{"package":"easybuild","ecosystem":"conda","latest_version":"3.9.3","description":"EasyBuild is a software build\\nand installation framework that allows you to manage (scientific) software\\non High Performance Computing (HPC) systems in an efficient way.","license":"GPLv2","license_risk":"strong_copyleft","commercial_use_notes":"GPL-2.0: derivative works must release source under GPL; static linking forces disclosure.","homepage":"http://hpcugent.github.com/easybuild","repository":"","downloads_weekly":155,"health":{"score":47,"risk":"high","breakdown":{"maintenance":5,"popularity":3,"security":25,"maturity":12,"community":2},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":0,"medium":0,"low":1,"details":[{"vuln_id":"CVE-2020-5262","severity":"unknown","summary":"In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository.","affected_versions":"<4.1.2|=1.0.0|=1.0.1|=1.0.2|=1.1.0|=1.10.0|=1.11.0|=1.11.1|=1.12.0|=1.12.1|=1.13.0|=1.14.0|=1.15.0|=1.15.1|=1.15.2|=1.16.0|=1.16.1|=1.16.2|=1.2.0|=1.2.0rc1|=1.3.0|=1.4.0|=1.5.0|=1.6.0|=1.7.0|=1.8.0|=1.8.1|=1.8.2|=1.9.0|=2.0.0|=2.1.0|=2.1.1|=2.2.0|=2.3.0|=2.4.0|=2.5.0|=2.6.0|=2.7.0|=2.8.0|=2.8.1|=2.8.2|=2.9.0|=3.0.0|=3.0.1|=3.0.2|=3.1.0|=3.1.1|=3.1.2|=3.2.0|=3.2.1|=3.3.0|=3.3.1|=3.4.0|=3.4.1|=3.5.0|=3.5.1|=3.5.2|=3.5.3|=3.6.0|=3.6.1|=3.6.2|=3.7.0|=3.7.1|=3.8.0|=3.8.1|=3.9.0|=3.9.1|=3.9.2|=3.9.3|=3.9.4|=4.0.0|=4.0.1|=4.1.0|=4.1.1","fixed_version":"4.1.2","source":"osv","published_at":"2020-03-19T17:15:00Z","in_kev":false,"epss_prob":0.00068,"epss_percentile":0.20694,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"3.9.3","total_count":9,"recent":["3.1.0","3.5.0","3.5.3","3.6.0","3.7.0","3.8.1","3.9.0","3.9.2","3.9.3"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":1,"first_published":"2017-03-08 14:26:45.774000+00:00","last_published":"2025-04-22 14:56:33.055000+00:00","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"3.9.3","version_hint":"Update to >= 4.1.2 to fix known vulnerabilities","summary":"easybuild@3.9.3 is safe to use (health: 47/100)"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":9,"first_release_age_days":3338,"last_release_days_ago":371,"avg_days_between_releases":417,"release_velocity":"stale"}}