{"id":2381083,"name":"socket.io-parser","ecosystem":"npm","description":"socket.io protocol parser","homepage":"https://github.com/socketio/socket.io/tree/main/packages/socket.io-client#readme","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/socketio/socket.io","keywords_array":[],"namespace":null,"versions_count":58,"first_release_published_at":"2012-12-10T00:05:00.215Z","latest_release_published_at":"2026-03-17T09:56:18.668Z","latest_release_number":"4.2.6","last_synced_at":"2026-06-03T15:02:07.882Z","created_at":"2022-04-10T00:58:48.247Z","updated_at":"2026-06-03T15:02:07.883Z","registry_url":"https://www.npmjs.com/package/socket.io-parser","install_command":"npm install socket.io-parser","documentation_url":null,"metadata":{"funding":null,"dist-tags":{"beta":"4.0.1-rc3","v4.0-latest":"4.0.5","latest":"4.2.6","v2-latest":"3.3.5"}},"repo_metadata":{"id":14294026,"uuid":"17002442","full_name":"socketio/socket.io-parser","owner":"socketio","description":null,"archived":false,"fork":false,"pushed_at":"2024-03-19T22:41:30.000Z","size":1131,"stargazers_count":134,"open_issues_count":7,"forks_count":99,"subscribers_count":83,"default_branch":"main","last_synced_at":"2024-05-19T01:41:32.081Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://socket.io","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/socketio.png","metadata":{"files":{"readme":"Readme.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":"support/package.cjs.json","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-02-19T23:09:13.000Z","updated_at":"2024-06-18T12:17:08.453Z","dependencies_parsed_at":"2024-06-18T12:16:49.913Z","dependency_job_id":null,"html_url":"https://github.com/socketio/socket.io-parser","commit_stats":{"total_commits":182,"total_committers":23,"mean_commits":7.913043478260869,"dds":"0.46153846153846156","last_synced_commit":"9f76ea22b41feeade0c8819dbf3c16fd07becc2a"},"previous_names":["automattic/socket.io-parser"],"tags_count":48,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/socketio","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":215896193,"owners_count":15946058,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"socketio","name":"Socket.IO","uuid":"10566080","kind":"organization","description":"","email":null,"website":"https://socket.io","location":"Automattic","twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/10566080?v=4","repositories_count":52,"last_synced_at":"2024-04-14T06:57:53.810Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/socketio","funding_links":[],"total_stars":97125,"followers":599,"following":0,"created_at":"2022-11-02T16:19:08.678Z","updated_at":"2024-04-14T06:57:59.806Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/socketio","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/socketio/repositories"},"tags":[{"name":"4.2.4","sha":"164ba2a11edc34c2f363401e9768f9a8541a8b89","kind":"commit","published_at":"2023-05-31T08:56:08.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/4.2.4","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/4.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.2.4/manifests"},{"name":"3.4.3","sha":"060339a206268d8860d82aa3c0766e867ce5bb8a","kind":"commit","published_at":"2023-05-22T08:00:23.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/3.4.3","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/3.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.4.3/manifests"},{"name":"4.2.3","sha":"b6c824f82421aa44dfd5ef395f5132866543de59","kind":"commit","published_at":"2023-05-22T06:25:34.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/4.2.3","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/4.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.2.3/manifests"},{"name":"4.2.2","sha":"28dd6685021353b26a4b022e25b453c627d0a7e8","kind":"commit","published_at":"2023-01-19T09:43:49.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/4.2.2","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/4.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.2.2/manifests"},{"name":"3.3.3","sha":"cd11e38e1a3e2146617bc586f86512605607b212","kind":"commit","published_at":"2022-11-09T10:22:22.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/3.3.3","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/3.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.3.3/manifests"},{"name":"3.4.2","sha":"4b3c191bc411578099c8dd35499d8c7a75860192","kind":"commit","published_at":"2022-11-09T10:18:30.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/3.4.2","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/3.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.4.2/manifests"},{"name":"4.0.5","sha":"f3329eb5a46b215a3fdf91b6008c56cf177a4124","kind":"commit","published_at":"2022-06-27T13:53:40.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/4.0.5","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/4.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.0.5/manifests"},{"name":"4.2.1","sha":"5a2ccff9d1d8fdbadd3faad9290a9e3b165cf9a2","kind":"commit","published_at":"2022-06-27T13:42:25.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/4.2.1","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/4.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.2.1/manifests"},{"name":"4.2.0","sha":"c7514b5aa638d8b779c72a1172a2a694e97b15b7","kind":"commit","published_at":"2022-04-17T22:26:27.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/4.2.0","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/4.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.2.0/manifests"},{"name":"4.1.2","sha":"aed252c74260f5cbfbd3f61307905a2277fab7ce","kind":"commit","published_at":"2022-02-17T06:37:18.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/4.1.2","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/4.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.1.2/manifests"},{"name":"4.1.1","sha":"ea86f413ed73d4dd470186a8a67c7a28e39039dc","kind":"commit","published_at":"2021-10-14T11:52:49.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/4.1.1","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/4.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.1.1/manifests"},{"name":"4.1.0","sha":"5ad3e5cc4b16326e3def2b834bd90c0424bfdd83","kind":"commit","published_at":"2021-10-11T20:37:46.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/4.1.0","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/4.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.1.0/manifests"},{"name":"4.0.4","sha":"af1b23ca85fb64a0d7a050abd0362c5f632ce429","kind":"commit","published_at":"2021-01-15T00:45:17.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/4.0.4","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/4.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.0.4/manifests"},{"name":"3.3.2","sha":"3b0a3925fd9f765228e5d06e4a0cc90d81a60d0e","kind":"commit","published_at":"2021-01-09T13:51:19.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/3.3.2","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/3.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.3.2/manifests"},{"name":"4.0.3","sha":"444520d6cdc78b1abbe3bd684dc3723b5e22d196","kind":"commit","published_at":"2021-01-05T10:26:13.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/4.0.3","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/4.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.0.3/manifests"},{"name":"4.0.2","sha":"f2098b031d5191f10ec8b66e3c659b702302d577","kind":"commit","published_at":"2020-11-25T10:00:16.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/4.0.2","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/4.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.0.2/manifests"},{"name":"4.0.1","sha":"e33932365443b8203198ad7cc2af5f856a63600e","kind":"commit","published_at":"2020-11-05T15:07:35.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/4.0.1","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/4.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.0.1/manifests"},{"name":"4.0.1-rc3","sha":"412769fd18bd1a91258d3565701c9274399a3318","kind":"commit","published_at":"2020-10-25T23:16:09.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/4.0.1-rc3","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/4.0.1-rc3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.0.1-rc3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.0.1-rc3/manifests"},{"name":"4.0.1-rc2","sha":"64b66482368e38382ea93409b95b4af299c45a5e","kind":"commit","published_at":"2020-10-15T08:24:47.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/4.0.1-rc2","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/4.0.1-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.0.1-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.0.1-rc2/manifests"},{"name":"4.0.1-rc1","sha":"7fc3c422347b6ec33e3c3b3bf3671b825a41f18f","kind":"commit","published_at":"2020-10-12T13:21:44.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/4.0.1-rc1","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/4.0.1-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.0.1-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.0.1-rc1/manifests"},{"name":"3.3.1","sha":"25ca624b0d9eddc54a0dbaecc535cdf400722169","kind":"commit","published_at":"2020-09-30T00:38:02.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/3.3.1","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/3.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.3.1/manifests"},{"name":"4.0.0","sha":"c04d7f5c47ed712eb0f56cfc1a859f1aaa828f1e","kind":"commit","published_at":"2020-09-28T12:55:19.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/4.0.0","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/4.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/4.0.0/manifests"},{"name":"3.4.1","sha":"a8130ce3a9682498bf986a0c3e4a53f9cf2ef965","kind":"commit","published_at":"2020-05-13T05:59:21.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/3.4.1","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/3.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.4.1/manifests"},{"name":"3.4.0","sha":"652402a8568c2138da3c27c96756b32efca6c4bf","kind":"commit","published_at":"2019-09-20T09:00:03.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/3.4.0","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/3.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.4.0/manifests"},{"name":"3.3.0","sha":"0de72b9cc25c0950f09811e1e2a951b80e67e3fb","kind":"commit","published_at":"2018-11-07T22:58:21.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/3.3.0","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/3.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.3.0/manifests"},{"name":"3.2.0","sha":"6e400188be089990fcb811bb734b7d0215cb74f7","kind":"commit","published_at":"2018-02-28T21:08:38.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/3.2.0","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/3.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.2.0/manifests"},{"name":"3.1.3","sha":"f9c06255de817b19e47eb41a6e7d90dc1976cbba","kind":"commit","published_at":"2018-02-25T08:20:05.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/3.1.3","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/3.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.1.3/manifests"},{"name":"3.1.2","sha":"f9c3549dd17df095b0806086df3f4834ddc98d45","kind":"commit","published_at":"2017-04-27T21:46:00.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/3.1.2","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/3.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.1.2/manifests"},{"name":"3.1.1","sha":"eaee5d58c4fb3e593131502bb389ea28ab8d26f1","kind":"commit","published_at":"2017-04-24T22:22:17.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/3.1.1","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/3.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.1.1/manifests"},{"name":"3.1.0","sha":"8e5465de2f264f856a3fd063248d2006d650c5e1","kind":"commit","published_at":"2017-04-24T21:33:46.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/3.1.0","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/3.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.1.0/manifests"},{"name":"3.0.0","sha":"817adca41d77d8b717fcfae622e89b6fc6c50a92","kind":"commit","published_at":"2017-04-03T21:51:53.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/3.0.0","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/3.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/3.0.0/manifests"},{"name":"2.3.2","sha":"9ce9a98dd0969328e34146d287e82c5500614f27","kind":"commit","published_at":"2016-12-30T21:43:07.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/2.3.2","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/2.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.3.2/manifests"},{"name":"2.3.1","sha":"64455b432c9af2f9692a0eb845b17129eec0442a","kind":"commit","published_at":"2016-10-24T00:31:53.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/2.3.1","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/2.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.3.1/manifests"},{"name":"2.3.0","sha":"baf384cd6cbcdf716ec35ed2187cd755c7e5e9d2","kind":"commit","published_at":"2016-10-20T23:32:51.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/2.3.0","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/2.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.3.0/manifests"},{"name":"2.2.6","sha":"032350c569a0b1f0713ea5fbf508edc75fc5b928","kind":"tag","published_at":"2015-11-25T18:13:53.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/2.2.6","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/2.2.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.2.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.2.6/manifests"},{"name":"2.2.5","sha":"913ddb8c6e0524f0aaf2d519ea4a3a9cf9e1e96d","kind":"tag","published_at":"2015-11-21T18:45:33.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/2.2.5","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/2.2.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.2.5/manifests"},{"name":"2.2.4","sha":"6455fb27613f708d2f66bc186ae323d47f4262c5","kind":"tag","published_at":"2015-03-03T18:34:16.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/2.2.4","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/2.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.2.4/manifests"},{"name":"2.2.3","sha":"c4bfb06a72c767d31c44a976a0b08b44874a2575","kind":"tag","published_at":"2015-02-04T00:28:11.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/2.2.3","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/2.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.2.3/manifests"},{"name":"2.2.2","sha":"83c68c7a715ac54e95c5dae6445f751b3a4dfe9f","kind":"tag","published_at":"2014-09-04T08:14:58.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/2.2.2","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/2.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.2.2/manifests"},{"name":"2.2.1","sha":"5c551f0f527fec41361df6fdc0d60d202e658045","kind":"tag","published_at":"2014-06-20T23:56:24.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/2.2.1","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/2.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.2.1/manifests"},{"name":"2.2.0","sha":"2997b08ce3679238d548da8a05abe39c27839362","kind":"tag","published_at":"2014-05-31T04:11:00.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/2.2.0","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/2.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.2.0/manifests"},{"name":"2.1.5","sha":"aaf07313c6bcade74f624a6707dd352e475f6f99","kind":"tag","published_at":"2014-05-24T18:37:02.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/2.1.5","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/2.1.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.1.5/manifests"},{"name":"2.1.4","sha":"993b2b02409d9cfb78779abef7ad4fc785f150cc","kind":"tag","published_at":"2014-05-17T20:50:54.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/2.1.4","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/2.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.1.4/manifests"},{"name":"2.1.3","sha":"aea5477c43102b4b09a5253911f51e72838fd043","kind":"tag","published_at":"2014-04-28T01:45:57.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/2.1.3","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/2.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.1.3/manifests"},{"name":"2.1.2","sha":"4f2916b5a6a5448153da3e21a444bedb5bdf1076","kind":"tag","published_at":"2014-03-06T23:37:57.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/2.1.2","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/2.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.1.2/manifests"},{"name":"2.1.1","sha":"b8d7885a0e728a3bfa5f4011650be9d65c2958d2","kind":"tag","published_at":"2014-03-05T07:18:59.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/2.1.1","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/2.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.1.1/manifests"},{"name":"2.1.0","sha":"3283b89c4e5fc16d21a1b0238756e45299eebd04","kind":"tag","published_at":"2014-03-01T16:32:23.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/2.1.0","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/2.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.1.0/manifests"},{"name":"2.0.0","sha":"5efe005679bb9a7473c07f2384b4fa2deb26444b","kind":"tag","published_at":"2014-02-20T00:51:16.000Z","download_url":"https://codeload.github.com/socketio/socket.io-parser/tar.gz/2.0.0","html_url":"https://github.com/socketio/socket.io-parser/releases/tag/2.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/tags/2.0.0/manifests"}]},"repo_metadata_updated_at":"2024-09-06T15:37:52.677Z","dependent_packages_count":303,"downloads":86803093,"downloads_period":"last-month","dependent_repos_count":1259292,"rankings":{"downloads":0.04586121056072791,"dependent_repos_count":0.02759886581803805,"dependent_packages_count":0.1696454093338926,"stargazers_count":4.515645380858873,"forks_count":2.955954333721306,"docker_downloads_count":0.03970074944063013,"average":1.2924009916222445},"purl":"pkg:npm/socket.io-parser","advisories":[{"uuid":"GSA_kwCzR0hTQS02NzdtLWo3cDMtNTJmOc4ABTz6","url":"https://github.com/advisories/GHSA-677m-j7p3-52f9","title":"socket.io allows an unbounded number of binary attachments","description":"### Impact\n\nA specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server run out of memory.\n\n### Patches\n\n| Version range    | Used by                                    | Fixed version |\n|------------------|--------------------------------------------|---------------|\n| `\u003e=4.0.0 \u003c4.2.6` | `socket.io@4.x` and `socket.io-client@4.x` | `4.2.6`       |\n| `\u003e=3.4.0 \u003c3.4.4` | `socket.io@2.x`                            | `3.4.4`       |\n| `\u003c3.3.5`         | `socket.io-client@2.x`                     | `3.3.5`       |\n\n### Workarounds\n\nThere is no known workaround except upgrading to a safe version.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n- Open a discussion [here](https://github.com/socketio/socket.io/discussions)","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2026-03-18T17:26:14.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.7,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N","references":["https://github.com/socketio/socket.io/security/advisories/GHSA-677m-j7p3-52f9","https://github.com/socketio/socket.io/commit/719f9ebab0772ffb882bd614b387e585c1aa75d4","https://github.com/socketio/socket.io/commit/9d39f1f080510f036782f2177fac701cc041faaf","https://github.com/socketio/socket.io/commit/b25738c416c4e32fbff62ee182afa8f6d0dacf78","https://nvd.nist.gov/vuln/detail/CVE-2026-33151","https://github.com/advisories/GHSA-677m-j7p3-52f9"],"source_kind":"github","identifiers":["GHSA-677m-j7p3-52f9","CVE-2026-33151"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-03-18T18:00:10.862Z","updated_at":"2026-05-28T19:02:43.987Z","epss_percentage":0.00051,"epss_percentile":0.16162,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02NzdtLWo3cDMtNTJmOc4ABTz6","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS02NzdtLWo3cDMtNTJmOc4ABTz6","packages":[{"ecosystem":"npm","package_name":"socket.io-parser","versions":[{"first_patched_version":"4.2.6","vulnerable_version_range":"\u003e= 4.0.0, \u003c 4.2.6"},{"first_patched_version":"3.4.4","vulnerable_version_range":"\u003e= 3.4.0, \u003c 3.4.4"},{"first_patched_version":"3.3.5","vulnerable_version_range":"\u003c 3.3.5"}],"purl":"pkg:npm/socket.io-parser"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02NzdtLWo3cDMtNTJmOc4ABTz6/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1jcW1qLTkyeGYtcjZyOc4AAzcU","url":"https://github.com/advisories/GHSA-cqmj-92xf-r6r9","title":"Insufficient validation when decoding a Socket.IO packet","description":"### Impact\n\nA specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process.\n\n```\nTypeError: Cannot convert object to primitive value\n       at Socket.emit (node:events:507:25)\n       at .../node_modules/socket.io/lib/socket.js:531:14\n```\n\n### Patches\n\nA fix has been released today (2023/05/22):\n\n- https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3, included in `socket.io-parser@4.2.3`\n- https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced, included in `socket.io-parser@3.4.3`\n\n\nAnother fix has been released for the `3.3.x` branch:\n\n- https://github.com/socketio/socket.io-parser/commit/ee006607495eca4ec7262ad080dd3a91439a5ba4, included in `socket.io-parser@3.3.4\n\n| `socket.io` version | `socket.io-parser` version                                                                              | Needs minor update?                  |\n|---------------------|---------------------------------------------------------------------------------------------------------|--------------------------------------|\n| `4.5.2...latest`    | `~4.2.0` ([ref](https://github.com/socketio/socket.io/commit/9890b036cf942f6b6ad2afeb6a8361c32cd5d528)) | `npm audit fix` should be sufficient |\n| `4.1.3...4.5.1`     | `~4.1.1` ([ref](https://github.com/socketio/socket.io/commit/7c44893d7878cd5bba1eff43150c3e664f88fb57)) | Please upgrade to `socket.io@4.6.x`  |\n| `3.0.5...4.1.2`     | `~4.0.3` ([ref](https://github.com/socketio/socket.io/commit/752dfe3b1e5fecda53dae899b4a39e6fed5a1a17)) | Please upgrade to `socket.io@4.6.x`  |\n| `3.0.0...3.0.4`     | `~4.0.1` ([ref](https://github.com/socketio/socket.io/commit/1af3267e3f5f7884214cf2ca4d5282d620092fb0)) | Please upgrade to `socket.io@4.6.x`  |\n| `2.3.0...2.5.0`     | `~3.4.0` ([ref](https://github.com/socketio/socket.io/commit/cf39362014f5ff13a17168b74772c43920d6e4fd)) | `npm audit fix` should be sufficient |\n\n\n### Workarounds\n\nThere is no known workaround except upgrading to a safe version.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n- Open a discussion [here](https://github.com/socketio/socket.io/discussions)\n\nThanks to [@rafax00](https://github.com/rafax00) for the responsible disclosure.\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2023-05-23T19:55:13.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.9,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","references":["https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9","https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced","https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3","https://github.com/socketio/socket.io-parser/commit/1c220ddbf45ea4b44bc8dbf6f9ae245f672ba1b9","https://nvd.nist.gov/vuln/detail/CVE-2023-32695","https://github.com/socketio/socket.io-parser/releases/tag/4.2.3","https://github.com/socketio/socket.io-parser/commit/ee006607495eca4ec7262ad080dd3a91439a5ba4","https://github.com/advisories/GHSA-cqmj-92xf-r6r9"],"source_kind":"github","identifiers":["GHSA-cqmj-92xf-r6r9","CVE-2023-32695"],"repository_url":"https://github.com/socketio/socket.io-parser","blast_radius":42.09087246631176,"created_at":"2023-05-23T20:03:35.017Z","updated_at":"2026-05-19T03:05:37.898Z","epss_percentage":0.00302,"epss_percentile":0.53551,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jcW1qLTkyeGYtcjZyOc4AAzcU","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1jcW1qLTkyeGYtcjZyOc4AAzcU","packages":[{"ecosystem":"npm","package_name":"socket.io-parser","versions":[{"first_patched_version":"3.3.4","vulnerable_version_range":"\u003c 3.3.4"},{"first_patched_version":"4.2.3","vulnerable_version_range":"\u003e= 4.0.4, \u003c 4.2.3"},{"first_patched_version":"3.4.3","vulnerable_version_range":"\u003e= 3.4.0, \u003c 3.4.3"}],"purl":"pkg:npm/socket.io-parser"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jcW1qLTkyeGYtcjZyOc4AAzcU/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1xbTk1LXBnY2ctcXFmcc4AAvix","url":"https://github.com/advisories/GHSA-qm95-pgcg-qqfq","title":"Insufficient validation when decoding a Socket.IO packet","description":"Due to improper type validation in the `socket.io-parser` library (which is used by the `socket.io` and `socket.io-client` packages to encode and decode Socket.IO packets), it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.\n\nExample:\n\n```js\nconst decoder = new Decoder();\n\ndecoder.on(\"decoded\", (packet) =\u003e {\n console.log(packet.data); // prints [ 'hello', [Function: splice] ]\n})\n\ndecoder.add('51-[\"hello\",{\"_placeholder\":true,\"num\":\"splice\"}]');\ndecoder.add(Buffer.from(\"world\"));\n```\n\nThis bubbles up in the `socket.io` package:\n\n```js\nio.on(\"connection\", (socket) =\u003e {\n socket.on(\"hello\", (val) =\u003e {\n // here, \"val\" could be a function instead of a buffer\n });\n});\n```\n\n:warning: IMPORTANT NOTE :warning:\n\nYou need to make sure that the payload that you received from the client is actually a `Buffer` object:\n\n```js\nio.on(\"connection\", (socket) =\u003e {\n socket.on(\"hello\", (val) =\u003e {\n if (!Buffer.isBuffer(val)) {\n socket.disconnect();\n return;\n }\n // ...\n });\n});\n```\n\n**If that's already the case, then you are not impacted by this issue, and there is no way an attacker could make your server crash (or escalate privileges, ...).**\n\nExample of values that could be sent by a malicious user:\n\n- a number that is out of bounds\n\nSample packet: `451-[\"hello\",{\"_placeholder\":true,\"num\":10}]`\n\n```js\nio.on(\"connection\", (socket) =\u003e {\n socket.on(\"hello\", (val) =\u003e {\n // val is `undefined`\n });\n});\n```\n\n- a value that is not a number, like `undefined`\n\nSample packet: `451-[\"hello\",{\"_placeholder\":true,\"num\":undefined}]`\n\n```js\nio.on(\"connection\", (socket) =\u003e {\n socket.on(\"hello\", (val) =\u003e {\n // val is `undefined`\n });\n});\n```\n\n- a string that is part of the prototype of `Array`, like \"push\"\n\nSample packet: `451-[\"hello\",{\"_placeholder\":true,\"num\":\"push\"}]`\n\n```js\nio.on(\"connection\", (socket) =\u003e {\n socket.on(\"hello\", (val) =\u003e {\n // val is a reference to the \"push\" function\n });\n});\n```\n\n- a string that is part of the prototype of `Object`, like \"hasOwnProperty\"\n\nSample packet: `451-[\"hello\",{\"_placeholder\":true,\"num\":\"hasOwnProperty\"}]`\n\n```js\nio.on(\"connection\", (socket) =\u003e {\n socket.on(\"hello\", (val) =\u003e {\n // val is a reference to the \"hasOwnProperty\" function\n });\n});\n```\n\nThis should be fixed by:\n\n- https://github.com/socketio/socket.io-parser/commit/b5d0cb7dc56a0601a09b056beaeeb0e43b160050, included in `socket.io-parser@4.2.1`\n- https://github.com/socketio/socket.io-parser/commit/b559f050ee02bd90bd853b9823f8de7fa94a80d4, included in `socket.io-parser@4.0.5`\n- https://github.com/socketio/socket.io-parser/commit/04d23cecafe1b859fb03e0cbf6ba3b74dff56d14, included in `socket.io-parser@3.4.2`\n- https://github.com/socketio/socket.io-parser/commit/fb21e422fc193b34347395a33e0f625bebc09983, included in `socket.io-parser@3.3.3`\n\n### Dependency analysis for the `socket.io` package\n\n| `socket.io` version | `socket.io-parser` version | Covered? |\n|---------------------|---------------------------------------------------------------------------------------------------------|------------------------|\n| `4.5.2...latest` | `~4.2.0` ([ref](https://github.com/socketio/socket.io/commit/9890b036cf942f6b6ad2afeb6a8361c32cd5d528)) | Yes :heavy_check_mark: |\n| `4.1.3...4.5.1` | `~4.0.4` ([ref](https://github.com/socketio/socket.io/commit/7c44893d7878cd5bba1eff43150c3e664f88fb57)) | Yes :heavy_check_mark: |\n| `3.0.5...4.1.2` | `~4.0.3` ([ref](https://github.com/socketio/socket.io/commit/752dfe3b1e5fecda53dae899b4a39e6fed5a1a17)) | Yes :heavy_check_mark: |\n| `3.0.0...3.0.4` | `~4.0.1` ([ref](https://github.com/socketio/socket.io/commit/1af3267e3f5f7884214cf2ca4d5282d620092fb0)) | Yes :heavy_check_mark: |\n| `2.3.0...2.5.0` | `~3.4.0` ([ref](https://github.com/socketio/socket.io/commit/cf39362014f5ff13a17168b74772c43920d6e4fd)) | Yes :heavy_check_mark: |\n\n\n### Dependency analysis for the `socket.io-client` package\n\n| `socket.io-client` version | `socket.io-parser` version | Covered? |\n|----------------------------|----------------------------------------------------------------------------------------------------------------|------------------------------------|\n| `4.5.0...latest` | `~4.2.0` ([ref](https://github.com/socketio/socket.io-client/commit/b862924b7f1720979e5db2f0154906b305d420e3)) | Yes :heavy_check_mark: |\n| `4.3.0...4.4.1` | `~4.1.1` ([ref](https://github.com/socketio/socket.io-client/commit/91b948b8607166fcc79f028a6428819277214188)) | No, but the impact is very limited |\n| `3.1.0...4.2.0` | `~4.0.4` ([ref](https://github.com/socketio/socket.io-client/commit/5d9b4eb42b1f5778e6f033096694acb331b132c4)) | Yes :heavy_check_mark: |\n| `3.0.5` | `~4.0.3` ([ref](https://github.com/socketio/socket.io-client/commit/cf9fc358365cc15a41260a51dc186c881bf086ca)) | Yes :heavy_check_mark: |\n| `3.0.0...3.0.4` | `~4.0.1` ([ref](https://github.com/socketio/socket.io-client/commit/b7e07ba633ceb9c1dc94cc894c10b9bfca536c7a)) | Yes :heavy_check_mark: |\n| `2.2.0...2.5.0` | `~3.3.0` ([ref](https://github.com/socketio/socket.io-client/commit/06e9a4ca2621176c30c352b2ba8b34fa42b8d0ba)) | Yes :heavy_check_mark: |\n","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2022-10-26T12:00:28.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2022-2421","https://csirt.divd.nl/cases/DIVD-2022-00045","https://csirt.divd.nl/cves/CVE-2022-2421","https://github.com/socketio/socket.io-parser/commit/b559f050ee02bd90bd853b9823f8de7fa94a80d4","https://github.com/socketio/socket.io-parser/commit/b5d0cb7dc56a0601a09b056beaeeb0e43b160050","https://github.com/socketio/socket.io-parser/commit/04d23cecafe1b859fb03e0cbf6ba3b74dff56d14","https://github.com/socketio/socket.io-parser/commit/fb21e422fc193b34347395a33e0f625bebc09983","https://csirt.divd.nl/CVE-2022-2421","https://csirt.divd.nl/DIVD-2022-00045","https://github.com/advisories/GHSA-qm95-pgcg-qqfq"],"source_kind":"github","identifiers":["GHSA-qm95-pgcg-qqfq","CVE-2022-2421"],"repository_url":"https://github.com/socketio/socket.io-parser","blast_radius":0.0,"created_at":"2022-12-21T16:11:51.764Z","updated_at":"2026-06-01T17:07:55.577Z","epss_percentage":0.0084,"epss_percentile":0.74922,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xbTk1LXBnY2ctcXFmcc4AAvix","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1xbTk1LXBnY2ctcXFmcc4AAvix","packages":[{"ecosystem":"npm","package_name":"socket.io-parser","versions":[{"first_patched_version":"3.4.2","vulnerable_version_range":"\u003e= 3.4.0, \u003c 3.4.2"},{"first_patched_version":"3.3.3","vulnerable_version_range":"\u003c 3.3.3"},{"first_patched_version":"4.0.5","vulnerable_version_range":"\u003e= 4.0.0, \u003c 4.0.5"},{"first_patched_version":"4.2.1","vulnerable_version_range":"\u003e= 4.1.0, \u003c 4.2.1"}],"purl":"pkg:npm/socket.io-parser"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xbTk1LXBnY2ctcXFmcc4AAvix/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmaGgtZzlmNS14NG00","url":"https://github.com/advisories/GHSA-xfhh-g9f5-x4m4","title":"Resource exhaustion in socket.io-parser","description":"The `socket.io-parser` npm package before versions 3.3.2 and 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-06-30T16:51:31.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2020-36049","https://github.com/socketio/socket.io-parser/commit/dcb942d24db97162ad16a67c2a0cf30875342d55","https://blog.caller.xyz/socketio-engineio-dos/","https://github.com/bcaller/kill-engine-io","https://github.com/socketio/socket.io-parser/releases/tag/3.3.2","https://github.com/socketio/socket.io-parser/releases/tag/3.4.1","https://www.npmjs.com/package/socket.io-parser","https://github.com/advisories/GHSA-xfhh-g9f5-x4m4"],"source_kind":"github","identifiers":["GHSA-xfhh-g9f5-x4m4","CVE-2020-36049"],"repository_url":"https://github.com/socketio/socket.io-parser","blast_radius":0.0,"created_at":"2022-12-21T16:12:58.119Z","updated_at":"2026-06-03T14:12:39.438Z","epss_percentage":0.00528,"epss_percentile":0.6652,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmaGgtZzlmNS14NG00","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmaGgtZzlmNS14NG00","packages":[{"ecosystem":"npm","package_name":"socket.io-parser","versions":[{"first_patched_version":"3.4.1","vulnerable_version_range":"= 3.4.0"},{"first_patched_version":"3.3.2","vulnerable_version_range":"\u003c 3.3.2"}],"purl":"pkg:npm/socket.io-parser","statistics":{"dependent_packages_count":303,"dependent_repos_count":1259292,"downloads":86803093,"downloads_period":"last-month"},"affected_versions":["1.0.1","1.0.2","1.1.0","1.1.1","1.1.2","2.0.0","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.1.5","2.2.0","2.2.1","2.2.2","2.2.3","2.2.4","2.2.5","2.2.6","2.3.0","2.3.1","2.3.2","3.0.0","3.1.0","3.1.1","3.1.2","3.1.3","3.2.0","3.3.0","3.3.1","3.4.0"],"unaffected_versions":["3.3.2","3.3.3","3.3.4","3.3.5","3.4.1","3.4.2","3.4.3","3.4.4","4.0.0","4.0.1","4.0.2","4.0.3","4.0.4","4.0.5","4.1.0","4.1.1","4.1.2","4.2.0","4.2.1","4.2.2","4.2.3","4.2.4","4.2.5","4.2.6"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmaGgtZzlmNS14NG00/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/npm/socket.io-parser","docker_dependents_count":5637,"docker_downloads_count":2884416374,"usage_url":"https://repos.ecosyste.ms/usage/npm/socket.io-parser","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/npm/socket.io-parser/dependencies","status":null,"funding_links":[],"critical":true,"issue_metadata":{"last_synced_at":"2024-09-06T15:37:50.371Z","issues_count":35,"pull_requests_count":74,"avg_time_to_close_issue":20147034.424242426,"avg_time_to_close_pull_request":5051020.04109589,"issues_closed_count":33,"pull_requests_closed_count":73,"pull_request_authors_count":28,"issue_authors_count":33,"avg_comments_per_issue":2.7714285714285714,"avg_comments_per_pull_request":1.0405405405405406,"merged_pull_requests_count":55,"bot_issues_count":0,"bot_pull_requests_count":11,"past_year_issues_count":3,"past_year_pull_requests_count":4,"past_year_avg_time_to_close_issue":8921907.666666666,"past_year_avg_time_to_close_pull_request":11882524.5,"past_year_issues_closed_count":3,"past_year_pull_requests_closed_count":4,"past_year_pull_request_authors_count":3,"past_year_issue_authors_count":3,"past_year_avg_comments_per_issue":9.0,"past_year_avg_comments_per_pull_request":1.0,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":2,"past_year_merged_pull_requests_count":2,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/socketio%2Fsocket.io-parser/issues","maintainers":[{"login":"darrachequesne","count":27,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/darrachequesne"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/socket.io-parser/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/socket.io-parser/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/socket.io-parser/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/socket.io-parser/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/socket.io-parser/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/socket.io-parser/codemeta","maintainers":[{"uuid":"rauchg","login":"rauchg","name":null,"email":"rauchg@gmail.com","url":null,"packages_count":278,"html_url":"https://www.npmjs.com/~rauchg","role":null,"created_at":"2022-11-14T12:20:05.396Z","updated_at":"2022-11-14T12:20:05.396Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/rauchg/packages"},{"uuid":"darrachequesne","login":"darrachequesne","name":null,"email":"damien.arrachequesne@gmail.com","url":null,"packages_count":52,"html_url":"https://www.npmjs.com/~darrachequesne","role":null,"created_at":"2022-11-14T12:20:05.502Z","updated_at":"2022-11-14T12:20:05.502Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/darrachequesne/packages"}]}