Severity
Medium
Description
Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.
Suggestion
Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings.
Packages with this alert
Synchronous exec with a cool twist. Zesty like lemon lime.
Calculation library for the Department of Energy Advanced Manufacturing Office (DOE AMO) suite of tools
An example Node.js native module
A Node.js LevelDB binding, primary backend for LevelUP
Dectecting key events with Node.js
Native Android Logging with Node.js
(request|cancel)AnimationFrame analog for the desktop
node bindings for the v8 profiler, minus the retain/dominator bits removed from V8