Create base UI #4

Merged

NyanSpaghetti merged 9 commits from base-ui into main

2023-05-20 22:01:32 +02:00

NyanSpaghetti commented

2023-05-19 18:48:58 +02:00

(Migrated from github.com)

No description provided.

socket-security[bot] commented

2023-05-19 18:49:48 +02:00

(Migrated from github.com)

New dependency changes detected. Learn more about Socket for GitHub ↗︎

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore @swc/core@1.3.59

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package	Script field	Source
@swc/core@1.3.59 (added)	`postinstall`	`package.json` via @vitejs/plugin-react-swc@3.3.1

Pull request alert summary

Issue	Status
Install scripts	⚠️ 1 issue
Native code	✅ 0 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

📊 Modified Dependency Overview:

➕ Added Package	Capability Access	`+/-` Transitive Count	Publisher
class-variance-authority@0.6.0	None	`+1`	joebell93
tailwind-merge@1.12.0	environment	`+0`	dcas
eslint@8.41.0	eval, filesystem, environment	`+58`	eslintbot
clsx@1.2.1	None	`+0`	lukeed
@vitejs/plugin-react-swc@3.3.1	eval, network, filesystem, shell	`+13`	vitebot
tailwindcss-animate@1.0.5	None	`+0`	thejameskyle
eslint-plugin-react-refresh@0.4.1	eval	`+59`	arnaud-barre
react-router-dom@6.11.2	network, environment	`+2`	mjackson

🚮 Removed packages: @types/node@20.1.7, eslint-config-next@13.4.2, internal-ip@7.0.0, next@13.4.2

**New dependency changes detected.** Learn more about [Socket for GitHub ↗︎](https://socket.dev?utm_medium=gh) *** **🚨 Potential security issues found in this pull request.** To accept the risk, merge this PR and you will not be notified again. <details> <summary> <strong>Bot Commands</strong> </summary> <p>To ignore an alert, reply with a comment starting with <code>@SocketSecurity ignore</code> followed by a space separated list of <code>package-name@version</code> specifiers. e.g. <code>@SocketSecurity ignore foo@1.0.0 bar@*</code> or ignore all packages with <code>@SocketSecurity ignore-all</code></p> <ul> <li><code>@SocketSecurity ignore @swc/core@1.3.59</code></li> </ul> </details> <details> <summary> <strong> 📜 Install scripts </strong> </summary> <p> Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. </p> <p> Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. </p> </details> | Package | Script field | Source | | --- | --- | --- | | [@swc/core@1.3.59](https://socket.dev/npm/package/@swc/core/files/1.3.59/package.json#T1251-1272) (added) | [`postinstall`](https://socket.dev/npm/package/@swc/core/files/1.3.59/package.json#T1251-1272) | [`package.json`](https://github.com/lofustudio/horizon/pull/4/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519) via [@vitejs/plugin-react-swc@3.3.1](https://socket.dev/npm/package/@vitejs/plugin-react-swc/overview/3.3.1) | <details> <summary> <strong>Pull request alert summary</strong> </summary> <table> <thead> <tr> <th>Issue</th> <th>Status</th> </tr> </thead> <tbody> <tr> <td><a href='https://socket.dev/npm/issue/installScripts'>Install scripts</a></td> <td>⚠️ 1 issue</td> </tr> <tr> <td><a href='https://socket.dev/npm/issue/hasNativeCode'>Native code</a></td> <td>✅ 0 issues</td> </tr> <tr> <td><a href='https://socket.dev/npm/issue/shellScriptOverride'>Bin script shell injection</a></td> <td>✅ 0 issues</td> </tr> <tr> <td><a href='https://socket.dev/npm/issue/unresolvedRequire'>Unresolved require</a></td> <td>✅ 0 issues</td> </tr> <tr> <td><a href='https://socket.dev/npm/issue/invalidPackageJSON'>Invalid package.json</a></td> <td>✅ 0 issues</td> </tr> <tr> <td><a href='https://socket.dev/npm/issue/httpDependency'>HTTP dependency</a></td> <td>✅ 0 issues</td> </tr> <tr> <td><a href='https://socket.dev/npm/issue/gitDependency'>Git dependency</a></td> <td>✅ 0 issues</td> </tr> <tr> <td><a href='https://socket.dev/npm/issue/didYouMean'>Potential typo squat</a></td> <td>✅ 0 issues</td> </tr> <tr> <td><a href='https://socket.dev/npm/issue/malware'>Known Malware</a></td> <td>✅ 0 issues</td> </tr> <tr> <td><a href='https://socket.dev/npm/issue/telemetry'>Telemetry</a></td> <td>✅ 0 issues</td> </tr> <tr> <td><a href='https://socket.dev/npm/issue/troll'>Protestware/Troll package</a></td> <td>✅ 0 issues</td> </tr> </tbody> </table> </details> *** **📊 Modified Dependency Overview:** | ➕ Added Package | Capability Access | `+/-` Transitive Count | Publisher | | --- | --- | --- | --- | | [class-variance-authority@0.6.0](https://socket.dev/npm/package/class-variance-authority/overview/0.6.0) | None | `+1` | [joebell93](https://socket.dev/npm/user/joebell93) | | [tailwind-merge@1.12.0](https://socket.dev/npm/package/tailwind-merge/overview/1.12.0) | [environment](https://socket.dev/npm/package/tailwind-merge/issues/1.12.0?issue=envVars) | `+0` | [dcas](https://socket.dev/npm/user/dcas) | | [eslint@8.41.0](https://socket.dev/npm/package/eslint/overview/8.41.0) | [eval](https://socket.dev/npm/package/eslint/issues/8.41.0?issue=usesEval&tab=dependencies), [filesystem](https://socket.dev/npm/package/eslint/issues/8.41.0?issue=filesystemAccess), [environment](https://socket.dev/npm/package/eslint/issues/8.41.0?issue=envVars) | `+58` | [eslintbot](https://socket.dev/npm/user/eslintbot) | | [clsx@1.2.1](https://socket.dev/npm/package/clsx/overview/1.2.1) | None | `+0` | [lukeed](https://socket.dev/npm/user/lukeed) | | [@vitejs/plugin-react-swc@3.3.1](https://socket.dev/npm/package/@vitejs/plugin-react-swc/overview/3.3.1) | [eval](https://socket.dev/npm/package/@vitejs/plugin-react-swc/issues/3.3.1?issue=usesEval&tab=dependencies), [network](https://socket.dev/npm/package/@vitejs/plugin-react-swc/issues/3.3.1?issue=networkAccess&tab=dependencies), [filesystem](https://socket.dev/npm/package/@vitejs/plugin-react-swc/issues/3.3.1?issue=filesystemAccess), [shell](https://socket.dev/npm/package/@vitejs/plugin-react-swc/issues/3.3.1?issue=shellAccess&tab=dependencies) | `+13` | [vitebot](https://socket.dev/npm/user/vitebot) | | [tailwindcss-animate@1.0.5](https://socket.dev/npm/package/tailwindcss-animate/overview/1.0.5) | None | `+0` | [thejameskyle](https://socket.dev/npm/user/thejameskyle) | | [eslint-plugin-react-refresh@0.4.1](https://socket.dev/npm/package/eslint-plugin-react-refresh/overview/0.4.1) | [eval](https://socket.dev/npm/package/eslint-plugin-react-refresh/issues/0.4.1?issue=usesEval&tab=dependencies) | `+59` | [arnaud-barre](https://socket.dev/npm/user/arnaud-barre) | | [react-router-dom@6.11.2](https://socket.dev/npm/package/react-router-dom/overview/6.11.2) | [network](https://socket.dev/npm/package/react-router-dom/issues/6.11.2?issue=networkAccess&tab=dependencies), [environment](https://socket.dev/npm/package/react-router-dom/issues/6.11.2?issue=envVars) | `+2` | [mjackson](https://socket.dev/npm/user/mjackson) | **🚮 Removed packages:** [@types/node@20.1.7](https://socket.dev/npm/package/@types/node/overview/20.1.7), [eslint-config-next@13.4.2](https://socket.dev/npm/package/eslint-config-next/overview/13.4.2), [internal-ip@7.0.0](https://socket.dev/npm/package/internal-ip/overview/7.0.0), [next@13.4.2](https://socket.dev/npm/package/next/overview/13.4.2)