socket-security[bot]
commented
1 year ago Socket Security Pull Request Report
Dependency issues detected: If you merge this pull request, you will not be alerted to the instances of these issues again.
🫣 Native code
Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.
Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings.
| Package | Location | Source |
|---|---|---|
| @parcel/watcher@2.1.0 (added) | binding.gyp | package.json via @graphql-codegen/cli@3.2.1 |
Pull request report summary
| Issue | Status |
|---|---|
| Install scripts | ✅ 0 issues |
| Native code | ⚠️ 1 issue |
| Bin script shell injection | ✅ 0 issues |
| Unresolved require | ✅ 0 issues |
| Invalid package.json | ✅ 0 issues |
| HTTP dependency | ✅ 0 issues |
| Git dependency | ✅ 0 issues |
| Potential typo squat | ✅ 0 issues |
| Known Malware | ✅ 0 issues |
| Telemetry | ✅ 0 issues |
| Protestware/Troll package | ✅ 0 issues |
Bot Commands
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@2.4.2
@SocketSecurity ignore @parcel/watcher@2.1.0
⚠️ Please accept the latest app permissions to ensure bot commands work properly. Accept the new permissions here.
Powered by socket.dev
The latest updates on your projects. Learn more about Vercel for Git ↗︎