{"package":"github.com/openshift/source-to-image","ecosystem":"go","latest_version":"v1.6.1","description":"A tool for building artifacts from source and injecting into container images","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://pkg.go.dev/github.com/openshift/source-to-image","repository":"https://github.com/openshift/source-to-image","downloads_weekly":2537,"health":{"score":66,"risk":"moderate","breakdown":{"maintenance":20,"popularity":6,"security":23,"maturity":12,"community":5},"deprecated":false,"max_score":100},"vulnerabilities":{"count":2,"critical":0,"high":0,"medium":1,"low":1,"details":[{"vuln_id":"CVE-2018-1103","severity":"medium","summary":"Openshift Enterprise source-to-image vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip)","affected_versions":"<1.1.10-0.20180427153919-f5cbcbc5cc6f","fixed_version":"1.1.10-0.20180427153919-f5cbcbc5cc6f","source":"osv","published_at":"2023-02-06T23:49:46Z","in_kev":false,"epss_prob":0.00215,"epss_percentile":0.43844,"threat_tier":"theoretical"},{"vuln_id":"CVE-2018-1103","severity":"unknown","summary":"Arbitrary file write via archive extraction in github.com/openshift/source-to-image","affected_versions":"<1.1.10-0.20180427153919-f5cbcbc5cc6f","fixed_version":"1.1.10-0.20180427153919-f5cbcbc5cc6f","source":"osv","published_at":"2021-04-14T20:04:52Z","in_kev":false,"epss_prob":0.00215,"epss_percentile":0.43844,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v1.6.1","total_count":41,"recent":["v1.3.2","v1.0.4","v1.1.5","v1.4.0","v1.1.4","v1.2.0","v1.1.10","v1.3.9","v1.1.9","v1.6.1","v1.1.8","v1.3.5","v1.1.13","v1.3.8","v1.1.14","v1.0.1","v1.1.0","v1.0.7","v1.1.7","v1.3.7"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":113,"first_published":null,"last_published":"2026-03-11T07:35:53Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"v1.6.1","version_hint":"Update to >= 1.1.10-0.20180427153919-f5cbcbc5cc6f to fix known vulnerabilities","summary":"github.com/openshift/source-to-image@v1.6.1 is safe to use (health: 66/100)"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":710,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":4001,"last_release_days_ago":52,"avg_days_between_releases":211,"release_velocity":"active"}}