{"package":"@adonisjs/bodyparser","ecosystem":"npm","latest_version":"11.0.4","description":"BodyParser middleware for AdonisJS http server to read and parse request body","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://github.com/adonisjs/bodyparser#readme","repository":"https://github.com/adonisjs/bodyparser","downloads_weekly":115800,"health":{"score":40,"risk":"high","breakdown":{"maintenance":25,"popularity":14,"security":5,"maturity":15,"community":4,"popularity_floor":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":3,"critical":1,"high":2,"medium":0,"low":0,"details":[{"vuln_id":"CVE-2026-25754","severity":"high","summary":"AdonisJS multipart body parsing has Prototype Pollution issue","affected_versions":"<10.1.3|>=11.0.0-next.0,<11.0.0-next.9","fixed_version":"11.0.0-next.9","source":"osv","published_at":"2026-02-06T19:27:30Z","in_kev":false,"epss_prob":0.00364,"epss_percentile":0.28116,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-21440","severity":"critical","summary":"AdonisJS Path Traversal in Multipart File Handling","affected_versions":"<10.1.2|>=11.0.0-next.0,<11.0.0-next.6","fixed_version":"11.0.0-next.6","source":"osv","published_at":"2026-01-02T18:58:32Z","in_kev":false,"epss_prob":0.01063,"epss_percentile":0.6013,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-25762","severity":"high","summary":"AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection","affected_versions":"<10.1.3|>=11.0.0-next.0,<11.0.0-next.9","fixed_version":"11.0.0-next.9","source":"osv","published_at":"2026-02-06T19:53:55Z","in_kev":false,"epss_prob":0.00491,"epss_percentile":0.38159,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"11.0.4","total_count":143,"recent":["11.0.0-next.0","11.0.0-next.1","11.0.0-next.2","10.1.1","11.0.0-next.3","11.0.0-next.4","11.0.0-next.5","10.1.2","11.0.0-next.6","11.0.0-next.7","11.0.0-next.8","11.0.0-next.9","10.1.3","10.1.4","11.0.0","11.0.1","11.0.2","11.0.3","10.1.5","11.0.4"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":3,"first_published":"2017-06-22T07:40:08.931Z","last_published":"2026-05-25T04:46:56.762Z","dependencies_count":9,"dependencies":["@poppinss/macroable","@poppinss/middleware","@poppinss/multiparty","@poppinss/qs","@poppinss/utils","file-type","inflation","media-typer","raw-body"]},"github_stats":null,"bundle":{"size_kb":22.1,"gzip_kb":9.2,"dependency_count":9,"has_js_module":false,"has_side_effects":true,"scoped":true,"source":"bundlephobia"},"typescript":{"score":0,"has_types":false,"types_source":null,"types_package":null},"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["Moderate health score (40/100) — verify manually","2 high severity vulnerabilities","1 critical vulnerabilities"],"use_version":"11.0.4","version_hint":"Update to >= 11.0.0-next.9 to fix known vulnerabilities","summary":"@adonisjs/bodyparser has critical vulnerabilities — do not use"},"version_scoped":null,"_meta":{"endpoint":"check","tier":"full","philosophy":"DepScope is free. Use the cheapest endpoint that answers your real question.","cheaper_alternatives":[{"endpoint":"/api/exists/npm/%40adonisjs%2Fbodyparser","tokens_estimated":12,"use_when":"you only need to know if the package exists (hallucination guard)"},{"endpoint":"/api/health/npm/%40adonisjs%2Fbodyparser","tokens_estimated":80,"use_when":"you only need a 0-100 score for go/no-go (>=70 = safe)"},{"endpoint":"/api/prompt/npm/%40adonisjs%2Fbodyparser","tokens_estimated":280,"use_when":"you want a plain-text LLM-friendly brief instead of JSON"},{"endpoint":"POST /api/check_bulk","tokens_estimated":60,"use_when":"you have 5+ packages to check; sends one round-trip instead of N"}],"docs":"https://depscope.dev/integrate","hint_bulk":"You've called /api/check 155 times in 60s. Save bandwidth + tokens with POST /api/check_bulk (1 round-trip for N pkgs)."},"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":3282,"last_release_days_ago":23,"avg_days_between_releases":173,"release_velocity":"active"}}