Big update!Introducing GitHub Bot Commands. Learn more
Socket
BlogLoveLog in
Book a demo

Semver anomaly

Severity

Medium

Description

Package semver skipped several versions, this could indicate a dependency confusion attack or indicate the intention of disruptive breaking changes or major priority shifts for the project.

Suggestion

Packages should follow semantic versions conventions by not skipping subsequent version numbers. Consumers should research the purpose of the skipped version number.


Packages with this issue

2345
111Next
Socket

Product

Subscribe to our newsletter

Get open source security insights delivered straight into your inbox. Be the first to learn about new features and product updates.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc