Affected script: "install-scripts:post-install-cmd"
The script uses the 'phive' tool to install a composer package and does it forcing the acceptance of unsigned packages. Unsigned packages are a risk as they are not verified for authenticity and integrity, thus can contain malicious code which can lead to data stealing, root access gaining or other system compromising actions.
captainhook/captainhook
's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.Name | Version | Size | License | Type | Vulnerabilities |
---|---|---|---|---|---|
sebastianfeldmann/camino | 0.9.5 | 8.87 kB | MIT | prod | |
sebastianfeldmann/cli | 3.4.1 | 20.56 kB | MIT | prod | 1 |
sebastianfeldmann/git | 3.11.0 | 61.72 kB | MIT | prod | 1 |
symfony/console | v6.4.6 | 182.96 kB | MIT | prod | |
symfony/filesystem | v6.4.6 | 18.92 kB | MIT | prod | |
symfony/process | v6.4.4 | - | MIT | prod dev |