refactor 🔨: (chore) Start refactor

[nachoaldamav]

• [ ] Install
• [ ] Lockfile
• [ ] Add
• [ ] Remove
• [ ] ultra create
• [ ] Benchmarks
• [ ] Workspaces
• [ ] Aliases
• [ ] Github integration

[vercel[bot]]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated
fnpm	✅ Ready (Inspect)	Visit Preview	Feb 14, 2023 at 11:47PM (UTC)

[socket-security[bot]]

Socket Security Pull Request Report

Dependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again.

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package	Script field	Source
rome@11.0.0 (added)	postinstall	package.json
esbuild@0.17.3 (added)	postinstall	packages/compiler/package.json via tsup@6.5.0, packages/logger/package.json via @ultrapkg/compiler@0.0.1, tsup@6.5.0
turbo@1.4.6 (added)	postinstall	examples/monorepo-test/package.json
turbo@1.7.4 (added)	postinstall	package.json

Pull request report summary

Issue	Status
Install scripts	⚠️ 4 issues
Native code	✅ 0 issues
Bin script confusion	✅ 0 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@2.4.2

• @SocketSecurity ignore rome@11.0.0
• @SocketSecurity ignore esbuild@0.17.3
• @SocketSecurity ignore turbo@1.4.6
• @SocketSecurity ignore turbo@1.7.4

Powered by socket.dev