Closed huzaifa3115 closed 1 year ago
New dependency changes detected. Learn more about Socket for GitHub ↗︎
🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.
To ignore an alert, reply with a comment starting with @SocketSecurity ignore
followed by a space separated list of package-name@version
specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@*
or ignore all packages with @SocketSecurity ignore-all
@SocketSecurity ignore @fortawesome/fontawesome-common-types@0.3.0
@SocketSecurity ignore @fortawesome/fontawesome-common-types@6.3.0
@SocketSecurity ignore @fortawesome/fontawesome-svg-core@1.3.0
@SocketSecurity ignore @fortawesome/free-solid-svg-icons@6.3.0
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
Issue | Status |
---|---|
Install scripts | ⚠️ 4 issues |
Native code | ✅ 0 issues |
Bin script shell injection | ✅ 0 issues |
Unresolved require | ✅ 0 issues |
Invalid package.json | ✅ 0 issues |
HTTP dependency | ✅ 0 issues |
Git dependency | ✅ 0 issues |
Potential typo squat | ✅ 0 issues |
Known Malware | ✅ 0 issues |
Telemetry | ✅ 0 issues |
Protestware/Troll package | ✅ 0 issues |
📊 Modified Dependency Overview:
➕ Added Package | Capability Access | +/- Transitive Count |
Publisher |
---|---|---|---|
react-native-permissions@3.6.1 | None | +9 |
zoontek |
⬆️ Updated Package | Version Diff | Added Capability Access | +/- Transitive Count |
Publisher |
---|---|---|---|---|
@react-navigation/native@6.1.4 | 6.1.3...6.1.4 | None | +9/-15 |
satya164 |
react-native-screens@3.20.0 | 3.19.0...3.20.0 | None | +9/-15 |
kkafar |
@react-navigation/native-stack@6.9.10 | 6.9.9...6.9.10 | None | +12/-18 |
satya164 |
@react-navigation/drawer@6.6.0 | 6.5.8...6.6.0 | None | +12/-18 |
satya164 |
react-native-device-info@10.4.0 | 10.3.0...10.4.0 | None | +9/-15 |
schie |
🚮 Removed packages: @notifee/react-native@7.4.0