mifi
commented
1 year ago - breaking: api change
- useMemo is not safe
- simplify: don't need to use hook at all (remove useAsyncRenderer)
- add waitFor component names for easier debug
Closed mifi closed 1 year ago
mifi
commented
1 year ago 
socket-security[bot]
commented
1 year ago Dependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again.
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
| Package | Script field | Source |
|---|---|---|
| puppeteer@19.2.2 (upgraded) | postinstall |
packages/builder/package.json |
| Issue | Status |
|---|---|
| Install scripts | ⚠️ 1 issue |
| Native code | ✅ 0 issues |
| Bin script confusion | ✅ 0 issues |
| Bin script shell injection | ✅ 0 issues |
| Unresolved require | ✅ 0 issues |
| Invalid package.json | ✅ 0 issues |
| HTTP dependency | ✅ 0 issues |
| Git dependency | ✅ 0 issues |
| Potential typo squat | ✅ 0 issues |
| Known Malware | ✅ 0 issues |
| Telemetry | ✅ 0 issues |
| Protestware/Troll package | ✅ 0 issues |
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@2.4.2
@SocketSecurity ignore puppeteer@19.2.2Powered by socket.dev