Home
Docs
GitHub
Pricing
Blog
Log In

Run Sandworm Audit for your App

Get started
⚠️ This package seems to have moderate severity install script vulnerabilities

Affected script: "install-scripts:post-install-cmd"

The script is running the Phive installation command which is generally safe, however, it uses a combination of parameters that could pose a security risk. The --force-accept-unsigned parameter allows it to accept the installation of unsigned phar files, potentially leaving the system vulnerable to the execution of unverified or malicious code. The --trust-gpg-keys parameter allows it to trust unknown GPG keys, another potential risk which could allow an attacker to introduce manipulated packages.

Generated on Feb 17, 2024 via composer

sitepark/github-composer-release-test 1.1.0

Test project to test the release process with Github Actions
Package summary
Share
1
issue
1
high severity
meta
1
1
license
1
MIT
Package created
23 Oct 2023
Version published
20 Oct 2023
Maintainers
1
Total deps
1
Direct deps
0
License
MIT

Issues

1

1 high severity issue

high
via: sitepark/github-composer-release-test@1.1.0
Collapse
Expand

Licenses

MIT License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
Cannot
hold-liable
Must
include-copyright
include-license
1 Packages, Including:
sitepark/github-composer-release-test@1.1.0
Disclaimer

This deed highlights only some of the key features and terms of the actual license. It is not a license and has no legal value. You should carefully review all of the terms and conditions of the actual license before using the licensed material.

Sandworm is not a law firm and does not provide legal services. Distributing, displaying, or linking to this deed or the license that it summarizes does not create a lawyer-client or any other relationship.

Direct Dependencies

0
All Dependencies CSV
β“˜ This is a list of sitepark/github-composer-release-test 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.
NameVersionSizeLicenseTypeVulnerabilities

Visualizations