Severity
High
Description
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Suggestion
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
Packages with this alert
See README.md file
Seismic canvas common utils
Congrats! You just saved yourself hours of work by bootstrapping this project with TSDX. Let’s get you oriented with what’s here and how to use it.
ServiceNow Javascript HTTP Client