Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Dependency on @xhmikosr/bin-check is a supply chain risk #84

Open
yawhide opened this issue Feb 4, 2025 · 1 comment
Open

Dependency on @xhmikosr/bin-check is a supply chain risk #84

yawhide opened this issue Feb 4, 2025 · 1 comment

Comments

@yawhide
Copy link

yawhide commented Feb 4, 2025
edited
Loading

I noticed that socket gives a medium warning about the usage of @xhmikosr/bin-check https://socket.dev/npm/package/@xhmikosr/bin-check/alerts/7.0.3?alert_name=gptAnomaly which is used by @swc/cli.

Is it possible to either use a different dependency or fork it and fix the issue?

Thanks
@kdy1
Copy link
Member

kdy1 commented Feb 4, 2025

Feel free to send a PR

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yawhide @kdy1