Affected script: "install-scripts:post-install-cmd"
The script installs a package using Phive without checking the progress. Most worryingly, it is forcing acceptance of unsigned code with the option --force-accept-unsigned, which is a huge security vulnerability, as it allows the execution of potentially malicious or harmful unsigned code. Additionally, it's trusting certain GPG keys without any apparent verification, which again could allow unverified, harmful code to be run.
sitepark/github-composer-release-test
's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.Name | Version | Size | License | Type | Vulnerabilities |
---|