Skip to content

⬆️ Bump minimatch and eslint#13

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-024a52bca7
Open

⬆️ Bump minimatch and eslint#13
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-024a52bca7

:arrow_up: Bump minimatch and eslint

0dbec9e
Select commit
Loading
Failed to load commit list.
Socket Security / Socket Security: Pull Request Alerts failed Feb 19, 2026 in 29s

Pull Request #13 Alerts: Complete with warnings

Report Status Message
PR #13 Alerts ⚠️ Found 22 project alerts

Pull request alerts notify when new issues are detected between the diff of the pull request and it's target branch.

Details

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Block Low
Embedded URLs or IPs: npm @eslint/config-array

URLs: https://deno.land/std/path/mod.ts, https://deno.land/std/path/mod.ts?a=b, https://deno.land/std/path/mod.ts#header, https://deno.land/std/path, https://deno.land, https://deno.land/std/assert/mod.ts, https://deno.land/std/async/retry.ts, https://www.linuxjournal.com/content/bash-extended-globbing., https://www.linuxjournal.com/content/globstar-new-bash-globbing-option., https://facelessuser.github.io/wcmatch/glob/#posix-character-classes

Location: Package overview

From: package-lock.jsonnpm/eslint@10.0.0npm/@eslint/config-array@0.23.1

ℹ Read more on: This package | This alert | What are URL strings?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@eslint/config-array@0.23.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Dynamic module loading: npm @eslint/config-array

Location: Package overview

From: package-lock.jsonnpm/eslint@10.0.0npm/@eslint/config-array@0.23.1

ℹ Read more on: This package | This alert | What is dynamic require?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should avoid dynamic imports when possible. Audit the use of dynamic require to ensure it is not executing malicious or vulnerable code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@eslint/config-array@0.23.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Embedded URLs or IPs: npm @eslint/core

URLs: https://eslint.org/docs/latest/use/configure/language-options#specifying-parser-options, meta.name, https://eslint.org/docs/latest/use/configure/language-options-deprecated#specifying-parser-options, https://eslint.org/docs/latest/use/configure/, https://eslint.org/docs/latest/use/configure/language-options-deprecated#specifying-environments, https://eslint.org/docs/latest/use/configure/configuration-files-deprecated#extending-configuration-files, https://eslint.org/docs/latest/use/configure/language-options-deprecated#specifying-globals, https://eslint.org/docs/latest/use/configure/rules-deprecated#disabling-inline-comments, https://eslint.org/docs/latest/use/configure/configuration-files-deprecated#how-do-overrides-work, https://eslint.org/docs/latest/extend/custom-parsers, https://eslint.org/docs/latest/use/configure/parser-deprecated, https://eslint.org/docs/latest/use/configure/plugins-deprecated#configure-plugins, https://eslint.org/docs/latest/use/configure/plugins-deprecated#specify-a-processor, https://eslint.org/docs/latest/use/configure/rules-deprecated#report-unused-eslint-disable-comments, https://eslint.org/docs/latest/use/configure/configuration-files-deprecated#adding-shared-settings, https://eslint.org/docs/latest/use/configure/ignore-deprecated#ignorepatterns-in-config-files, https://eslint.org/docs/latest/use/configure/configuration-files-deprecated#using-configuration-files

Location: Package overview

From: package-lock.jsonnpm/eslint@10.0.0npm/@eslint/core@1.1.0

ℹ Read more on: This package | This alert | What are URL strings?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@eslint/core@1.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Embedded URLs or IPs: npm @types/json-schema

URLs: http://json-schema.org/schema#, http://json-schema.org/hyper-schema#, http://json-schema.org/draft-04/schema#, http://json-schema.org/draft-04/hyper-schema#, http://json-schema.org/draft-03/schema#, http://json-schema.org/draft-03/hyper-schema#, https://tools.ietf.org/html/draft-zyp-json-schema-03#section-5.3, https://tools.ietf.org/html/draft-zyp-json-schema-03#section-5.19, https://tools.ietf.org/html/draft-zyp-json-schema-03#section-5.26, https://tools.ietf.org/html/draft-zyp-json-schema-04#section-5.6, https://github.com/microsoft/TypeScript/issues/3496#issuecomment-128553540, https://tools.ietf.org/html/draft-handrews-json-schema-validation-01#section-5, https://tools.ietf.org/html/draft-wright-json-schema-validation-01, https://tools.ietf.org/html/draft-wright-json-schema-validation-01#section-6.18, http://json-schema.org/draft-07/schema#, http://json-schema.org/draft-07/hyper-schema#

Location: Package overview

From: package-lock.jsonnpm/eslint@10.0.0npm/@types/json-schema@7.0.15

ℹ Read more on: This package | This alert | What are URL strings?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@types/json-schema@7.0.15. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Embedded URLs or IPs: npm acorn

URLs: https://bugzilla.mozilla.org/show_bug.cgi?id=745678, https://github.com/mozilla/sweet.js/wiki/design, http://en.wikipedia.org/wiki/Operator-precedence_parser, https://github.com/acornjs/acorn/issues/575, https://www.ecma-international.org/ecma-262/8.0/#prod-Pattern, https://www.ecma-international.org/ecma-262/8.0/#prod-Disjunction, https://www.ecma-international.org/ecma-262/8.0/#prod-Alternative, https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Term, https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion, https://www.ecma-international.org/ecma-262/8.0/#prod-Quantifier, https://www.ecma-international.org/ecma-262/8.0/#prod-QuantifierPrefix, https://www.ecma-international.org/ecma-262/8.0/#sec-term, https://www.ecma-international.org/ecma-262/8.0/#prod-Atom, https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom, https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-InvalidBracedQuantifier, https://www.ecma-international.org/ecma-262/8.0/#prod-SyntaxCharacter, https://www.ecma-international.org/ecma-262/8.0/#prod-PatternCharacter, https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedPatternCharacter, https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-AtomEscape, https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape, https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-CharacterEscape, https://www.ecma-international.org/ecma-262/8.0/#prod-ControlEscape, https://www.ecma-international.org/ecma-262/8.0/#prod-ControlLetter, https://www.ecma-international.org/ecma-262/8.0/#prod-RegExpUnicodeEscapeSequence, https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-IdentityEscape, https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape, https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClassEscape, https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClass, https://tc39.es/ecma262/#prod-ClassContents, https://www.ecma-international.org/ecma-262/8.0/#prod-ClassRanges, https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges, https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesNoDash, https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtom, https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomNoDash, https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassEscape, https://tc39.es/ecma262/#prod-ClassSetExpression, https://tc39.es/ecma262/#prod-ClassUnion, https://tc39.es/ecma262/#prod-ClassIntersection, https://tc39.es/ecma262/#prod-ClassSubtraction, https://tc39.es/ecma262/#prod-ClassSetRange, https://tc39.es/ecma262/#prod-ClassSetOperand, https://tc39.es/ecma262/#prod-NestedClass, https://tc39.es/ecma262/#prod-ClassStringDisjunction, https://tc39.es/ecma262/#prod-ClassStringDisjunctionContents, https://tc39.es/ecma262/#prod-ClassString, https://tc39.es/ecma262/#prod-NonEmptyClassString, https://tc39.es/ecma262/#prod-ClassSetCharacter, https://tc39.es/ecma262/#prod-ClassSetReservedDoublePunctuator, https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter, https://www.ecma-international.org/ecma-262/8.0/#prod-HexEscapeSequence, https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalDigits, https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits, https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-LegacyOctalEscapeSequence, https://www.ecma-international.org/ecma-262/8.0/#prod-OctalDigit, https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits, https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigit, https://github.com/estree/estree/blob/a27003adf4fd7bfad44de9cef372a2eacd527b1c/es5.md#regexpliteral, http://marijnhaverbeke.nl/git/acorn, https://github.com/acornjs/acorn.git, https://github.com/acornjs/acorn/issues

Location: Package overview

From: package-lock.jsonnpm/eslint@10.0.0npm/acorn@8.16.0

ℹ Read more on: This package | This alert | What are URL strings?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/acorn@8.16.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Embedded URLs or IPs: npm eslint-scope

URLs: https://github.com/estools/escope, http://www.ecma-international.org/publications/standards/Ecma-262.htm, https://github.com/estools/esmangle, https://developer.mozilla.org/en-US/docs/SpiderMonkey/Parser_API, https://github.com/eslint/espree, https://github.com/estools/esrecurse, https://github.com/estools/escope/pull/69, https://github.com/estree/estree/pull/20#issuecomment-74584758, http://people.mozilla.org/~jorendorff/es6-draft.html#sec-moduledeclarationinstantiation, https://github.com/estree/estree/blob/master/es6.md#importdeclaration, node.id

Location: Package overview

From: package-lock.jsonnpm/eslint@10.0.0npm/eslint-scope@9.1.0

ℹ Read more on: This package | This alert | What are URL strings?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint-scope@9.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Embedded URLs or IPs: npm eslint-visitor-keys

URLs: https://github.com/jsdoc-type-pratt-parser/jsdoc-type-pratt-parser/issues/164

Location: Package overview

From: package-lock.jsonnpm/eslint@10.0.0npm/eslint-visitor-keys@5.0.0

ℹ Read more on: This package | This alert | What are URL strings?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint-visitor-keys@5.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Embedded URLs or IPs: npm eslint

URLs: http://www.graphviz.org, http://www.webgraphviz.com, context.report, https://github.com/nodejs/node/blob/master/doc/api/process.md#processstdin, https://github.com/nodejs/node/blob/master/doc/api/process.md#a-note-on-process-io, https://lists.gnu.org/archive/html/bug-gnu-emacs/2016-01/msg00419.html, https://github.com/nodejs/node/issues/7439, https://eslint.org/blog/2023/10/deprecating-formatting-rules/, https://eslint.style/guide/migration, https://eslint.style, https://eslint.style/rules/array-bracket-spacing, https://eslint.org/docs/latest/rules/array-bracket-spacing, https://eslint.org/docs/latest/rules/consistent-this, https://eslint.org/docs/latest/rules/consistent-return, https://eslint.org/docs/latest/rules/capitalized-comments, https://eslint.org/docs/latest/rules/default-param-last, https://eslint.org/docs/latest/rules/func-names, https://eslint.style/rules/arrow-parens, https://eslint.org/docs/latest/rules/arrow-parens, https://eslint.org/docs/latest/rules/array-callback-return, https://eslint.style/rules/array-bracket-newline, https://eslint.org/docs/latest/rules/array-bracket-newline, https://eslint.org/docs/latest/rules/camelcase, Identifier.property, https://eslint.style/rules/dot-location, https://eslint.org/docs/latest/rules/dot-location, https://eslint.style/rules/comma-style, https://eslint.org/docs/latest/rules/comma-style, https://eslint.org/docs/latest/rules/complexity, https://eslint.style/rules/block-spacing, https://eslint.org/docs/latest/rules/block-spacing, https://eslint.style/rules/arrow-spacing, https://eslint.org/docs/latest/rules/arrow-spacing, https://eslint.style/rules/comma-dangle, https://eslint.org/docs/latest/rules/comma-dangle, https://eslint.org/docs/latest/rules/guard-for-in, https://eslint.org/docs/latest/rules/default-case-last, https://eslint.org/docs/latest/rules/func-style, https://eslint.org/docs/latest/rules/class-methods-use-this, https://eslint.style/rules/function-paren-newline, https://eslint.org/docs/latest/rules/function-paren-newline, https://eslint.org/docs/latest/rules/eqeqeq, https://eslint.org/docs/latest/rules/dot-notation, https://eslint.org/docs/latest/use/migrating-to-7.0.0#deprecate-node-rules, https://github.com/eslint-community/eslint-plugin-n, https://github.com/eslint-community/eslint-plugin-n/tree/master/docs/rules/callback-return.md, https://eslint.org/docs/latest/rules/callback-return, https://eslint.style/rules/function-call-argument-newline, https://eslint.org/docs/latest/rules/function-call-argument-newline, https://eslint.style/rules/array-element-newline, https://eslint.org/docs/latest/rules/array-element-newline, https://eslint.org/docs/latest/rules/accessor-pairs, https://eslint.style/rules/generator-star-spacing, https://eslint.org/docs/latest/rules/generator-star-spacing, https://eslint.org/docs/latest/rules/for-direction, https://eslint.style/rules/comma-spacing, https://eslint.org/docs/latest/rules/comma-spacing, https://eslint.org/docs/latest/extend/custom-rules#options-schemas, https://eslint.org/docs/latest/integrate/nodejs-api#customizing-ruletester, https://eslint.org/docs/latest/rules/init-declarations, https://eslint.org/docs/latest/rules/arrow-body-style, https://eslint.org/docs/latest/rules/default-case, https://eslint.org/docs/latest/rules/constructor-super, https://eslint.style/rules/function-call-spacing, https://eslint.org/docs/latest/rules/func-call-spacing, https://eslint.style/rules/key-spacing, https://eslint.org/docs/latest/rules/key-spacing, https://eslint.org/docs/latest/rules/id-denylist, https://eslint.org/docs/latest/rules/max-lines, https://eslint.style/rules/keyword-spacing, https://eslint.org/docs/latest/rules/keyword-spacing, https://eslint.style/rules/computed-property-spacing, https://eslint.org/docs/latest/rules/computed-property-spacing, https://github.com/eslint-community/eslint-plugin-n/tree/master/docs/rules/global-require.md, https://eslint.org/docs/latest/rules/global-require, https://eslint.org/docs/latest/rules/id-length, https://eslint.style/rules/line-comment-position, https://eslint.org/docs/latest/rules/line-comment-position, https://eslint.style/rules/linebreak-style, https://eslint.org/docs/latest/rules/linebreak-style, https://eslint.style/rules/implicit-arrow-linebreak, https://eslint.org/docs/latest/rules/implicit-arrow-linebreak, https://github.com/eslint-community/eslint-plugin-n/tree/master/docs/rules/handle-callback-err.md, https://eslint.org/docs/latest/rules/handle-callback-err, https://eslint.org/docs/latest/rules/curly, https://eslint.style/rules/brace-style, https://eslint.org/docs/latest/rules/brace-style, https://eslint.style/rules/newline-per-chained-call, https://eslint.org/docs/latest/rules/newline-per-chained-call, https://eslint.org/docs/latest/rules/block-scoped-var, https://eslint.org/blog/2020/07/eslint-v7.5.0-released/#deprecating-id-blacklist, https://eslint.org/docs/rules/id-denylist, https://eslint.org/docs/latest/rules/id-blacklist, https://eslint.style/rules/lines-between-class-members, https://eslint.org/docs/latest/rules/lines-between-class-members, https://eslint.org/docs/latest/rules/no-case-declarations, https://eslint.org/docs/latest/rules/lines-around-directive, https://eslint.org/blog/2017/06/eslint-v4.0.0-released/, https://eslint.org/docs/latest/rules/padding-line-between-statements#examples, https://eslint.style/rules/padding-line-between-statements, https://eslint.style/rules/eol-last, https://eslint.org/docs/latest/rules/eol-last, https://eslint.org/docs/latest/rules/max-classes-per-file, https://eslint.org/docs/latest/rules/indent-legacy, https://eslint.style/rules/indent, https://eslint.org/docs/latest/rules/indent, https://eslint.org/docs/latest/rules/no-array-constructor, https://eslint.org/docs/latest/rules/no-class-assign, https://github.com/eslint-community/eslint-plugin-n/tree/master/docs/rules/no-deprecated-api.md, https://eslint.org/docs/latest/rules/no-buffer-constructor, https://eslint.org/docs/latest/rules/getter-return, https://eslint.org/docs/latest/rules/func-name-matching, https://eslint.org/docs/latest/rules/max-params, https://eslint.org/docs/latest/rules/id-match, https://eslint.org/docs/latest/rules/max-lines-per-function, https://eslint.org/docs/latest/rules/grouped-accessor-pairs, https://eslint.org/docs/latest/rules/max-nested-callbacks, https://eslint.style/rules/multiline-ternary, https://eslint.org/docs/latest/rules/multiline-ternary, https://eslint.style/rules/no-confusing-arrow, https://eslint.org/docs/latest/rules/no-confusing-arrow, https://eslint.org/docs/latest/rules/logical-assignment-operators, https://eslint.org/docs/latest/rules/new-cap, https://eslint.org/docs/latest/rules/no-catch-shadow, https://eslint.org/blog/2018/07/eslint-v5.1.0-released/, https://eslint.org/docs/rules/no-shadow, https://eslint.org/docs/latest/rules/no-const-assign, https://eslint.org/docs/latest/rules/newline-after-var, https://eslint.style/rules/max-statements-per-line, https://eslint.org/docs/latest/rules/max-statements-per-line, https://eslint.org/docs/latest/rules/no-constant-condition, https://eslint.style/rules/lines-around-comment, https://eslint.org/docs/latest/rules/lines-around-comment, https://eslint.org/docs/latest/rules/no-dupe-keys, https://eslint.org/docs/latest/rules/no-delete-var, https://eslint.org/docs/latest/rules/no-alert, https://eslint.org/docs/latest/rules/no-console, https://eslint.org/docs/latest/rules/no-compare-neg-zero, https://eslint.org/docs/latest/rules/no-empty-function, https://eslint.org/docs/latest/rules/no-await-in-loop, https://eslint.org/docs/latest/rules/no-constructor-return, https://eslint.org/docs/latest/rules/newline-before-return, https://eslint.org/docs/latest/rules/no-extend-native, https://eslint.org/docs/latest/rules/no-duplicate-case, https://eslint.org/docs/latest/rules/max-statements, https://eslint.org/docs/latest/rules/no-continue, https://262.ecma-international.org/5.1/#sec-11.9.3, https://eslint.org/docs/latest/rules/no-constant-binary-expression, https://eslint.org/docs/latest/rules/no-control-regex, https://eslint.org/docs/latest/rules/max-depth, https://eslint.org/docs/latest/rules/no-fallthrough, https://eslint.org/docs/latest/rules/no-async-promise-executor, https://eslint.org/docs/latest/rules/no-empty-character-class, https://eslint.org/docs/latest/rules/no-dupe-class-members, https://eslint.org/docs/latest/rules/no-cond-assign, https://eslint.style/rules/max-len, https://eslint.org/docs/latest/rules/max-len, https://eslint.org/docs/latest/rules/no-iterator, https://eslint.org/docs/latest/rules/no-eq-null, https://eslint.org/docs/latest/rules/no-caller, https://eslint.style/rules/new-parens, https://eslint.org/docs/latest/rules/new-parens, https://eslint.org/docs/latest/rules/no-eval, https://eslint.org/docs/latest/rules/no-dupe-else-if, https://eslint.org/docs/latest/rules/no-lonely-if, https://eslint.org/docs/latest/rules/no-ex-assign, https://eslint.org/docs/latest/rules/no-labels, https://eslint.org/docs/latest/rules/no-extra-label, https://eslint.org/docs/latest/rules/no-div-regex, https://eslint.org/docs/latest/rules/no-loss-of-precision, https://eslint.org/docs/latest/rules/no-else-return, https://eslint.org/docs/latest/rules/no-dupe-args, https://eslint.style/rules/no-mixed-operators, https://eslint.org/docs/latest/rules/no-mixed-operators, https://eslint.org/docs/latest/rules/no-duplicate-imports, https://eslint.style/rules/multiline-comment-style, https://eslint.org/docs/latest/rules/multiline-comment-style, https://eslint.org/docs/latest/rules/no-bitwise, https://eslint.style/rules/no-extra-semi, https://eslint.org/docs/latest/rules/no-extra-semi, https://eslint.org/docs/latest/rules/no-implicit-coercion, https://eslint.org/docs/latest/rules/no-lone-blocks, https://eslint.style/rules/no-extra-parens, https://eslint.org/docs/latest/rules/no-extra-parens, foo.name, https://eslint.org/docs/latest/rules/no-func-assign, https://eslint.org/docs/latest/rules/no-empty, https://eslint.org/docs/latest/rules/no-nested-ternary, https://eslint.org/docs/latest/rules/no-implied-eval, https://eslint.org/docs/latest/rules/no-extra-bind, https://eslint.org/docs/latest/rules/no-extra-boolean-cast, https://eslint.org/docs/latest/rules/no-import-assign, https://github.com/eslint-community/eslint-plugin-n/tree/master/docs/rules/no-mixed-requires.md, https://eslint.org/docs/latest/rules/no-mixed-requires, https://eslint.org/docs/latest/rules/no-irregular-whitespace, https://eslint.org/docs/latest/rules/no-inner-declarations, https://eslint.org/docs/latest/rules/no-new-native-nonconstructor, https://eslint.org/docs/latest/rules/no-empty-static-block, https://eslint.org/docs/latest/rules/no-global-assign, https://eslint.style/rules/no-floating-decimal, https://eslint.org/docs/latest/rules/no-floating-decimal, https://github.com/eslint-community/eslint-plugin-n/tree/master/docs/rules/no-new-require.md, https://eslint.org/docs/latest/rules/no-new-require, https://eslint.org/docs/latest/rules/no-implicit-globals, https://eslint.org/docs/latest/rules/no-new-wrappers, https://eslint.org/docs/latest/rules/no-label-var, https://github.com/eslint-community/eslint-plugin-n/tree/master/docs/rules/no-process-exit.md, https://eslint.org/docs/latest/rules/no-process-exit, https://github.com/eslint-community/eslint-plugin-n/tree/master/docs/rules/no-process-env.md, https://eslint.org/docs/latest/rules/no-process-env, https://github.com/eslint/eslint/pull/17282#issuecomment-1592795923, https://eslint.org/docs/latest/rules/no-promise-executor-return, https://eslint.org/docs/latest/rules/no-debugger, https://eslint.org/docs/latest/rules/no-native-reassign, https://eslint.org/blog/2016/08/eslint-v3.3.0-released/#deprecated-rules, https://eslint.org/docs/rules/no-global-assign, https://eslint.org/docs/latest/rules/no-magic-numbers, https://eslint.org/docs/latest/rules/no-negated-in-lhs, https://eslint.org/docs/rules/no-unsafe-negation, https://eslint.org/docs/latest/rules/no-new-func, https://eslint.org/docs/latest/rules/no-invalid-regexp, https://eslint.org/docs/latest/rules/no-empty-pattern, https://eslint.org/docs/latest/rules/no-multi-str, https://eslint.org/docs/latest/rules/no-param-reassign, https://eslint.org/docs/latest/rules/no-plusplus, https://eslint.org/docs/latest/rules/no-inline-comments, https://eslint.org/docs/latest/rules/no-proto, https://eslint.org/docs/latest/rules/no-invalid-this, https://eslint.org/docs/latest/rules/no-octal, https://eslint.org/docs/latest/rules/no-nonoctal-decimal-escape, https://eslint.org/docs/latest/rules/no-new, https://github.com/eslint-community/eslint-plugin-n/tree/master/docs/rules/no-path-concat.md, https://eslint.org/docs/latest/rules/no-path-concat, https://eslint.org/docs/latest/rules/no-octal-escape, https://eslint.org/docs/latest/rules/no-template-curly-in-string, https://eslint.org/docs/latest/rules/no-multi-assign, https://eslint.org/docs/latest/rules/no-return-assign, https://eslint.org/docs/latest/rules/no-new-symbol, https://eslint.org/docs/latest/use/migrate-to-9.0.0#eslint-recommended, https://eslint.org/docs/latest/rules/no-restricted-syntax, https://eslint.org/docs/latest/rules/no-sequences, https://eslint.org/docs/latest/rules/no-restricted-properties, https://eslint.org/docs/latest/rules/no-this-before-super, https://eslint.org/docs/latest/rules/no-regex-spaces, https://eslint.org/docs/latest/rules/no-object-constructor, https://eslint.org/docs/latest/rules/no-prototype-builtins, https://eslint.style/rules/no-multiple-empty-lines, https://eslint.org/docs/latest/rules/no-multiple-empty-lines, https://eslint.org/docs/latest/rules/no-obj-calls, https://eslint.org/docs/latest/rules/no-misleading-character-class, https://github.com/eslint/eslint/pull/17515, https://eslint.style/rules/no-multi-spaces, https://eslint.org/docs/latest/rules/no-multi-spaces, https://eslint.org/docs/latest/rules/no-negated-condition, https://eslint.org/docs/latest/rules/no-unexpected-multiline, https://eslint.org/docs/latest/rules/no-throw-literal, https://eslint.org/docs/latest/rules/no-return-await, https://eslint.org/docs/latest/rules/no-new-object, https://eslint.org/blog/2023/09/eslint-v8.50.0-released/, https://eslint.org/docs/rules/no-object-constructor, https://eslint.org/docs/latest/rules/no-unmodified-loop-condition, https://eslint.org/docs/latest/rules/no-setter-return, https://eslint.org/docs/latest/rules/no-ternary, https://eslint.org/docs/latest/rules/no-script-url, https://eslint.org/docs/latest/rules/no-loop-func, https://eslint.org/docs/latest/rules/no-unreachable, https://eslint.style/rules/no-tabs, https://eslint.org/docs/latest/rules/no-tabs, https://eslint.org/docs/latest/rules/no-restricted-globals, https://eslint.org/docs/latest/rules/no-shadow, https://eslint.org/docs/latest/rules/no-undef-init, https://eslint.org/docs/latest/rules/no-self-compare, https://github.com/eslint-community/eslint-plugin-n/tree/master/docs/rules/no-sync.md, https://eslint.org/docs/latest/rules/no-sync, https://eslint.style/rules/no-trailing-spaces, https://eslint.org/docs/latest/rules/no-trailing-spaces, https://eslint.org/docs/latest/rules/no-restricted-exports, https://eslint.org/docs/latest/rules/no-restricted-imports, https://eslint.org/docs/latest/rules/no-redeclare, https://eslint.style/rules/no-mixed-spaces-and-tabs, https://eslint.org/docs/latest/rules/no-mixed-spaces-and-tabs, https://eslint.org/docs/latest/rules/no-spaced-func, https://eslint.org/docs/latest/rules/no-unsafe-finally, https://eslint.org/docs/latest/rules/no-unreachable-loop, https://eslint.org/docs/latest/rules/no-shadow-restricted-names, https://eslint.org/docs/latest/rules/no-undefined, https://eslint.org/docs/latest/rules/no-unassigned-vars, https://eslint.org/docs/latest/rules/no-undef, https://eslint.org/docs/latest/rules/no-self-assign, https://eslint.org/docs/latest/rules/no-unsafe-optional-chaining, https://eslint.org/docs/latest/rules/no-useless-assignment, https://eslint.org/docs/latest/rules/no-useless-catch, https://github.com/eslint-community/eslint-plugin-n/tree/master/docs/rules/no-restricted-require.md, https://eslint.org/docs/latest/rules/no-restricted-modules, https://eslint.org/docs/latest/rules/no-unneeded-ternary, https://eslint.org/docs/latest/rules/no-useless-constructor, https://eslint.org/docs/latest/rules/object-shorthand, https://eslint.org/docs/latest/rules/operator-assignment, https://eslint.org/docs/latest/rules/no-underscore-dangle, https://eslint.org/docs/latest/rules/no-unused-vars, https://eslint.org/docs/latest/rules/prefer-named-capture-group, https://eslint.style/rules/one-var-declaration-per-line, https://eslint.org/docs/latest/rules/one-var-declaration-per-line, https://eslint.org/docs/latest/rules/prefer-reflect, Function.prototype.call, https://eslint.org/docs/latest/rules/no-useless-concat, https://eslint.org/docs/latest/rules/no-unused-expressions, https://eslint.org/docs/latest/rules/no-warning-comments, https://eslint.org/docs/latest/rules/no-unused-labels, https://eslint.org/docs/latest/rules/padding-line-between-statements, https://eslint.org/docs/latest/rules/no-unused-private-class-members, https://eslint.org/docs/latest/rules/no-var, https://eslint.org/docs/latest/rules/no-unsafe-negation, https://eslint.org/docs/latest/rules/prefer-object-has-own, MetaProperty.property, https://eslint.org/docs/latest/rules/prefer-arrow-callback, https://eslint.style/rules/object-curly-newline, https://eslint.org/docs/latest/rules/object-curly-newline, https://eslint.style/rules/nonblock-statement-body-position, https://eslint.org/docs/latest/rules/nonblock-statement-body-position, https://eslint.org/docs/latest/rules/no-useless-computed-key, https://eslint.org/docs/latest/rules/no-useless-rename, https://eslint.org/docs/latest/rules/no-useless-backreference, https://eslint.style/rules/no-whitespace-before-property, https://eslint.org/docs/latest/rules/no-whitespace-before-property, https://eslint.org/docs/latest/rules/radix, https://eslint.org/docs/latest/rules/no-void, https://eslint.style/rules/semi-spacing, https://eslint.org/docs/latest/rules/semi-spacing, https://eslint.style/rules/object-curly-spacing, https://eslint.org/docs/latest/rules/object-curly-spacing, https://eslint.org/docs/latest/rules/no-with, https://eslint.org/docs/latest/rules/prefer-regex-literals, https://eslint.org/docs/latest/rules/prefer-spread, https://eslint.org/docs/latest/rules/prefer-rest-params, https://eslint.org/docs/latest/rules/prefer-const, https://eslint.style/rules/operator-linebreak, https://eslint.org/docs/latest/rules/operator-linebreak, https://eslint.org/docs/latest/rules/no-useless-return, https://eslint.org/docs/latest/rules/require-await, https://eslint.style/rules/semi-style, https://eslint.org/docs/latest/rules/semi-style, https://eslint.org/docs/latest/rules/no-sparse-arrays, https://eslint.style/rules/space-infix-ops, https://eslint.org/docs/latest/rules/space-infix-ops, https://eslint.org/docs/latest/rules/preserve-caught-error, https://typescript-eslint.io/packages/type-utils/type-or-value-specifier/, https://github.com/eslint/eslint/pull/19913#discussion_r2192608593, https://github.com/eslint/eslint/discussions/16540, https://github.com/microsoft/TypeScript/blob/main/src/lib/es2022.error.d.ts, https://eslint.style/rules/object-property-newline, https://eslint.org/docs/latest/rules/object-property-newline, https://eslint.org/docs/latest/rules/no-useless-escape, https://eslint.org/docs/latest/rules/no-useless-call, https://eslint.org/docs/latest/rules/prefer-promise-reject-errors, https://eslint.org/docs/latest/rules/prefer-template, https://jex.im/regulex/#, https://eslint.style/rules/spaced-comment, https://eslint.org/docs/latest/rules/spaced-comment, https://eslint.org/docs/latest/rules/sort-vars, https://eslint.org/docs/latest/rules/sort-imports, https://eslint.style/rules/space-before-function-paren, https://eslint.org/docs/latest/rules/space-before-function-paren, https://eslint.style/rules/switch-colon-spacing, https://eslint.org/docs/latest/rules/switch-colon-spacing, https://eslint.style/rules/space-in-parens, https://eslint.org/docs/latest/rules/space-in-parens, https://eslint.org/docs/latest/rules/prefer-destructuring, https://eslint.org/docs/latest/rules/unicode-bom, https://eslint.org/docs/latest/rules/no-use-before-define, https://eslint.style/rules/semi, https://eslint.org/docs/latest/rules/semi, https://eslint.org/docs/latest/rules/prefer-object-spread, https://eslint.style/rules/padded-blocks, https://eslint.org/docs/latest/rules/padded-blocks, https://eslint.org/docs/latest/rules/prefer-numeric-literals, https://eslint.style/rules/space-unary-ops, https://eslint.org/docs/latest/rules/space-unary-ops, http://www.ecma-international.org/ecma-262/6.0/#sec-directive-prologues-and-the-use-strict-directive, https://eslint.org/docs/latest/rules/require-yield, https://eslint.org/docs/latest/rules/prefer-exponentiation-operator, https://eslint.org/docs/latest/rules/sort-keys, https://eslint.style/rules/quote-props, https://eslint.org/docs/latest/rules/quote-props, https://eslint.style/rules/space-before-blocks, https://eslint.org/docs/latest/rules/space-before-blocks, https://eslint.org/docs/latest/rules/strict, https://eslint.style/rules/template-tag-spacing, https://eslint.org/docs/latest/rules/template-tag-spacing, https://eslint.style/rules/template-curly-spacing, https://eslint.org/docs/latest/rules/template-curly-spacing, https://eslint.org/docs/latest/rules/require-unicode-regexp, https://eslint.org/docs/latest/rules/use-isnan, https://eslint.style/rules/rest-spread-spacing, https://eslint.org/docs/latest/rules/rest-spread-spacing, https://github.com/eslint/eslint/issues/8020, https://github.com/estree/estree/blob/14df8a024956ea289bd55b9c2226a1d5b8a473ee/es5.md#regexpliteral, https://github.com/estree/estree/blob/14df8a024956ea289bd55b9c2226a1d5b8a473ee/es2020.md#bigintliteral, https://github.com/tc39/proposal-static-class-features, https://eslint.org/docs/latest/rules/vars-on-top, https://eslint.org/docs/latest/rules/one-var, https://eslint.org/docs/latest/rules/valid-typeof, https://eslint.org/docs/latest/rules/yoda, https://eslint.org/docs/latest/rules/require-atomic-updates, https://eslint.org/docs/latest/use/configure/migration-guide#ignore-files, https://eslint.org/docs/latest/rules/symbol-description, https://eslint.org/docs/latest/use/configure/ignore, https://eslint.org/docs/latest/use/configure/configuration-files#specify-files-with-arbitrary-extensions, https://eslint.org/chat/help, https://eslint.org/docs/latest/use/configure/rules#rule-severities, https://eslint.org/docs/latest/use/configure/rules, https://eslint.org/docs/latest/use/configure/, https://github.com/eslint/eslint/blob/v8.57.0/conf/config-schema.js, https://eslint.org/docs/latest/use/configure/language-options#specifying-parser-options, https://eslint.style/rules/yield-star-spacing, https://eslint.org/docs/latest/rules/yield-star-spacing, https://eslint.style/rules/wrap-regex, https://eslint.org/docs/latest/rules/wrap-regex, https://eslint.style/rules/wrap-iife, https://eslint.org/docs/latest/rules/wrap-iife, https://eslint.org/docs/latest/use/troubleshooting., https://eslint.org/docs/latest/use/configure/migration-guide#configure-language-options, https://eslint.org/docs/latest/use/configure/migration-guide#use-eslintrc-configs-in-flat-config, https://eslint.org/docs/latest/use/configure/migration-guide#predefined-and-shareable-configs, https://eslint.org/docs/latest/use/configure/migration-guide#linter-options, https://eslint.org/docs/latest/use/configure/migration-guide#glob-based-configs, https://eslint.org/docs/latest/use/configure/migration-guide#custom-parsers, https://eslint.org/docs/latest/use/configure/migration-guide, https://eslint.style/rules/quotes, https://eslint.org/docs/latest/rules/quotes, https://eslint.org/docs/latest/extend/custom-parsers#meta-data-in-custom-parsers, https://eslint.org/docs/latest/use/configure/migration-guide#import-plugins-and-custom-parsers, https://eslint.org/docs/latest/use/command-line-interface#--print-config, https://eslint.org/chat, https://eslint.org/docs/latest/use/configure/rules#use-configuration-files

Location: Package overview

From: package-lock.jsonnpm/eslint@10.0.0

ℹ Read more on: This package | This alert | What are URL strings?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Review all remote URLs to ensure they are intentional, pointing to trusted sources, and not being used for data exfiltration or loading untrusted code at runtime.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint@10.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Debug access: npm eslint in module repl

Module: repl

Location: Package overview

From: package-lock.jsonnpm/eslint@10.0.0

ℹ Read more on: This package | This alert | What is debug access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Removing the use of debug will reduce the risk of any reflection and dynamic code execution.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint@10.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Debug access: npm eslint in module module

Module: module

Location: Package overview

From: package-lock.jsonnpm/eslint@10.0.0

ℹ Read more on: This package | This alert | What is debug access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Removing the use of debug will reduce the risk of any reflection and dynamic code execution.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint@10.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Potential code anomaly (AI signal): npm flat-cache is 100.0% likely to have a medium risk anomaly

Notes: The code implements a filesystem-backed cache with potential path traversal vulnerabilities due to unvalidated docId/cacheDir inputs that influence file paths. While not inherently malicious, the lack of input sanitization creates risk of reading/writing/deleting arbitrary files, especially in a public package context where inputs could be user-controlled. No evidence of deliberate malware or obfuscated logic is present, but the security risk due to path handling is non-trivial and should be mitigated by validating and constraining input paths, using safe defaults, and isolating cache storage.

Confidence: 1.00

Severity: 0.60

From: package-lock.jsonnpm/eslint@10.0.0npm/flat-cache@4.0.1

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/flat-cache@4.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Unmaintained: npm json-buffer was last published 7 years ago

Last Publish: 9/10/2018, 7:02:16 PM

From: package-lock.jsonnpm/eslint@10.0.0npm/json-buffer@3.0.1

ℹ Read more on: This package | This alert | What are unmaintained packages?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/json-buffer@3.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Low
Dynamic module loading: npm keyv

Location: Package overview

From: package-lock.jsonnpm/eslint@10.0.0npm/keyv@4.5.4

ℹ Read more on: This package | This alert | What is dynamic require?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should avoid dynamic imports when possible. Audit the use of dynamic require to ensure it is not executing malicious or vulnerable code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/keyv@4.5.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

See 2 more rows in the dashboard

View full report