Big update!Introducing GitHub Bot Commands. Learn more
Socket
Log inDemoInstall

Semver anomaly

Severity

Medium

Description

Package semver skipped several versions, this could indicate a dependency confusion attack or indicate the intention of disruptive breaking changes or major priority shifts for the project.

Suggestion

Packages should follow semantic versions conventions by not skipping subsequent version numbers. Consumers should research the purpose of the skipped version number.


Packages with this issue

Socket[email protected]

Product

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc