:ambulance: Fixes on unified objects

[naelob]

:wq

Summary by CodeRabbit

• New Features
  • Added validation decorators and updated property descriptions for improved data validation and typing.
• Documentation
  • Enhanced property descriptions in various model classes for better clarity and understanding.
• Refactor
  • Adjusted logic for setting properties based on specific conditions for consistency and accuracy.
• Bug Fixes
  • Standardized and normalized priority, status, and type values for better system consistency.

[changeset-bot[bot]]

⚠️ No Changeset found

Latest commit: b50f22d7736fe3068dcf2880c78acdc9fc7000f0

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel[bot]]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
panora-client-ts	❌ Failed (Inspect)			May 1, 2024 11:56pm

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai[bot]]

Walkthrough

The recent updates aim to streamline synchronization processes across CRM and ticketing services, enhancing user-specific syncing and introducing new sync processors and services. Notable changes include the addition of sync controllers, modules, and services, along with adjustments to handling ProviderVertical.Unknown and updating CRON schedules for synchronization tasks.

Changes

File Path	Change Summary
packages/api/src/@core/sync/*	Introduced SyncController, SyncModule, and CoreSyncService for synchronization tasks across systems.
.../connections.controller.ts, .../utils/unification/*.ts	Removed handling for ProviderVertical.Unknown, impacting control flow.
.../crm/*/*.ts, .../ticketing/*/*.ts	Updated CRM and ticketing modules with new sync processors and user-specific syncing.
.../crm/*/*module.ts, .../ticketing/*/*module.ts	Modified BullModule.registerQueue to include syncTasks alongside existing queues.
apps/client-ts/src/app/(Dashboard)/*/*.tsx, .../hooks/*.tsx, .../components/*/*.tsx	Refactored various components and hooks to adjust parameters and fetch URLs for improved functionality.
apps/client-ts/src/components/RootLayout/index.tsx, .../shared/team-switcher.tsx	Updated components to include useRefreshAccessTokenMutation and removed redundant code.
apps/client-ts/src/hooks/mutations/useRefreshAccessTokenMutation.tsx	Introduced useRefreshAccessTokenMutation for handling token refresh logic with Cookies and toast.
packages/api/src/@core/auth/*	Adjusted methods in auth.controller.ts and auth.service.ts for handling API keys and access token refresh.
packages/api/src/@core/auth/dto/refresh.dto.ts, .../strategies/jwt.strategy.ts	Added RefreshDto class and id_project field to enhance authentication strategies.
packages/api/src/@core/connections-strategies/connections-strategies.controller.ts	Updated getConnectionStrategiesForProject method to use req.user for project retrieval.
packages/api/src/@core/events/events.controller.ts, .../linked-users/linked-users.controller.ts, .../webhook/webhook.controller.ts	Refactored controllers for improved request handling and data retrieval.

Poem

🐇✨ In the digital fields where data flows, A rabbit tends to code that grows. Syncing bits and bytes with care, Crafting changes in the software's lair. With each update, a leap of delight, Ensuring systems shine bright. 🌟🐾

---

Recent Review Details

**Configuration used: CodeRabbit UI** **Review profile: CHILL**

Commits

Files that changed from the base of the PR and between dfa6a5e71e1c8bcdf91a11ddd6a22eb382d8ca58 and b50f22d7736fe3068dcf2880c78acdc9fc7000f0.

Files ignored due to path filters (1)

* `packages/api/swagger/swagger-spec.json` is excluded by `!**/*.json`

Files selected for processing (26)

* apps/client-ts/src/app/(Dashboard)/api-keys/page.tsx (1 hunks) * apps/client-ts/src/app/(Dashboard)/b2c/profile/page.tsx (1 hunks) * apps/client-ts/src/app/(Dashboard)/configuration/page.tsx (1 hunks) * apps/client-ts/src/app/(Dashboard)/layout.tsx (1 hunks) * apps/client-ts/src/components/Configuration/FieldMappingModal.tsx (1 hunks) * apps/client-ts/src/components/Connection/ConnectionTable.tsx (1 hunks) * apps/client-ts/src/components/Events/EventsTable.tsx (1 hunks) * apps/client-ts/src/components/RootLayout/index.tsx (2 hunks) * apps/client-ts/src/components/shared/team-switcher.tsx (3 hunks) * apps/client-ts/src/hooks/mutations/useLoginMutation.tsx (4 hunks) * apps/client-ts/src/hooks/mutations/useRefreshAccessTokenMutation.tsx (1 hunks) * apps/client-ts/src/hooks/useApiKeys.tsx (1 hunks) * apps/client-ts/src/hooks/useConnectionStrategies.tsx (1 hunks) * apps/client-ts/src/hooks/useConnections.tsx (1 hunks) * apps/client-ts/src/hooks/useEvents.tsx (2 hunks) * apps/client-ts/src/hooks/useLinkedUsers.tsx (1 hunks) * apps/client-ts/src/hooks/useWebhooks.tsx (1 hunks) * packages/api/src/@core/auth/auth.controller.ts (3 hunks) * packages/api/src/@core/auth/auth.service.ts (4 hunks) * packages/api/src/@core/auth/dto/refresh.dto.ts (1 hunks) * packages/api/src/@core/auth/strategies/jwt.strategy.ts (1 hunks) * packages/api/src/@core/connections-strategies/connections-strategies.controller.ts (6 hunks) * packages/api/src/@core/connections/connections.controller.ts (3 hunks) * packages/api/src/@core/events/events.controller.ts (2 hunks) * packages/api/src/@core/linked-users/linked-users.controller.ts (3 hunks) * packages/api/src/@core/webhook/webhook.controller.ts (4 hunks)

Files skipped from review due to trivial changes (3)

* apps/client-ts/src/app/(Dashboard)/layout.tsx * apps/client-ts/src/components/Events/EventsTable.tsx * apps/client-ts/src/hooks/mutations/useLoginMutation.tsx

Files skipped from review as they are similar to previous changes (1)

* packages/api/src/@core/connections/connections.controller.ts

Additional Context Used

GitHub Check Runs (1)

Build and Test (18.x) success (15)

packages/api/src/@core/auth/auth.controller.ts: [warning] 8-8: 'Query' is defined but never used

Additional comments not posted (29)

packages/api/src/@core/auth/dto/refresh.dto.ts (1)

`1-6`: The `RefreshDto` class is well-defined and correctly uses the `@ApiProperty` decorator for API documentation.

packages/api/src/@core/auth/strategies/jwt.strategy.ts (1)

`23-23`: Addition of `id_project` to the JWT validation return object. Ensure that the payload structure includes `id_project` and that it's utilized appropriately in the application.

apps/client-ts/src/hooks/useApiKeys.tsx (1)

`6-10`: The `useApiKeys` hook correctly implements fetching of API keys with appropriate error handling. Ensure that the access token used for authorization is handled securely throughout the application.

apps/client-ts/src/hooks/useConnections.tsx (1)

`7-11`: The `useConnections` hook correctly implements fetching of connection data with appropriate error handling. Ensure that the access token used for authorization is handled securely throughout the application.

Verification successful

--- The search results indicate extensive usage of `access_token` across various services in the application, particularly in the API layer where tokens are often encrypted using a `cryptoService`. This suggests a pattern of secure handling of access tokens at the API level. In the client-side code (`apps/client-ts`), the `access_token` is managed via cookies, with several hooks and components using `Cookies.get('access_token')` to include the token in authorization headers. The code also shows instances of setting and removing the token from cookies, which is a common practice for managing session tokens in web applications. Given the encryption of tokens in the backend and the standard practices observed in the frontend, the application appears to handle access tokens securely. However, it's important to ensure that cookies are configured with secure attributes (such as HttpOnly and Secure flags) to prevent access from client-side scripts and transmission over non-HTTPS connections, respectively. This specific detail wasn't verified in the provided outputs and might need further review or testing. **Conclusion:** The `useConnections` hook and other parts of the application seem to implement secure handling of access tokens, aligning with common security practices. However, a detailed security review, especially focusing on cookie security attributes, is recommended to ensure comprehensive protection. - Ensure cookies storing access tokens are configured with HttpOnly and Secure flags. - Continue to use encryption for tokens in the backend as observed.

Scripts Executed

The following scripts were executed for the analysis: --- Script: ```shell #!/bin/bash # Description: Verify the secure handling of the access token used in the `useConnections` hook. # Search for the usage of `Cookies.get('access_token')` to ensure it's handled securely. rg --type js --type ts "Cookies.get('access_token')" ``` Length of output: 60 --- --- Script: ```shell #!/bin/bash # Description: Broaden the search to understand how access tokens are managed in the application. # Search for any references to 'access_token' in JavaScript or TypeScript files to see how it's handled. rg --type js --type ts "access_token" ``` Length of output: 34280

apps/client-ts/src/hooks/useLinkedUsers.tsx (1)

`6-10`: The `useLinkedUsers` hook correctly implements fetching of linked user data with appropriate error handling. Ensure that the access token used for authorization is handled securely throughout the application.

Verification successful

--- The expanded search for `access_token` usage across JavaScript and TypeScript files in the codebase has provided a comprehensive view of how access tokens are handled. The results show that access tokens are used in various services across the application, often encrypted using a `cryptoService`, which suggests a focus on security. Additionally, in the client-side hooks, the access token is retrieved using `Cookies.get('access_token')` and included in the Authorization header as a Bearer token. This approach is typical and acceptable provided that the cookies are secured properly (e.g., using HttpOnly and Secure flags) and the application ensures that the access token is not exposed to cross-site scripting (XSS) attacks. The removal of the access token using `Cookies.remove("access_token")` in certain parts of the application also indicates an awareness of security regarding session management. Given this information, the handling of the access token in the `useLinkedUsers` hook and throughout the application appears to be implemented with security considerations. However, it is recommended to ensure that cookies storing access tokens are configured with security best practices and that there is adequate protection against XSS. **Conclusion:** - The `useLinkedUsers` hook and other parts of the application handle the access token securely, primarily using encryption and secure storage methods. - It is advisable to review the cookie security settings and continue monitoring for potential security vulnerabilities related to token handling.

Scripts Executed

The following scripts were executed for the analysis: --- Script: ```shell #!/bin/bash # Description: Verify the secure handling of the access token used in the `useLinkedUsers` hook. # Search for the usage of `Cookies.get('access_token')` to ensure it's handled securely. rg --type js --type ts "Cookies.get('access_token')" ``` Length of output: 60 --- --- Script: ```shell #!/bin/bash # Broaden the search to find any references to 'access_token' in JavaScript or TypeScript files to understand how it's handled. rg --type js --type ts "access_token" ``` Length of output: 34280

apps/client-ts/src/hooks/useWebhooks.tsx (1)

`6-11`: The `useWebhooks` hook correctly implements fetching of webhook data with appropriate error handling. Ensure that the access token used for authorization is handled securely throughout the application.

apps/client-ts/src/hooks/useConnectionStrategies.tsx (1)

`6-10`: The `useConnectionStrategies` hook correctly implements fetching of connection strategy data with appropriate error handling. Ensure that the access token used for authorization is handled securely throughout the application.

apps/client-ts/src/hooks/useEvents.tsx (1)

`7-13`: The `useEvents` hook correctly implements fetching of event data with appropriate error handling and pagination support. Ensure that the access token used for authorization is handled securely throughout the application. Also applies to: 28-31

packages/api/src/@core/events/events.controller.ts (2)

`37-37`: Added JWT guard to `getEvents` method. This ensures that the endpoint is protected and only accessible to authenticated users, aligning with security best practices. --- `39-41`: Implementation of `getEvents` method. The method correctly retrieves the `id_project` from the request's user object and passes it along with the pagination DTO to the service layer. This is a clean and efficient way to handle data retrieval based on user context.

packages/api/src/@core/webhook/webhook.controller.ts (2)

`32-32`: Added JWT guard to `getWebhooks` method. This ensures that the endpoint is protected and only accessible to authenticated users, aligning with security best practices. --- `34-36`: Implementation of `getWebhooks` method. The method correctly retrieves the `id_project` from the request's user object and uses it to fetch webhook endpoints. This approach maintains consistency in handling user-specific data.

apps/client-ts/src/app/(Dashboard)/b2c/profile/page.tsx (1)

`22-23`: Use of state management hooks in profile page. The use of `useProfileStore` and `useProjectStore` hooks for managing profile and project data is appropriate and follows React best practices for state management.

apps/client-ts/src/hooks/mutations/useRefreshAccessTokenMutation.tsx (1)

`10-56`: Implementation of `useRefreshAccessTokenMutation` hook. The hook is well-implemented using `react-query` for handling the asynchronous operation of refreshing access tokens. The use of error handling and success callbacks enhances the user experience by providing feedback.

packages/api/src/@core/linked-users/linked-users.controller.ts (2)

`47-47`: Added JWT guard to `getLinkedUsers` method. This ensures that the endpoint is protected and only accessible to authenticated users, aligning with security best practices. --- `49-51`: Implementation of `getLinkedUsers` method. The method correctly retrieves the `id_project` from the request's user object and uses it to fetch linked users. This approach maintains consistency in handling user-specific data.

apps/client-ts/src/components/RootLayout/index.tsx (2)

`15-15`: Use of `useRefreshAccessTokenMutation` hook in root layout. The integration of the `useRefreshAccessTokenMutation` hook in the root layout component is appropriate for managing access token refreshes at a global level, ensuring that the user session remains active. --- `34-34`: Review of `useEffect` dependencies. The inclusion of `idProject`, `projectsData`, `refreshAccessToken`, and `setIdProject` in the dependency array of `useEffect` is correct, ensuring that the effect reruns only when these dependencies change.

packages/api/src/@core/auth/auth.controller.ts (3)

`17-17`: Introduction of `RefreshDto`. The addition of `RefreshDto` is a good practice for encapsulating the data structure required for the refresh token functionality, enhancing maintainability and type safety. --- `70-74`: Implementation of `getApiKeys` method. The method correctly retrieves the `id_project` from the request's user object and uses it to fetch API keys. This approach is consistent and secure, ensuring that API keys are retrieved based on the user's project context. --- `90-107`: Implementation of `refreshAccessToken` method. The method effectively uses the `RefreshDto` to receive the `projectId` and extracts necessary user details from the request object to refresh the access token. This implementation is robust, ensuring that tokens are refreshed in a secure and user-specific manner.

packages/api/src/@core/connections-strategies/connections-strategies.controller.ts (2)

`138-138`: Added JWT guard to `getConnectionStrategiesForProject` method. This ensures that the endpoint is protected and only accessible to authenticated users, aligning with security best practices. --- `140-143`: Implementation of `getConnectionStrategiesForProject` method. The method correctly retrieves the `id_project` from the request's user object and uses it to fetch all connection strategies for that project. This approach maintains consistency in handling user-specific data and ensures that the data is relevant to the user's context.

apps/client-ts/src/components/Connection/ConnectionTable.tsx (1)

`29-29`: Ensure error handling is robust for the `useConnections` hook.

apps/client-ts/src/app/(Dashboard)/api-keys/page.tsx (1)

`60-60`: Ensure error handling is robust for the `useApiKeys` hook.

apps/client-ts/src/components/shared/team-switcher.tsx (1)

`59-59`: Ensure error handling is robust for the `useRefreshAccessTokenMutation` hook.

apps/client-ts/src/app/(Dashboard)/configuration/page.tsx (1)

`49-49`: Ensure error handling is robust for the `useLinkedUsers` hook.

packages/api/src/@core/auth/auth.service.ts (1)

`63-63`: Ensure error handling is robust for the `getApiKeys` method.

Verification successful

--- The verification process has successfully identified robust error handling within the `getApiKeys` method in the `auth.service.ts` file. The method includes catch blocks that handle errors by calling a `handleServiceError` function, which presumably logs these errors appropriately. This aligns with the initial review comment's concern about ensuring robust error handling. **Conclusion:** - The `getApiKeys` method in `auth.service.ts` includes error handling that logs errors, which is crucial for debugging and maintaining the robustness of the application.

Scripts Executed

The following scripts were executed for the analysis: --- Script: ```shell #!/bin/bash # Description: Verify that the error handling for the `getApiKeys` method is robust and logs sufficient information for debugging. # Search for the getApiKeys method implementation and check for error handling. rg --type typescript "async getApiKeys" --exec cat {} | grep -E "catch|error" ``` Length of output: 490 --- --- Script: ```shell #!/bin/bash # Description: Verify that the error handling for the `getApiKeys` method is robust and logs sufficient information for debugging. # Find the file containing the getApiKeys method file_path=$(rg --type typescript -l "async getApiKeys") # Output the contents of the method and check for error handling if [[ -n "$file_path" ]]; then cat "$file_path" | grep -A 10 -B 10 "async getApiKeys" | grep -E "catch|error" else echo "No file containing 'async getApiKeys' found." fi ``` Length of output: 212 --- --- Script: ```shell #!/bin/bash # Description: Verify that the error handling for the `getApiKeys` method is robust and logs sufficient information for debugging. # Find the file containing the getApiKeys method file_path=$(rg -l "async getApiKeys" *.ts) # Output the contents of the method and check for error handling if [[ -n "$file_path" ]]; then cat "$file_path" | grep -A 10 -B 10 "async getApiKeys" | grep -E "catch|error" else echo "No file containing 'async getApiKeys' found." fi ``` Length of output: 211 --- --- Script: ```shell #!/bin/bash # Description: Verify that the error handling for the `getApiKeys` method is robust and logs sufficient information for debugging. # Find the file containing the getApiKeys method file_path=$(rg -l "async getApiKeys" --type ts) # Output the contents of the method and check for error handling if [[ -n "$file_path" ]]; then cat "$file_path" | grep -A 10 -B 10 "async getApiKeys" | grep -E "catch|error" else echo "No file containing 'async getApiKeys' found." fi ``` Length of output: 536 --- --- Script: ```shell #!/bin/bash # Description: Verify that the error handling for the `getApiKeys` method is robust and logs sufficient information for debugging. # Find the files containing the getApiKeys method file_paths=$(rg -l "async getApiKeys" --type ts) # Output the contents of the method and check for error handling if [[ -n "$file_paths" ]]; then echo "$file_paths" | while read file_path; do if [[ -n "$file_path" ]]; then cat "$file_path" | grep -A 10 -B 10 "async getApiKeys" | grep -E "catch|error" fi done else echo "No file containing 'async getApiKeys' found." fi ``` Length of output: 872

apps/client-ts/src/components/Configuration/FieldMappingModal.tsx (1)

`112-112`: Ensure error handling is robust for the `useLinkedUsers` hook.

--- Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

- [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai) - [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai) - [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai) - [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)

Tips

### Chat There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai): - Review comments: Directly reply to a review comment made by CodeRabbit. Example: - `I pushed a fix in commit .` - `Generate unit testing code for this file.` - `Open a follow-up GitHub issue for this discussion.` - Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples: - `@coderabbitai generate unit testing code for this file.` - `@coderabbitai modularize this function.` - PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples: - `@coderabbitai generate interesting stats about this repository and render them as a table.` - `@coderabbitai show all the console.log statements in this repository.` - `@coderabbitai read src/utils.ts and generate unit testing code.` - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.` Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. ### CodeRabbit Commands (invoked as PR comments) - `@coderabbitai pause` to pause the reviews on a PR. - `@coderabbitai resume` to resume the paused reviews. - `@coderabbitai review` to trigger a review. This is useful when automatic reviews are disabled for the repository. - `@coderabbitai resolve` resolve all the CodeRabbit review comments. - `@coderabbitai help` to get help. Additionally, you can add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed. ### CodeRabbit Configration File (`.coderabbit.yaml`) - You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository. - Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information. - If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json` ### Documentation and Community - Visit our [Documentation](https://coderabbit.ai/docs) for detailed information on how to use CodeRabbit. - Join our [Discord Community](https://discord.com/invite/GsXnASn26c) to get help, request features, and share feedback. - Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.

[socket-security[bot]]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@faker-js/faker@8.4.1	None	0	10.2 MB	shinigami92
npm/@hookform/resolvers@3.3.4	None	0	554 kB	bluebill1049
npm/@nestjs/cli@10.3.2	Transitive: environment, eval, filesystem, network, shell	+70	5.31 MB	nestjscore
npm/@nestjs/common@10.3.7	None	+1	493 kB	nestjscore
npm/@nestjs/core@10.3.7	environment, unsafe Transitive: filesystem, network, shell	+8	858 kB	nestjscore
npm/@nestjs/mapped-types@2.0.5	None	0	24.4 kB	nestjscore
npm/@nestjs/platform-express@10.3.7	network Transitive: environment, eval, filesystem	+20	925 kB	nestjscore
npm/@nestjs/schedule@4.0.1	None	0	46.6 kB	nestjscore
npm/@nestjs/swagger@7.3.1	None	+1	2.92 MB	nestjscore
npm/@nestjs/testing@10.3.7	None	0	34 kB	nestjscore
npm/@panora/typescript-sdk@1.0.5	None	0	665 kB	nael-panora
npm/@prisma/client@5.12.1	environment, filesystem, shell	0	8.48 MB	prismabot
npm/@radix-ui/react-avatar@1.0.4	None	0	39.2 kB	benoitgrelard
npm/@radix-ui/react-checkbox@1.0.4	None	0	55.3 kB	benoitgrelard
npm/@radix-ui/react-dialog@1.0.5	None	0	137 kB	benoitgrelard
npm/@radix-ui/react-dropdown-menu@2.0.6	None	0	145 kB	benoitgrelard
npm/@radix-ui/react-icons@1.3.0	environment	0	3.44 MB	vladmoroz
npm/@radix-ui/react-label@2.0.2	None	0	11.2 kB	benoitgrelard
npm/@radix-ui/react-navigation-menu@1.1.4	None	0	303 kB	benoitgrelard
npm/@radix-ui/react-popover@1.0.7	None	0	120 kB	benoitgrelard
npm/@radix-ui/react-scroll-area@1.0.5	None	0	257 kB	benoitgrelard
npm/@radix-ui/react-select@2.0.0	None	0	428 kB	benoitgrelard
npm/@radix-ui/react-separator@1.0.3	None	0	20.5 kB	benoitgrelard
npm/@radix-ui/react-slot@1.0.2	None	0	29.2 kB	benoitgrelard
npm/@radix-ui/react-switch@1.0.3	None	0	44.9 kB	benoitgrelard
npm/@radix-ui/react-tabs@1.0.4	None	0	65 kB	benoitgrelard
npm/@radix-ui/react-tooltip@1.0.7	None	0	175 kB	benoitgrelard
npm/@sentry/node@7.109.0	environment, filesystem, network, shell, unsafe	+4	6.97 MB	sentry-bot
npm/@sentry/tracing@7.109.0	Transitive: network	+4	4.94 MB	sentry-bot
npm/@tanstack/react-query-devtools@5.29.0	environment	0	55.3 kB	tannerlinsley
npm/@tanstack/react-query-next-experimental@5.29.0	None	0	103 kB	tannerlinsley
npm/@tanstack/react-query@5.29.0	environment	+1	3.82 MB	tannerlinsley
npm/@tanstack/react-table@8.15.3	Transitive: environment	+1	4.04 MB	tannerlinsley
npm/@types/cookies@0.9.0	None	0	9.24 kB	types
npm/@types/express@4.17.21	None	+9	107 kB	types
npm/@types/jest@29.5.12	Transitive: environment, filesystem	+31	1.36 MB	types
npm/@types/js-cookie@3.0.6	None	0	7.43 kB	types
npm/@types/node@20.12.7	None	0	2.03 MB	types
npm/@types/react-dom@18.2.24	None	0	34.9 kB	types
npm/@types/react@18.2.75	None	+2	1.68 MB	types
npm/@types/supertest@2.0.16	None	+3	40.5 kB	types
npm/@types/uuid@9.0.8	None	0	6.74 kB	types
npm/@typescript-eslint/eslint-plugin@5.62.0	Transitive: environment, filesystem	+29	6.63 MB	jameshenry
npm/@typescript-eslint/eslint-plugin@6.21.0	Transitive: environment, filesystem	+25	6.44 MB	jameshenry
npm/@typescript-eslint/parser@5.62.0	Transitive: environment, filesystem	+18	1.79 MB	jameshenry
npm/@typescript-eslint/parser@6.21.0	Transitive: environment, filesystem	+18	1.76 MB	jameshenry
npm/@vitejs/plugin-react@4.2.1	Transitive: environment, filesystem, unsafe	+46	10.7 MB	vitebot
npm/antd@5.16.1	environment	+18	63.7 MB	zombiej
npm/autoprefixer@10.4.19	environment Transitive: filesystem	+4	2.67 MB	ai
npm/axios@1.6.8	network Transitive: filesystem	+5	1.96 MB	jasonsaayman
npm/class-variance-authority@0.7.0	None	0	8.93 kB	joebell93
npm/clsx@2.1.0	None	0	8.46 kB	lukeed
npm/cmdk@0.2.1	None	0	77.4 kB	paco
npm/cookies@0.9.1	network Transitive: environment, eval	+1	49.5 kB	dougwilson
npm/date-fns@3.6.0	None	0	22.2 MB	kossnocorp
npm/eslint-config-next@14.1.2	unsafe	0	4.84 kB	vercel-release-bot
npm/eslint-config-prettier@8.10.0	None	0	19.9 kB	lydell
npm/eslint-plugin-react-hooks@4.6.0	environment	0	118 kB	gnoff
npm/eslint-plugin-react-refresh@0.4.6	None	0	13.6 kB	arnaud-barre
npm/eslint@8.57.0	environment, filesystem Transitive: eval, shell, unsafe	+45	8.95 MB	eslintbot
npm/gitmoji-cli@9.2.0	Transitive: environment, eval, filesystem, shell	+38	2.75 MB	carloscuesta
npm/husky@8.0.3	environment, filesystem, shell	0	6.44 kB	typicode
npm/jest@29.7.0	Transitive: environment, eval, filesystem, network, shell, unsafe	+160	14.8 MB	simenb
npm/js-cookie@3.0.5	None	0	26.2 kB	carhartl

🚮 Removed packages: npm/@nestjs/cli@10.0.0, npm/@nestjs/common@10.0.0, npm/@nestjs/core@10.0.0, npm/@nestjs/mapped-types@0.0.1, npm/@nestjs/platform-express@10.0.0, npm/@nestjs/schedule@4.0.2, npm/@nestjs/schematics@10.0.0, npm/@nestjs/swagger@7.1.14, npm/@nestjs/testing@10.0.0, npm/@prisma/client@5.4.2, npm/@sentry/node@7.112.2, npm/@sentry/tracing@7.112.2, npm/@types/express@4.17.17, npm/@types/jest@29.5.2, npm/@types/node@20.3.1, npm/@types/supertest@2.0.12, npm/@typescript-eslint/eslint-plugin@5.59.11, npm/@typescript-eslint/parser@5.59.11, npm/axios@1.5.1, npm/eslint-config-prettier@8.8.0, npm/eslint@8.42.0, npm/jest@29.5.0, npm/nestjs-pino@3.5.0, npm/passport-headerapikey@1.2.2, npm/passport-jwt@4.0.1, npm/passport-local@1.0.0, npm/passport@0.6.0, npm/pino-pretty@10.3.1, npm/prettier@2.8.8, npm/prisma@5.4.2, npm/reflect-metadata@0.1.13, npm/rxjs@7.8.1, npm/source-map-support@0.5.21, npm/stytch@10.15.1, npm/supertest@6.3.3, npm/ts-jest@29.1.0, npm/ts-loader@9.4.3, npm/ts-node@10.9.1, npm/tsconfig-paths@4.2.0, npm/typescript@5.1.3, npm/uuid@9.0.1

View full report↗︎

[socket-security[bot]]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Install scripts	npm/esbuild@0.18.20	Install script: postinstall Source: node install.js	orphan: npm/esbuild@0.18.20
Install scripts	npm/esbuild@0.19.12	Install script: postinstall Source: node install.js	orphan: npm/esbuild@0.19.12

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/esbuild@0.18.20
• @SocketSecurity ignore npm/esbuild@0.19.12