Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

nitro

Ecosystem:
npm
Package URL:
pkg:npm/nitro
Total PRs:
36 Dependabot PRs
Latest PR:
about 22 hours ago
Unique Repositories:
26 repositories
Unique Repos (30 days):
9 repositories
Security Advisories
Nitro has a proxy scope bypass via percent-encoded path traversal in `routeRules`
GHSA-5w89-w975-hf9q CVE-2026-44373 MODERATE published about 1 month ago • updated about 7 hours ago
A proxy route rule like: ```ts routeRules: { "/api/orders/**": { proxy: { to: "http://upstream/orders/**" } } } ``` is intended to limit the pr...
Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules
GHSA-9phm-9p8f-hw5m CVE-2026-44372 MODERATE published about 1 month ago • updated about 7 hours ago
A redirect route rule like: ```ts routeRules: { "/legacy/**": { redirect: "/**" } } ``` is intended to rewrite paths within the same host. Befo...
Recent PRs (filtered by: Patch PRs )
RSS Feed Clear filter
chore(deps): bump the npm_and_yarn group across 2 directories with 20 updates

karbon0x/openworkflow #2

3.0.1-alpha.2 → 3.0.260610-beta Patch PR
Closed about 22 hours ago 1 comment
karbon0x
build(deps): bump the npm_and_yarn group across 2 directories with 4 updates

SaviruFr/better-themes #82

3.0.260415-beta → 3.0.260429-beta Patch PR
Open about 1 month ago 3 comments
SaviruFr
chore(deps): Bump the npm_and_yarn group across 7 directories with 11 updates

SherfeyInv/sentry-javascript #199

3.0.260311-beta → 3.0.260415-beta Patch PR
Open about 1 month ago 2 comments
SherfeyInv
chore(deps): bump the npm_and_yarn group across 6 directories with 5 updates

nexusct/ui #3

3.0.1-alpha.2 → 3.0.260429-beta Patch PR
Open about 1 month ago 3 comments
nexusct
build(deps): bump h3 and nitro in /ssr-app

JPugetGil/hal-search #5

3.0.0 → 3.0.260311-beta Patch PR
Open 3 months ago 1 comment
JPugetGil
Bump h3 and nitro in /with-tanstack-start

polarsource/examples #204

3.0.1-alpha.1 → 3.0.260311-beta Patch PR
Closed 3 months ago 2 comments
polarsource
Bump h3 and nitro

ArifRabbaniIn/food-menu #3

3.0.1-alpha.1 → 3.0.260311-beta Patch PR
Closed 3 months ago 1 comment
ArifRabbaniIn
Package Details
Name: nitro
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/nitro
JSON API: View JSON
Security Advisories

2

Active advisories
MODERATE 2
View All npm Advisories
Package Information
Description:

Build and Deploy Universal JavaScript Servers

Repository: https://github.com/nitrojs/nitro
Homepage: https://nitro.build
Latest Release: 3.0.0
8 months ago
Dependent Repos: 12
Dependent Packages: 19
Downloads: 50,164
Ranking: Top 3.4138% by dependent repos Top 5.1101% by downloads Top 1.2375% by dependent pkgs
PR Status
Open 18 (50.0%)
Merged 0 (0.0%)
Closed 18 (50.0%)
PR Types
Patch 7 (19.4%)