Feature: add support for all unpinned npm commmands

ossf / scorecard

OpenSSF Scorecard - Security health metrics for Open Source

https://scorecard.dev

Apache License 2.0

4.54k stars 497 forks source link

Feature: add support for all unpinned npm commmands #1469

Open laurentsimon opened 2 years ago

laurentsimon commented 2 years ago

We already look for npm install, update and install-test. We need support for other commands such as: npm pkg set, npm pkg delete, npm exec, npx, npm run, npm set-script (npm test ?): those seem to allow executing code and/or updating the lock file.

See https://docs.npmjs.com/cli/v8/commands/ for a list of commands.

github-actions[bot] commented 12 months ago

This issue is stale because it has been open for 60 days with no activity.

github-actions[bot] commented 7 months ago

This issue has been marked stale because it has been open for 60 days with no activity.