feross
feat: add debloated package-lock.json
Hi,
I found that five transitive dependencies are not used in your package, according to your tests. So I created a package-lock.json file that excludes the useless dependencies. Would you consider removing useless dependencies from your package, so that developers do not need to install them when they use your package?
The five transitive dependencies are: isexe path-key which shebang-regex shebang-command
New dependency changes detected. Learn more about Socket for GitHub ↗︎
🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.
Bot Commands
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all
@SocketSecurity ignore @eslint/[email protected]
🤔 AI warning
AI has found some unusual behaviors which could indicate a security risk
An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.
| Package | Location | Source |
|---|---|---|
| @eslint/[email protected] (added) | dist/eslintrc.cjs | package-lock.json via [email protected] |
Pull request alert summary
| Issue | Status |
|---|---|
| Install scripts | ✅ 0 issues |
| Native code | ✅ 0 issues |
| Bin script shell injection | ✅ 0 issues |
| Unresolved require | ✅ 0 issues |
| Invalid package.json | ✅ 0 issues |
| HTTP dependency | ✅ 0 issues |
| Git dependency | ✅ 0 issues |
| Potential typo squat | ✅ 0 issues |
| Known Malware | ✅ 0 issues |
| Telemetry | ✅ 0 issues |
| Protestware/Troll package | ✅ 0 issues |
| AI detected security risk | ✅ 0 issues |
| AI warning | ⚠️ 1 issue |
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}