build-with-celo-hackathon BlockDash

BlockDash

Open hakymulla opened this issue 3 years ago • 1 comments

Oct 05 '22 18:10 hakymulla

Socket Security Report

Dependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again.

📜 New install scripts detected

A dependency change in this PR is introducing new install scripts to your install step.

Package	Script field	Location
[email protected] (added)	`binding.gyp`	`contract/package.json` via [email protected], @nomicfoundation/[email protected], [email protected]
[email protected] (added)	`binding.gyp`	`blockDash/package.json`,`contract/package.json` via [email protected]
[email protected] (added)	`binding.gyp`	`contract/package.json` via [email protected], @nomicfoundation/[email protected], [email protected]
[email protected] (added)	`binding.gyp`	`blockDash/package.json` via @celo/[email protected], [email protected]
[email protected] (added)	`postinstall`	`blockDash/package.json` via @celo/[email protected], [email protected]
[email protected] (added)	`postinstall`	`blockDash/package.json` via [email protected]
[email protected] (added)	`install`	`blockDash/package.json`,`contract/package.json` via [email protected]
[email protected] (added)	`install`	`contract/package.json` via [email protected], @nomicfoundation/[email protected], [email protected]
[email protected] (added)	`install`	`blockDash/package.json` via @celo/[email protected], [email protected]
[email protected] (added)	`postinstall`	`blockDash/package.json` via @celo/[email protected]
[email protected] (added)	`postinstall`	`blockDash/package.json`
[email protected] (added)	`postinstall`	`contract/package.json` via [email protected], @ethereum-waffle/[email protected]
[email protected] (added)	`postinstall`	`blockDash/package.json` via @celo/[email protected], [email protected]
[email protected] (added)	`postinstall`	`blockDash/package.json` via [email protected]
[email protected] (added)	`postinstall`	`contract/package.json` via [email protected], @ethereum-waffle/[email protected], [email protected]
[email protected] (added)	`postinstall`	`contract/package.json` via [email protected], @ethereum-waffle/[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
[email protected] (added)	`install`	`contract/package.json` via [email protected], @nomicfoundation/[email protected], [email protected]
[email protected] (added)	`postinstall`	`contract/package.json` via [email protected], @nomicfoundation/[email protected], [email protected], @truffle/[email protected], [email protected], [email protected], [email protected], [email protected], [email protected]

🧌 Troll package added

This package is a joke. You should not use it in production.

Package	Note	Location
[email protected] (added)	This package prints a protestware console message on install regarding Ukraine for users with Russian language locale	`blockDash/package.json`,`contract/package.json` via [email protected], @ethereum-waffle/[email protected], [email protected], [email protected]
[email protected] (added)	This package prints a protestware console message on install regarding Ukraine for users with Russian language locale	`contract/package.json` via [email protected], @nomicfoundation/[email protected], [email protected], @truffle/[email protected], [email protected], [email protected], [email protected], [email protected], [email protected]

🫣 Native code

Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.

Package	Location
[email protected] (added)	`contract/package.json` via [email protected], @nomicfoundation/[email protected], [email protected]
[email protected] (added)	`blockDash/package.json`,`contract/package.json` via [email protected]
[email protected] (added)	`contract/package.json` via [email protected], @nomicfoundation/[email protected], [email protected]
[email protected] (added)	`blockDash/package.json` via @celo/[email protected], [email protected]

😵‍💫 Bin script confusion

This package has multiple bin scripts with the same name. This can cause non-deterministic behavior when installing or could be a sign of a supply chain attack.

Package	Bin script	Location
@nomicfoundation/[email protected] (added)	`rlp`	`contract/package.json` via [email protected]
[email protected] (added)	`rlp`	`contract/package.json` via [email protected], @ethereum-waffle/[email protected], [email protected], [email protected]
[email protected] (added)	`rlp`	`blockDash/package.json`,`contract/package.json` via @nomicfoundation/[email protected], @nomicfoundation/[email protected], [email protected]

Socket.dev scan summary

Issue	Status
Did you mean?	✅ no new possible package typos
Install scripts	⚠️ 18 new install scripts detected
Telemetry	✅ no new telemetry
Troll package	⚠️ 2 new troll packages detected
Malware	✅ no new malware
Native code	⚠️ 4 new native modules detected
Bin Script Confusion	⚠️ 3 new bin script confusions detected
Bin script shell injection	✅ no new bin script shell injection

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] [email protected]

@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]

Powered by socket.dev

Oct 05 '22 18:10 socket-security[bot]

build-with-celo-hackathon build-with-celo-hackathon copied to clipboard

BlockDash

Socket Security Report

build-with-celo-hackathon
build-with-celo-hackathon copied to clipboard