search

XRPL-Labs / Xaman-App

Xaman (Formerly XUMM) for iOS and Android (React Native)
https://support.xumm.app
Other
104 stars 48 forks source link

v2.4.0 #72

Closed N3TC4T closed 1 year ago

vixentael commented 2 years ago

i leave my comment here to follow commits

socket-security[bot] commented 2 years ago

Socket Security Pull Request Report

Dependency issues detected: If you merge this pull request, you will not be alerted to the instances of these issues again.

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package Script field Source
realm@11.4.0 (upgraded) postinstall package.json
core-js@3.15.2 (upgraded) postinstall package.json via @storybook/addon-actions@6.5.16, @storybook/addon-links@6.5.16, @storybook/addon-ondevice-actions@5.3.23, @storybook/addon-storyshots@6.5.16, @storybook/addons@6.5.16, @storybook/react-native@5.3.27, @storybook/react-native-server@5.3.23, fetch-mock@9.11.0
core-js-pure@3.9.1 (added) postinstall package.json via @storybook/react-native-server@5.3.23, cucumber@6.0.7
realm@11.4.0 (upgraded) install package.json
detox@20.1.2 (upgraded) postinstall package.json via @types/detox@18.1.0
Pull request report summary
Issue Status
Install scripts ⚠️ 5 issues
Native code ✅ 0 issues
Bin script shell injection ✅ 0 issues
Unresolved require ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
Potential typo squat ✅ 0 issues
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ✅ 0 issues
Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore realm@11.4.0
  • @SocketSecurity ignore core-js@3.15.2
  • @SocketSecurity ignore core-js-pure@3.9.1
  • @SocketSecurity ignore detox@20.1.2

⚠️ Please accept the latest app permissions to ensure bot commands work properly. Accept the new permissions here.

Powered by socket.dev