search

0perationPrivacy / VoIPSuite-Mobile

Mobile App code for Android & iOS on React Native
https://voip.OperationPrivacy.com/
GNU General Public License v3.0
18 stars 5 forks source link

Notification handler android #47

Closed huzaifa3115 closed 1 year ago

huzaifa3115 commented 1 year ago
socket-security[bot] commented 1 year ago

New dependency changes detected. Learn more about Socket for GitHub ↗︎

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore @fortawesome/fontawesome-common-types@0.3.0
  • @SocketSecurity ignore @fortawesome/fontawesome-common-types@6.3.0
  • @SocketSecurity ignore @fortawesome/fontawesome-svg-core@1.3.0
  • @SocketSecurity ignore @fortawesome/free-solid-svg-icons@6.3.0
📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package Script field Source
@fortawesome/fontawesome-common-types@0.3.0 (added) postinstall package.json via @fortawesome/react-native-fontawesome@0.2.7
@fortawesome/fontawesome-common-types@6.3.0 (added) postinstall package.json via @fortawesome/free-solid-svg-icons@6.3.0
@fortawesome/fontawesome-svg-core@1.3.0 (added) postinstall package.json via @fortawesome/react-native-fontawesome@0.2.7
@fortawesome/free-solid-svg-icons@6.3.0 (added) postinstall package.json
Pull request alert summary
Issue Status
Install scripts ⚠️ 4 issues
Native code ✅ 0 issues
Bin script shell injection ✅ 0 issues
Unresolved require ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
Potential typo squat ✅ 0 issues
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ✅ 0 issues

📊 Modified Dependency Overview:

➕ Added Package Capability Access +/- Transitive Count Publisher
react-native-permissions@3.6.1 None +9 zoontek
⬆️ Updated Package Version Diff Added Capability Access +/- Transitive Count Publisher
@react-navigation/native@6.1.4 6.1.3...6.1.4 None +9/-15 satya164
react-native-screens@3.20.0 3.19.0...3.20.0 None +9/-15 kkafar
@react-navigation/native-stack@6.9.10 6.9.9...6.9.10 None +12/-18 satya164
@react-navigation/drawer@6.6.0 6.5.8...6.6.0 None +12/-18 satya164
react-native-device-info@10.4.0 10.3.0...10.4.0 None +9/-15 schie

🚮 Removed packages: @notifee/react-native@7.4.0