Socket
Socket
Sign inDemoInstall

HTTP dependency

Severity

Critical

Description

Contains a dependency which resolves to a remote HTTP URL which could be used to inject untrusted code and reduce overall package reliability.

Suggestion

Publish the HTTP URL dependency to npm or a private package repository and consume it from there.

Packages with this alert

piskel-cli

Wraps the Piskel pixel editing application to enable similar export options via the command line.

aneutralgiraffe
 published 1.0.34 •

pivot

Simple feature, multi-variant and A/B testing

camshaft
 published 0.1.0 •

pleeease

Postprocess CSS with ease

iamvdo
 published 1.1.2 •

pln

Pylon IDE

exile
 published 2.10.0 •

pm2

Production process manager for Node.JS applications with a built-in load balancer.

tknew
 published 3.5.0 •

pm25

Production process manager for Node.JS applications with a built-in load balancer.

shawnliu
 published 2.3.0 •

pm2_alert_sender

Production process manager for Node.JS applications with a built-in load balancer.

haalcala
 published 3.1.8 •

politeiagui-scripts

You don't become a failure until you're satisfied with being one.

cdk-cloudformation-types
 published 0.155.0 •
Previous1
2931
43Next
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc