BETAmodules.com is in beta — open to partnerships & joint ventures.Build with us
modules.com
⌘K

llhttp

v1.0.1npm· JavaScript

HTTP parser in LLVM IR

The verdict
Has 3 high-severity advisories. Verify a patched version exists before using. Check the OSV link for the fixed-in version.
Check the OSV link for the fixed-in version.
Live from the npm registry · derived rules, not AI
How it scores
MaintenanceAbandoned
PopularityUnknown
Security3 advisories
LicensePermissive
DepsLean
Maintenance
Last published 7 years ago.
Popularity
Download count unavailable.
Security
3 known advisories (worst: high severity).
License
MIT
Dependencies
3 direct dependencies
Security advisories
Live from OSV.dev · cached 24h
  • HIGH
    llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding
    GHSA-5689-v88g-g6rv Fixed in 6.0.7Published 2022-07-15
  • HIGH
    llhttp vulnerable to HTTP request smuggling
    GHSA-cggh-pq45-6h9x Fixed in 8.1.1Published 2023-07-01
  • HIGH
    llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields
    GHSA-q5vx-44v4-gch4 Fixed in 6.0.7Published 2022-07-15
Recent releases
  • 1.0.17 years ago