search

hisco / http2-client

Transparently make http request to both http1 / http2 server.
https://www.npmjs.com/package/http2-client
MIT License
33 stars 14 forks source link

Hidden character in package.json triggers high risk trojan warning on `socket.dev` #34

Open ssc-hrep3 opened 2 years ago

ssc-hrep3 commented 2 years ago

There is a hidden character in the package.json of the currently released package (v.1.3.5). This triggers a high risk trojan warning on socket.dev: https://socket.dev/npm/package/http2-client/issues/1.3.5