Affected script: "install-scripts:post-install-cmd"
This script installs a package using Phive -- "force-accept-unsigned" flag means it will accept and install packages without requiring GPG signatures. Any malicious software lacking a valid signature could be installed undetected, potentially leading to data breaches, system damage, and other security risks.
captainhook/captainhook
's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.Name | Version | Size | License | Type | Vulnerabilities |
---|---|---|---|---|---|
sebastianfeldmann/camino | 0.9.5 | 8.87 kB | MIT | prod | |
sebastianfeldmann/cli | 3.4.1 | 20.56 kB | MIT | prod | 1 |
sebastianfeldmann/git | 3.11.0 | 61.72 kB | MIT | prod | 1 |
symfony/console | v6.4.7 | - | MIT | prod | |
symfony/filesystem | v6.4.7 | - | MIT | prod | |
symfony/process | v6.4.7 | - | MIT | prod dev |