NPM package dependencies, supply chain security analysis (Socket) #2103

danielweck · 2024-04-03T09:16:47Z

danielweck
Apr 3, 2024
Maintainer

FYI, no immediate action needed.

https://socket.dev/dashboard/org/gh/edrlab/repo/thorium-reader

svg-sprite-loader -> svg-baker -> traverse

r2-utils-js -> unzipper -> buffers
r2-utils-js -> unzipper -> chainsaw -> traverse

npm ls --all

danielweck · 2024-04-03T09:22:53Z

danielweck
Apr 3, 2024
Maintainer Author

Too many "medium" alerts to list here (178, some direct, most transitive), all marked as "supply chain risk" by Socket (system shell, network access, eval, and a few other criteria match)

0 replies

danielweck · 2024-04-04T11:39:50Z

danielweck
Apr 4, 2024
Maintainer Author

Latest NPM package updates on the develop branch:
9f1e20a
=>
https://socket.dev/dashboard/org/gh/edrlab/sbom/180277f9-9f73-4588-afde-fcabb88ca3ac

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

NPM package dependencies, supply chain security analysis (Socket) #2103

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 2 comments

{{title}}

{{title}}

Select a reply

NPM package dependencies, supply chain security analysis (Socket) #2103

danielweck Apr 3, 2024 Maintainer

Replies: 2 comments

danielweck Apr 3, 2024 Maintainer Author

danielweck Apr 4, 2024 Maintainer Author

danielweck
Apr 3, 2024
Maintainer

danielweck
Apr 3, 2024
Maintainer Author

danielweck
Apr 4, 2024
Maintainer Author