build-with-celo-hackathon icon indicating copy to clipboard operation
build-with-celo-hackathon copied to clipboard

Published 20 hours ago verified publisher icon celo-org

Project : Bound

Open tlmw3 opened this issue 3 years ago • 1 comments

tlmw3 avatar Oct 06 '22 22:10 tlmw3

Socket Security Report

Dependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again.

📜 New install scripts detected

A dependency change in this PR is introducing new install scripts to your install step.

Package Script field Location
[email protected] (added) binding.gyp hardhat/package.json via [email protected]
[email protected] (added) binding.gyp hardhat/package.json via [email protected], @nomicfoundation/[email protected], [email protected]
[email protected] (added) binding.gyp hardhat/package.json
[email protected] (added) binding.gyp hardhat/package.json via [email protected]
[email protected] (added) binding.gyp hardhat/package.json via [email protected]
[email protected] (added) postinstall hardhat/package.json via [email protected], @truffle/[email protected], [email protected]
[email protected] (added) install hardhat/package.json
[email protected] (added) install hardhat/package.json via [email protected]
[email protected] (added) postinstall hardhat/package.json via [email protected], @truffle/[email protected]
[email protected] (added) postinstall hardhat/package.json via [email protected], @truffle/[email protected], [email protected]
[email protected] (added) install hardhat/package.json via [email protected]
[email protected] (added) install hardhat/package.json via [email protected], @nomicfoundation/[email protected], [email protected]
[email protected] (added) install hardhat/package.json via [email protected]
[email protected] (added) postinstall hardhat/package.json
🧌 Troll package added

This package is a joke. You should not use it in production.

Package Note Location
[email protected] (added) This package prints a protestware console message on install regarding Ukraine for users with Russian language locale hardhat/package.json
🫣 Native code

Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.

Package Location
[email protected] (added) hardhat/package.json via [email protected]
[email protected] (added) hardhat/package.json via [email protected], @nomicfoundation/[email protected], [email protected]
[email protected] (added) hardhat/package.json
[email protected] (added) hardhat/package.json via [email protected]
[email protected] (added) hardhat/package.json via [email protected]
Socket.dev scan summary
Issue Status
Did you mean? ✅ no new possible package typos
Install scripts ⚠️ 14 new install scripts detected
Telemetry ✅ no new telemetry
Troll package ⚠️ 1 new troll package detected
Malware ✅ no new malware
Native code ⚠️ 5 new native modules detected
Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] [email protected]

Powered by socket.dev

socket-security[bot] avatar Oct 06 '22 22:10 socket-security[bot]