@socketsecurity/lib
Advanced tools
@socketsecurity/lib - npm Package Compare versions
@@ -142,2 +142,5 @@ "use strict"; | ||
| } | ||
| if (!assets || assets.length === 0) { | ||
| return false; | ||
| } | ||
| if (isMatch) { | ||
@@ -144,0 +147,0 @@ const hasMatchingAsset = assets.some( |
+5
-3
| { | ||
| "name": "@socketsecurity/lib", | ||
| "version": "5.5.0", | ||
| "version": "5.5.1", | ||
| "packageManager": "pnpm@10.28.0", | ||
@@ -729,3 +729,3 @@ "license": "MIT", | ||
| "@socketregistry/yocto-spinner": "1.0.25", | ||
| "@socketsecurity/lib-stable": "npm:@socketsecurity/lib@5.4.0", | ||
| "@socketsecurity/lib-stable": "npm:@socketsecurity/lib@5.5.0", | ||
| "@types/node": "24.9.2", | ||
@@ -799,2 +799,3 @@ "@typescript/native-preview": "7.0.0-dev.20250920.1", | ||
| "debug": "4.4.3", | ||
| "execa": "5.1.1", | ||
| "has-flag": "5.0.1", | ||
@@ -817,5 +818,6 @@ "isexe": "3.1.1", | ||
| "@sigstore/sign@4.1.0": "patches/@sigstore__sign@4.1.0.patch", | ||
| "node-gyp@11.5.0": "patches/node-gyp@11.5.0.patch" | ||
| "node-gyp@11.5.0": "patches/node-gyp@11.5.0.patch", | ||
| "execa@5.1.1": "patches/execa@5.1.1.patch" | ||
| } | ||
| } | ||
| } |
Sorry, the diff of this file is too big to display
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 3 instances in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 2 instances in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 22 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 2 instances in 1 package
AI-detected potential code anomaly
Supply chain riskAI has identified unusual behaviors that may pose a security risk.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 3 instances in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 2 instances in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 22 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 2 instances in 1 package
AI-detected potential code anomaly
Supply chain riskAI has identified unusual behaviors that may pose a security risk.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
5953544
0.01%- Lines of code
161453
0