Severity
Medium
Description
Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.
Suggestion
Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings.
Packages with this alert
A foreign function interface (FFI) for Node.js
Native plugin monitoring the libuv event loop. Used as part of strong-agent.
node bindings for the v8 profiler, minus the retain/dominator bits removed from V8
Exposes node v8 garbage collection stats