socket-security[bot]
commented
1 year ago Socket Security Pull Request Report
Dependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again.
⚠️ Mixed license
Package contains multiple licenses.
A new version of the package should be published that includes a single license. Consumers may seek clarification from the package author. Ensure that the license details are consistent across the LICENSE file, package.json license field and license details mentioned in the README.
Pull request report summary
| Issue | Status |
|---|---|
| Critical CVE | ✅ 0 issues |
| Install scripts | ✅ 0 issues |
| Native code | ✅ 0 issues |
| Bin script confusion | ✅ 0 issues |
| Bin script shell injection | ✅ 0 issues |
| Unresolved require | ✅ 0 issues |
| Invalid package.json | ✅ 0 issues |
| HTTP dependency | ✅ 0 issues |
| Git dependency | ✅ 0 issues |
| Unsafe copyright | ✅ 0 issues |
| License change | ✅ 0 issues |
| Missing license | ✅ 0 issues |
| Mixed license | ⚠️ 12 issues |
| License exception | ✅ 0 issues |
| Potential typo squat | ✅ 0 issues |
| Known Malware | ✅ 0 issues |
| Telemetry | ✅ 0 issues |
| Protestware/Troll package | ✅ 0 issues |
| AI detected malware | ✅ 0 issues |
Bot Commands
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@2.4.2
@SocketSecurity ignore ieee754@1.2.1@SocketSecurity ignore tough-cookie@4.0.0@SocketSecurity ignore signal-exit@3.0.7@SocketSecurity ignore test-exclude@6.0.0@SocketSecurity ignore yargs-parser@20.2.9
Powered by socket.dev
j1-internal-automation
Updating Starbase to use the latest available SDK. This will include support for optional config parameters.