Closed clarkio closed 1 year ago
New dependency changes detected. Learn more about Socket for GitHub ↗︎
🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.
To ignore an alert, reply with a comment starting with @SocketSecurity ignore
followed by a space separated list of package-name@version
specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@*
or ignore all packages with @SocketSecurity ignore-all
@SocketSecurity ignore keytar@7.9.0
⚠️ Please accept the latest app permissions to ensure bot commands work properly. Accept the new permissions here.
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
Package | Script field | Source |
---|---|---|
keytar@7.9.0 (upgraded) | install |
package-lock.json via @types/keytar@4.4.2 |
Issue | Status |
---|---|
Install scripts | ⚠️ 1 issue |
Native code | ✅ 0 issues |
Bin script shell injection | ✅ 0 issues |
Unresolved require | ✅ 0 issues |
Invalid package.json | ✅ 0 issues |
HTTP dependency | ✅ 0 issues |
Git dependency | ✅ 0 issues |
Potential typo squat | ✅ 0 issues |
Known Malware | ✅ 0 issues |
Telemetry | ✅ 0 issues |
Protestware/Troll package | ✅ 0 issues |
📊 Modified Dependency Overview:
⬆️ Updated Package | Version Diff | Added Capability Access | +/- Transitive Count |
Publisher |
---|---|---|---|---|
@types/vscode@1.77.0 | 1.31.0...1.77.0 | None | +0/-0 |
types |
@types/tmi.js@1.8.3 | 1.4.1...1.8.3 | None | +0/-0 |
types |
typescript@5.0.4 | 2.9.2...5.0.4 | None | +0/-0 |
typescript-bot |
glob@8.1.0 | 8.0.3...8.1.0 | None | +2/-2 |
isaacs |
tmi.js@1.8.5 | 1.5.0...1.8.5 | network, environment | +8/-15 |
alca |
bufferutil@4.0.7 | 4.0.1...4.0.7 | environment | +1/-1 |
lpinca |
@types/uuid@3.4.10 | 3.4.9...3.4.10 | None | +0/-0 |
types |
@types/request@2.48.8 | 2.48.5...2.48.8 | None | +4/-4 |
types |
copyfiles@2.4.1 | 2.3.0...2.4.1 | None | +14/-10 |
cwmma |
@vscode/test-electron@1.6.2 | 1.6.1...1.6.2 | None | +5/-5 |
connor.peet |
copy-webpack-plugin@6.4.1 | 6.0.3...6.4.1 | None | +71/-64 |
evilebottnawi |
utf-8-validate@5.0.10 | 5.0.2...5.0.10 | environment | +1/-1 |
lpinca |
webpack@4.46.0 | 4.44.1...4.46.0 | None | +43/-43 |
sokra |
@types/node@8.10.66 | 8.10.62...8.10.66 | None | +0/-0 |
types |
chore: ignore .dccache file chore: update to latest npm package lock version