Bump anchore/sbom-action from 0.20.5 to 0.20.6 by dependabot[bot] · Pull Request #411 · some-natalie/kubernoodles

dependabot · 2025-09-16T15:05:40Z

Bumps anchore/sbom-action from 0.20.5 to 0.20.6.

Release notes

Sourced from anchore/sbom-action's releases.

v0.20.6

Changes in v0.20.6

chore(deps): update Syft to v1.33.0 (#537) [[anchore-actions-token-generator[bot]](https://github.com/[anchore-actions-token-generator[bot]](https://github.com/apps/anchore-actions-token-generator))]

chore: update actions library to resolve critical vulnerability (#536) [spiffcs]

Commits

f8bdd1d chore(deps): update Syft to v1.33.0 (#537)
c2c9a6d chore: update actions library to resolve critical sec (#536)
039eeb2 chore(deps): update Syft to v1.32.0 (#533)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.20.5 to 0.20.6. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](anchore/sbom-action@da167ea...f8bdd1d) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-version: 0.20.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2025-09-16T15:07:38Z

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/mocks/service.twirp.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	sus/intercept	References interception	interceptors
-LOW	data/encoding/json_decode	Decodes JSON messages	JSON.parse
-LOW	data/encoding/json_encode	encodes JSON	JSON.stringify

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/types/google/protobuf/descriptor.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	net/http/post	submits content to websites	POST HTTP
-LOW	exec/plugin	references a 'plugin'	deprecated in favor of using plugins without additional plugins
-LOW	net/http	Uses the HTTP protocol	HTTP

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/types/descriptor-registry.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./source-code-info ./descriptor-info ./descriptor-tree ./string-format ./type-names ./google
-LOW	exec/plugin	references a 'plugin'	plugin

Deleted: /tmp/prior-commit/node_modules/encoding/node_modules/iconv-lite/encodings/internal.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	data/encoding/utf16	assembles strings from UTF-16 code units	String.fromCharCode(curByte String.fromCharCode(acc)
-LOW	data/encoding/base64	Supports base64 encoded strings	base64
-LOW	os/fd/write	writes to a file handle	decoder.write(buf)

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/server.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./request ./errors ./hooks
-MEDIUM	sus/intercept	References interception	interceptors
-LOW	net/http	Uses the HTTP protocol	http

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/server.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./interceptors ./context ./errors ./hooks
-MEDIUM	sus/intercept	References interception	interceptors
-LOW	net/http	Uses the HTTP protocol	http

Deleted: /tmp/prior-commit/node_modules/ts-poet/build/Import.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./foo

Deleted: /tmp/prior-commit/node_modules/twirp-ts/protoc-gen-twirp_ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./build
-LOW	exec/plugin	references a 'plugin'	plugin
-LOW	fs/path/usr_bin	path reference within /usr/bin	/usr/bin/env

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/tests/errors.test.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	data/encoding/json_encode	encodes JSON	JSON.stringify

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/types/string-format.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./source-code-info ./descriptor-info ./descriptor-tree ./type-names ./google

Deleted: /tmp/prior-commit/node_modules/yaml/types.mjs [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./dist
-LOW	exec/imports/python	imports python modules	import types

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/protoc-gen-twirp-ts/gen/index-file.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	exec/plugin	references a 'plugin'	plugin

Deleted: /tmp/prior-commit/node_modules/yaml/browser/dist/resolveSeq-492ab440.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	data/encoding/url	decodes URL components	decodeURIComponent
-MEDIUM	sus/exclamation	gets very excited	return !!
-LOW	data/encoding/json_encode	encodes JSON	JSON.stringify
-LOW	net/http	Uses the HTTP protocol	http
-LOW	net/url/embedded	contains embedded HTTP URLs	http://yaml.org/type/merge.html

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/types/descriptor-info.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./descriptor-tree ./type-names ./google
-LOW	net/url/embedded	contains embedded HTTPS URLs	https://developers.google.com/protocol-buffers/docs/proto3

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/tests/client.test.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	net/http	Uses the HTTP protocol	http
-LOW	net/url/embedded	contains embedded HTTP URLs	http://localhost

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/protoc-gen-twirp-ts/gen/open-api.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	exec/program	executes external program	exec(str)) require
-MEDIUM	net/http/form_upload	upload content via HTTP form	application/json post
-LOW	exec/plugin	references a 'plugin'	plugin
-LOW	net/http	Uses the HTTP protocol	http

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/types/type-names.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./descriptor-info ./descriptor-tree

Deleted: /tmp/prior-commit/node_modules/yaml/parse-cst.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./util

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/commonjs/google/protobuf/descriptor.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	net/http/post	submits content to websites	POST HTTP http
-LOW	net/http	Uses the HTTP protocol	HTTP
-LOW	net/url/embedded	contains embedded HTTPS URLs	https://developers.google.com/protocol-buffers/

Deleted: /tmp/prior-commit/node_modules/encoding/node_modules/iconv-lite/encodings/sbcs-data-generated.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	anti-static/obfuscation/js	high entropy javascript (>6)

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/tests/gateway.test.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	net/http/form_upload	upload content via HTTP form	application/json POST post
-MEDIUM	net/http/post	submits content to websites	Content-Type http POST
-MEDIUM	net/proxy/reverse	Implements a reverse proxy	reverseProxy
-LOW	net/http	Uses the HTTP protocol	http
-LOW	net/url/embedded	contains embedded HTTP URLs	http://localhost

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/http.client.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./errors
-MEDIUM	net/ip/host_port	connects to an arbitrary host:port	[host"
-LOW	net/http	Uses the HTTP protocol	http HTTP

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/commonjs/descriptor-tree.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./descriptor-info ./google

Deleted: /tmp/prior-commit/node_modules/encoding/node_modules/iconv-lite/lib/bom-handling.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	os/fd/write	writes to a file handle	decoder.write(buf) encoder.write(str)

Deleted: /tmp/prior-commit/node_modules/yaml/dist/test-events.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./parse-cst

Deleted: /tmp/prior-commit/node_modules/yaml/dist/Schema-88e323a7.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	(const tag of customTags) (obj instanceof Map) (const it of obj) warnings-1000 [0-9a-fA-F_] (customTags) parseInt
-LOW	data/encoding/int	parses integers	parseInt(
-LOW	data/encoding/json_encode	encodes JSON	JSON.stringify

Deleted: /tmp/prior-commit/node_modules/encoding/node_modules/iconv-lite/encodings/utf7.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	[base64AccumIdx++] (canBeDecoded) fromCharCode 20-0x7E 16-be
-MEDIUM	data/encoding/utf16	assembles strings from UTF-16 code units	(String.fromCharCode(i))
-LOW	data/encoding/base64	Supports base64 encoded strings	base64
-LOW	net/http	Uses the HTTP protocol	http
-LOW	net/url/embedded	contains embedded HTTPS URLs	https://tools.ietf.org/html/rfc2152

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/protoc-gen-twirp-ts/gen/twirp.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	exec/plugin	references a 'plugin'	plugin

Deleted: /tmp/prior-commit/node_modules/dot-object/dist/dot-object.min.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	data/encoding/int	performs math directly against parsed integers	+parseInt(
-LOW	data/encoding/json_decode	Decodes JSON messages	JSON.parse
-LOW	data/encoding/json_encode	encodes JSON	JSON.stringify

Deleted: /tmp/prior-commit/node_modules/ts-poet/build/Code.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./is-plain-object ./standalone ./index
-LOW	data/encoding/json_encode	encodes JSON	JSON.stringify
-LOW	exec/plugin	references a 'plugin'	plugins

Deleted: /tmp/prior-commit/node_modules/@babel/helper-validator-identifier/scripts/generate-identifier-regex.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	data/encoding/json_encode	encodes JSON	JSON.stringify
-LOW	net/url/embedded	contains embedded HTTPS URLs	https://tc39.github.io/ecma262/

Deleted: /tmp/prior-commit/node_modules/yaml/browser/parse-cst.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./dist

Deleted: /tmp/prior-commit/node_modules/dot-object/bin/dot-object [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	data/encoding/json_decode	Decodes JSON messages	JSON.parse
-LOW	data/encoding/json_encode	encodes JSON	JSON.stringify
-LOW	fs/file/read	reads files	fs.readFile
-LOW	fs/file/write	writes to file	writeFile
-LOW	fs/path/usr_bin	path reference within /usr/bin	/usr/bin/env

Deleted: /tmp/prior-commit/node_modules/ts-poet/build/SymbolSpecs.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./foo

Deleted: /tmp/prior-commit/node_modules/dot-object/dist/dot-object.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	(this instanceof DotObject) (previousKey + index) (blacklistFilter) [object Object] [exportName] parseInt
-MEDIUM	data/encoding/int	performs math directly against parsed integers	+ parseInt(
-MEDIUM	fs/file/copy	copy files using cp	cp
-LOW	data/encoding/json_decode	Decodes JSON messages	JSON.parse
-LOW	data/encoding/json_encode	encodes JSON	JSON.stringify

Deleted: /tmp/prior-commit/node_modules/encoding/node_modules/iconv-lite/encodings/sbcs-codec.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	data/encoding/utf16	assembles strings from UTF-16 code units	String.fromCharCode(i)

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/tests/server.test.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	net/http/form_upload	upload content via HTTP form	application/json POST post
-MEDIUM	net/http/post	submits content to websites	Content-Type: invalid/json http POST
-MEDIUM	sus/intercept	References interception	interceptorSpy interceptors
-LOW	data/encoding/json_encode	encodes JSON	JSON.stringify
-LOW	net/http	Uses the HTTP protocol	http

Deleted: /tmp/prior-commit/node_modules/ts-poet/build/Import.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./foo

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/request.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./context
-LOW	net/http	Uses the HTTP protocol	http

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/mocks/service.twirp.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	net/http	Uses the HTTP protocol	http

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/es2015/string-format.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./descriptor-info ./google

Deleted: /tmp/prior-commit/node_modules/encoding/node_modules/iconv-lite/encodings/dbcs-data.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	anti-static/obfuscation/hex	many references to hexadecimal values	0x9c77 0x8eab 0xa2ce 0xa2cc 0xa2a6 0xa2a7 0xa2a5 0xa2a4 0x96ed 0x9644 0x92c8 0x8fcc 0xa0df 0xa0dc 0xa077 0x9fcb 0x91bf 0x92af 0x9efd 0x9eef 0x9ea9 0x9dfb 0x9def 0x9dc4 0x90f1 0x9d5a 0xED40 0xF940 0x9d57 0x9cd0 0x9cbd 0xA2E3 0x8e69 0x8e6f 0x8e7e 0x9c68 0x8eb4 0x8ecd 0x8ed0 0x8f57 0x8f69 0x8f6e 0x8fcb 0x8ffe 0x906d 0x907a 0x90c4 0x90dc 0x9cbc 0x9f60 0x9c6b 0x92b0 0x92b1 0x92b2 0x92d1 0x9447 0x94ca 0x95d9 0x96fc 0x9975 0x9b76 0x9b78 0x9b7b 0x9bc6 0x9bde 0x9bec 0x9bf6 0x9c42 0x9c53 0x9c62 0x5C 0xA1 0xDF 0x80 0x7E 0x21 0xFE 0x8F 0x8E 0x7F 0x00 0xFC 0x9F 0x9E 0x40 0xEF 0xE0 0x81
-MEDIUM	fs/path/relative	references and possibly executes relative path	./tables
-MEDIUM	net/url/embedded	contains hardcoded PHP endpoint	http://www.khngai.com/chinese/charmap/tblgbk.php?page=0
-LOW	c2/tool_transfer/os	references a specific operating system	https:// http:// Windows windows
-LOW	net/http	Uses the HTTP protocol	http

Deleted: /tmp/prior-commit/node_modules/encoding/node_modules/iconv-lite/encodings/dbcs-codec.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	anti-static/obfuscation/hex	many references to hexadecimal values	0x1000000 0xDC00 0xD800 0xE000 0xFFFF 0x0FFF 0x0FF0 0x400 0x3FF 0xFE 0x39 0x81 0x30
-MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	(they are too large in gb18030) (leadSurrogate - 0xD800) (our own encoding used) (seqStart + prevOffset) (codeTrail - 0xDC00) [SEQ_START-dbcsCode] [SEQ_START - uCode] [NODE_START - val] (dbcsCode / 12600) (dbcsCode / 1260) [i + prevOffset] (uCode - 0xDC00) [i-1+prevOffset] [i-2+prevOffset] [i-3+prevOffset] (code - 0xD800) (dbcsCode / 10) (curByte-0x30) [curAddr - 1] [subNodeIdx] parseInt UTF-16 32-bit
-LOW	data/encoding/int	parses integers	parseInt(
-LOW	os/fd/write	writes to a file handle	this.write(bytesArr)

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/commonjs/type-names.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./descriptor-info ./google

Deleted: /tmp/prior-commit/node_modules/safer-buffer/Porting-Buffer.md [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	credential/password	references a 'password'	source code to passwords and encryption leak passwords
-LOW	data/encoding/base64	Supports base64 encoded strings	base64
-LOW	exec/plugin	references a 'plugin'	plugin
-LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/n https://eslint.org/docs/rules/no-buffer-constructor https://github.com/joyeecheung/node-dep-codemod https://www.npmjs.com/package/buffer-alloc https://www.npmjs.com/package/safer-buffer https://www.npmjs.com/package/buffer-from https://www.npmjs.com/package/safe-buffer https://github.com/chalker/safer-buffer https://github.com/nodejs/Release https://ponyfill.com/

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/es2015/typescript-import-manager.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./foo

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin/build/our-options.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	exec/plugin	references a 'plugin'	PluginMessageError pluginCredit
-LOW	net/tcp/grpc	Uses the gRPC Remote Procedure Call framework	gRPC

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/interceptors.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	sus/intercept	References interception	interceptors

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/protoc-gen-twirp-ts/gen/gateway.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	exec/program	executes external program	exec(urlSegment) require
-MEDIUM	net/http/post	submits content to websites	POST HTTP http
-LOW	data/encoding/json_encode	encodes JSON	JSON.stringify
-LOW	fs/file/write	writes to file	writeFileSync
-LOW	net/http	Uses the HTTP protocol	http HTTP

Deleted: /tmp/prior-commit/node_modules/@babel/helpers/scripts/generate-helpers.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	data/encoding/json_encode	encodes JSON	JSON.stringify
-LOW	net/url/parse	Handles URL strings	new URL

Deleted: /tmp/prior-commit/node_modules/safer-buffer/dangerous.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./safer

Deleted: /tmp/prior-commit/node_modules/yaml/dist/resolveSeq-d03cb037.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	data/encoding/url	decodes URL components	decodeURIComponent
-MEDIUM	sus/exclamation	gets very excited	return !!
-LOW	data/encoding/json_encode	encodes JSON	JSON.stringify
-LOW	net/http	Uses the HTTP protocol	http
-LOW	net/url/embedded	contains embedded HTTP URLs	http://yaml.org/type/merge.html

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/request.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./errors
-MEDIUM	net/http/form_upload	upload content via HTTP form	application/json POST
-MEDIUM	net/http/post	submits content to websites	Content-Type: POST

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/types/typescript-import-manager.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./descriptor-info ./typescript-file ./generated-file ./symbol-table

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/tests/interceptor.test.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	sus/intercept	References interception	interceptors_1 interceptor0 interceptor1

Deleted: /tmp/prior-commit/node_modules/ts-poet/build/Literal.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./is-plain-object
-LOW	data/encoding/json_encode	encodes JSON	JSON.stringify

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/commonjs/descriptor-info.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./string-format ./google

Deleted: /tmp/prior-commit/node_modules/yaml/dist/warnings-1000a372.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	(const value of iterable) (const it of iterable) (deprecation) fromCharCode issues/2549
-MEDIUM	data/base64/decode	decode base64 strings	js_base64_decode::atob(
-MEDIUM	data/encoding/utf16	assembles strings from UTF-16 code units	[String.fromCharCode(valuei
-LOW	data/encoding/base64	Supports base64 encoded strings	base64
-LOW	data/encoding/json_encode	encodes JSON	JSON.stringify
-LOW	net/url/embedded	contains embedded HTTPS URLs	jestjs/jest#2549
-LOW	os/env/get	Retrieve environment variable values	env.YAML_SILENCE_DEP env.YAML_SILENCE_WAR

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/http.client.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./errors
-MEDIUM	net/http/form_upload	upload content via HTTP form	application/json POST
-MEDIUM	net/http/post	submits content to websites	Content-Type POST HTTP http
-MEDIUM	net/ip/host_port	connects to an arbitrary hostname:port	hostname, port
-LOW	data/encoding/json_decode	Decodes JSON messages	JSON.parse
-LOW	data/encoding/json_encode	encodes JSON	JSON.stringify
-LOW	net/http	Uses the HTTP protocol	http HTTP

Deleted: /tmp/prior-commit/node_modules/ts-poet/build/SymbolSpecs.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./foo

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/protoc-gen-twirp-ts/gen/twirp.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	sus/intercept	References interception	interceptors
-LOW	data/encoding/json_decode	Decodes JSON messages	JSON.parse
-LOW	data/encoding/json_encode	encodes JSON	JSON.stringify

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/es2015/descriptor-registry.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./source-code-info ./descriptor-info ./descriptor-tree ./string-format ./type-names ./google
-LOW	exec/plugin	references a 'plugin'	plugin

Deleted: /tmp/prior-commit/node_modules/yaml/browser/dist/warnings-df54cb69.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	(item instanceof YAMLMap) (key instanceof Scalar) (pair instanceof Pair) (item instanceof Pair) (deprecation) fromCharCode solveSeq-492 issues/2549
-MEDIUM	data/base64/decode	decode base64 strings	js_base64_decode::atob(
-MEDIUM	data/encoding/utf16	assembles strings from UTF-16 code units	[String.fromCharCode(valuei
-LOW	data/encoding/base64	Supports base64 encoded strings	base64
-LOW	data/encoding/json_encode	encodes JSON	JSON.stringify
-LOW	net/url/embedded	contains embedded HTTPS URLs	jestjs/jest#2549
-LOW	os/env/get	Retrieve environment variable values	env.YAML_SILENCE_DEP env.YAML_SILENCE_WAR

Deleted: /tmp/prior-commit/node_modules/yaml/browser/dist/Schema-e94716c8.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	(value instanceof Node) (obj instanceof Map) (customTags) solveSeq-492 [0-9a-fA-F_] parseInt
-LOW	data/encoding/int	parses integers	parseInt(
-LOW	data/encoding/json_encode	encodes JSON	JSON.stringify

Deleted: /tmp/prior-commit/node_modules/yaml/util.mjs [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./dist
-LOW	exec/imports/python	imports python modules	import util

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/gateway.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./http
-MEDIUM	net/http/post	submits content to websites	POST http
-MEDIUM	net/proxy/reverse	Implements a reverse proxy	reverseProxy
-LOW	net/http	Uses the HTTP protocol	http

Deleted: /tmp/prior-commit/node_modules/encoding/node_modules/iconv-lite/encodings/utf16.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	net/http	Uses the HTTP protocol	http
-LOW	net/url/embedded	contains embedded HTTP URLs	http://en.wikipedia.org/wiki/UTF-16 http://encoding.spec.whatwg.org/
-LOW	os/fd/write	writes to a file handle	decoder.write(buf) encoder.write(str)

Deleted: /tmp/prior-commit/node_modules/encoding/node_modules/iconv-lite/encodings/utf32.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	c2/tool_transfer/os	references a specific operating system	http:// Windows
-LOW	net/http	Uses the HTTP protocol	http
-LOW	net/url/embedded	contains embedded HTTP URLs	http://en.wikipedia.org/wiki/UTF-32
-LOW	os/fd/write	writes to a file handle	decoder.write(buf) encoder.write(str)

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/types/descriptor-tree.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./descriptor-info ./google

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin/build/code-gen/generator-base.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	exec/plugin	references a 'plugin'	plugin

Deleted: /tmp/prior-commit/node_modules/yaml/dist/Document-9b4560a1.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	data/encoding/json_encode	encodes JSON	JSON.stringify

Deleted: /tmp/prior-commit/node_modules/yaml/browser/pair.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./dist

Deleted: /tmp/prior-commit/node_modules/@babel/helpers/scripts/generate-regenerator-runtime.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	fs/file/read	reads files	fs.readFile
-LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/facebook/regenerator/blob/main/LICENSE

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/protoc-gen-twirp-ts/gen/open-api.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	exec/plugin	references a 'plugin'	plugin

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/descriptors.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./reflect ./wkt
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://protobuf.dev/programming-guides/field_presence/ https://protobuf.dev/programming-guides/enum/

Added: /tmp/current-commit/node_modules/@typescript/vfs/dist/vfs.esm.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	(basically the folder your node_modules lives) (a shim over read/write access to the fs) (languageServiceHost) (var key in source) (indexesForCutting) (compilerOptions) `$f_fromCharCode` (newSourceFile) (prefix + lib) (tests mainly) `$complex_math` (methodName) (sourceFile) (workingDir) `$f_parseInt` pull/49813 pull/54011 `$math2` `$math1` `$xor2` `$xor1`
+MEDIUM	collect/localstorage	accesses browser local storage	localStorage.get
+MEDIUM	data/encoding/utf16	assembles strings from UTF-16 code units	(String.fromCharCode(102, 11 (String.fromCharCode(112, 97
+MEDIUM	net/download	download files	for the CDN download vs the compiler
+LOW	fs/directory/list	Uses NodeJS functions to list a directory	.readdirSync(
+LOW	fs/file/delete	deletes files	deleteFile
+LOW	fs/file/read	reads files	fs.readFile
+LOW	fs/file/stat	access filesystem metadata	fs.statSync(file)
+LOW	fs/file/write	writes to file	writeFile:
+LOW	fs/symlink_resolve	resolves symbolic links	realpath
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/microsoft/TypeScript/blob/main/src/lib/libs.json microsoft/TypeScript#54011 microsoft/TypeScript#49813 https://playgroundcdn.typescriptlang.org/cdn/
+LOW	os/env/get	Retrieve environment variable values	env.DEBUG

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/wire/varint.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/protocolbuffers/protobuf/blob/8a71927d74a4ce34efe2d876 https://github.com/protocolbuffers/protobuf-javascript/blob/a428c58273aba https://github.com/protocolbuffers/protobuf/blob/1b18833f4f2a2f681f4e4a25

Added: /tmp/current-commit/node_modules/@bufbuild/protoplugin/dist/cjs/printable.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protoplugin/dist/esm/runtime-imports.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./import-symbol
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/reflect/unsafe.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./scalar
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protoplugin/dist/cjs/import-symbol.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./bar

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/wkt/gen/google/protobuf/wrappers_pb.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/fields.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./descriptors ./types

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/wkt/gen/google/protobuf/duration_pb.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/wkt/gen/google/protobuf/field_mask_pb.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@babel/helpers/lib/helpers/setFunctionName.js.map [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://tc39.es/ecma262/

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/is-message.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./descriptors ./types

Added: /tmp/current-commit/node_modules/typescript/lib/lib.webworker.asynciterable.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/codegenv2/embed.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	data/encoding/base64	Supports base64 encoded strings	base64

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/from-json.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	(const jsonItem of json) (ignoreUnknownFields) (ListValueSchema) (nullAsZeroValue) (const e of json) (StructSchema) (camelToSnake) (typeof json) (ValueSchema) (longSeconds) (valueField) (jsonString) 64-encoding 2021-2025 12-31T23 01-01T00 parseInt 9999-12 0001-01 32-bit
+MEDIUM	fs/path/relative	references and possibly executes relative path	./descriptors ./extensions ./reflect ./create ./wire ./wkt
+LOW	data/encoding/base64	Supports base64 encoded strings	base64
+LOW	data/encoding/int	parses integers	parseInt(
+LOW	data/encoding/json_decode	Decodes JSON messages	JSON.parse
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/codegenv1/extension.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protoplugin/dist/cjs/parameter.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./error
+LOW	exec/plugin	references a 'plugin'	const ecmaScriptPluginOptions PluginOptionError plugin
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protoplugin/dist/esm/parameter.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./import-path
+LOW	exec/plugin	references a 'plugin'	export interface EcmaScriptPluginOptions possible values of the plugin option Possible values of the plugin option Standard plugin options

Added: /tmp/current-commit/node_modules/@typescript/vfs/dist/vfs.cjs.production.min.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	collect/localstorage	accesses browser local storage	localStorage.get
+MEDIUM	data/encoding/utf16	assembles strings from UTF-16 code units	(String.fromCharCode(102,115 (String.fromCharCode(112,97,
+MEDIUM	net/download	download files	for the CDN download vs the compiler
+LOW	fs/directory/list	Uses NodeJS functions to list a directory	.readdirSync(
+LOW	fs/file/delete	deletes files	deleteFile
+LOW	fs/file/write	writes to file	writeFile:function writeFile:t
+LOW	fs/symlink_resolve	resolves symbolic links	realpath
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://playgroundcdn.typescriptlang.org/cdn/
+LOW	os/env/get	Retrieve environment variable values	env.DEBUG

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/wire/binary-encoding.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./text-encoding ./varint
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://developers.google.com/protocol-buffers/docs/encoding
+LOW	process/create	create child process	fork

Added: /tmp/current-commit/node_modules/@babel/helpers/lib/helpers/extends.js.map [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	babel/babel#14527

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/wkt/gen/google/protobuf/compiler/plugin_pb.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	exec/plugin	references a 'plugin'	file_google_protobuf_compiler_plugin
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@babel/helpers/lib/helpers/regeneratorAsyncGen.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./regenerator

Added: /tmp/current-commit/node_modules/@babel/helpers/lib/helpers/isNativeReflectConstruct.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	sus/exclamation	gets very excited	return !!

Added: /tmp/current-commit/node_modules/@bufbuild/protoplugin/dist/esm/import-path.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/es-errors/syntax.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./syntax

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/wkt/gen/google/protobuf/empty_pb.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/descriptors.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/typescript/lib/lib.esnext.decorators.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/to-json.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./descriptors ./json-value ./registry ./types
+LOW	data/encoding/json_encode	encodes JSON	JSON.stringify

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/wkt/gen/google/protobuf/source_context_pb.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protoplugin/dist/esm/file-preamble.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./source-code-info
+LOW	exec/plugin	references a 'plugin'	pluginVersion pluginName
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@protobuf-ts/plugin/build/framework/create-option-parser.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	exec/plugin	references a 'plugin'	Plugin options

Added: /tmp/current-commit/node_modules/@babel/helpers/lib/helpers/toPrimitive.js.map [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://tc39.es/ecma262/

Added: /tmp/current-commit/node_modules/@bufbuild/protoplugin/dist/esm/create-es-plugin.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./generated-file ./schema ./plugin
+LOW	exec/plugin	references a 'plugin'	the plugin framework when the plugin runs function will be invoked by the plugin Version of this code generator plugin can be used to parse your own plugin Name of this code generator plugin edition supported by this plugin function createEcmaScriptPlugin interface PluginInit

Added: /tmp/current-commit/node_modules/@bufbuild/protoplugin/dist/cjs/run-node.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./plugin
+LOW	exec/plugin	references a 'plugin'	protoplugin myPlugin
+LOW	fs/path/usr_bin	path reference within /usr/bin	/usr/bin/env

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/wkt/gen/google/protobuf/timestamp_pb.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/wkt/gen/google/protobuf/go_features_pb.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./descriptor_pb
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protoplugin/dist/esm/safe-identifier.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	exec/plugin	references a 'plugin'	protoplugin
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/wire/text-format.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	2021-2025 parseInt
+LOW	data/encoding/int	parses integers	parseInt(
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@babel/helpers/lib/helpers/applyDecs2301.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	exec/plugin	references a 'plugin'	supported by the decorators plugin

Added: /tmp/current-commit/node_modules/math-intrinsics/pow.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./pow

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/wire/size-delimited.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTPS URLs	protocolbuffers/protobuf#10229

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/reflect/reflect-types.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./unsafe
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@babel/helpers/lib/helpers/instanceof.js.map [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	sus/exclamation	gets very excited	n return !!

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/wkt/gen/google/protobuf/descriptor_pb.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/http/post	submits content to websites	POST HTTP http
+LOW	exec/plugin	references a 'plugin'	plugins
+LOW	net/http	Uses the HTTP protocol	http HTTP
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/typescript/lib/lib.esnext.collection.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@typescript/vfs/dist/vfs.cjs.development.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	(basically the folder your node_modules lives) (a shim over read/write access to the fs) (languageServiceHost) (var key in source) (indexesForCutting) (compilerOptions) `$f_fromCharCode` (newSourceFile) (prefix + lib) (tests mainly) `$complex_math` (methodName) (sourceFile) (workingDir) `$f_parseInt` pull/49813 pull/54011 `$math2` `$math1` `$xor2` `$xor1`
+MEDIUM	collect/localstorage	accesses browser local storage	localStorage.get
+MEDIUM	data/encoding/utf16	assembles strings from UTF-16 code units	(String.fromCharCode(102, 11 (String.fromCharCode(112, 97
+MEDIUM	net/download	download files	for the CDN download vs the compiler
+LOW	fs/directory/list	Uses NodeJS functions to list a directory	.readdirSync(
+LOW	fs/file/delete	deletes files	deleteFile
+LOW	fs/file/read	reads files	fs.readFile
+LOW	fs/file/stat	access filesystem metadata	fs.statSync(file)
+LOW	fs/file/write	writes to file	writeFile:
+LOW	fs/symlink_resolve	resolves symbolic links	realpath
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/microsoft/TypeScript/blob/main/src/lib/libs.json microsoft/TypeScript#54011 microsoft/TypeScript#49813 https://playgroundcdn.typescriptlang.org/cdn/
+LOW	os/env/get	Retrieve environment variable values	env.DEBUG

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/codegenv2/embed.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	data/encoding/base64	Supports base64 encoded strings	base64
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protoplugin/dist/esm/printable.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./import-symbol

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/extensions.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./from-binary ./to-binary ./reflect ./create ./wire ./wkt
+MEDIUM	sus/exclamation	gets very excited	!!
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/wkt/gen/google/protobuf/field_mask_pb.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	HTTP

Added: /tmp/current-commit/node_modules/@babel/helpers/lib/helpers/tsRewriteRelativeImportExtensions.js.map [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/microsoft/TypeScript/blob/71716a2868c87248af5020e33a84

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/registry.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./descriptors ./wkt

Added: /tmp/current-commit/node_modules/typescript/lib/lib.dom.asynciterable.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/typescript/lib/lib.es2017.date.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/reflect/nested-types.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/wkt/gen/google/protobuf/any_pb.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@babel/helpers/lib/helpers/superPropSet.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./set

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/wkt/gen/google/protobuf/struct_pb.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/to-binary.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./descriptors ./reflect ./wire
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protoplugin/dist/cjs/safe-identifier.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	exec/plugin	references a 'plugin'	protoplugin

Added: /tmp/current-commit/node_modules/@babel/helpers/lib/helpers/classPrivateFieldLooseBase.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	credential/ssl/private_key	References private keys	privateKey

Added: /tmp/current-commit/node_modules/@babel/helpers/lib/helpers/applyDecs2305.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	exec/plugin	references a 'plugin'	supported by the decorators plugin

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/is-message.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/codegenv2/restore-json-names.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@babel/helpers/lib/helpers/wrapNativeSuper.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./construct

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/wkt/gen/google/protobuf/timestamp_pb.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	c2/tool_transfer/os	references a specific operating system	https:// http:// Windows
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_ https://docs.python.org/2/library/time.html https://developers.google.com/time/smear https://www.ietf.org/rfc/rfc3339.txt

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/wire/base64-encoding.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	data/encoding/base64	Supports base64 encoded strings	base64
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protoplugin/dist/cjs/jsdoc.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./source-code-info
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/from-binary.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./descriptors ./reflect ./wire
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protoplugin/dist/esm/runtime-imports.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./import-symbol

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/wkt/gen/google/protobuf/type_pb.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./any_pb
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/wkt/gen/google/protobuf/any_pb.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http HTTP

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/reflect/names.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	exec/plugin	references a 'plugin'	protoplugin
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://protobuf.com/docs/language-spec

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/wire/text-encoding.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/reflect/reflect-check.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/wkt/gen/google/protobuf/java_features_pb.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	data/embedded/base64_url	Contains base64 url	contains_base64_url::h0dHA6Ly
+MEDIUM	fs/path/relative	references and possibly executes relative path	./descriptor_pb
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/typescript/lib/lib.esnext.disposable.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/extensions.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./descriptors ./reflect ./types ./wkt

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/codegenv2/boot.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@babel/helpers/lib/helpers/temporalRef.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./tdz

Added: /tmp/current-commit/node_modules/@babel/helpers/lib/helpers/applyDecs2203R.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	exec/plugin	references a 'plugin'	supported by the decorators plugin

Added: /tmp/current-commit/node_modules/@babel/helpers/lib/helpers/superPropGet.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./get

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/wire/varint.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/protocolbuffers/protobuf/blob/8a71927d74a4ce34efe2d876 https://github.com/protocolbuffers/protobuf-javascript/blob/a428c58273aba https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operato https://github.com/protocolbuffers/protobuf/blob/1b18833f4f2a2f681f4e4a25

Added: /tmp/current-commit/node_modules/@bufbuild/protoplugin/dist/cjs/transpile.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	exec/plugin	references a 'plugin'	If this is not desirable for plugin authors
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protoplugin/dist/cjs/import-path.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	exec/plugin	references a 'plugin'	protoplugin support plugins

Added: /tmp/current-commit/node_modules/@typescript/vfs/dist/vfs.globals.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	(basically the folder your node_modules lives) (a shim over read/write access to the fs) (languageServiceHost) (var key in source) (indexesForCutting) (compilerOptions) `$f_fromCharCode` (newSourceFile) (prefix + lib) (tests mainly) `$complex_math` (methodName) (sourceFile) (workingDir) `$f_parseInt` pull/49813 pull/54011 `$math2` `$math1` `$xor2` `$xor1`
+MEDIUM	collect/localstorage	accesses browser local storage	localStorage.get
+MEDIUM	data/encoding/utf16	assembles strings from UTF-16 code units	(String.fromCharCode(102, 11 (String.fromCharCode(112, 97
+MEDIUM	net/download	download files	for the CDN download vs the compiler
+LOW	fs/directory/list	Uses NodeJS functions to list a directory	.readdirSync(
+LOW	fs/file/delete	deletes files	deleteFile
+LOW	fs/file/read	reads files	fs.readFile
+LOW	fs/file/stat	access filesystem metadata	fs.statSync(file)
+LOW	fs/file/write	writes to file	writeFile:
+LOW	fs/symlink_resolve	resolves symbolic links	realpath
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/microsoft/TypeScript/blob/main/src/lib/libs.json microsoft/TypeScript#54011 microsoft/TypeScript#49813 https://playgroundcdn.typescriptlang.org/cdn/
+LOW	os/env/get	Retrieve environment variable values	env.DEBUG

Added: /tmp/current-commit/node_modules/@babel/helpers/lib/helpers/toPropertyKey.js.map [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://tc39.es/ecma262/

Added: /tmp/current-commit/node_modules/@bufbuild/protoplugin/dist/esm/file-preamble.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	exec/plugin	references a 'plugin'	pluginVersion pluginName

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/registry.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./descriptors ./reflect ./wire
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://protobuf.dev/programming-guides/field_presence/ https://protobuf.dev/programming-guides/enum/

Added: /tmp/current-commit/node_modules/@babel/helpers/lib/helpers/isNativeReflectConstruct.js.map [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	sus/exclamation	gets very excited	n return !!

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/equals.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./descriptors ./registry ./types

Added: /tmp/current-commit/node_modules/es-errors/eval.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./eval

Added: /tmp/current-commit/node_modules/typescript/lib/lib.esnext.object.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@babel/helpers/lib/helpers/classPrivateFieldLooseBase.js.map [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	credential/ssl/private_key	References private keys	privateKey

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/wkt/gen/google/protobuf/cpp_features_pb.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	data/embedded/base64_url	Contains base64 url	contains_base64_url::h0dHA6Ly
+MEDIUM	fs/path/relative	references and possibly executes relative path	./descriptor_pb
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/from-json.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./descriptors ./json-value ./registry ./types

Added: /tmp/current-commit/node_modules/typescript/lib/lib.es2023.collection.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/wkt/gen/google/protobuf/compiler/plugin_pb.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	exec/plugin	references a 'plugin'	once before sending them to the plugin file_google_protobuf_compiler_plugin is written to the plugin The plugin process plugins

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/to-binary.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./descriptors ./reflect ./types ./wire
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://developers.google.com/protocol-buffers/docs/proto3

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/wire/size-delimited.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	protocolbuffers/protobuf#10229

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/reflect/names.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	exec/plugin	references a 'plugin'	protoplugin
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://protobuf.com/docs/language-spec

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/wkt/gen/google/protobuf/api_pb.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http HTTP
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://cloud.google.com/apis/design/glossary

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/wire/binary-encoding.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://developers.google.com/protocol-buffers/docs/encoding
+LOW	process/create	create child process	fork

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/from-binary.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./descriptors ./reflect ./types ./wire
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://developers.google.com/protocol-buffers/docs/proto3

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/fields.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./reflect
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protoplugin/dist/cjs/import-symbol.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/wire/base64-encoding.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	data/encoding/base64	Supports base64 encoded strings	base64

Added: /tmp/current-commit/node_modules/@bufbuild/protoplugin/dist/esm/create-es-plugin.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./transpile ./parameter ./schema
+LOW	exec/plugin	references a 'plugin'	export function createEcmaScriptPlugin plugin
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/wkt/gen/google/protobuf/api_pb.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./type_pb
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/@babel/helpers/lib/helpers/instanceof.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	sus/exclamation	gets very excited	return !!

Added: /tmp/current-commit/node_modules/@bufbuild/protoplugin/dist/cjs/run-node.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./error
+LOW	exec/plugin	references a 'plugin'	protoplugin myPlugin
+LOW	fs/path/usr_bin	path reference within /usr/bin	/usr/bin/env
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Added: /tmp/current-commit/node_modules/typescript/lib/lib.es2016.intl.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_

Added: /tmp/current-commit/node_modules/@protobuf-ts/plugin/build/gen/protobuf-ts_pb.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	exec/plugin	references a 'plugin'	plugin
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/tcp/grpc	Uses the gRPC Remote Procedure Call framework	gRPC

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/proto-int64.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./wire
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0
+LOW	os/env/get	Retrieve environment variable values	env.BUF_BIGINT_DISAB

Added: /tmp/current-commit/node_modules/@bufbuild/protoplugin/dist/cjs/transpile.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./generated-file

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/esm/wkt/gen/google/protobuf/type_pb.d.ts [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http

Added: /tmp/current-commit/node_modules/@protobuf-ts/plugin/build/gen/protobuf-ts_pb.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./node_modules
+LOW	exec/plugin	references a 'plugin'	plugin
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/tcp/grpc	Uses the gRPC Remote Procedure Call framework	gRPC

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/wkt/gen/google/protobuf/descriptor_pb.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/http/post	submits content to websites	POST HTTP
+LOW	exec/plugin	references a 'plugin'	deprecated in favor of using plugins without additional plugins
+LOW	net/http	Uses the HTTP protocol	HTTP

Added: /tmp/current-commit/node_modules/@bufbuild/protobuf/dist/cjs/json-value.js [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/embedded	contains embedded HTTP URLs	http://www.apache.org/licenses/LICENSE-2.0

Changed (1 added, 18 removed): /tmp/current-commit/node_modules/y18n/index.mjs [🛑 HIGH → 🟡 MEDIUM]

1 new behavior

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./build

18 removed behaviors

RISK	KEY	DESCRIPTION	EVIDENCE
-HIGH	exec/remote_commands/code_eval	Executes code from a complex expression	exec(res.pop())
-MEDIUM	exec/program	executes external program	exec(res.pop()) exec(urlStr)) exec(str) exec(ct) require
-MEDIUM	impact/remote_access/agent	references an 'agent'	agent
-MEDIUM	net/http/form_upload	upload content via HTTP form	application/x-www-form-urlencoded POST
-MEDIUM	net/http/post	submits content to websites	Content-Type HTTP http POST
-MEDIUM	net/url/encode	encodes URL, likely to pass GET variables	urlencode
-MEDIUM	net/url/request	requests resources via URL	http.request
-LOW	data/compression/gzip	works with gzip files	gzip
-LOW	data/compression/zlib	uses zlib	zlib
-LOW	data/encoding/json_decode	Decodes JSON messages	JSON.parse
-LOW	net/http	Uses the HTTP protocol	http HTTP
-LOW	net/http/accept_encoding	set HTTP response encoding format (example: gzip)	Accept-Encoding
-LOW	net/http/auth	makes HTTP requests with basic authentication	www-authenticate
-LOW	net/http/request	makes HTTP requests	User-Agent
-LOW	net/socket/send	send a message to a socket	socket send
-LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/tmpvar/jsdom/blob/aa85b2abf07766ff7bf5c1f6daafb3726f2f node-fetch/node-fetch#296 https://tools.ietf.org/html/rfc3986 https://hsivonen.fi/encoding-menu/ https://fetch.spec.whatwg.org/
-LOW	net/url/parse	Handles URL strings	new URL
-LOW	os/fd/write	writes to a file handle	dest.write(body)

Moved: /tmp/prior-commit/node_modules/@actions/artifact/lib/generated/results/api/v1/artifact.twirp.js -> /tmp/current-commit/node_modules/@actions/artifact/lib/generated/results/api/v1/artifact.twirp-client.d.ts (similarity: 0.91)

3 removed behaviors

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	sus/intercept	References interception	interceptors
-LOW	data/encoding/json_decode	Decodes JSON messages	JSON.parse
-LOW	data/encoding/json_encode	encodes JSON	JSON.stringify

Moved: /tmp/prior-commit/node_modules/@actions/artifact/lib/generated/results/api/v1/artifact.twirp.js -> /tmp/current-commit/node_modules/@actions/artifact/lib/generated/results/api/v1/artifact.twirp-client.js (similarity: 0.93)

3 removed behaviors

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	sus/intercept	References interception	interceptors
-LOW	data/encoding/json_decode	Decodes JSON messages	JSON.parse
-LOW	data/encoding/json_encode	encodes JSON	JSON.stringify

Moved: /tmp/prior-commit/node_modules/@babel/types/lib/builders/generated/uppercase.js.map -> /tmp/current-commit/node_modules/@babel/types/lib/builders/generated/lowercase.js (similarity: 0.91) [🔵 → 🔵 LOW]

1 new behavior

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	fs/file/stat	access filesystem metadata	fs.static

Moved: /tmp/prior-commit/node_modules/@protobuf-ts/plugin/build/our-options.d.ts -> /tmp/current-commit/node_modules/@protobuf-ts/plugin/build/options.d.ts (similarity: 0.92)

2 removed behaviors

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	net/http	Uses the HTTP protocol	http
-LOW	net/tcp/grpc	Uses the gRPC Remote Procedure Call framework	gRPC

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code patch Patch semver labels Sep 16, 2025

some-natalie merged commit ab17431 into main Sep 20, 2025
6 checks passed

some-natalie deleted the dependabot/github_actions/anchore/sbom-action-0.20.6 branch September 20, 2025 15:14

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump anchore/sbom-action from 0.20.5 to 0.20.6#411

Bump anchore/sbom-action from 0.20.5 to 0.20.6#411
some-natalie merged 1 commit intomainfrom
dependabot/github_actions/anchore/sbom-action-0.20.6

dependabot Bot commented on behalf of github Sep 16, 2025

Uh oh!

github-actions Bot commented Sep 16, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Sep 16, 2025

v0.20.6

Changes in v0.20.6

Uh oh!

github-actions Bot commented Sep 16, 2025

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/mocks/service.twirp.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/types/google/protobuf/descriptor.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/types/descriptor-registry.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/encoding/node_modules/iconv-lite/encodings/internal.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/server.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/server.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/ts-poet/build/Import.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/twirp-ts/protoc-gen-twirp_ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/tests/errors.test.js [🔵 LOW]

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/types/string-format.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/yaml/types.mjs [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/protoc-gen-twirp-ts/gen/index-file.d.ts [🔵 LOW]

Deleted: /tmp/prior-commit/node_modules/yaml/browser/dist/resolveSeq-492ab440.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/types/descriptor-info.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/tests/client.test.js [🔵 LOW]

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/protoc-gen-twirp-ts/gen/open-api.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/types/type-names.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/yaml/parse-cst.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/commonjs/google/protobuf/descriptor.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/encoding/node_modules/iconv-lite/encodings/sbcs-data-generated.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/tests/gateway.test.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/http.client.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/commonjs/descriptor-tree.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/encoding/node_modules/iconv-lite/lib/bom-handling.js [🔵 LOW]

Deleted: /tmp/prior-commit/node_modules/yaml/dist/test-events.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/yaml/dist/Schema-88e323a7.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/encoding/node_modules/iconv-lite/encodings/utf7.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/protoc-gen-twirp-ts/gen/twirp.d.ts [🔵 LOW]

Deleted: /tmp/prior-commit/node_modules/dot-object/dist/dot-object.min.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/ts-poet/build/Code.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/@babel/helper-validator-identifier/scripts/generate-identifier-regex.js [🔵 LOW]

Deleted: /tmp/prior-commit/node_modules/yaml/browser/parse-cst.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/dot-object/bin/dot-object [🔵 LOW]

Deleted: /tmp/prior-commit/node_modules/ts-poet/build/SymbolSpecs.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/dot-object/dist/dot-object.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/encoding/node_modules/iconv-lite/encodings/sbcs-codec.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/tests/server.test.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/ts-poet/build/Import.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/request.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/mocks/service.twirp.d.ts [🔵 LOW]

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/es2015/string-format.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/encoding/node_modules/iconv-lite/encodings/dbcs-data.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/encoding/node_modules/iconv-lite/encodings/dbcs-codec.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/commonjs/type-names.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/safer-buffer/Porting-Buffer.md [🔵 LOW]

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/es2015/typescript-import-manager.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin/build/our-options.js [🔵 LOW]

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/interceptors.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/protoc-gen-twirp-ts/gen/gateway.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/@babel/helpers/scripts/generate-helpers.js [🔵 LOW]

Deleted: /tmp/prior-commit/node_modules/safer-buffer/dangerous.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/yaml/dist/resolveSeq-d03cb037.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/request.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/types/typescript-import-manager.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/tests/interceptor.test.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/ts-poet/build/Literal.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/commonjs/descriptor-info.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/yaml/dist/warnings-1000a372.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/http.client.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/ts-poet/build/SymbolSpecs.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/protoc-gen-twirp-ts/gen/twirp.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/es2015/descriptor-registry.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/yaml/browser/dist/warnings-df54cb69.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/yaml/browser/dist/Schema-e94716c8.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/yaml/util.mjs [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/twirp/gateway.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/encoding/node_modules/iconv-lite/encodings/utf16.js [🔵 LOW]

Deleted: /tmp/prior-commit/node_modules/encoding/node_modules/iconv-lite/encodings/utf32.js [🔵 LOW]

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin-framework/build/types/descriptor-tree.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/@protobuf-ts/plugin/build/code-gen/generator-base.d.ts [🔵 LOW]

Deleted: /tmp/prior-commit/node_modules/yaml/dist/Document-9b4560a1.js [🔵 LOW]

Deleted: /tmp/prior-commit/node_modules/yaml/browser/pair.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit/node_modules/@babel/helpers/scripts/generate-regenerator-runtime.js [🔵 LOW]

Deleted: /tmp/prior-commit/node_modules/twirp-ts/build/protoc-gen-twirp-ts/gen/open-api.d.ts [🔵 LOW]