 → 4.12.19 Patch PR
Closed about 20 hours ago 2 comments
Jadens-arc
chore(deps)(deps): bump the minor-and-patch group across 1 directory with 18 updates

DoReVo/kronos-app #37

4.12.15 → 4.12.19 Patch PR
Open about 21 hours ago 1 comment
DoReVo
chore(deps): bump the all group in /apps/worker with 5 updates

yourhq/yourhq #46

4.12.16 → 4.12.19 Patch PR
Open about 22 hours ago 1 comment
yourhq
chore(deps): bump hono from 4.12.17 to 4.12.19 in /services/idp-mcp-server

moatazeldebsy/backstage-platform-template #13

4.12.17 → 4.12.19 Patch PR
Closed about 23 hours ago 2 comments
moatazeldebsy
chore(deps): bump the dependencies group with 6 updates

pphatdev/api.pphat.me #27

4.12.18 → 4.12.19 Patch PR
Open 1 day ago 2 comments
pphatdev
chore(deps): bump the npm_and_yarn group across 2 directories with 20 updates

dporkka/open-assistant #9

4.11.7 → 4.12.18 Minor PR
Open 1 day ago 1 comment
dporkka
chore(deps): bump the npm_and_yarn group across 2 directories with 19 updates

nexusct/moltbot #6

4.11.4 → 4.12.18 Minor PR
Open 1 day ago 2 comments
nexusct
chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates

Dargon789/wagmi #529

4.12.17 → 4.12.19 Patch PR
Open 1 day ago 3 comments
Dargon789
chore(deps): bump the npm_and_yarn group across 4 directories with 10 updates

Kakachia777/UI-TARS-desktop #68

4.9.6 → 4.12.18 Minor PR
Closed 1 day ago 1 comment
Kakachia777
build(deps): bump hono from 4.12.16 to 4.12.19 in /frontend/appointment-frontend

bluetape4k/clinic-appointment #83

4.12.16 → 4.12.19 Patch PR
Closed 1 day ago 2 comments
bluetape4k
Bump hono from 4.12.16 to 4.12.19 in /weathered-base-bad8

MatthewSteeples/my-first-static-blazor-app #245

4.12.16 → 4.12.19 Patch PR
Open 1 day ago 1 comment
MatthewSteeples
chore(deps): bump the npm_and_yarn group across 4 directories with 4 updates

billlzzz10/hyprnote #34

4.12.12 → 4.12.18 Patch PR
Open 1 day ago 2 comments
billlzzz10
Bump the npm group with 3 updates

turntuptechnologies-ai/kumogakure #60

4.12.18 → 4.12.19 Patch PR
Closed 1 day ago 1 comment
turntuptechnologies-ai
chore(deps): bump the production-dependencies group with 13 updates

NumstackPtyLtd/supaproxy-server #113

4.12.14 → 4.12.19 Patch PR
Open 2 days ago 1 comment
NumstackPtyLtd
chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates

7893/lens #41

4.12.16 → 4.12.18 Patch PR
Closed 2 days ago 1 comment
7893
chore(deps): bump the npm_and_yarn group across 2 directories with 8 updates

schmug/loomwiki #47

4.12.16 → 4.12.18 Patch PR
Open 2 days ago 1 comment
schmug
chore(deps): bump the npm_and_yarn group across 7 directories with 3 updates

bluluvinn/x402 #30

4.10.2 → 4.12.18 Minor PR
Closed 2 days ago 1 comment
bluluvinn
Bump hono from 4.12.10 to 4.12.18

robroy154/sigmanu-alumni-hub #10

4.12.10 → 4.12.18 Patch PR
Open 3 days ago 1 comment
robroy154
chore(deps)(deps): bump hono from 4.12.16 to 4.12.18

eric-sison/victory-apps #29

4.12.16 → 4.12.18 Patch PR
Open 3 days ago 1 comment
eric-sison
Bump the npm_and_yarn group across 2 directories with 7 updates

averray-agent/agent #322

4.12.12 → 4.12.18 Patch PR
Closed 3 days ago 2 comments
averray-agent
deps(deps): bump the minor-and-patch group across 1 directory with 29 updates

kjfsm/notion-headless-cms #272

4.12.17 → 4.12.18 Patch PR
Closed 3 days ago 5 comments
kjfsm
chore(deps): Bump the npm_and_yarn group across 1 directory with 27 updates

fairspec/fairspec-application #13

4.11.4 → 4.12.18 Minor PR
Open 3 days ago 3 comments
fairspec
chore(deps): bump the production-dependencies group across 1 directory with 65 updates

khiz-k/rishta #12

4.12.9 → 4.12.18 Patch PR
Open 3 days ago 1 comment
khiz-k
chore(deps): bump the production-dependencies group across 1 directory with 6 updates

buggyblues/shadow #299

4.12.17 → 4.12.18 Patch PR
Open 3 days ago 3 comments
buggyblues
Bump the npm_and_yarn group across 1 directory with 14 updates

stupidkubik/kanban-board-app #10

4.12.4 → 4.12.18 Patch PR
Open 3 days ago 1 comment
stupidkubik
Bump the npm_and_yarn group across 1 directory with 9 updates

stefanteitge/rc-cloud #21

4.11.7 → 4.12.18 Minor PR
Closed 3 days ago 1 comment
stefanteitge
Bump the production-dependencies group across 1 directory with 67 updates

weatherquant/bioanalytix #20

4.12.9 → 4.12.18 Patch PR
Open 3 days ago 1 comment
weatherquant
build(deps): bump hono from 4.12.5 to 4.12.18

R4ULtv/ui #15

4.12.5 → 4.12.18 Patch PR
Open 3 days ago 1 comment
R4ULtv
chore(deps): bump hono from 4.12.14 to 4.12.18

harnessprotocol/harness-kit #206

4.12.14 → 4.12.18 Patch PR
Open 4 days ago 3 comments
harnessprotocol
build(deps): bump the npm_and_yarn group across 12 directories with 17 updates

cainbryce/bun #101

4.7.2 → 4.12.18 Minor PR
Closed 4 days ago 1 comment
cainbryce
chore(deps): bump the npm_and_yarn group across 20 directories with 5 updates

jadenblack/composio #124

4.4.12 → 4.12.18 Minor PR
Open 4 days ago 2 comments
jadenblack
chore(deps): bump the npm_and_yarn group across 20 directories with 5 updates

idgrou/composio #318

4.4.12 → 4.12.18 Minor PR
Open 4 days ago 2 comments
idgrou
chore(deps): bump the npm_and_yarn group across 22 directories with 6 updates

Kbro1989/cloudflare-code-agent #74

4.11.1 → 4.12.18 Minor PR
Open 4 days ago 2 comments
Kbro1989
chore(deps): bump the npm_and_yarn group across 1 directory with 15 updates

mdjahid11978-design/voltagent #21

4.9.1 → 4.12.18 Minor PR
Open 4 days ago 2 comments
mdjahid11978-design
build(deps): bump the npm_and_yarn group across 10 directories with 18 updates

cainbryce/bun #99

4.7.2 → 4.12.18 Minor PR
Closed 4 days ago 1 comment
cainbryce
chore(deps): bump the npm_and_yarn group across 14 directories with 5 updates

xpertforextradeinc/supabase #59

4.6.16 → 4.12.18 Minor PR
Closed 4 days ago 1 comment
xpertforextradeinc
chore(deps): bump the npm_and_yarn group across 14 directories with 5 updates

ANT0071/supabase #66

4.6.16 → 4.12.18 Minor PR
Closed 4 days ago 1 comment
ANT0071
chore(deps): bump the npm_and_yarn group across 13 directories with 4 updates

paulpham157/supabase #61

4.6.16 → 4.12.18 Minor PR
Closed 4 days ago 1 comment
paulpham157
Package Details
Name: hono
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/hono
JSON API: View JSON
Security Advisories

31

Active advisories
HIGH 6
MODERATE 22
LOW 3
View All npm Advisories
Package Information
Description:

Web framework built on Web Standards

Repository: https://github.com/honojs/hono
Homepage: https://hono.dev
Latest Release: 4.7.11
12 months ago
Dependent Repos: 668
Dependent Packages: 210
Downloads: 3,984,183
Ranking: Top 0.6913% by dependent repos Top 0.5184% by downloads Top 0.2201% by dependent pkgs
PR Status
Open 6,977 (45.9%)
Merged 811 (5.3%)
Closed 6,961 (45.8%)
PR Types
Major 283 (1.9%)
Patch 6,613 (43.5%)
Minor 7,853 (51.7%)