{"package":"jsdecena/laracom","ecosystem":"composer","latest_version":"v1.5.0","description":"Laravel powered e-commerce","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"","repository":"https://github.com/jsdecena/laracom","downloads_weekly":0,"health":{"score":35,"risk":"critical","breakdown":{"maintenance":0,"popularity":0,"security":23,"maturity":12,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":0,"medium":1,"low":0,"details":[{"vuln_id":"CVE-2022-0472","severity":"medium","summary":"Unrestricted Upload of File with Dangerous Type in jsdecena/laracom","affected_versions":"<2.0.9|=v1.0.0|=v1.0.1|=v1.0.2|=v1.0.3|=v1.0.4|=v1.1.0|=v1.1.1|=v1.2.0|=v1.2.1|=v1.2.10|=v1.2.11|=v1.2.12|=v1.2.2|=v1.2.3|=v1.2.4|=v1.2.5|=v1.2.6|=v1.2.7|=v1.2.8|=v1.2.9|=v1.3.0|=v1.3.1|=v1.3.2|=v1.3.3|=v1.3.4|=v1.4.0|=v1.4.1|=v1.4.10|=v1.4.11|=v1.4.2|=v1.4.3|=v1.4.4|=v1.4.5|=v1.4.6|=v1.4.7|=v1.4.8|=v1.4.9|=v1.5.0","fixed_version":"2.0.9","source":"osv","published_at":"2022-02-06T00:01:07Z","in_kev":false,"epss_prob":0.00337,"epss_percentile":0.56511,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v1.5.0","total_count":38,"recent":["v1.5.0","v1.4.11","v1.4.10","v1.4.9","v1.4.8","v1.4.7","v1.4.6","v1.4.5","v1.4.4","v1.4.3","v1.4.2","v1.4.1","v1.4.0","v1.3.4","v1.3.3","v1.3.2","v1.3.1","v1.3.0","v1.2.12","v1.2.11"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2020-08-30T04:29:57+00:00","dependencies_count":19,"dependencies":["php","ext-json","barryvdh/laravel-dompdf","binarytorch/larecipe","doctrine/dbal","fideloper/proxy","kalnoy/nestedset","guzzlehttp/guzzle","jsdecena/baserepo","jsdecena/mailchimp","jsdecena/mcpro","laravel/cashier","laravel/framework","laravel/tinker","nicolaslopezj/searchable","paypal/rest-api-sdk-php","santigarcor/laratrust","shippo/shippo-php","gloudemans/shoppingcart"]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"use_with_caution","issues":["Low health score (35/100)"],"use_version":"v1.5.0","version_hint":"Update to >= 2.0.9 to fix known vulnerabilities","summary":"jsdecena/laracom@v1.5.0 low health (35/100) — consider alternatives"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":374,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":2070,"avg_days_between_releases":null,"release_velocity":"stale"}}