diff --git a/techstack.yml b/techstack.yml new file mode 100644 index 0000000..47d8be0 --- /dev/null +++ b/techstack.yml @@ -0,0 +1,467 @@ +repo_name: lucasportella/blogs-api +report_id: 854475dd28b63f53fa4496fbc2a7ad6c +version: 0.1 +repo_type: Public +timestamp: '2024-02-14T15:13:50+00:00' +requested_by: lucasportella +provider: github +branch: master +detected_tools_count: 30 +tools: +- name: JavaScript + description: Lightweight, interpreted, object-oriented language with first-class + functions + website_url: https://developer.mozilla.org/en-US/docs/Web/JavaScript + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/1209/javascript.jpeg + detection_source_url: https://github.com/lucasportella/blogs-api + detection_source: Repo Metadata +- name: ExpressJS + description: Sinatra inspired web development framework for node.js -- insanely + fast, flexible, and simple + website_url: http://expressjs.com/ + version: 4.17.1 + license: MIT + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Microframeworks (Backend) + image_url: https://img.stackshare.io/service/1163/hashtag.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package-lock.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z +- name: Node.js + description: A platform built on Chrome's JavaScript runtime for easily building + fast, scalable network applications + website_url: http://nodejs.org/ + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Frameworks (Full Stack) + image_url: https://img.stackshare.io/service/1011/n1JRsFeB_400x400.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z +- name: MySQL + description: The world's most popular open source database + website_url: http://www.mysql.com + open_source: true + hosted_saas: false + category: Data Stores + sub_category: Databases + image_url: https://img.stackshare.io/service/1025/logo-mysql-170x170.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z +- name: Sequelize + description: Easy-to-use multi SQL dialect ORM for Node.js + website_url: https://sequelize.org/ + version: 6.3.4 + license: MIT + open_source: true + hosted_saas: false + category: Data Stores + sub_category: Object Relational Mapper (ORM) + image_url: https://img.stackshare.io/service/3211/3591786.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package-lock.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z +- name: Chai + description: A BDD / TDD assertion library + website_url: http://chaijs.com/ + version: 4.3.4 + license: MIT + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Javascript Testing Framework + image_url: https://img.stackshare.io/service/1725/chai.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package-lock.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z +- name: Dotenv + description: Loads environment variables from .env for Nodejs projects + website_url: https://github.com/motdotla/dotenv + license: BSD-2-Clause + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Server Configuration and Automation + image_url: https://img.stackshare.io/service/8067/default_90dcb1286af7685c68df319c764b80704df1155b.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z +- name: ESLint + description: The fully pluggable JavaScript code quality tool + website_url: http://eslint.org/ + license: MIT + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Code Review + image_url: https://img.stackshare.io/service/3337/Q4L7Jncy.jpg + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z +- name: Git + description: Fast, scalable, distributed revision control system + website_url: http://git-scm.com/ + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Version Control System + image_url: https://img.stackshare.io/service/1046/git.png + detection_source_url: https://github.com/lucasportella/blogs-api + detection_source: Repo Metadata +- name: GitHub Actions + description: Automate your workflow from idea to production + website_url: https://github.com/features/actions + open_source: false + hosted_saas: true + category: Build, Test, Deploy + sub_category: Continuous Integration + image_url: https://img.stackshare.io/service/11563/actions.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/.github/workflows/main.yml + detection_source: ".github/workflows/main.yml" + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z +- name: Jest + description: Painless JavaScript Unit Testing + website_url: http://facebook.github.io/jest/ + version: 26.0.1 + license: MIT + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Javascript Testing Framework + image_url: https://img.stackshare.io/service/830/jest.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package-lock.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z +- name: Mocha + description: Simple, flexible, fun javascript test framework for node.js & the + browser + website_url: http://mochajs.org/ + version: 9.1.2 + license: MIT + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Javascript Testing Framework + image_url: https://img.stackshare.io/service/832/mocha.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package-lock.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z +- name: SinonJS + description: Standalone test spies, stubs and mocks for JavaScript + website_url: http://sinonjs.org/ + version: 11.1.2 + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Javascript Testing Framework + image_url: https://img.stackshare.io/service/3509/logo.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package-lock.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z +- name: SuperTest + description: A library for testing node.js HTTP servers + website_url: https://www.npmjs.com/package/supertest + version: 4.0.2 + license: MIT + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Javascript Testing Framework + image_url: https://img.stackshare.io/no-img-open-source.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package-lock.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z +- name: Yarn + description: A new package manager for JavaScript + website_url: https://yarnpkg.com/ + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Front End Package Manager + image_url: https://img.stackshare.io/service/5848/44mC-kJ3.jpg + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/yarn.lock + detection_source: yarn.lock + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z +- name: nodemon + description: A simple monitor script for use during development of a node.js app + website_url: http://nodemon.io/ + version: 2.0.13 + license: MIT + open_source: true + hosted_saas: false + category: Monitoring + sub_category: node.js Application Monitoring + image_url: https://img.stackshare.io/service/5577/preview.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package-lock.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-10-09 12:03:56.000000000 Z +- name: npm + description: The package manager for JavaScript. + website_url: https://www.npmjs.com/ + open_source: false + hosted_saas: false + category: Build, Test, Deploy + sub_category: Front End Package Manager + image_url: https://img.stackshare.io/service/1120/lejvzrnlpb308aftn31u.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z +- name: body-parser + description: Node.js body parsing middleware + package_url: https://www.npmjs.com/body-parser + version: 1.19.0 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: npm Packages + image_url: https://img.stackshare.io/package/15906/default_7c39a83d4acd952df89b1ebfdb94c8646324fbf1.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package-lock.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z +- name: chai-http + description: Extend Chai Assertion library with tests for http apis + package_url: https://www.npmjs.com/chai-http + version: 4.3.0 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: npm Packages + image_url: https://img.stackshare.io/package/16767/default_aa2369d4412b5a2c6812de3c666299e0ccd25ea2.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package-lock.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z +- name: eslint-config-airbnb-base + description: Airbnb's base JS ESLint config, following our styleguide + package_url: https://www.npmjs.com/eslint-config-airbnb-base + version: 14.2.0 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: npm Packages + image_url: https://img.stackshare.io/package/15888/default_7c39a83d4acd952df89b1ebfdb94c8646324fbf1.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package-lock.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z +- name: eslint-plugin-import + description: Import with sanity + package_url: https://www.npmjs.com/eslint-plugin-import + version: 2.22.1 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: npm Packages + image_url: https://img.stackshare.io/package/15806/default_98aa227f51aa9d787815ec3fd98d0ab2bfebbb91.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package-lock.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z +- name: express + description: Fast, unopinionated, minimalist web framework + package_url: https://www.npmjs.com/express + version: 4.17.1 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: npm Packages + image_url: https://img.stackshare.io/package/15818/default_db4a7791d2f1174547374b9b587bc10fec088a5a.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package-lock.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z + vulnerabilities: + - name: qs vulnerable to Prototype Pollution + cve_id: CVE-2022-24999 + cve_url: https://github.com/advisories/GHSA-hrpp-h998-j3pp + detected_date: Dec 7 + severity: high + first_patched: 4.17.3 +- name: http-status-codes + description: Constants enumerating the HTTP status codes + package_url: https://www.npmjs.com/http-status-codes + version: 2.1.4 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: npm Packages + image_url: https://img.stackshare.io/package/17527/default_e665c133253b5cd434c1991167ebd25dc68f1c17.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package-lock.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z +- name: joi + description: Object schema validation + package_url: https://www.npmjs.com/joi + version: 13.7.0 + license: BSD-3-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: npm Packages + image_url: https://img.stackshare.io/package/16173/default_351a89f21bfb241e8dabeb1444cf56f529948708.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package-lock.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z +- name: jsonwebtoken + description: JSON Web Token implementation + package_url: https://www.npmjs.com/jsonwebtoken + version: 8.5.1 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: npm Packages + image_url: https://img.stackshare.io/package/16155/default_77b54a203c743d16eddb6b6390cba17218454fa0.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package-lock.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z + vulnerabilities: + - name: jsonwebtoken has insecure input validation in jwt.verify function + cve_id: CVE-2022-23529 + cve_url: https://github.com/advisories/GHSA-27h2-hvpr-p74q + detected_date: Dec 22 + severity: high + first_patched: 9.0.0 + - name: 'jsonwebtoken unrestricted key type could lead to legacy keys usage ' + cve_id: CVE-2022-23539 + cve_url: https://github.com/advisories/GHSA-8cf7-32gw-wr33 + detected_date: Dec 22 + severity: moderate + first_patched: 9.0.0 + - name: jsonwebtoken vulnerable to signature validation bypass due to insecure default + algorithm in jwt.verify() + cve_id: CVE-2022-23540 + cve_url: https://github.com/advisories/GHSA-qwph-4952-7xr6 + detected_date: Dec 22 + severity: moderate + first_patched: 9.0.0 + - name: jsonwebtoken's insecure implementation of key retrieval function could lead + to Forgeable Public/Private Tokens from RSA to HMAC + cve_id: CVE-2022-23541 + cve_url: https://github.com/advisories/GHSA-hjrf-2m68-5959 + detected_date: Dec 22 + severity: moderate + first_patched: 9.0.0 +- name: mysql2 + description: Fast mysql driver + package_url: https://www.npmjs.com/mysql2 + version: 2.1.0 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: npm Packages + image_url: https://img.stackshare.io/package/16671/default_4b738bf1758d38dddd276589bbea47fca5a990df.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package-lock.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z +- name: node-fetch + description: A light-weight module that brings window.fetch to node.js + package_url: https://www.npmjs.com/node-fetch + version: 2.6.5 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: npm Packages + image_url: https://img.stackshare.io/package/15978/default_f49d4c116f8ea0155f4d92673b084378bba02760.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package-lock.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-10-09 12:03:56.000000000 Z + vulnerabilities: + - name: node-fetch forwards secure headers to untrusted sites + cve_id: CVE-2022-0235 + cve_url: https://github.com/advisories/GHSA-r683-j2x4-v87g + detected_date: Jan 22 + severity: high + first_patched: 2.6.7 +- name: nyc + description: The Istanbul command line interface + package_url: https://www.npmjs.com/nyc + version: 15.1.0 + license: ISC + open_source: true + hosted_saas: false + category: Libraries + sub_category: npm Packages + image_url: https://img.stackshare.io/package/15837/default_1d65e37e65b7f80761374f0202776043277d505d.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package-lock.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z +- name: sequelize-cli + description: The Sequelize CLI + package_url: https://www.npmjs.com/sequelize-cli + version: 6.2.0 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: npm Packages + image_url: https://img.stackshare.io/package/18714/default_5921235b47b1f6f3bd5aba9257245016601078bf.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package-lock.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z +- name: shelljs + description: Portable Unix shell commands for Node.js + package_url: https://www.npmjs.com/shelljs + version: 0.8.4 + license: BSD-3-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: npm Packages + image_url: https://img.stackshare.io/package/15897/default_1d65e37e65b7f80761374f0202776043277d505d.png + detection_source_url: https://github.com/lucasportella/blogs-api/blob/master/package-lock.json + detection_source: package.json + last_updated_by: lucas + last_updated_on: 2021-09-30 19:28:57.000000000 Z + vulnerabilities: + - name: Improper Privilege Management in shelljs + cve_id: CVE-2022-0144 + cve_url: https://github.com/advisories/GHSA-4rq4-32rv-6wp6 + detected_date: Jan 22 + severity: high + first_patched: 0.8.5 + - name: Improper Privilege Management in shelljs + cve_id: + cve_url: https://github.com/advisories/GHSA-64g7-mvw6-v9qj + detected_date: Jan 15 + severity: moderate + first_patched: 0.8.5