Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

ws

Ecosystem:
npm
Package URL:
pkg:npm/ws
Total PRs:
16,083 Dependabot PRs
Latest PR:
about 1 hour ago
Unique Repositories:
5,861 repositories
Unique Repos (30 days):
2,559 repositories
Security Advisories
Denial of Service in ws
GHSA-5v72-xg48-5rpm HIGH published over 6 years ago • updated 3 months ago
Affected versions of `ws` can crash when a specially crafted `Sec-WebSocket-Extensions` header containing `Object.prototype` property names as exte...
DoS due to excessively large websocket message in ws
GHSA-6663-c963-2gqg CVE-2016-10542 HIGH published over 6 years ago • updated 3 months ago
Affected versions of `ws` do not appropriately limit the size of incoming websocket payloads, which may result in a denial of service condition whe...
Remote Memory Disclosure in ws
GHSA-2mhh-w6q8-5hxw CVE-2016-10518 LOW published over 6 years ago • updated 3 months ago
Versions of `ws` prior to 1.0.1 are affected by a remote memory disclosure vulnerability. In certain rare circumstances, applications which allow ...
ws affected by a DoS when handling a request with many HTTP headers
GHSA-3h5v-q93c-6h6q CVE-2024-37890 HIGH published about 1 year ago • updated about 1 month ago
### Impact A request with a number of headers exceeding the[`server.maxHeadersCount`][] threshold could be used to crash a ws server. ### Proof o...
ReDoS in Sec-Websocket-Protocol header
GHSA-6fc8-4gx4-v693 CVE-2021-32640 MODERATE published over 4 years ago • updated about 1 month ago
### Impact A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. ### Proof of conc...
Recent PRs (filtered by: Removal PRs )
RSS Feed Clear filter
Bump ws and web-ext

shotah/NagMinder #1

removed Removal PR
Open 20 days ago 1 comment
shotah
Bump ws and web-ext

MarkusTheOrt/f1tv-tweaks #7

removed Removal PR
Open 27 days ago
MarkusTheOrt
Bump ws and @mermaid-js/mermaid-cli

provenant-dev/signify-ts #11

removed Removal PR
Open about 1 month ago
provenant-dev
chore(deps): bump ws and web-ext in /apps/extension

broisnischal/sync #2

removed Removal PR
Closed about 2 months ago 2 comments
broisnischal
Bump ws and web-ext

Lotti/watson-assistant-widget-preview #15

removed Removal PR
Open about 2 months ago
Lotti
Bump ws and web-ext

appliedmedia/gmail-2-trello #52

removed Removal PR
Open 2 months ago
appliedmedia
Package Details
Name: ws
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/ws
JSON API: View JSON
Security Advisories

5

Active advisories
HIGH 3
MODERATE 1
LOW 1
View All npm Advisories
Package Information
Description:

Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js

Repository: https://github.com/websockets/ws
Homepage: https://github.com/websockets/ws
Latest Release: 8.18.2
4 months ago
Dependent Repos: 900,116
Dependent Packages: 19,475
Downloads: 440,496,315
Ranking: Top 0.0376% by dependent repos Top 0.0016% by downloads Top 0.0056% by dependent pkgs
PR Status
Open 7,970 (49.6%)
Merged 786 (4.9%)
Closed 5,101 (31.7%)
PR Types
Removal 6 (0.0%)
Minor 1,556 (9.7%)
Major 289 (1.8%)
Patch 11,986 (74.6%)