Skip to content

[potential Security Alert] New site:develop script added in react-gpplot@0.0.1 #3879

Description

@alphaleadership

A new site:develop script was detected in version 0.0.1 of the package react-gpplot.

Suspicion Score: 13/100

Script content:

cross-env PORT=8080 gatsby develop --open -H 0.0.0.0

see npm documentation on package scripts for more details.
and the detector. to understand why this script might be dangerous.
to get the alert only for dangerous scripts, please visitthe telegram if you want to improve the algorythm open a pull request
This could be a security risk. Please investigate.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions