`hono`

Ecosystem:
npm

Package URL:
pkg:npm/hono

Total PRs:
15,459 Dependabot PRs

Latest PR:
about 9 hours ago

Unique Repositories:
5,440 repositories

Unique Repos (30 days):
800 repositories

Security Advisories

Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage

GHSA-p77w-8qqv-26rm CVE-2026-44457 MODERATE published 22 days ago • updated 8 days ago

### Summary Cache Middleware does not skip caching for responses that declare per-user variance via `Vary: Authorization` or `Vary: Cookie`. As a ...

Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

GHSA-hm8q-7f3q-5f36 CVE-2026-44459 LOW published 22 days ago • updated 8 days ago

### Summary Improper validation of the JWT NumericDate claims `exp`, `nbf`, and `iat` in `hono/utils/jwt` allows tokens with non-spec-compliant cl...

Named path parameters can be overridden in TrieRouter

GHSA-f6gv-hh8j-q8vq CVE-2023-50710 MODERATE published over 2 years ago • updated 33 minutes ago

### Impact The clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk...

Hono: Path traversal in toSSG() allows writing files outside the output directory

GHSA-xf4j-xp2r-rqqx CVE-2026-39408 MODERATE published about 2 months ago • updated 10 days ago

## Summary A path traversal issue in `toSSG()` allows files to be written outside the configured output directory during static site generation. W...

Hono IPv4 address validation bypass in IP Restriction Middleware allows IP spoofing

GHSA-r354-f388-2fhh CVE-2026-24398 MODERATE published 4 months ago • updated about 22 hours ago

## Summary IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The `IPV4_REGEX` pattern and `convertIPv4ToBinary` ...

View all 31 advisories

Recent PRs (filtered by: Patch PRs )

RSS Feed Clear filter

chore(deps): bump hono from 4.12.21 to 4.12.22

Dargon789/appkit #1172

4.12.21 → 4.12.22 Patch PR

Open about 9 hours ago 6 comments

Bump hono from 4.12.4 to 4.12.23

amirwebd3v/Flowcv-mcp #3

4.12.4 → 4.12.23 Patch PR

Closed about 13 hours ago 1 comment

chore(deps): bump the production-dependencies group across 1 directory with 13 updates

buggyblues/shadow #331

4.12.17 → 4.12.23 Patch PR

Open about 15 hours ago 3 comments

Bump hono from 4.12.7 to 4.12.18

azhe403/turborepo-zizibot-console #23

4.12.7 → 4.12.18 Patch PR

Open 1 day ago 2 comments

chore(deps): bump the dependencies group across 1 directory with 27 updates

Gaveen711/xaujournal #10

4.12.22 → 4.12.23 Patch PR

Open 1 day ago 1 comment

Bump the development-version-updates group across 1 directory with 72 updates

mrlonis/todo-ui #418

4.12.18 → 4.12.23 Patch PR

Open 1 day ago 1 comment

chore(deps): bump the npm_and_yarn group across 9 directories with 17 updates

4xiaxia/markup #5

4.12.10 → 4.12.23 Patch PR

Closed 1 day ago 1 comment

build(deps): bump hono from 4.12.15 to 4.12.18

embed-team/embedly #80

4.12.15 → 4.12.18 Patch PR

Open 2 days ago 2 comments

chore(deps): bump the test-versions group across 1 directory with 17 updates

DataDog/dd-trace-js #8696

4.12.19 → 4.12.23 Patch PR

Open 2 days ago 4 comments

chore(deps): bump the npm_and_yarn group across 1 directory with 8 updates

sonicverse-eu/website #48

4.12.14 → 4.12.23 Patch PR

Open 2 days ago 3 comments

Bump the minor group across 1 directory with 55 updates

zhazha-xiaoyezhu/claude-agent-acp-zz #4

4.12.19 → 4.12.23 Patch PR

Closed 3 days ago 1 comment

chore(deps): bump the npm_and_yarn group across 4 directories with 15 updates

danielbodnar/sandbox-agent #18

4.12.2 → 4.12.18 Patch PR

Closed 3 days ago 3 comments

Bump hono from 4.12.16 to 4.12.23 in /frontend

Dustin4444/Repository #53

4.12.16 → 4.12.23 Patch PR

Open 3 days ago 4 comments

build(deps): bump the npm_and_yarn group across 3 directories with 7 updates

Dargon789/interface #144

4.12.8 → 4.12.18 Patch PR

Open 3 days ago 3 comments

build(deps): bump the npm_and_yarn group across 7 directories with 11 updates

Dargon789/interface #142

4.12.8 → 4.12.18 Patch PR

Open 3 days ago 3 comments

chore(deps): bump the npm-minor-patch group with 64 updates

tyrumai/tyrum #2074

4.12.21 → 4.12.23 Patch PR

Open 3 days ago 2 comments

chore(deps): bump the test-versions group across 1 directory with 13 updates

DataDog/dd-trace-js #8650

4.12.19 → 4.12.22 Patch PR

Closed 4 days ago 5 comments

chore(deps): bump the minor-and-patch group with 6 updates

reaatech/prompt-version-control #29

4.12.19 → 4.12.23 Patch PR

Closed 4 days ago 2 comments

chore(deps): bump the npm-weekly group across 1 directory with 28 updates

tempoxyz/accounts #562

4.12.18 → 4.12.21 Patch PR

Closed 5 days ago 5 comments

chore(deps): bump hono from 4.12.14 to 4.12.23

lidofinance/csm-widget #511

4.12.14 → 4.12.23 Patch PR

Open 5 days ago 1 comment

chore(deps-dev): bump the npm-development group with 6 updates

interdomestik/interdomestik #866

4.12.21 → 4.12.23 Patch PR

Open 5 days ago 2 comments

chore(deps): bump hono from 4.12.19 to 4.12.23

hummbl-dev/mcp-server #252

4.12.19 → 4.12.23 Patch PR

Closed 5 days ago 1 comment

deps(deps): bump the security-patches group across 4 directories with 2 updates

VeVarunSharma/contoso-vibe-engineering #321

4.12.7 → 4.12.18 Patch PR

Open 5 days ago 4 comments

chore(deps): bump hono from 4.12.19 to 4.12.23

ejob-ai/Concillio #267

4.12.19 → 4.12.23 Patch PR

Closed 5 days ago 1 comment

Bump the production-dependencies group across 1 directory with 37 updates

JulioCout/safe-balance #9

4.12.16 → 4.12.23 Patch PR

Open 5 days ago 1 comment

Bump the production-dependencies group with 2 updates

skittlz444/rekordboxYiR #104

4.12.19 → 4.12.23 Patch PR

Open 5 days ago 3 comments

chore(deps): bump hono from 4.12.19 to 4.12.23 in /worker

undone0603/authichain-unified #155

4.12.19 → 4.12.23 Patch PR

Open 5 days ago 6 comments

deps(deps): bump hono from 4.12.18 to 4.12.23

egarcia74/warp-sql-server-mcp #670

4.12.18 → 4.12.23 Patch PR

Closed 6 days ago 27 comments

chore(deps): bump the npm_and_yarn group across 5 directories with 17 updates

LoveDoLove-Forked-Projects/cline #35

4.12.9 → 4.12.23 Patch PR

Closed 6 days ago 1 comment

chore(deps): bump the production-dependencies group across 1 directory with 30 updates

maniczko/audioRecorder #919

4.12.18 → 4.12.23 Patch PR

Open 6 days ago 4 comments

chore(deps): bump the runtime-dependencies group with 3 updates

fyodoriv/minsky #844

4.12.21 → 4.12.23 Patch PR

Open 6 days ago 1 comment

chore(deps): Bump hono from 4.12.21 to 4.12.23

agentictrustlabs/agenticprimitives #12

4.12.21 → 4.12.23 Patch PR

Open 6 days ago 3 comments

chore(deps): bump the hono group across 1 directory with 3 updates

pbechliv/kava-now #6

4.12.18 → 4.12.23 Patch PR

Open 6 days ago 1 comment

build(deps): bump hono from 4.12.19 to 4.12.23 in the runtime-minor group

nyuchi/mongodb-mcp #9

4.12.19 → 4.12.23 Patch PR

Open 6 days ago 2 comments

deps(deps): bump the all-dependencies group across 1 directory with 65 updates

jetmobsol/serene #12

4.12.5 → 4.12.23 Patch PR

Open 6 days ago 1 comment

chore(deps): bump hono from 4.12.14 to 4.12.23

dothackerman/ls-oneup #56

4.12.14 → 4.12.23 Patch PR

Open 6 days ago 1 comment

chore(deps): bump hono from 4.12.19 to 4.12.23

hmmhmmhm/daiso-mcp #71

4.12.19 → 4.12.23 Patch PR

Closed 6 days ago 2 comments

build(deps): bump the security-and-runtime group with 7 updates

haaofficail/nasaq #350

4.12.19 → 4.12.22 Patch PR

Open 6 days ago 1 comment

chore(deps): bump the minor-and-patch group in /backend with 3 updates

Lumoryx/lumo-task-web #80

4.12.19 → 4.12.22 Patch PR

Open 6 days ago 2 comments

chore(deps): bump the dependency-management group across 1 directory with 11 updates

GameProductions/ledger #117

4.12.21 → 4.12.22 Patch PR

Open 6 days ago 1 comment

deps: bump the production-dependencies group across 1 directory with 55 updates

GeorgeMwiki/BOSSNYUMBA101 #161

4.12.18 → 4.12.22 Patch PR

Open 6 days ago 1 comment

chore(deps): bump the production-dependencies group with 4 updates

xconics-dev/proptryx-server #67

4.12.19 → 4.12.22 Patch PR

Open 6 days ago 1 comment

chore(deps)(deps): bump the minor-and-patch group across 1 directory with 20 updates

DoReVo/kronos-app #41

4.12.15 → 4.12.22 Patch PR

Open 6 days ago 1 comment

chore(deps): Bump the prod-minor group across 1 directory with 8 updates

hayashiii-ghub/toban-app #46

4.12.18 → 4.12.22 Patch PR

Open 6 days ago 2 comments

build(deps): bump hono from 4.12.12 to 4.12.22 in /bridge

houseofmates/pkm #44

4.12.12 → 4.12.22 Patch PR

Open 7 days ago 1 comment

chore(deps): bump hono from 4.12.21 to 4.12.22

CaoMeiYouRen/hono-template #1202

4.12.21 → 4.12.22 Patch PR

Closed 7 days ago 2 comments

build(deps): bump the runtime-dependencies group across 1 directory with 13 updates

Thalermark/thalermark #93

4.12.19 → 4.12.23 Patch PR

Closed 7 days ago 1 comment

chore(deps): bump hono from 4.12.16 to 4.12.22

davidmosiah/whoop-mcp #15

4.12.16 → 4.12.22 Patch PR

Closed 7 days ago 1 comment

chore(deps): Bump the minor-and-patch group across 1 directory with 37 updates

DolasDev/pegasus #143

4.12.18 → 4.12.22 Patch PR

Closed 7 days ago 1 comment

chore(deps): bump hono from 4.12.21 to 4.12.22

KTDS-AXBD/RFP-X #25

4.12.21 → 4.12.22 Patch PR

Open 7 days ago 2 comments

Package Details

Name:	`hono`
Ecosystem:	npm
PURL Type:	npm
Package URL:	`pkg:npm/hono`
JSON API:	View JSON

Security Advisories

31

Active advisories

HIGH 6

MODERATE 22

LOW 3

View All npm Advisories

Package Information

Description:

Web framework built on Web Standards

Repository:	https://github.com/honojs/hono
Homepage:	https://hono.dev
Latest Release:	`4.7.11` 12 months ago
Dependent Repos:	668
Dependent Packages:	210
Downloads:	3,984,183
Ranking:	Top 0.6913% by dependent repos Top 0.5184% by downloads Top 0.2201% by dependent pkgs

PR Status

Open 7,087 (45.8%)

Merged 811 (5.2%)

Closed 7,107 (46.0%)

PR Types

Major 283 (1.8%)

Minor 7,914 (51.2%)

Patch 6,808 (44.0%)