socket-security[bot]
commented
1 year ago New dependency changes detected. Learn more about Socket for GitHub ↗︎
🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.
Bot Commands
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all
@SocketSecurity ignore gl-transition@1.13.0
🧐 Potential typo squat
Package name is similar to other popular packages and may not be the package you want.
Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages.
| Package | 📎 Did you mean? | Found in |
|---|---|---|
| gl-transition@1.13.0 (added) | package.json |
Pull request alert summary
| Issue | Status |
|---|---|
| Install scripts | ✅ 0 issues |
| Native code | ✅ 0 issues |
| Bin script shell injection | ✅ 0 issues |
| Unresolved require | ✅ 0 issues |
| Invalid package.json | ✅ 0 issues |
| HTTP dependency | ✅ 0 issues |
| Git dependency | ✅ 0 issues |
| Potential typo squat | ⚠️ 1 issue |
| Known Malware | ✅ 0 issues |
| Telemetry | ✅ 0 issues |
| Protestware/Troll package | ✅ 0 issues |
📊 Modified Dependency Overview:
| ⬆️ Updated Package | Version Diff | Added Capability Access | +/- Transitive Count |
Publisher |
|---|---|---|---|---|
| canvas@2.11.2 | 2.9.3...2.11.2 | None | +6/-5 |
calebhearon |
| gl@6.0.2 | 5.0.3...6.0.2 | None | +7/-5 |
dhritzkiv |
gl6 has pre built binaries for Node 18, making installation ofeditlymuch easierLatest
canvasversion has prebuilt binaries for Node 18 too