test: remove power-assert

[socket-security[bot]]

Socket Security Pull Request Report

Dependency issues detected: If you merge this pull request, you will not be alerted to the instances of these issues again.

😵‍💫 Bin script confusion

This package has multiple bin scripts with the same name. This can cause non-deterministic behavior when installing or could be a sign of a supply chain attack

Consider removing one of the conflicting packages. Packages should only export bin scripts with their name

Package	Bin script	Source
nyc@13.3.0 (added)	rimraf	package.json via egg-bin@4.20.0
rimraf@2.6.3 (added)	rimraf	package.json via eslint@3.19.0, eslint-config-egg@3.2.0
rimraf@2.7.1 (added)	rimraf	package.json via egg-bin@4.20.0, git-contributor@1.1.0, mz-modules@2.1.0
rimraf@3.0.2 (added)	rimraf	package.json via egg-bin@4.20.0
nyc@13.3.0 (added)	uuid	package.json via egg-bin@4.20.0
uuid@3.4.0 (added)	uuid	package.json via git-contributor@1.1.0
nyc@13.3.0 (added)	semver	package.json via egg-bin@4.20.0
semver@5.7.1 (added)	semver	package.json via egg-bin@4.20.0, git-contributor@1.1.0
semver@6.3.0 (added)	semver	package.json via egg-bin@4.20.0
semver@7.3.8 (added)	semver	package.json via egg-bin@4.20.0
nyc@13.3.0 (added)	which	package.json via egg-bin@4.20.0
which@1.3.1 (added)	which	package.json via egg-bin@4.20.0
egg-bin@4.20.0 (upgraded)	ets	package.json
egg-ts-helper@1.34.7 (added)	ets	package.json via egg-bin@4.20.0
egg-bin@4.20.0 (upgraded)	mocha	package.json
mocha@5.2.0 (upgraded)	mocha	package.json via egg-bin@4.20.0
mocha@6.2.3 (upgraded)	mocha	package.json via egg-bin@4.20.0
c8@7.13.0 (added)	c8	package.json via egg-bin@4.20.0
egg-bin@4.20.0 (upgraded)	c8	package.json
mkdirp@0.5.1 (added)	mkdirp	package.json via egg-bin@4.20.0
mkdirp@0.5.4 (added)	mkdirp	package.json via egg-bin@4.20.0
mkdirp@0.5.6 (added)	mkdirp	package.json via egg-bin@4.20.0, eslint@3.19.0, eslint-config-egg@3.2.0, git-contributor@1.1.0, mz-modules@2.1.0
nyc@13.3.0 (added)	mkdirp	package.json via egg-bin@4.20.0

🦀 Bin script shell injection

This package re-exports a well known shell command via an npm bin script. This is possibly a supply chain attack

Packages should not export bin scripts which conflict with well known shell commands

Package	Bin script	Source
nyc@13.3.0 (added)	which	package.json via egg-bin@4.20.0

Pull request report summary

Issue	Status
Install scripts	✅ 0 issues
Native code	✅ 0 issues
Bin script confusion	⚠️ 23 issues
Bin script shell injection	⚠️ 1 issue
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@2.4.2

• @SocketSecurity ignore nyc@13.3.0
• @SocketSecurity ignore rimraf@2.6.3
• @SocketSecurity ignore rimraf@2.7.1
• @SocketSecurity ignore rimraf@3.0.2
• @SocketSecurity ignore uuid@3.4.0

Powered by socket.dev

[codecov[bot]]

Codecov Report

Merging #85 (4c8112d) into master (53f6e0d) will increase coverage by 0.01%. The diff coverage is n/a.

@@            Coverage Diff             @@
##           master      #85      +/-   ##
==========================================
+ Coverage   96.61%   96.62%   +0.01%     
==========================================
  Files          19       19              
  Lines         590      593       +3     
  Branches      112      112              
==========================================
+ Hits          570      573       +3     
  Misses         20       20              

Impacted Files	Coverage Δ
lib/zip/uncompress_stream.js	98.63% <0.00%> (+0.01%)	:arrow_up:
lib/utils.js	97.34% <0.00%> (+0.04%)	:arrow_up:

:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more