Closed fengmk2 closed 1 year ago
Merging #85 (4c8112d) into master (53f6e0d) will increase coverage by
0.01%
. The diff coverage isn/a
.
@@ Coverage Diff @@
## master #85 +/- ##
==========================================
+ Coverage 96.61% 96.62% +0.01%
==========================================
Files 19 19
Lines 590 593 +3
Branches 112 112
==========================================
+ Hits 570 573 +3
Misses 20 20
Impacted Files | Coverage Ξ | |
---|---|---|
lib/zip/uncompress_stream.js | 98.63% <0.00%> (+0.01%) |
:arrow_up: |
lib/utils.js | 97.34% <0.00%> (+0.04%) |
:arrow_up: |
:mega: Weβre building smart automated test selection to slash your CI/CD build times. Learn more
Socket Security Pull Request Report
Dependency issues detected: If you merge this pull request, you will not be alerted to the instances of these issues again.
π΅βπ« Bin script confusion
This package has multiple bin scripts with the same name. This can cause non-deterministic behavior when installing or could be a sign of a supply chain attack
Consider removing one of the conflicting packages. Packages should only export bin scripts with their name
rimraf
package.json
via egg-bin@4.20.0rimraf
package.json
via eslint@3.19.0, eslint-config-egg@3.2.0rimraf
package.json
via egg-bin@4.20.0, git-contributor@1.1.0, mz-modules@2.1.0rimraf
package.json
via egg-bin@4.20.0uuid
package.json
via egg-bin@4.20.0uuid
package.json
via git-contributor@1.1.0semver
package.json
via egg-bin@4.20.0semver
package.json
via egg-bin@4.20.0, git-contributor@1.1.0semver
package.json
via egg-bin@4.20.0semver
package.json
via egg-bin@4.20.0which
package.json
via egg-bin@4.20.0which
package.json
via egg-bin@4.20.0ets
package.json
ets
package.json
via egg-bin@4.20.0mocha
package.json
mocha
package.json
via egg-bin@4.20.0mocha
package.json
via egg-bin@4.20.0c8
package.json
via egg-bin@4.20.0c8
package.json
mkdirp
package.json
via egg-bin@4.20.0mkdirp
package.json
via egg-bin@4.20.0mkdirp
package.json
via egg-bin@4.20.0, eslint@3.19.0, eslint-config-egg@3.2.0, git-contributor@1.1.0, mz-modules@2.1.0mkdirp
package.json
via egg-bin@4.20.0π¦ Bin script shell injection
This package re-exports a well known shell command via an npm bin script. This is possibly a supply chain attack
Packages should not export bin scripts which conflict with well known shell commands
which
package.json
via egg-bin@4.20.0Pull request report summary
Bot Commands
To ignore an alert, reply with a comment starting with
@SocketSecurity ignore
followed by a space separated list ofpackage-name@version
specifiers. e.g.@SocketSecurity ignore foo@1.0.0 bar@2.4.2
@SocketSecurity ignore nyc@13.3.0
@SocketSecurity ignore rimraf@2.6.3
@SocketSecurity ignore rimraf@2.7.1
@SocketSecurity ignore rimraf@3.0.2
@SocketSecurity ignore uuid@3.4.0
Powered by socket.dev