Dependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again.
📜 Install scripts
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@2.4.2
Socket Security Pull Request Report
Dependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again.
📜 Install scripts
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
postinstallpackage.jsonvia tsx@3.12.1, @esbuild-kit/core-utils@3.0.0,demo/pubsub/package.jsonvia vite@3.2.4Pull request report summary
Bot Commands
To ignore an alert, reply with a comment starting with
@SocketSecurity ignorefollowed by a space separated list ofpackage-name@versionspecifiers. e.g.@SocketSecurity ignore foo@1.0.0 bar@2.4.2@SocketSecurity ignore esbuild@0.15.16Powered by socket.dev