Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update package.json #54

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update package.json #54

wants to merge 1 commit into from

Conversation

jadoonf
Copy link
Contributor

@jadoonf jadoonf commented Sep 30, 2023

No description provided.

@github-actions
Copy link

listen.dev ∙ Security Report

critical 🚨 0 medium ⚠️ 30 low 🔷 4

🔍 The following behaviors have been detected in the dependency tree during installation

⚠️ Medium severity
🛡️📡🔎 3 categories

  • 🛡️ Advisories ∙ 1 package
    • 📦 [email protected] ∙ 4 occurrences ∙ 1 kind of issue ∙ open 🔗
      • AutoUpdater module fails to validate certain nested components of the bundle ∙ 4 total occurrences
        Name Version Transitive Dependency Occurrences More
        electron 12.2.3 4 🔗
  • 📡 Dynamic instrumentation ∙ 3 packages
    • 📦 [email protected] ∙ 7 occurrences ∙ 2 kind of issues ∙ open 🔗
      • npm install spawned a process ∙ 4 total occurrences
        Name Version Transitive Dependency Occurrences More
        es5-ext 0.10.62 ✔️ 1 🔗
        protobufjs 6.11.3 ✔️ 1 🔗
        serverless 2.72.4 1 🔗
        snappy 6.3.5 ✔️ 1 🔗
      • unexpected outbound connection destination ∙ 3 total occurrences
        Name Version Transitive Dependency Occurrences More
        snappy 6.3.5 ✔️ 3 🔗
    • 📦 [email protected] ∙ 13 occurrences ∙ 2 kind of issues ∙ open 🔗
      • npm install spawned a process ∙ 1 total occurrence
        Name Version Transitive Dependency Occurrences More
        electron 12.2.3 1 🔗
      • unexpected outbound connection destination ∙ 12 total occurrences
        Name Version Transitive Dependency Occurrences More
        electron 12.2.3 12 🔗
    • 📦 [email protected] ∙ 1 occurrence ∙ 1 kind of issue ∙ open 🔗
      • npm install spawned a process ∙ 1 total occurrence
        Name Version Transitive Dependency Occurrences More
        core-js 2.6.12 ✔️ 1 🔗
  • 🔎 Static analysis ∙ 5 packages
    • 📦 [email protected] ∙ 1 occurrence ∙ 1 kind of issue ∙ open 🔗
      • install script detected in package.json ∙ 1 total occurrence
        Name Version Transitive Dependency Occurrences More
        webpack 5.88.2 1 🔗
    • 📦 [email protected] ∙ 1 occurrence ∙ 1 kind of issue ∙ open 🔗
      • install script detected in package.json ∙ 1 total occurrence
        Name Version Transitive Dependency Occurrences More
        ts-node 9.1.1 1 🔗
    • 📦 [email protected] ∙ 1 occurrence ∙ 1 kind of issue ∙ open 🔗
      • install script detected in package.json ∙ 1 total occurrence
        Name Version Transitive Dependency Occurrences More
        serverless 2.72.4 1 🔗
    • 📦 [email protected] ∙ 1 occurrence ∙ 1 kind of issue ∙ open 🔗
      • install script detected in package.json ∙ 1 total occurrence
        Name Version Transitive Dependency Occurrences More
        node-fetch 2.7.0 1 🔗
    • 📦 [email protected] ∙ 1 occurrence ∙ 1 kind of issue ∙ open 🔗
      • install script detected in package.json ∙ 1 total occurrence
        Name Version Transitive Dependency Occurrences More
        electron 12.2.3 1 🔗

🔷 Low severity
🛡️📑🔎 3 categories

  • 🛡️ Advisories ∙ 1 package
    • 📦 [email protected] ∙ 2 occurrences ∙ 1 kind of issue ∙ open 🔗
      • Renderers can obtain access to random bluetooth device without permission in Electron ∙ 2 total occurrences
        Name Version Transitive Dependency Occurrences More
        electron 12.2.3 2 🔗
  • 📑 Metadata ∙ 1 package
    • 📦 [email protected] ∙ 1 occurrence ∙ 1 kind of issue ∙ open 🔗
      • This package has inconsistent devDependencies in the tarball's package.json ∙ 1 total occurrence
        Name Version Transitive Dependency Occurrences More
        webpack 5.88.2 1 🔗
  • 🔎 Static analysis ∙ 1 package
    • 📦 [email protected] ∙ 1 occurrence ∙ 1 kind of issue ∙ open 🔗
      • shady link detected in package ∙ 1 total occurrence
        Name Version Transitive Dependency Occurrences More
        serverless 2.72.4 1 🔗

### 🚩 Some problems have been encountered
🔗 Package not analysed yet ∙ 6 occurrences ∙ Package not analysed yet

See docs 🔗


Powered by listen.dev

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant