You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An npm audit indicates incorrect package attestation in version 1.3.0:
npm audit signatures
audited 1665 packages in 20s
1663 packages have verified registry signatures
14 packages have verified attestations
2 packages have invalid attestations:
axios@1.6.8 (https://registry.npmjs.org/)
ts-api-utils@1.3.0 (https://registry.npmjs.org/)
Someone might have tampered with these packages since they were published on the registry!
Additional Info
node 20.11.0
npm 10.4.0
The text was updated successfully, but these errors were encountered:
@shadaxv TBH it seems rather weird. The version 1.3.0 of ts-api-utils doesn't exist on GitHub (that's likely why it gets flagged by npm audit). Given the recent events around the XZ Utils backdoor, this looks rather suspicious to me and I would be careful!
馃し yeah this was a confusing bit to look at. Since the issue hasn't happened again, I'd recommend going with a newer version of ts-api-utils to not get the warnings.
Bug Report Checklist
main
branch of the repository.Expected
Audit does not indicate invalid attestation
Actual
An npm audit indicates incorrect package attestation in version 1.3.0:
Additional Info
node 20.11.0
npm 10.4.0
The text was updated successfully, but these errors were encountered: