This package is being flagged as malware - false positive - Githubissues

browserify / resolve

Implements the node.js require.resolve() algorithm

MIT License

776 stars 184 forks source link

This package is being flagged as malware - false positive #306

Closed chiahrens closed 1 year ago

chiahrens commented 1 year ago

Our repo is getting flagged for malware because it of the monorepo-symlink-test private package. Not sure if there is much you can do about it, maybe renaming it or something, but just letting you know.

https://github.com/advisories/GHSA-2jcg-qqmg-46q6

ljharb commented 1 year ago

Because it's a private package that just coincidentally has the same name as the malicious one, it is indeed a false positive - so whatever tool is flagging this repo is broken, and you should strongly reconsider using a tool that is this naive about npm package names.

Duplicate of https://github.com/browserify/resolve/issues/303. Duplicate of https://github.com/browserify/resolve/issues/291. Duplicate of https://github.com/browserify/resolve/issues/288. Duplicate of https://github.com/browserify/resolve/issues/304. Duplicate of #305.