Big update!Introducing GitHub Bot Commands. Learn more
Socket
BlogLoveLog in
Book a demo

Unstable ownership

Severity

High

Description

A new collaborator has begun publishing package versions. Package stability and security risk may be elevated.

Suggestion

Try to reduce the amount of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Packages with this issue

fb-watchman

Bindings for the Watchman file watching service

published 2.0.2 •

@zeit/schemas

All schemas used for validation that are shared between our projects

published 2.28.0 •

remove-accents

Converting the accented characters to their corresponding non-accented ASCII characters.

published 0.4.3 •

sanitize-html

Clean up user-submitted HTML, preserving allowlisted elements and allowlisted attributes on a per-element basis

published 2.7.2 •

react-devtools-core

Use react-devtools outside of the browser

published 4.26.0 •

rc-switch

switch ui component for react

published 4.0.0 •

@rails/actioncable

WebSocket framework for Ruby on Rails.

published 7.0.4 •

zrender

A lightweight graphic library providing 2d draw for Apache ECharts

published 5.4.0 •

@contentful/rich-text-types

Type definitions and constants for the Contentful rich text field type.

published 15.13.2 •

@rails/ujs

Ruby on Rails unobtrusive scripting adapter

published 7.0.4 •
2345
51Next
Socket

Product

About

NPM Packages

Subscribe to our newsletter

Get open source security insights delivered straight into your inbox. Be the first to learn about new features and product updates.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc