advisories: 1
This data as json
| rowid | platform | organisation | repo | package_name | version | current_version | package_manager | package_file_path | dep_types | level | advisory_type | description | supported_until | eol_from |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | gitlab | technottingham | Hackbot | hubot-pugme | git+https://git@github.com/TechNottingham/hubot-pugme.git | npm | package.json | ["dependencies"] | ERROR | SECURITY | Use of Git-based NPM dependencies have a number of supply chain security risks, and do not have the same level of predictability, immutability and security practices that using the official npm registry provides. For more details, see Socket Security's blog post https://socket.dev/blog/how-to-mitigate-the-risks-of-using-open-source-packages-with-git-dependencies |