search

clarkio / vscode-twitch-highlighter

This is a VS Code extension that will allow your Twitch chat to highlight a line of code via a command message. Example: `!line 8 server.js`. See master branch README.md for more details
https://clarkio.com
203 stars 14 forks source link

v1.0.5 #165

Closed clarkio closed 1 year ago

clarkio commented 1 year ago

To publish the next release

socket-security[bot] commented 1 year ago

New dependency changes detected. Learn more about Socket for GitHub ↗︎

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore keytar@7.9.0

⚠️ Please accept the latest app permissions to ensure bot commands work properly. Accept the new permissions here.

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package Script field Source
keytar@7.9.0 (upgraded) install package-lock.json via @types/keytar@4.4.2
Pull request alert summary
Issue Status
Install scripts ⚠️ 1 issue
Native code ✅ 0 issues
Bin script shell injection ✅ 0 issues
Unresolved require ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
Potential typo squat ✅ 0 issues
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ✅ 0 issues

📊 Modified Dependency Overview:

➕ Added Package Capability Access +/- Transitive Count Publisher
@types/vscode@1.77.0 None +0 types
glob@8.1.0 filesystem +3 isaacs
@vscode/test-electron@1.6.2 network, filesystem, shell, environment +21 connor.peet
mocha@4.1.0 shell +8 boneskull
⬆️ Updated Package Version Diff Added Capability Access +/- Transitive Count Publisher
@types/tmi.js@1.8.3 1.4.1...1.8.3 None +0/-0 types
typescript@5.0.4 2.9.2...5.0.4 None +0/-0 typescript-bot
tmi.js@1.8.5 1.5.0...1.8.5 network, environment +8/-15 alca
bufferutil@4.0.7 4.0.1...4.0.7 environment +1/-1 lpinca
@types/uuid@3.4.10 3.4.9...3.4.10 None +0/-0 types
@types/request@2.48.8 2.48.5...2.48.8 None +4/-4 types
copyfiles@2.4.1 2.3.0...2.4.1 None +16/-13 cwmma
copy-webpack-plugin@6.4.1 6.0.3...6.4.1 None +78/-70 evilebottnawi
utf-8-validate@5.0.10 5.0.2...5.0.10 environment +1/-1 lpinca
webpack@4.46.0 4.44.1...4.46.0 None +49/-48 sokra
@types/node@8.10.66 8.10.62...8.10.66 None +0/-0 types

🚮 Removed packages: vscode@1.1.37