-
Notifications
You must be signed in to change notification settings - Fork 168
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add butterfly-extsrc #327
Conversation
WalkthroughThe pull request introduces a new dependency to the Changes
Possibly related PRs
Suggested labels
Poem
📜 Recent review detailsConfiguration used: CodeRabbit UI 📒 Files selected for processing (1)
🔇 Additional comments (1)package.json (1)
Version constraint "*" poses security risks Using "*" as the version constraint allows installing any version, including potentially malicious future versions. Consider:
Let's verify this package: ✅ Verification successfulVersion "*" should be updated to "^1.1.4" for butterfly-extsrc The package is legitimate (created in 2020, maintained by jerrywong) with:
Please update the version constraint from "*" to "^1.1.4" to:
🏁 Scripts executedThe following scripts were executed for the analysis: Script: #!/bin/bash
# Description: Check package info and security advisories
# Check if package exists on npm
curl -s https://registry.npmjs.org/butterfly-extsrc | jq '.time.created,.maintainers[].name'
# Check for security advisories
gh api graphql -f query='
{
securityVulnerabilities(first: 5, ecosystem: NPM, package: "butterfly-extsrc") {
nodes {
advisory {
summary
severity
publishedAt
}
vulnerableVersionRange
firstPatchedVersion {
identifier
}
}
}
}'
Length of output: 483 Script: #!/bin/bash
# Let's verify if this is a package that should be in the allowlist by:
# 1. Checking if it's already in the allowlist
# 2. Looking at its dependencies and download stats
# Check if package is already in allowlist
rg -A 1 '"butterfly-extsrc"' package.json
# Get package details including dependencies and latest version
curl -s https://registry.npmjs.org/butterfly-extsrc | jq '{
latest: .["dist-tags"].latest,
description: .description,
dependencies: .[].dependencies,
downloads: .downloads
}'
# Get download stats for last month
curl -s https://api.npmjs.org/downloads/point/last-month/butterfly-extsrc
Length of output: 512 Script: #!/bin/bash
# Let's get more details about the package versions and dependencies
curl -s https://registry.npmjs.org/butterfly-extsrc | jq '{
latest: .["dist-tags"].latest,
description: .description,
versions: [keys[] | select(startswith("version") | not)],
repository: .repository.url,
homepage: .homepage
}'
# Check if this package is used as a dependency by other packages in the repo
rg -l "butterfly-extsrc"
Length of output: 738 Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
[skip ci] ## [1.148.0](v1.147.0...v1.148.0) (2024-12-07) ### Features * add butterfly-extsrc ([#327](#327)) ([38205f2](38205f2))
Summary by CodeRabbit
butterfly-extsrc
, to enhance project capabilities.