chore(deps): bump ip from 1.1.8 to 1.1.9

[dependabot[bot]]

Bumps ip from 1.1.8 to 1.1.9.

Commits

• 1ecbf2f 1.1.9
• 6a3ada9 lib: fixed CVE-2023-42282 and added unit test
• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/storybookjs/react-native/network/alerts).

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[socket-security[bot]]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@hutson/parse-repository-url@3.0.2	None	0	20.6 kB	hutson
npm/@lerna/create@8.1.2	environment, filesystem, network Transitive: eval, shell, unsafe	+226	72.9 MB	jameshenry
npm/@nodelib/fs.scandir@2.1.5	filesystem	+2	40.6 kB	mrmlnc
npm/@nodelib/fs.walk@1.2.8	Transitive: filesystem	+5	118 kB	mrmlnc
npm/@npmcli/node-gyp@3.0.0	filesystem	0	1.87 kB	lukekarrys
npm/@npmcli/promise-spawn@7.0.1	environment, shell Transitive: filesystem	+2	62.5 kB	npm-cli-ops
npm/@npmcli/run-script@7.0.2	environment, filesystem Transitive: shell	+17	3.56 MB	npm-cli-ops
npm/@nrwl/devkit@18.0.4	Transitive: environment, eval, filesystem, network, shell, unsafe	+57	8.01 MB	nrwl-jason
npm/@nx/devkit@18.0.4	environment, filesystem, shell, unsafe Transitive: eval, network	+57	8.01 MB	nrwl-jason
npm/@octokit/auth-token@3.0.4	None	0	24.2 kB	octokitbot
npm/@octokit/core@4.2.4	Transitive: network	+13	4.94 MB	octokitbot
npm/@octokit/endpoint@7.0.6	None	+4	4.56 MB	octokitbot
npm/@octokit/graphql@5.0.6	Transitive: network	+10	4.83 MB	octokitbot
npm/@octokit/openapi-types@18.1.1	None	0	4.23 MB	octokitbot
npm/@octokit/plugin-enterprise-rest@6.0.1	None	0	8.99 MB	octokitbot
npm/@octokit/plugin-paginate-rest@6.1.2	Transitive: network	+15	5.13 MB	octokitbot
npm/@octokit/plugin-request-log@1.0.4	Transitive: network	+14	4.95 MB	gr2m
npm/@octokit/plugin-rest-endpoint-methods@7.2.3	Transitive: network	+15	6.67 MB	octokitbot
npm/@octokit/request-error@3.0.3	None	+4	4.48 MB	octokitbot
npm/@octokit/request@6.2.8	network	+9	4.79 MB	octokitbot
npm/@octokit/rest@19.0.11	Transitive: network	+19	6.89 MB	octokitbot
npm/@octokit/tsconfig@1.0.2	None	0	2.63 kB	octokitbot
npm/@octokit/types@9.3.2	None	+1	4.45 MB	octokitbot
npm/acorn-jsx@5.3.2	None	+1	556 kB	rreverser
npm/add-stream@1.0.0	None	0	5.51 kB	wilsonjackson
npm/ansi-colors@4.1.3	environment	0	26.1 kB	jonschlinkert
npm/ansi-escapes@4.3.2	None	+1	135 kB	sindresorhus
npm/array-buffer-byte-length@1.0.1	Transitive: eval	+11	238 kB	ljharb
npm/array-ify@1.0.0	None	0	2.15 kB	stevemao
npm/array.prototype.flat@1.3.2	Transitive: eval	+51	3.15 MB	ljharb
npm/arraybuffer.prototype.slice@1.0.3	Transitive: eval	+49	3.12 MB	ljharb
npm/asynciterator.prototype@1.0.0	None	+1	27.8 kB	ljharb
npm/available-typed-arrays@1.0.7	None	0	20.4 kB	ljharb
npm/before-after-hook@2.2.3	None	0	37 kB	gr2m
npm/brace-expansion@1.1.11	None	+2	22.9 kB	juliangruber
npm/byte-size@8.1.1	None	0	32.8 kB	75lb
npm/call-bind@1.0.7	Transitive: eval	+9	207 kB	ljharb
npm/cli-cursor@3.1.0	None	+3	23.3 kB	sindresorhus
npm/cli-width@3.0.0	environment	0	11.5 kB	knownasilya
npm/cliui@7.0.4	None	+5	86.8 kB	oss-bot
npm/clone-deep@4.0.1	None	+4	54.7 kB	jonschlinkert
npm/cmd-shim@6.0.1	filesystem	0	11.8 kB	nlf
npm/columnify@1.6.0	None	+2	57.1 kB	timoxley
npm/compare-func@2.0.0	None	+3	19.3 kB	stevemao
npm/concat-stream@2.0.0	Transitive: environment	+4	168 kB	mafintosh
npm/conventional-changelog-angular@7.0.0	filesystem	+4	33.1 kB	oss-bot
npm/conventional-changelog-core@5.0.1	shell Transitive: environment, eval, filesystem	+64	6.76 MB	oss-bot
npm/conventional-changelog-preset-loader@3.0.0	None	0	5.97 kB	oss-bot
npm/conventional-changelog-writer@6.0.1	filesystem Transitive: environment, eval	+38	6.07 MB	oss-bot
npm/conventional-commits-filter@3.0.0	None	+2	60.6 kB	oss-bot
npm/conventional-commits-parser@4.0.0	Transitive: environment, filesystem	+29	841 kB	oss-bot
npm/conventional-recommended-bump@7.0.1	Transitive: environment, filesystem, shell	+40	991 kB	oss-bot
npm/cosmiconfig@8.3.6	filesystem Transitive: environment, unsafe	+16	32.9 MB	d-fischer
npm/dargs@7.0.0	None	0	11.5 kB	sindresorhus
npm/dateformat@3.0.3	None	0	15 kB	doowb
npm/dedent@0.7.0	None	0	4.85 kB	dmnd
npm/define-data-property@1.1.4	Transitive: eval	+6	155 kB	ljharb
npm/define-properties@1.2.1	Transitive: eval	+9	206 kB	ljharb
npm/deprecation@2.3.1	None	0	4.01 kB	gr2m
npm/dir-glob@3.0.1	Transitive: filesystem	+1	10.8 kB	sindresorhus
npm/dot-prop@5.3.0	None	+1	12.4 kB	sindresorhus
npm/ejs@3.1.9	eval, filesystem Transitive: environment, shell	+9	440 kB	mde
npm/enquirer@2.3.6	environment	+1	224 kB	jonschlinkert
npm/envinfo@7.8.1	environment, eval, filesystem, shell	0	160 kB	tabrindle
npm/es-abstract@1.22.4	Transitive: eval	+49	3.12 MB	ljharb
npm/es-set-tostringtag@2.0.2	Transitive: eval	+6	144 kB	ljharb
npm/es-shim-unscopables@1.0.2	None	+2	53.6 kB	ljharb
npm/es-to-primitive@1.2.1	None	+5	150 kB	ljharb
npm/execa@5.0.0	environment, shell Transitive: filesystem	+13	231 kB	sindresorhus
npm/external-editor@3.1.0	environment, filesystem, shell	+8	1.57 MB	mrkmg
npm/fast-glob@3.3.2	filesystem	+10	300 kB	mrmlnc
npm/fastq@1.17.1	None	+1	51.4 kB	matteo.collina
npm/figures@3.2.0	None	+1	14.8 kB	sindresorhus
npm/flat-cache@3.2.0	filesystem Transitive: environment	+10	1.59 MB	jaredwray
npm/fs-extra@11.2.0	Transitive: environment, filesystem	+3	112 kB	ryanzim
npm/function.prototype.name@1.1.6	Transitive: eval	+49	3.12 MB	ljharb
npm/get-intrinsic@1.2.4	eval	+4	117 kB	ljharb
npm/get-pkg-repo@4.2.1	Transitive: environment, filesystem	+17	639 kB	oss-bot
npm/get-port@5.1.1	network	0	8.74 kB	sindresorhus
npm/get-stream@6.0.0	None	0	12.3 kB	sindresorhus
npm/get-symbol-description@1.0.2	Transitive: eval	+10	222 kB	ljharb
npm/git-raw-commits@3.0.0	shell Transitive: environment, filesystem	+29	827 kB	oss-bot
npm/git-remote-origin-url@2.0.0	Transitive: filesystem	+3	20.4 kB	sindresorhus
npm/git-semver-tags@5.0.1	shell Transitive: environment, filesystem	+25	670 kB	oss-bot
npm/git-up@7.0.0	None	+2	64.7 kB	ionicabizau
npm/git-url-parse@13.1.0	None	+3	95.7 kB	ionicabizau
npm/gitconfiglocal@1.0.0	filesystem	+1	11.6 kB	soldair
npm/glob@9.3.5	Transitive: environment, filesystem	+5	1.47 MB	isaacs
npm/globalthis@1.0.3	Transitive: eval	+10	228 kB	ljharb
npm/gopd@1.0.1	Transitive: eval	+5	124 kB	ljharb
npm/handlebars@4.7.8	filesystem Transitive: environment, eval	+5	5.26 MB	jaylinski
npm/has-property-descriptors@1.0.2	None	0	10.9 kB	ljharb
npm/has-tostringtag@1.0.2	None	+1	38.2 kB	ljharb
npm/hasown@2.0.1	None	+1	42.6 kB	ljharb
npm/hosted-git-info@4.1.0	None	+1	39.2 kB	gar
npm/import-local@3.1.0	Transitive: filesystem	+5	37.1 kB	sindresorhus
npm/ini@1.3.8	None	0	9.3 kB	isaacs
npm/init-package-json@5.0.0	filesystem Transitive: environment, unsafe	+19	1.74 MB	lukekarrys
npm/inquirer@8.2.6	Transitive: environment, filesystem, shell	+32	7.99 MB	sboudrias
npm/internal-slot@1.0.7	Transitive: eval	+12	343 kB	ljharb
npm/is-array-buffer@3.0.4	Transitive: eval	+10	225 kB	ljharb
npm/is-ci@3.0.1	None	0	3.81 kB	sibiraj-s
npm/is-date-object@1.0.5	None	+2	59 kB	ljharb
npm/is-obj@2.0.0	None	0	2.82 kB	sindresorhus
npm/is-plain-object@5.0.0	None	0	9.16 kB	trysound
npm/is-regex@1.1.4	Transitive: eval	+11	255 kB	ljharb
npm/is-shared-array-buffer@1.0.2	Transitive: eval	+10	219 kB	ljharb
npm/is-ssh@1.4.0	None	0	17.5 kB	ionicabizau
npm/is-stream@2.0.0	None	0	5.69 kB	sindresorhus
npm/is-string@1.0.7	None	+2	57.3 kB	ljharb
npm/is-symbol@1.0.4	None	+1	42.6 kB	ljharb
npm/is-text-path@1.0.1	None	0	2.75 kB	sindresorhus
npm/is-typed-array@1.1.13	Transitive: eval	+13	310 kB	ljharb
npm/is-weakref@1.0.2	Transitive: eval	+10	219 kB	ljharb
npm/isexe@3.1.1	environment, filesystem	0	43 kB	isaacs
npm/iterator.prototype@1.1.2	Transitive: eval	+51	3.16 MB	ljharb
npm/jake@10.8.7	environment, filesystem, shell	+8	298 kB	mde
npm/jest-diff@29.7.0	Transitive: environment	+4	144 kB	simenb
npm/jsonfile@6.1.0	filesystem Transitive: environment	+2	57 kB	ryanzim
npm/jsonstream@1.3.5	None	+1	12.5 kB
npm/keyv@4.5.4	None	+1	33.2 kB	jaredwray
npm/libnpmaccess@7.0.2	Transitive: environment, filesystem, network	+8	253 kB	lukekarrys
npm/libnpmpublish@7.3.0	environment, filesystem Transitive: network	+11	350 kB	lukekarrys
npm/load-json-file@6.2.0	Transitive: environment, filesystem	+11	326 kB	sindresorhus
npm/locate-path@6.0.0	filesystem	0	7.02 kB	sindresorhus
npm/lodash.ismatch@4.4.0	None	0	49.9 kB	jdalton
npm/make-dir@4.0.0	filesystem	+1	78.3 kB	sindresorhus
npm/meow@8.1.2	Transitive: environment, filesystem	+24	663 kB	sindresorhus
npm/micromatch@4.0.5	None	0	55.9 kB	jonschlinkert
npm/minipass@4.2.8	None	0	69.4 kB	isaacs
npm/modify-values@1.0.1	None	0	2.86 kB	sindresorhus
npm/multimatch@5.0.0	None	+5	67 kB	sindresorhus
npm/mute-stream@0.0.8	None	0	6.51 kB	isaacs
npm/node-fetch@2.6.7	network	0	152 kB	endless
npm/node-gyp@10.0.1	environment, shell Transitive: filesystem	+12	3.52 MB	lukekarrys
npm/normalize-package-data@3.0.3	None	+4	152 kB	gar
npm/npm-package-arg@8.1.1	None	+4	132 kB	nlf
npm/npm-packlist@5.1.1	filesystem Transitive: environment	+6	1.5 MB	lukekarrys
npm/npm-registry-fetch@14.0.5	environment, filesystem, network	+7	245 kB	npm-cli-ops
npm/npm-run-path@4.0.1	environment	+1	12.7 kB	sindresorhus
npm/npmlog@6.0.2	None	0	17.1 kB	lukekarrys
npm/nx@18.0.4	environment, filesystem, network, shell, unsafe	+52	7.5 MB	nrwl-jason
npm/object.assign@4.1.5	Transitive: eval	+12	319 kB	ljharb
npm/once@1.4.0	None	0	4.05 kB	isaacs
npm/onetime@5.1.2	None	0	6.17 kB	sindresorhus
npm/ora@5.4.1	Transitive: environment	+10	131 kB	sindresorhus
npm/p-map-series@2.1.0	None	0	5.63 kB	sindresorhus
npm/p-map@4.0.0	None	0	8.69 kB	sindresorhus
npm/p-pipe@3.1.0	None	0	8.52 kB	sindresorhus
npm/p-queue@6.6.2	None	0	30.9 kB	sindresorhus
npm/p-reduce@2.1.0	None	0	6.14 kB	sindresorhus
npm/p-waterfall@2.1.1	None	+1	16.6 kB	sindresorhus
npm/pacote@17.0.6	environment, filesystem, network Transitive: shell	+27	3.86 MB	npm-cli-ops
npm/parent-module@1.0.1	None	0	3.92 kB	sindresorhus
npm/parse-json@5.2.0	Transitive: environment	+8	177 kB	sindresorhus
npm/parse-url@8.1.0	None	0	36.3 kB	ionicabizau
npm/path-scurry@1.10.1	filesystem	0	529 kB	isaacs
npm/pify@5.0.0	None	0	8.87 kB	sindresorhus
npm/pkg-dir@4.2.0	Transitive: filesystem	+3	27.4 kB	sindresorhus
npm/proc-log@3.0.0	None	0	5.21 kB	lukekarrys
npm/promzard@1.0.0	filesystem, unsafe	+2	22.2 kB	lukekarrys
npm/read-cmd-shim@4.0.0	filesystem	0	5.16 kB	lukekarrys
npm/read-package-json-fast@3.0.2	filesystem	0	8.62 kB	lukekarrys
npm/read-package-json@6.0.4	filesystem Transitive: environment	+11	1.65 MB	npm-cli-ops
npm/read-pkg-up@3.0.0	Transitive: environment, filesystem	+22	515 kB	sindresorhus
npm/read-pkg@3.0.0	Transitive: environment, filesystem	+18	488 kB	sindresorhus
npm/read@2.1.0	None	+1	11.4 kB	npm-cli-ops
npm/readable-stream@3.6.2	environment	+1	128 kB	matteo.collina
npm/reflect.getprototypeof@1.0.5	Transitive: eval	+50	3.15 MB	ljharb
npm/regexp.prototype.flags@1.5.2	Transitive: eval	+14	321 kB	ljharb
npm/resolve-cwd@3.0.0	None	0	4.98 kB	sindresorhus
npm/resolve@2.0.0-next.5	environment, filesystem	0	138 kB	ljharb
npm/restore-cursor@3.1.0	None	+2	18.9 kB	sindresorhus
npm/rimraf@3.0.2	filesystem Transitive: environment	+6	1.49 MB	isaacs
npm/run-async@2.4.1	None	0	6.6 kB	sboudrias
npm/run-parallel@1.2.0	None	0	6.56 kB	feross
npm/rxjs@7.8.1	None	+1	4.59 MB	blesh
npm/safe-array-concat@1.1.0	Transitive: eval	+10	226 kB	ljharb
npm/safe-regex-test@1.0.3	Transitive: eval	+12	265 kB	ljharb
npm/set-function-length@1.2.1	Transitive: eval	+8	185 kB	ljharb
npm/set-function-name@2.0.2	Transitive: eval	+9	200 kB	ljharb
npm/shallow-clone@3.0.1	None	+1	32.3 kB	jonschlinkert
npm/side-channel@1.0.5	Transitive: eval	+11	322 kB	ljharb
npm/split@1.0.1	None	+1	24.8 kB	dominictarr
npm/split2@3.2.2	Transitive: environment	+2	145 kB	matteo.collina
npm/ssri@9.0.1	None	+1	52.3 kB	nlf
npm/string-width@4.2.3	None	+1	9.19 kB	sindresorhus
npm/string.prototype.matchall@4.0.10	Transitive: eval	+50	3.16 MB	ljharb
npm/string.prototype.trim@1.2.8	Transitive: eval	+49	3.12 MB	ljharb
npm/string.prototype.trimend@1.0.7	Transitive: eval	+49	3.12 MB	ljharb
npm/string.prototype.trimstart@1.0.7	Transitive: eval	+49	3.12 MB	ljharb
npm/strong-log-transformer@2.1.0	filesystem	+2	83.4 kB	rmg
npm/tar@6.1.11	environment, filesystem	+1	175 kB	isaacs
npm/temp-dir@1.0.0	filesystem	0	2.79 kB	sindresorhus
npm/through@2.3.8	None	0	12.5 kB	dominictarr
npm/through2@2.0.5	Transitive: environment	+2	138 kB	rvagg
npm/tmp@0.2.1	filesystem Transitive: environment	+7	1.54 MB	raszi
npm/typed-array-buffer@1.0.2	Transitive: eval	+14	323 kB	ljharb
npm/typed-array-byte-length@1.0.0	Transitive: eval	+14	324 kB	ljharb
npm/typed-array-byte-offset@1.0.1	Transitive: eval	+14	325 kB	ljharb
npm/typed-array-length@1.0.4	Transitive: eval	+14	329 kB	ljharb
npm/typedarray@0.0.6	None	0	26 kB	substack
npm/uglify-js@3.17.4	environment, eval, filesystem	0	1.28 MB	alexlamsl
npm/unbox-primitive@1.0.2	Transitive: eval	+10	222 kB	ljharb
npm/universal-user-agent@6.0.1	None	0	5.76 kB	gr2m
npm/upath@2.0.1	None	0	36.7 kB	anodynos
npm/validate-npm-package-license@3.0.4	None	0	16.6 kB	kemitchell
npm/validate-npm-package-name@5.0.0	None	0	7.88 kB	lukekarrys
npm/wcwidth@1.0.1	None	0	14.2 kB	timoxley
npm/which-typed-array@1.1.14	Transitive: eval	+12	287 kB	ljharb
npm/wordwrap@1.0.0	None	0	36.8 kB	substack
npm/wrap-ansi@7.0.0	None	+4	56.2 kB	sindresorhus
npm/write-file-atomic@5.0.1	filesystem	+2	101 kB	npm-cli-ops
npm/write-pkg@4.0.0	None	+1	117 kB	sindresorhus
npm/yargs-parser@21.1.1	environment, filesystem	0	128 kB	oss-bot
npm/yargs@15.4.1	environment, filesystem	+13	439 kB	oss-bot

🚮 Removed packages: npm/@aashutoshrathi/word-wrap@1.2.6, npm/@babel/helper-plugin-utils@7.22.5, npm/@babel/regjsgen@0.8.0, npm/@hapi/hoek@9.3.0, npm/@pkgjs/parseargs@0.11.0, npm/@react-native/normalize-color@2.1.0, npm/@sideway/formula@3.0.1, npm/@sideway/pinpoint@2.0.0, npm/@sinclair/typebox@0.27.8, npm/@tootallnate/once@2.0.0, npm/@types/estree@1.0.5, npm/@types/istanbul-lib-coverage@2.0.6, npm/@types/lodash@4.14.202, npm/@types/prop-types@15.7.11, npm/@types/scheduler@0.16.8, npm/@types/stack-utils@2.0.3, npm/@types/uuid@9.0.8, npm/@types/yargs-parser@21.0.3, npm/@yarnpkg/lockfile@1.1.0, npm/acorn-walk@8.3.2, npm/anser@1.4.10, npm/ansi-regex@6.0.1, npm/appdirsjs@1.2.7, npm/aproba@2.0.0, npm/asap@2.0.6, npm/assertion-error@1.1.0, npm/astral-regex@1.0.0, npm/async-limiter@1.0.1, npm/async@3.2.5, npm/at-least-node@1.0.0, npm/babel-plugin-syntax-trailing-function-commas@7.0.0-beta.0, npm/base64-js@1.5.1, npm/boolbase@1.0.0, npm/bytes@3.0.0, npm/cac@6.7.14, npm/callsites@3.1.0, npm/camelcase@5.3.1, npm/chownr@2.0.0, npm/ci-info@3.9.0, npm/clean-stack@2.2.0, npm/clone@1.0.4, npm/color-support@1.1.3, npm/colorette@1.4.0, npm/command-exists@1.2.9, npm/commondir@1.0.1, npm/console-control-strings@1.1.0, npm/content-type@1.0.5, npm/core-js@3.36.0, npm/core-util-is@1.0.3, npm/css-what@6.1.0, npm/csstype@3.1.3, npm/dayjs@1.11.10, npm/decamelize@1.2.0, npm/deep-is@0.1.4, npm/deepmerge@4.3.1, npm/delegates@1.0.0, npm/denodeify@1.2.1, npm/depd@2.0.0, npm/destroy@1.2.0, npm/diff-sequences@29.6.3, npm/domelementtype@2.3.0, npm/eastasianwidth@0.2.0, npm/ee-first@1.1.1, npm/emoji-regex@9.2.2, npm/encodeurl@1.0.2, npm/env-paths@2.2.1, npm/err-code@2.0.3, npm/escape-html@1.0.3, npm/esprima@4.0.1, npm/etag@1.8.1, npm/event-target-shim@5.0.1, npm/eventemitter3@4.0.7, npm/events@3.3.0, npm/exponential-backoff@3.1.1, npm/fast-diff@1.3.0, npm/fast-levenshtein@2.0.6, npm/flat@5.0.2, npm/flow-parser@0.206.0, npm/fresh@0.5.2, npm/fsevents@2.3.3, npm/get-func-name@2.0.2, npm/has-bigints@1.0.2, npm/html-escaper@2.0.2, npm/http-cache-semantics@4.1.1, npm/ieee754@1.2.1, npm/indent-string@4.0.0, npm/ip@1.1.9, npm/is-arrayish@0.2.1, npm/is-directory@0.3.1, npm/is-docker@2.2.1, npm/is-fullwidth-code-point@3.0.0, npm/is-interactive@1.0.0, npm/is-lambda@1.0.1, npm/is-number@7.0.0, npm/is-path-inside@3.0.3, npm/is-unicode-supported@0.1.0, npm/isarray@2.0.5, npm/jest-get-type@29.6.3, npm/jsc-android@250231.0.0, npm/jsc-safe-url@0.2.4, npm/json-parse-better-errors@1.0.2, npm/kleur@3.0.3, npm/leven@3.1.0, npm/lodash.debounce@4.0.8, npm/lodash.throttle@4.1.1, npm/memoize-one@5.2.1, npm/mime-db@1.52.0, npm/mime@2.6.0, npm/mimic-fn@2.1.0, npm/mkdirp@1.0.4, npm/nanoid@3.3.7, npm/negotiator@0.6.3, npm/nice-try@1.0.5, npm/nocache@3.0.4, npm/node-abort-controller@3.1.1, npm/node-int64@0.4.0, npm/node-stream-zip@1.15.0, npm/normalize-path@3.0.0, npm/nullthrows@1.1.1, npm/object-assign@4.1.1, npm/on-headers@1.0.2, npm/os-tmpdir@1.0.2, npm/p-finally@1.0.0, npm/p-try@2.2.0, npm/parseurl@1.3.3, npm/path-is-absolute@1.0.1, npm/path-parse@1.0.7, npm/pathe@1.1.2, npm/pathval@1.1.1, npm/picocolors@1.0.0, npm/picomatch@2.3.1, npm/pirates@4.0.6, npm/prelude-ls@1.2.1, npm/process-nextick-args@2.0.1, npm/punycode@2.3.1, npm/querystringify@2.2.0, npm/queue-microtask@1.2.3, npm/range-parser@1.2.1, npm/react-is@16.13.1, npm/react-native-swipe-gestures@1.0.5, npm/readline@1.3.0, npm/regenerate@1.4.2, npm/regenerator-runtime@0.14.1, npm/require-main-filename@2.0.0, npm/requires-port@1.0.0, npm/retry@0.12.0, npm/safe-buffer@5.2.1, npm/safer-buffer@2.1.2, npm/sax@1.3.0, npm/serialize-error@2.1.0, npm/set-blocking@2.0.0, npm/setimmediate@1.0.5, npm/setprototypeof@1.2.0, npm/shebang-regex@3.0.0, npm/sisteransi@1.0.5, npm/smart-buffer@4.2.0, npm/source-map-js@1.0.2, npm/sprintf-js@1.0.3, npm/stackframe@1.3.4, npm/statuses@1.5.0, npm/strnum@1.0.5, npm/sudo-prompt@9.2.1, npm/supports-preserve-symlinks-flag@1.0.0, npm/throat@5.0.0, npm/tinyspy@2.2.1, npm/tmpl@1.0.5, npm/toidentifier@1.0.1, npm/tr46@0.0.3, npm/type-detect@4.0.8, npm/ufo@1.4.0, npm/undici-types@5.26.5, npm/unicode-canonical-property-names-ecmascript@2.0.0, npm/unicode-match-property-value-ecmascript@2.1.0, npm/unicode-property-aliases-ecmascript@2.1.0, npm/unpipe@1.0.0, npm/util-deprecate@1.0.2, npm/utils-merge@1.0.1, npm/vary@1.1.2, npm/vlq@1.0.1, npm/webidl-conversions@3.0.1, npm/whatwg-fetch@3.6.20, npm/which-module@2.0.1, npm/wrappy@1.0.2, npm/xtend@4.0.2, npm/yaml@1.10.2, npm/yocto-queue@0.1.0

View full report↗︎

[socket-security[bot]]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note
Shell access	npm/external-editor@3.1.0	Module: child_process Location: Package overview
Uses eval	npm/uglify-js@3.17.4	Eval Type: Function Location: Package overview
Uses eval	npm/ejs@3.1.9	Eval Type: Function Location: Package overview
Uses eval	npm/ejs@3.1.9	Eval Type: Function Location: Package overview
New author	npm/validate-npm-package-name@5.0.0	New Author: lukekarrys Previous Author: gar
Shell access	npm/jake@10.8.7	Module: child_process Location: Package overview
New author	npm/write-file-atomic@5.0.1	New Author: npm-cli-ops Previous Author: lukekarrys
Shell access	npm/git-raw-commits@3.0.0	Module: child_process Location: Package overview
New author	npm/dateformat@3.0.3	New Author: doowb Previous Author: fpintos
New author	npm/npm-package-arg@8.1.1	New Author: nlf Previous Author: darcyclarke
New author	npm/npmlog@6.0.2	New Author: lukekarrys Previous Author: gar
New author	npm/handlebars@4.7.8	New Author: jaylinski Previous Author: knappi
New author	npm/@npmcli/node-gyp@3.0.0	New Author: lukekarrys Previous Author: gar
New author	npm/read-cmd-shim@4.0.0	New Author: lukekarrys Previous Author: gar
New author	npm/conventional-commits-filter@3.0.0	New Author: oss-bot Previous Author: bcoe
New author	npm/promzard@1.0.0	New Author: lukekarrys Previous Author: isaacs
New author	npm/read@2.1.0	New Author: npm-cli-ops Previous Author: lukekarrys
Shell access	npm/git-semver-tags@5.0.1	Module: child_process Location: Package overview
New author	npm/conventional-changelog-preset-loader@3.0.0	New Author: oss-bot Previous Author: bcoe
Shell access	npm/conventional-changelog-core@5.0.1	Module: child_process Location: Package overview
Shell access	npm/node-gyp@10.0.1	Module: child_process Location: Package overview
Shell access	npm/@npmcli/promise-spawn@7.0.1	Module: child_process Location: Package overview
Uses eval	npm/get-intrinsic@1.2.4	Eval Type: eval Location: Package overview
Shell access	npm/@nx/devkit@18.0.4	Module: child_process Location: Package overview
Shell access	npm/nx@18.0.4	Module: child_process Location: Package overview
Install scripts	npm/nx@18.0.4	Install script: postinstall Source: node ./bin/post-install
Shell access	npm/nx@18.0.4	Module: child_process Location: Package overview

View full report↗︎

Next steps

What is shell access?

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

What is eval?

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Avoid packages that use eval, since this could potentially execute any code.

What is new author?

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/external-editor@3.1.0
• @SocketSecurity ignore npm/uglify-js@3.17.4
• @SocketSecurity ignore npm/ejs@3.1.9
• @SocketSecurity ignore npm/validate-npm-package-name@5.0.0
• @SocketSecurity ignore npm/jake@10.8.7
• @SocketSecurity ignore npm/write-file-atomic@5.0.1
• @SocketSecurity ignore npm/git-raw-commits@3.0.0
• @SocketSecurity ignore npm/dateformat@3.0.3
• @SocketSecurity ignore npm/npm-package-arg@8.1.1
• @SocketSecurity ignore npm/npmlog@6.0.2
• @SocketSecurity ignore npm/handlebars@4.7.8
• @SocketSecurity ignore npm/@npmcli/node-gyp@3.0.0
• @SocketSecurity ignore npm/read-cmd-shim@4.0.0
• @SocketSecurity ignore npm/conventional-commits-filter@3.0.0
• @SocketSecurity ignore npm/promzard@1.0.0
• @SocketSecurity ignore npm/read@2.1.0
• @SocketSecurity ignore npm/git-semver-tags@5.0.1
• @SocketSecurity ignore npm/conventional-changelog-preset-loader@3.0.0
• @SocketSecurity ignore npm/conventional-changelog-core@5.0.1
• @SocketSecurity ignore npm/node-gyp@10.0.1
• @SocketSecurity ignore npm/@npmcli/promise-spawn@7.0.1
• @SocketSecurity ignore npm/get-intrinsic@1.2.4
• @SocketSecurity ignore npm/@nx/devkit@18.0.4
• @SocketSecurity ignore npm/nx@18.0.4