dapps icon indicating copy to clipboard operation
dapps copied to clipboard
verified publisher icon MetaMask

Fix npm package security vulnerabilities

Open tannn-younet opened this issue 2 years ago • 3 comments

tannn-younet avatar Aug 31 '23 11:08 tannn-younet

Report is too large to display inline. View full report↗︎

Next steps

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

socket-security[bot] avatar Aug 31 '23 11:08 socket-security[bot]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue Package Version Note Source
Bin script confusion jest 27.5.1
Deprecated memfs 3.6.0
  • Reason: this will be v4
Filesystem access @rollup/plugin-node-resolve 11.2.1
Filesystem access @surma/rollup-plugin-off-main-thread 2.2.3
Unmaintained @surma/rollup-plugin-off-main-thread 2.2.3
  • Last Publish: 11/2/2021, 12:45:58 PM
Filesystem access @typescript-eslint/typescript-estree 5.62.0
Filesystem access adjust-sourcemap-loader 4.0.0
Filesystem access bfj 7.0.2
Unmaintained bfj 7.0.2
  • Last Publish: 12/23/2019, 2:42:08 PM
Filesystem access ejs 3.1.9
Filesystem access escalade 3.1.1
Unmaintained escalade 3.1.1
  • Last Publish: 10/13/2020, 6:03:44 AM
Filesystem access eslint-module-utils 2.8.0
Filesystem access eslint-plugin-flowtype 8.0.3
Filesystem access get-package-type 0.1.0
Unmaintained get-package-type 0.1.0
  • Last Publish: 5/19/2020, 9:28:37 AM
Filesystem access globby 11.1.0
Filesystem access istanbul-reports 3.1.6
Filesystem access jake 10.8.7
Shell access jake 10.8.7
Filesystem access jiti 1.19.3
Filesystem access mime 1.6.0
Filesystem access postcss-custom-media 8.0.2
Filesystem access postcss-custom-properties 12.1.11
Filesystem access postcss-custom-selectors 6.0.3
Filesystem access postcss-env-function 4.0.6
Filesystem access postcss-preset-env 7.8.3
Filesystem access rollup 2.79.1
Filesystem access source-map 0.7.4
Network access source-map 0.7.4
New author source-map 0.7.4
New author source-map 0.8.0-beta.0
Filesystem access tailwindcss 3.3.3
Filesystem access tsconfig-paths 3.14.2
Filesystem access update-browserslist-db 1.0.11
Shell access update-browserslist-db 1.0.11
Filesystem access watchpack 2.4.0
Filesystem access y18n 5.0.8
Filesystem access yargs-parser 20.2.9
Filesystem access fork-ts-checker-webpack-plugin 6.5.3
Filesystem access workbox-build 6.6.1
Network access ws 7.5.9
Network access ws 8.13.0
Network access domutils 2.8.0
Network access svgo 2.8.0
Network access workbox-strategies 6.6.1
Network access jsdom 16.7.0
Network access webpack 5.88.2
Network access webpack-dev-server 4.15.1
Network access bonjour-service 1.1.1
New author merge-stream 2.0.0
New author eslint-plugin-react-hooks 4.6.0
New author react-is 18.2.0
New author supports-hyperlinks 2.3.0
New author @babel/plugin-syntax-import-meta 7.10.4
Unmaintained @babel/plugin-syntax-import-meta 7.10.4
  • Last Publish: 6/30/2020, 1:11:46 PM
New author @babel/plugin-syntax-logical-assignment-operators 7.10.4
Unmaintained @babel/plugin-syntax-logical-assignment-operators 7.10.4
  • Last Publish: 6/30/2020, 1:11:47 PM
New author @babel/plugin-syntax-numeric-separator

socket-security[bot] avatar Aug 31 '23 11:08 socket-security[bot]

@tannn-younet Just one question on https://github.com/MetaMask/dapps/pull/189#discussion_r1730481117; LGTM otherwise

legobeat avatar Aug 26 '24 00:08 legobeat

Report too large to display inline

View full report↗︎

socket-security[bot] avatar Aug 26 '24 01:08 socket-security[bot]