About
Community
hilton.com
115 packages
Last scanned on Oct 27 at 07:01 PM
Update
Name
Size
Popularity
Severity
lodash
4.17.16
Vulnerable
Outdated
Lodash modular utilities.
Script
https://hilton.com/dx_cpm_app/_next/static/chunks/c8f7fe3b0e41be846d5687592cf2018ff6e22687.80b7f04b83f48da852b4.js
https://hilton.com/dx_cpm_app/_next/static/chunks/dd48ed12cc54ef629fd40ea2b562988c77a8ea97.d3fb3a47f129de893020.js
License
MIT
Footprint
2 KB
Vulnerabilities
High
GHSA-35jh-r3h4-6jhm
Command Injection in lodash
Affected versions >=0 <4.17.21
Moderate
GHSA-29mw-wpgm-hmr9
Regular Expression Denial of Service (ReDoS) in lodash
Affected versions >=0 <4.17.21
High
GHSA-p6mc-m468-83gw
Prototype Pollution in lodash
Affected versions >=3.7.0 <4.17.19
Matched Modules
Version distribution in production
3 846
4.17.16
946
4.17.21
337
4.17.20
322
4.17.15
302
4.17.19
301
4.17.13
Also used on 4830 websites
skype.com
20 packages
sentry.io
157 packages
pinterest.com
56 packages
pinimg.com
52 packages
Repository
Homepage
More
modules
stdlib
util
sanitize-html
2.4.0 - 2.5.0
Vulnerable
Outdated
Clean up user-submitted HTML, preserving allowlisted elements and allowlisted attributes on a per-element basis
html
parser
sanitizer
sanitize
+15
lodash.set
4.3.1 - 4.3.2
Vulnerable
The lodash method `_.set` exported as a module.
lodash-modularized
set
postcss
8.4.8
Vulnerable
Outdated
Tool for transforming styles with JS plugins
css
postcss
rework
preprocessor
parser
+4
ai
next
9.4.2 - 10.2.3
Vulnerable
Outdated
The React Framework
tslib
1.2.0 - 2.4.0
Outdated
Runtime library for TypeScript helper functions
TypeScript
Microsoft
compiler
language
javascript
+2
+5
readable-stream
3.6.0
Outdated
Node.js Streams, a user-land copy of the stream library from Node.js
readable
stream
pipe
escape-string-regexp
4.0.0 - 5.0.0
Escape RegExp special characters
escape
regex
regexp
regular
expression
+3
sindresorhus
string_decoder
1.1.0 - 1.3.0
The string_decoder module from Node core
string
decoder
browser
browserify
+1
uuid
8.3.0 - 8.3.2
Outdated
RFC4122 (v1, v4, and v5) UUIDs
uuid
guid
rfc4122
isarray
1.0.0 - 2.0.5
Array#isArray for older browsers
browser
isarray
array
juliangruber
react-is
16.3.0 - 16.13.1
Outdated
Brand checking of React Elements.
react
+1
inherits
2.0.3 - 2.0.4
Browser-friendly inheritance fully compatible with standard node.js inherits()
inheritance
class
klass
oop
object-oriented
+3
isaacs
buffer
4.6.0 - 4.9.2
Outdated
Node.js Buffer API, for the browser
arraybuffer
browser
browserify
buffer
compatible
+2
feross
entities
2.2.0
Outdated
Encode & decode XML and HTML entities with ease & speed
entity
decoding
encoding
html
xml
+1
feedic
@babel/runtime
7.18.0
Outdated
babel's modular runtime helpers
+1
get-intrinsic
1.1.0 - 1.1.1
Outdated
Get and robustly cache all JS language-level intrinsics at first require time
javascript
ecmascript
es
js
intrinsic
+2
ljharb
function-bind
1.1.0 - 1.1.1
Outdated
Implementation of Function.prototype.bind
function
bind
shim
es5
axios
0.24.0
Outdated
Promise based HTTP client for the browser and node.js
xhr
http
ajax
promise
node
+1
cookie
0.4.1 - 0.4.2
Outdated
HTTP server cookie parsing and serialization
cookie
cookies
dougwilson
call-bind
1.0.2
Outdated
Robustly `.call.bind()` a function
javascript
ecmascript
es
js
callbind
+8
ljharb
core-util-is
1.0.2 - 1.0.3
The `util.is*` functions introduced in Node v0.12.
util
isBuffer
isArray
isNumber
isString
+4
isaacs
has-symbols
1.0.2 - 1.0.3
Determine if the JS environment has Symbol support. Supports spec, or shams.
Symbol
symbols
typeof
sham
polyfill
+3
ljharb
is-plain-object
4.1.0 - 5.0.0
Returns true if an object was created by the `Object` constructor, or Object.create(null).
check
is
is-object
isobject
javascript
+7
domutils
2.8.0
Outdated
Utilities for working with htmlparser2's dom
dom
htmlparser2
feedic
base64-js
1.3.0 - 1.5.1
Base64 encoding/decoding in pure JS
base64
fast-json-stable-stringify
2.0.0 - 2.1.0
deterministic `JSON.stringify()` - a faster version of substack's json-stable-strigify without jsonify
json
stringify
deterministic
hash
stable
esp
define-properties
1.1.3 - 1.1.4
Outdated
Define multiple non-enumerable properties at once. Uses `Object.defineProperty` when available; falls back to standard assignment in older engines.
Object.defineProperty
Object.defineProperties
object
property descriptor
descriptor
+2
ljharb
dom-serializer
1.0.0 - 1.4.1
Outdated
render domhandler DOM nodes to a string
html
xml
render
feedic
domhandler
4.2.2 - 4.3.1
Outdated
Handler for htmlparser2 that turns pages into a dom
dom
htmlparser2
feedic
has-tostringtag
1.0.0
Outdated
Determine if the JS environment has `Symbol.toStringTag` support. Supports spec, or shams.
javascript
ecmascript
symbol
symbols
tostringtag
+1
ljharb
events
3.0.0 - 3.3.0
Node's event emitter for all engines.
events
eventEmitter
eventDispatcher
listeners
deepmerge
4.2.2
Outdated
A library for deep (recursive) merging of Javascript objects
merge
deep
extend
copy
clone
+1
tehshrike
object-keys
1.1.0 - 1.1.1
An Object.keys replacement, in case Object.keys is not available. From https://github.com/es-shims/es5-shim
Object.keys
keys
ES5
shim
ljharb
regexp.prototype.flags
1.4.1
Outdated
ES6 spec-compliant RegExp.prototype.flags shim.
RegExp.prototype.flags
regex
regular expression
ES6
shim
+6
ljharb
domelementtype
2.2.0 - 2.3.0
all the types of nodes in htmlparser2's dom
dom
element
types
htmlparser2
feedic
is-regex
1.1.4
Is this value a JS regex? Works cross-realm/iframe, and despite ES6 @@toStringTag
regex
regexp
is
regular expression
regular
+1
ljharb
is-date-object
1.0.5
Is this value a JS Date object? This module works cross-realm/iframe, and despite ES6 @@toStringTag.
Date
ES6
toStringTag
@@toStringTag
Date object
ljharb
util
0.10.0 - 0.12.5
Node.js's util module for all engines
util
+3
content-type
1.0.4
Outdated
Create and parse HTTP Content-Type header
content-type
http
req
res
rfc7231
dougwilson
htmlparser2
6.1.0
Outdated
Fast & forgiving HTML/XML parser
html
parser
streams
xml
dom
+3
feedic
has
1.0.1 - 1.0.3
Outdated
Object.prototype.hasOwnProperty.call shortcut
tarruda
scheduler
0.15.0 - 0.23.0
Cooperative scheduler for the browser environment.
react
+1
emittery
0.7.0 - 0.8.1
Outdated
Simple and modern async event emitter
event
emitter
eventemitter
events
async
+20
sindresorhus
prop-types
15.8.0 - 15.8.1
Runtime type checking for React props and similar objects.
react
is-arguments
1.1.1
Is this an arguments object? It's a harder question than you think.
arguments
js
javascript
is-arguments
is
+1
ljharb
react
17.0.0 - 17.0.2
Outdated
React is a JavaScript library for building user interfaces.
react
+1
deep-equal
1.1.0 - 1.1.1
Outdated
node's assert.deepEqual algorithm
equality
equal
compare
ljharb
date-fns
2.19.0 - 2.23.0
Outdated
Modern JavaScript date utility library
kossnocorp
minimalistic-assert
1.0.0 - 1.0.1
minimalistic-assert ===
object-is
1.1.0 - 1.1.5
Outdated
ES2015-compliant shim for Object.is - differentiates between -0 and +0
is
Object.is
equality
sameValueZero
ES6
+4
ljharb
hoist-non-react-statics
1.2.0 - 3.3.2
Copies non-react specific statics from a child component to a parent component
react
mridgway
path-browserify
0.0.0 - 0.0.1
Outdated
the path module from node core for browsers
browser
browserify
path
+36
classnames
2.3.0 - 2.3.1
Outdated
A simple utility for conditionally joining classNames together
react
css
classes
classname
classnames
+2
query-string
5.0.1 - 5.1.1
Outdated
Parse and stringify URL query strings
browser
querystring
query
string
qs
+9
sindresorhus
sha.js
2.4.9 - 2.4.11
Streamable SHA hashes in pure javascript
graphql
14.4.2 - 14.7.0
Outdated
A Query Language and Runtime which can target any service.
graphql
graphql-js
+5
klona
2.0.5
Outdated
A tiny (240B to 501B) and fast utility to "deep clone" Objects, Arrays, Dates, RegExps, and more!
clone
copy
deep
extend
recursive
+1
lukeed
asn1.js
5.2.0 - 5.4.1
ASN.1 encoder and decoder
asn.1
der
hash-base
3.0.4 - 3.1.0
abstract base class for hash-streams
hash
stream
+1
elliptic
6.5.4
Outdated
EC cryptography
EC
Elliptic
curve
Cryptography
indutny
hash.js
1.1.2 - 1.1.7
Various hash functions that could be run by both browser and node
hash
sha256
sha224
hmac
indutny
hmac-drbg
1.0.1
Deterministic random bit generator (hmac)
hmac
drbg
prng
indutny
lodash-es
4.17.21
Lodash exported as ES modules.
es6
modules
stdlib
util
des.js
1.0.1
Outdated
DES implementation
DES
3DES
EDE
CBC
indutny
md5.js
1.1.0 - 1.3.5
node style md5 on pure JavaScript
crypto
md5
+2
cipher-base
1.0.4
abstract base class for crypto-streams
cipher
stream
pbkdf2
3.1.0 - 3.1.2
This library provides the functionality of PBKDF2 with the ability to use any supported hashing algorithm returned from crypto.getHashes()
pbkdf2
kdf
salt
hash
+3
parse-asn1
5.1.6
Outdated
utility library for parsing asn1 files for use with browserify-sign.
+2
browserify-sign
2.4.0 - 2.8.0
Outdated
adds node crypto signing for browsers
+2
browserify-aes
0.4.0 - 0.8.1
Outdated
aes, for browserify
aes
crypto
browserify
+2
evp_bytestokey
1.0.3
The insecure key derivation algorithm from OpenSSL
crypto
openssl
browserify-rsa
4.1.0
RSA for browserify
+2
create-ecdh
3.0.0 - 4.0.4
createECDH but browserifiable
diffie
hellman
diffiehellman
ECDH
+2
diffie-hellman
1.1.2
Outdated
pure js diffie-hellman
diffie
hellman
diffiehellman
dh
+2
browserify-des
1.0.2
browserify-des ===
public-encrypt
4.0.3
browserify version of publicEncrypt & privateDecrypt
+2
miller-rabin
1.1.0 - 4.0.1
Miller Rabin algorithm for primality test
prime
miller-rabin
bignumber
randomfill
1.0.0 - 1.0.4
random fill from browserify stand alone
crypto
random
querystring-es3
0.2.1
Node's querystring module for all engines. (ES3 compat fork)
commonjs
query
querystring
spaintrain
void-elements
3.1.0
Array of "void elements" defined by the HTML specification.
html
void
elements
+4
@xmldom/xmldom
0.7.0 - 0.8.3
Outdated
A pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.
w3c
dom
xml
parser
javascript
+3
karfau
graphql-tag
2.9.1 - 2.12.6
A JavaScript template literal tag that parses GraphQL queries
p-is-promise
3.0.0 - 4.0.0
Check if something is a promise
promise
is
detect
check
kind
+7
sindresorhus
i18next
21.5.0 - 22.0.3
Outdated
i18next internationalization framework
i18next
internationalization
i18n
translation
localization
+3
react-hook-form
7.0.0 - 7.28.1
Outdated
Performant, flexible and extensible forms library for React Hooks
react
hooks
form
forms
form-validation
+3
bluebill1049
zen-observable
0.8.15
Outdated
An Implementation of ES Observables
zenparsing
@wry/equality
0.1.8 - 0.1.11
Outdated
Structural equality checking for JavaScript values
benjamn
tabbable
4.0.0
Outdated
Returns an array of all tabbable DOM nodes within a containing node.
react-i18next
11.18.0 - 12.0.0
Outdated
Internationalization for react done right. Using the i18next i18n ecosystem.
i18next
internationalization
i18n
translation
localization
+4
@apollo/client
3.5.6 - 3.7.1
Outdated
A fully-featured caching GraphQL client.
apollo
graphql
react
hooks
client
+1
+1
react-scripts
0.4.2
Outdated
Configuration and scripts for Create React App.
+1
@hookform/resolvers
1.1.0
Outdated
React Hook Form validation resolvers: Yup, Joi, Superstruct, Zod, Vest, Class Validator, io-ts, Nope, computed-types, TypeBox, arktype and Typanion
scheme
validation
scheme-validation
hookform
react-hook-form
+14
@turf/helpers
5.1.0 - 6.5.0
turf helpers module
geo
point
turf
geojson
+4
fp-ts
2.6.6 - 2.9.5
Outdated
Functional programming in TypeScript
typescript
algebraic-data-types
functional-programming
gcanti
faker
2.0.1 - 2.1.5
Outdated
Generate massive amounts of fake contextual data
marak
react-dnd
9.1.0 - 10.0.2
Outdated
Drag and Drop for React
+2
parse-srcset
1.0.0 - 1.0.2
A spec-conformant JavaScript parser for the HTML5 srcset attribute
albell
@turf/invariant
5.0.0 - 6.5.0
turf invariant module
turf
invariant
expectations
+4
universal-cookie
4.0.1 - 4.0.4
Outdated
Universal cookies for JavaScript
universal
isomophic
cookie
exon
react-query
3.39.2
Outdated
Hooks for managing, caching and syncing asynchronous and remote data in React
apollo-link
1.2.9 - 1.2.14
Flexible, lightweight transport layer for GraphQL
i18next-http-backend
1.4.4 - 2.0.0
Outdated
i18next-http-backend is a backend layer for i18next using in Node.js, in the browser and for Deno.
i18next
i18next-backend
i18next-http-backend
@reach/utils
0.16.0 - 0.17.0
Outdated
Internal, shared utilities for Reach UI.
+1
react-player
1.12.0 - 1.15.3
Outdated
A React component for playing a variety of URLs, including file paths, YouTube, Facebook, Twitch, SoundCloud, Streamable, Vimeo, Wistia and DailyMotion
react
media
player
video
audio
+11
cookpete
use-subscription
1.3.0 - 1.5.1
Outdated
Reusable hooks
+1
inversify
5.1.1
Outdated
A powerful and lightweight inversion of control container for JavaScript and Node.js apps powered by TypeScript.
dependency injection
dependency inversion
di
inversion of control container
ioc
+3
change-emitter
0.1.2 - 0.1.6
Listen for changes. Like an event emitter that only emits a single event type. Really tiny.
change
event
emitter
apollo-link-error
1.1.6 - 1.1.13
Error Apollo Link for GraphQL Network Stack
apollo-bot
credit-card-type
9.1.0
Outdated
A library for determining credit card type
braintree
@reach/observe-rect
1.1.0 - 1.2.0
Observe the Rect of a DOM element.
+1
@apollo/react-common
3.0.0 - 3.1.4
React Apollo common utilities.
apollo
graphql
react
+1
deepcopy
2.0.0 - 2.1.0
deep copy data
sasaplus1
feathers-commons
0.8.5 - 0.8.7
Shared Feathers utility functions
feathers
react-amphtml
3.1.0 - 4.0.2
Use amphtml components inside your React apps easily!
react
amphtml
dfrankland
Popular search queries
webpack.js.org
url
react-scripts
react
lottie-api
react-helmet-async
+7 packages
github.com
color-convert
@headlessui/react
hoist-non-react-statics
reactstrap
lit-html
+60 packages
pinterest.com
lodash
relay-runtime
react-relay
react-use
lodash-es
+51 packages
Popular packages
react
React is a JavaScript library for building user interfaces.
+6 634 websites
core-js
Standard library
+10 238 websites
es5-ext
ECMAScript extensions and shims
+10 229 websites
@babel/runtime
babel's modular runtime helpers
+8 352 websites
lodash
Lodash modular utilities.
+4 826 websites
axios
Promise based HTTP client for the browser and node.js
+4 742 websites