Closed himerus closed 1 year ago
Name | Link |
---|---|
Latest commit | b95fc997cbd956ee0804b5aaa7079752594c20e5 |
Latest deploy log | https://app.netlify.com/sites/outlinejs/deploys/6363c957ccab9000092e6c77 |
To edit notification comments on pull requests, go to your Netlify site settings.
Latest commit: 004e62859e9460be5092fb024612b7e147c1725e
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
Click here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR
Dependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again.
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
Package | Script field | Source |
---|---|---|
fsevents@1.2.13 (added) | binding.gyp |
package.json via storybook-addon-mdx-embed@1.1.1, @storybook/react@6.5.13, webpack@4.46.0, watchpack@1.7.5, watchpack-chokidar2@2.0.1, chokidar@2.1.8 |
fsevents@1.2.13 (added) | install |
package.json via storybook-addon-mdx-embed@1.1.1, @storybook/react@6.5.13, webpack@4.46.0, watchpack@1.7.5, watchpack-chokidar2@2.0.1, chokidar@2.1.8 |
Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.
Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings.
Package | Location | Source |
---|---|---|
fsevents@1.2.13 (added) | binding.gyp | package.json via storybook-addon-mdx-embed@1.1.1, @storybook/react@6.5.13, webpack@4.46.0, watchpack@1.7.5, watchpack-chokidar2@2.0.1, chokidar@2.1.8 |
Issue | Status |
---|---|
Install scripts | ⚠️ 2 issues |
Native code | ⚠️ 1 issue |
Bin script confusion | ✅ 0 issues |
Bin script shell injection | ✅ 0 issues |
Unresolved require | ✅ 0 issues |
Invalid package.json | ✅ 0 issues |
HTTP dependency | ✅ 0 issues |
Git dependency | ✅ 0 issues |
Potential typo squat | ✅ 0 issues |
Known Malware | ✅ 0 issues |
Telemetry | ✅ 0 issues |
Protestware/Troll package | ✅ 0 issues |
To ignore an alert, reply with a comment starting with @SocketSecurity ignore
followed by a space separated list of package-name@version
specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@2.4.2
@SocketSecurity ignore fsevents@1.2.13
Powered by socket.dev
Description
Enable Chromatic for Storybook again. We attempted it once, it would be nice to use it WELL as we continue to utilize Storybook.