🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.
Bot Commands
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all
@SocketSecurity ignore @swc/core@1.3.49
@SocketSecurity ignore esbuild@0.17.16
📜 Install scripts
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
New dependency changes detected. Learn more about Socket for GitHub ↗︎
🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.
Bot Commands
To ignore an alert, reply with a comment starting with
@SocketSecurity ignore
followed by a space separated list ofpackage-name@version
specifiers. e.g.@SocketSecurity ignore foo@1.0.0 bar@*
or ignore all packages with@SocketSecurity ignore-all
@SocketSecurity ignore @swc/core@1.3.49
@SocketSecurity ignore esbuild@0.17.16
📜 Install scripts
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
postinstall
pnpm-lock.yaml
via @swc-node/core@1.10.2, @swc-node/jest@1.6.3, @swc-node/register@1.6.3,packages/core/package.json
,pnpm-lock.yaml
,packages/integrate/package.json
via @swc-node/core@1.10.2,packages/integrate-module/package.json
,pnpm-lock.yaml
via @swc-node/register@1.6.3,packages/jest/package.json
,pnpm-lock.yaml
via @swc-node/core@1.10.2, @swc-node/register@1.6.3,packages/loader/package.json
via @swc-node/core@1.10.2, @swc-node/register@1.6.3,packages/register/package.json
,pnpm-lock.yaml
via @swc-node/core@1.10.2postinstall
package.json
,pnpm-lock.yaml
,packages/loader/package.json
viaPull request alert summary
📊 Modified Dependency Overview:
+/-
Transitive Count+9
+11
+73
+1
+7
+/-
Transitive Count+0/-0
+0/-0
+0/-0
+162/-97
+1/-1
+3/-3
+8/-10
+13/-30
+9/-6
+4/-0
+2/-2
+0/-0
🚮 Removed packages: @babel/core@7.20.12, @types/lodash@4.14.191, @types/node@18.11.19, lint-staged@13.1.0, prettier@2.8.3, webpack@5.75.0