Closed domjtalbot closed 1 year ago
Latest commit: 9c7e5533c75d790b70fee264f50fd43c6128941f
The changes in this PR will be included in the next version bump.
Not sure what this means? Click here to learn what changesets are.
Click here if you're a maintainer who wants to add another changeset to this PR
New dependency changes detected. Learn more about Socket for GitHub ↗︎
🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.
To ignore an alert, reply with a comment starting with @SocketSecurity ignore
followed by a space separated list of package-name@version
specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@*
or ignore all packages with @SocketSecurity ignore-all
@SocketSecurity ignore core-js-pure@3.29.0
@SocketSecurity ignore nx@15.7.1
@SocketSecurity ignore nx@15.8.5
@SocketSecurity ignore styled-components@5.3.6
@SocketSecurity ignore @parcel/watcher@2.0.4
@SocketSecurity ignore @parcel/watcher@2.1.0
@SocketSecurity ignore next@13.1.1
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.
Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings.
This package contains telemetry which tracks you.
Package | Note | Source |
---|---|---|
next@13.1.1 (added) | Can be disabled by setting the environment variable NEXT_TELEMETRY_DISABLED=1 | package.json , pnpm-lock.yaml via @nrwl/next@15.7.1 |
This package is a joke, parody, or includes undocumented or hidden behavior unrelated to its primary function.
Package | Note | Source |
---|---|---|
styled-components@5.3.6 (added) | This package prints a protestware console message regarding Ukraine for users with Russian language locale | package.json , pnpm-lock.yaml via babel-plugin-styled-components@1.10.7 |
Issue | Status |
---|---|
Install scripts | ⚠️ 4 issues |
Native code | ⚠️ 2 issues |
Bin script shell injection | ✅ 0 issues |
Unresolved require | ✅ 0 issues |
Invalid package.json | ✅ 0 issues |
HTTP dependency | ✅ 0 issues |
Git dependency | ✅ 0 issues |
Potential typo squat | ✅ 0 issues |
Known Malware | ✅ 0 issues |
Telemetry | ⚠️ 1 issue |
Protestware/Troll package | ⚠️ 1 issue |
📊 Modified Dependency Overview:
⬆️ Updated Package | Version Diff | Capability Access | +/- Transitive Count |
Publisher |
---|---|---|---|---|
nx@15.7.1 | 9999.0.1...15.7.1 | eval, network, filesystem, shell, environment | +56/-60 |
nrwl-jason |
@graphql-mesh/cli@0.82.27 | 0.82.30...0.82.27 | eval, network, filesystem, shell, environment | +90/-25 |
ardatan |
🚮 Removed packages: type-fest@2.18.0
CI is running/has finished running commands for commit 9c7e5533c75d790b70fee264f50fd43c6128941f. As they complete they will appear below. Click to see the status, the terminal output, and the build insights.
📂 See all runs for this branch
Sent with 💌 from NxCloud.
You have successfully added a new CodeQL configuration .github/workflows/pull-request.yml:codeql
. As part of the setup process, we have scanned this repository and found 1 existing alert. Please check the repository Security tab to see all alerts.
This pull request has been deployed to Vercel.
Latest commit: | 0590d48 |
✅ Preview: | https://nx-mesh-73ylndpfy-domjtalbot.vercel.app |
🔍 Inspect: | https://vercel.com/domjtalbot/nx-mesh/6LnNZfYViRrMc3Hh2fPrTUrjGvpf |
Code Climate has analyzed commit 9c7e5533 and detected 17 issues on this pull request.
Here's the issue category breakdown:
Category | Count |
---|---|
Complexity | 5 |
Duplication | 12 |
View more on Code Climate.
SonarCloud Quality Gate failed.
What's Changed?
nx-mesh
executors are now bundled using esbuildfs-extra
,get-port
,tslib
, &type-fest
are included in the bundle and therefore removed from the dependencies list.tsc
.@nrwl/*
packages used bynx-mesh
__generators
workflow sets package resolutions for testing