Closed remorses closed 1 year ago
New dependency changes detected. Learn more about Socket for GitHub ↗︎
🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.
To ignore an alert, reply with a comment starting with @SocketSecurity ignore
followed by a space separated list of package-name@version
specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@*
or ignore all packages with @SocketSecurity ignore-all
@SocketSecurity ignore gl-transition@1.13.0
Package name is similar to other popular packages and may not be the package you want.
Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages.
Package | 📎 Did you mean? | Found in |
---|---|---|
gl-transition@1.13.0 (added) | package.json |
Issue | Status |
---|---|
Install scripts | ✅ 0 issues |
Native code | ✅ 0 issues |
Bin script shell injection | ✅ 0 issues |
Unresolved require | ✅ 0 issues |
Invalid package.json | ✅ 0 issues |
HTTP dependency | ✅ 0 issues |
Git dependency | ✅ 0 issues |
Potential typo squat | ⚠️ 1 issue |
Known Malware | ✅ 0 issues |
Telemetry | ✅ 0 issues |
Protestware/Troll package | ✅ 0 issues |
📊 Modified Dependency Overview:
⬆️ Updated Package | Version Diff | Added Capability Access | +/- Transitive Count |
Publisher |
---|---|---|---|---|
canvas@2.11.2 | 2.9.3...2.11.2 | None | +6/-5 |
calebhearon |
gl@6.0.2 | 5.0.3...6.0.2 | None | +7/-5 |
dhritzkiv |
gl
6 has pre built binaries for Node 18, making installation ofeditly
much easierLatest
canvas
version has prebuilt binaries for Node 18 too