search

SocialGouv / emjpm

Trouver rapidement le bon professionnel pour les majeurs à protéger
https://emjpm.fabrique.social.gouv.fr
Other
10 stars 7 forks source link

P5 export.dev #2883

Closed unicscode closed 2 years ago

socket-security[bot] commented 2 years ago

Socket Security Report

Dependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again.

📜 New install scripts detected

A dependency change in this PR is introducing new install scripts to your install step.

Package Script field Location
cpu-features@0.0.4 (added) binding.gyp yarn.lock,packages/api/package.json via ssh2-sftp-client@9.0.4, ssh2@1.11.0
cpu-features@0.0.4 (added) install yarn.lock,packages/api/package.json via ssh2-sftp-client@9.0.4, ssh2@1.11.0
🫣 Native code

Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.

Package Location
cpu-features@0.0.4 (added) yarn.lock,packages/api/package.json via ssh2-sftp-client@9.0.4, ssh2@1.11.0
Socket.dev scan summary
Issue Status
Did you mean? ✅ no new possible package typos
Install scripts ⚠️ 2 new install scripts detected
Telemetry ✅ no new telemetry
Troll package ✅ no new troll packages
Malware ✅ no new malware
Native code ⚠️ 1 new native module detected
Bin Script Confusion ✅ no new bin script confusions
Bin script shell injection ✅ no new bin script shell injection
Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@2.4.2

  • @SocketSecurity ignore cpu-features@0.0.4

Powered by socket.dev