Credly

[safedefi]

Credly is a Community-NFT-as-a-service platform powered by Celo, providing an easy way for web3 communities to launch engagement NFTs.

[socket-security]

Socket Security Pull Request Report

Dependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again.

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package	Script field	Source
protobufjs@6.11.3 (added)	postinstall	Credly/discord-API/package.json via firebase@9.9.2, @firebase/firestore@3.4.14, @grpc/proto-loader@0.6.13
protobufjs@7.0.0 (added)	postinstall	Credly/discord-API/package.json via firebase@9.9.2, @firebase/firestore@3.4.14, @grpc/grpc-js@1.6.9, @grpc/proto-loader@0.7.0
core-js@3.6.5 (added)	postinstall	Credly/discord-API/package.json via firebase@9.9.2, @firebase/polyfill@0.3.36

Pull request report summary

Issue	Status
Install scripts	⚠️ 3 issues
Native code	✅ 0 issues
Bin script confusion	✅ 0 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@2.4.2

• @SocketSecurity ignore protobufjs@6.11.3
• @SocketSecurity ignore protobufjs@7.0.0
• @SocketSecurity ignore core-js@3.6.5

Powered by socket.dev