search

XRPL-Labs / Xaman-App

Xaman (Formerly XUMM) for iOS and Android (React Native)
https://support.xumm.app
Other
104 stars 48 forks source link

v2.5.0 #82

Closed N3TC4T closed 1 year ago

socket-security[bot] commented 1 year ago

New dependency changes detected. Learn more about Socket for GitHub ↗︎

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore highlight.js@9.18.5
  • @SocketSecurity ignore es5-ext@0.10.62

⚠️ Please accept the latest app permissions to ensure bot commands work properly. Accept the new permissions here.

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package Script field Source
highlight.js@9.18.5 (added) postinstall package.json via @storybook/react-native-server@5.3.23
es5-ext@0.10.62 (upgraded) postinstall package.json via cucumber@6.0.7, xrpl-client@2.0.11
Pull request alert summary
Issue Status
Install scripts ⚠️ 2 issues
Native code ✅ 0 issues
Bin script shell injection ✅ 0 issues
Unresolved require ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
Potential typo squat ✅ 0 issues
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ✅ 0 issues

📊 Modified Dependency Overview:

⬆️ Updated Package Version Diff Added Capability Access +/- Transitive Count Publisher
@veriff/react-native-sdk@4.0.0 3.0.0...4.0.0 None +171/-187 fu-npmjs-cci
tangem-sdk-react-native@2.3.1 2.1.0...2.3.1 None +156/-187 n3tc4t
ripple-binary-codec@1.4.3 1.4.2...1.4.3 None +6/-9 jst5000
xrpl-client@2.0.11 2.0.1...2.0.11 None +7/-8 wietsewind
xrpl-accountlib@2.0.3 1.6.1...2.0.3 None +14/-31 wietsewind
realm@11.8.0 11.4.0...11.8.0 None +173/-208 realmnpm
react-native@0.71.7 0.71.3...0.71.7 None +155/-186 react-native-bot

🚮 Removed packages: moment-timezone@0.5.40, patch-package@6.5.1