[Snyk] Upgrade core-js from 3.9.0 to 3.37.0

[snyk-io]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade core-js from 3.9.0 to 3.37.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 88 versions ahead of your current version.

• The recommended version was released a month ago, on 2024-04-16.

Release notes

Package name: core-js

• 3.37.0 - 2024-04-16
  
  • Changes v3.36.1...v3.37.0
  • New Set methods proposal:
    • Built-ins:
      • Set.prototype.intersection
      • Set.prototype.union
      • Set.prototype.difference
      • Set.prototype.symmetricDifference
      • Set.prototype.isSubsetOf
      • Set.prototype.isSupersetOf
      • Set.prototype.isDisjointFrom
    • Moved to stable ES, April 2024 TC39 meeting
    • Added es. namespace modules, /es/ and /stable/ namespaces entries
  • Explicit Resource Management stage 3 proposal
    • Some minor updates like explicit-resource-management/217
  • Added Math.sumPrecise stage 2.7 proposal:
    • Built-ins:
      • Math.sumPrecise
  • Promise.try proposal:
    • Built-ins:
      • Promise.try
    • Added optional arguments support, promise-try/16
    • Moved to stage 2.7, April 2024 TC39 meeting
  • RegExp.escape stage 2 proposal:
    • Moved to hex-escape semantics, regex-escaping/67
      • It's not the final change of the way of escaping, waiting for regex-escaping/77 soon
  • Pattern matching stage 1 proposal:
    • Built-ins:
      • Symbol.customMatcher
    • Once again, the used well-known symbol was renamed
    • Added new entries for that
  • Added Extractors stage 1 proposal:
    • Built-ins:
      • Symbol.customMatcher
    • Since the Symbol.customMatcher well-known symbol from the pattern matching proposal is also used in the exactors proposal, added an entry also for this proposal
  • Added URL.parse, url/825
  • Engines bugs fixes:
    • Added a fix of Safari { Object, Map }.groupBy bug that does not support iterable primitives
    • Added a fix of Safari bug with double call of constructor in Array.fromAsync
  • Compat data improvements:
    • URL.parse added and marked as supported from FF 126
    • URL.parse added and marked as supported from Bun 1.1.4
    • URL.canParse fixed and marked as supported from Bun 1.1.0
    • New Set methods fixed in JavaScriptCore and marked as supported from Bun 1.1.1
    • Added Opera Android 82 compat data mapping
• 3.36.1 - 2024-03-19
  
  • Changes v3.36.0...v3.36.1
  • Fixed some validation cases in Object.setPrototypeOf, #1329, thanks @ minseok-choe
  • Fixed the order of validations in Array.from, #1331, thanks @ minseok-choe
  • Added a fix of Bun queueMicrotask arity
  • Added a fix of Bun URL.canParse arity
  • Added a fix of Bun SuppressedError extra arguments support and arity
  • Compat data improvements:
    • value argument of URLSearchParams.prototype.{ has, delete } marked as supported from Bun 1.0.31
    • Added React Native 0.74 Hermes compat data, Array.prototype.{ toSpliced, toReversed, with } and atob marked as supported
    • Added Deno 1.41.3 compat data mapping
    • Added Opera Android 81 compat data mapping
    • Added Samsung Internet 25 compat data mapping
    • Added Oculus Quest Browser 32 compat data mapping
    • Updated Electron 30 compat data mapping
• 3.36.0 - 2024-02-14
  
  • ArrayBuffer.prototype.transfer and friends proposal:
    • Built-ins:
      • ArrayBuffer.prototype.detached
      • ArrayBuffer.prototype.transfer
      • ArrayBuffer.prototype.transferToFixedLength
    • Moved to stable ES, Febrary 2024 TC39 meeting
    • Added es. namespace modules, /es/ and /stable/ namespaces entries
  • Uint8Array to / from base64 and hex proposal:
    • Methods:
      • Uint8Array.fromBase64
      • Uint8Array.fromHex
      • Uint8Array.prototype.toBase64
      • Uint8Array.prototype.toHex
    • Moved to stage 3, Febrary 2024 TC39 meeting
    • Added /actual/ namespace entries
    • Skipped adding new methods of writing to existing arrays to clarification some moments
  • Promise.try proposal has been resurrected and moved to stage 2, Febrary 2024 TC39 meeting
  • Added an entry point for the new TC39 proposals stage - core-js/stage/2.7 - still empty
  • Fixed regression in Set.prototype.intersection feature detection
  • Fixed a missed check in Array.prototype.{ indexOf, lastIndexOf, includes }, #1325, thanks @ minseok-choe
  • Fixed a missed check in Array.prototype.{ reduce, reduceRight }, #1327, thanks @ minseok-choe
  • Fixed Array.from and some other methods with proxy targets, #1322, thanks @ minseok-choe
  • Fixed dependencies loading for modules from ArrayBuffer.prototype.transfer and friends proposal in some specific cases in IE10-
  • Dropped context workaround from collection static methods entries since with current methods semantic it's no longer required
  • Added instance methods polyfills to entries of collections static methods that produce collection instances
  • Added missed Date.prototype.toJSON to JSON.stringify entries dependencies
  • Added debugging info in some missed cases
  • Compat data improvements:
    • { Map, Object }.groupBy, Promise.withResolvers, ArrayBuffer.prototype.transfer and friends marked as supported from Safari 17.4
    • New Set methods fixed and marked as supported from V8 ~ Chrome 123
    • Added Deno 1.40 compat data mapping
    • Symbol.metadata marked as supported from Deno 1.40.4
    • Updated Electron 30 compat data mapping
• 3.35.1 - 2024-01-20
  
  • Fixed internal ToLength operation with bigints, #1318
  • Removed significant redundant code from String#split polyfill
  • Fixed setting names of methods with symbol keys in some old engines
  • Minor fix of prototype methods export logic in the pure version
  • Compat data improvements:
    • Iterator helpers proposal methods marked as supported from V8 ~ Chrome 122
    • Note that V8 ~ Chrome 122 add Set methods, but they have a bug similar to Safari
    • self marked as fixed from Bun 1.0.22
    • SuppressedError and Symbol.{ dispose, asyncDispose } marked as supported from Bun 1.0.23
    • Added Oculus Quest Browser 31 compat data mapping
    • Updated Electron 29 and added Electron 30 compat data mapping
• 3.35.0 - 2023-12-28
  
  • { Map, Set, WeakMap, WeakSet }.{ from, of } became non-generic, following this and some other notes. Now they can be invoked without this, but no longer return subclass instances
  • Fixed handling some cases of non-enumerable symbol keys from Symbol polyfill
  • Removed unneeded NodeJS domains-related logic from queueMicrotask polyfill
  • Fixed subclassing of wrapped ArrayBuffer
  • Refactoring, many different minor optimizations
  • Compat data improvements:
    • Array.fromAsync marked as supported from V8 ~ Chrome 121
    • It seems that the ancient Array.prototype.push bug is fixed in V8 ~ Chrome 122 (Hallelujah!)
    • ArrayBuffer.prototype.transfer and friends proposal features marked as supported from FF 122 and Bun 1.0.19
    • Object.groupBy and Map.groupBy marked as supported from Bun 1.0.19
    • Since Iterator helpers proposal methods are still not disabled in Deno, the web compatibility issue why it was disabled in Chromium makes no sense for Deno and fixed in the spec, they marked as supported from Deno 1.37
    • Added Opera Android 80 and updated Opera Android 79 compat data mapping
    • Added Samsung Internet 24 compat data mapping
• 3.34.0 - 2023-12-05
  
  • Array grouping proposal:
    • Methods:
      • Object.groupBy
      • Map.groupBy
    • Moved to stable ES, November 2023 TC39 meeting
    • Added es. namespace modules, /es/ and /stable/ namespaces entries
  • Promise.withResolvers proposal:
    • Method:
      • Promise.withResolvers
    • Moved to stable ES, November 2023 TC39 meeting
    • Added es. namespace module, /es/ and /stable/ namespaces entries
  • Fixed a web incompatibility issue of Iterator helpers proposal, proposal-iterator-helpers/287 and some following changes, November 2023 TC39 meeting
  • Added Uint8Array to / from base64 and hex stage 2 proposal:
    • Methods:
      • Uint8Array.fromBase64
      • Uint8Array.fromHex
      • Uint8Array.prototype.toBase64
      • Uint8Array.prototype.toHex
  • Relaxed some specific cases of Number.fromString validation before clarification of proposal-number-fromstring/24
  • Fixed @@ toStringTag property descriptors on DOM collections, #1312
  • Fixed the order of arguments validation in Array iteration methods, #1313
  • Some minor atob / btoa improvements
  • Compat data improvements:
    • Promise.withResolvers marked as shipped from FF121
• 3.33.3 - 2023-11-19
  
  • Fixed an issue getting the global object on Duktape, #1303
  • Avoid sharing internal [[DedentMap]] from String.dedent proposal between core-js instances before stabilization of the proposal
  • Some internal untangling
  • Compat data improvements:
    • Added Deno 1.38 compat data mapping
    • Array.fromAsync marked as supported from Deno 1.38
    • Symbol.{ dispose, asyncDispose } marked as supported from Deno 1.38
    • Added Opera Android 79 compat data mapping
    • Added Oculus Quest Browser 30 compat data mapping
    • Updated Electron 28 and 29 compat data mapping
• 3.33.2 - 2023-10-30
  
  • Simplified structuredClone polyfill, avoided second tree pass in cases of transferring
  • Added support of SuppressedError to structuredClone polyfill
  • Removed unspecified unnecessary ArrayBuffer and DataView dependencies of structuredClone lack of which could cause errors in some entries in IE10-
  • Fixed handling of fractional number part in Number.fromString
  • Compat data improvements:
    • URL.canParse marked as supported from Chromium 120
    • Updated Opera Android 78 compat data mapping
    • Added Electron 29 compat data mapping
• 3.33.1 - 2023-10-20
  
  • Added one more workaround of possible error with Symbol polyfill on global object, #1289
  • Directly specified type: commonjs in package.json of all packages to avoid potential breakage in future Node versions, see this issue
  • Prevented potential issue with lack of some dependencies after automatic optimization polyfills of some methods in the pure version
  • Some minor internal fixes and optimizations
  • Compat data improvements:
    • String.prototype.{ isWellFormed, toWellFormed } marked as supported from FF119
    • Added React Native 0.73 Hermes compat data, mainly fixes of some issues
    • Added NodeJS 21.0 compat data mapping
• 3.33.0 - 2023-10-01
• 3.32.2 - 2023-09-07
• 3.32.1 - 2023-08-18
• 3.32.0 - 2023-07-27
• 3.31.1 - 2023-07-06
• 3.31.0 - 2023-06-11
• 3.30.2 - 2023-05-06
• 3.30.1 - 2023-04-13
• 3.30.0 - 2023-04-03
• 3.29.1 - 2023-03-13
• 3.29.0 - 2023-02-26
• 3.28.0 - 2023-02-13
• 3.27.2 - 2023-01-18
• 3.27.1 - 2022-12-29
• 3.27.0 - 2022-12-25
• 3.26.1 - 2022-11-13
• 3.26.0 - 2022-10-23
• 3.25.5 - 2022-10-03
• 3.25.4 - 2022-10-02
• 3.25.3 - 2022-09-25
• 3.25.2 - 2022-09-18
• 3.25.1 - 2022-09-07
• 3.25.0 - 2022-08-24
• 3.24.1 - 2022-07-29
• 3.24.0 - 2022-07-25
• 3.23.5 - 2022-07-17
• 3.23.4 - 2022-07-09
• 3.23.3 - 2022-06-25
• 3.23.2 - 2022-06-20
• 3.23.1 - 2022-06-14
• 3.23.0 - 2022-06-13
• 3.22.8 - 2022-06-01
• 3.22.7 - 2022-05-24
• 3.22.6 - 2022-05-22
• 3.22.5 - 2022-05-10
• 3.22.4 - 2022-05-02
• 3.22.3 - 2022-04-28
• 3.22.2 - 2022-04-21
• 3.22.1 - 2022-04-19
• 3.22.0 - 2022-04-15
• 3.21.1 - 2022-02-16
• 3.21.0 - 2022-02-01
• 3.20.3 - 2022-01-15
• 3.20.2 - 2022-01-01
• 3.20.1 - 2021-12-23
• 3.20.0 - 2021-12-15
• 3.19.3 - 2021-12-06
• 3.19.2 - 2021-11-29
• 3.19.1 - 2021-11-02
• 3.19.0 - 2021-10-25
• 3.18.3 - 2021-10-12
• 3.18.2 - 2021-10-05
• 3.18.1 - 2021-09-26
• 3.18.0 - 2021-09-19
• 3.17.3 - 2021-09-09
• 3.17.2 - 2021-09-02
• 3.17.1 - 2021-09-01
• 3.17.0 - 2021-09-01
• 3.16.4 - 2021-08-29
• 3.16.3 - 2021-08-24
• 3.16.2 - 2021-08-17
• 3.16.1 - 2021-08-08
• 3.16.0 - 2021-07-30
• 3.15.2 - 2021-06-29
• 3.15.1 - 2021-06-22
• 3.15.0 - 2021-06-20
• 3.14.0 - 2021-06-05
• 3.13.1 - 2021-05-29
• 3.13.0 - 2021-05-25
• 3.12.1 - 2021-05-08
• 3.12.0 - 2021-05-06
• 3.11.3 - 2021-05-05
• 3.11.2 - 2021-05-03
• 3.11.1 - 2021-04-28
• 3.11.0 - 2021-04-22
• 3.10.2 - 2021-04-19
• 3.10.1 - 2021-04-07
• 3.10.0 - 2021-03-31
• 3.9.1 - 2021-02-28
• 3.9.0 - 2021-02-18

from core-js GitHub release notes

Commit messages

Package name: core-js

• 598d0b2 3.37.0
• 88b57ee update the changelog
• a7f3a96 `URL.parse` added and marked as supported from Bun 1.1.4
• 3c2deac fix the place of `Uint8Array` to / from base64 and hex in the readme
• 1bb8d08 update the changelog
• a7f8abf Merge pull request added default values to react property tables teambit/bit#1343 from zloirock/update-pattern-matching
• be019f9 fix a link
• c978c8f add an entry for exactors proposal
• 8957db1 update pattern matching proposal
• 212ff8a add a link
• d393ed4 some simplification
• 51cb7c8 some simplification
• 51ce5d0 simplify some constants definition
• e7e9d71 update docs
• 3a54109 add some tests
• 6912464 update dependencies
• 9da401f add `Math.sumPrecise`
• 0ac334d enable some `eslint` rules from `eslint-plugin-import-x`
• bec66e7 update dependencies
• 3f46d78 update some notes
• acec5c4 update dependencies
• 80f1d23 add a fix of Safari `{ Object, Map }.groupBy` bug that does not support iterable primitives
• 5b908c2 add a fix of Safari bug with double call of constructor in `Array.fromAsync`
• 92f8618 update dependencies

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/archy@1.0.0	None	0	8.42 kB	substack
npm/async-retry@1.3.3	None	+1	24.1 kB	leerobinson
npm/bluebird@3.7.2	environment, eval, unsafe	0	632 kB	esailija
npm/browserify-zlib@0.2.0	None	+1	980 kB	dignifiedquire
npm/buffer@6.0.3	None	+2	108 kB	feross
npm/camelcase@6.2.0	None	0	10.4 kB	sindresorhus
npm/chalk@2.4.2	environment	+5	75.7 kB	sindresorhus
npm/classnames@2.2.6	None	0	16.3 kB	jedwatson
npm/colors@1.4.0	environment	0	39.5 kB	dabh
npm/command-exists@1.2.9	filesystem, shell	0	13.6 kB	mathisonian
npm/constants-browserify@1.0.0	None	0	7.46 kB	juliangruber
npm/copy-to-clipboard@3.3.1	None	+1	88.3 kB	sudodoki
npm/crypto-browserify@3.12.0	Transitive: environment	+37	984 kB	cwmma
npm/decamelize@1.2.0	None	0	2.94 kB	sindresorhus
npm/detect-newline@3.1.0	None	0	3.77 kB	sindresorhus
npm/doctrine@2.1.0	None	+1	157 kB	eslint
npm/find-root@1.1.0	filesystem	0	5.27 kB	jsdnxx
npm/find-up@5.0.0	Transitive: filesystem	+2	22.7 kB	sindresorhus
npm/graceful-fs@4.2.10	environment, filesystem	0	32.5 kB	isaacs
npm/graphql@15.8.0	environment	0	2.12 MB	i1g
npm/https-browserify@1.0.0	network	0	2.79 kB	feross
npm/ignore@3.3.10	None	0	21.7 kB	kael
npm/ini@2.0.0	None	0	9.47 kB	isaacs
npm/inquirer@6.5.2	Transitive: environment, filesystem, shell	+23	5.91 MB	sboudrias
npm/is-binary-path@2.1.0	None	+1	8.43 kB	sindresorhus
npm/is-glob@4.0.1	None	+1	17.5 kB	phated
npm/is-primitive@3.0.1	None	0	6.79 kB	jonschlinkert
npm/lodash.flatten@4.4.0	None	0	12.1 kB	jdalton
npm/lodash.merge@4.6.2	None	0	54.1 kB	jdalton
npm/lodash@4.17.21	None	0	1.41 MB	bnjmnt4n
npm/lru-cache@6.0.0	None	0	15.6 kB	isaacs
npm/map-obj@4.2.1	None	0	8.02 kB	sindresorhus
npm/mz@2.7.0	filesystem, network, shell	+3	46.5 kB	jongleberry
npm/node-fetch@2.6.7	network	0	152 kB	endless
npm/normalize-path@3.0.0	None	0	9.22 kB	jonschlinkert
npm/object-assign@4.1.1	None	0	5.49 kB	sindresorhus
npm/open@7.4.2	environment, filesystem, shell	+2	48.7 kB	sindresorhus
npm/os-browserify@0.3.0	None	0	2.74 kB	coderpuppy
npm/p-filter@2.1.0	None	+1	13.3 kB	sindresorhus
npm/p-limit@3.1.0	None	0	7.75 kB	sindresorhus
npm/p-locate@5.0.0	None	0	7.24 kB	sindresorhus
npm/p-map@4.0.0	None	+3	25.3 kB	sindresorhus
npm/p-queue@6.6.2	None	+2	76.3 kB	sindresorhus
npm/path-browserify@1.0.1	None	0	54.3 kB	goto-bus-stop
npm/pluralize@8.0.0	None	0	17.7 kB	blakeembrey
npm/pretty-bytes@5.6.0	None	0	11.5 kB	sindresorhus
npm/process@0.11.10	None	0	15.3 kB	cwmma
npm/querystring-es3@0.2.1	None	0	16.1 kB	spaintrain
npm/ramda@0.27.1	None	0	1.07 MB	davidchambers
npm/read-pkg-up@7.0.1	Transitive: filesystem	+7	106 kB	sindresorhus
npm/resolve-from@5.0.0	filesystem, unsafe	0	5.82 kB	sindresorhus
npm/stream-http@3.2.0	Transitive: environment, network	+4	165 kB	jhiesey
npm/string_decoder@1.3.0	None	+1	46.5 kB	matteo.collina
npm/tar-fs@2.1.1	filesystem	+5	56.3 kB	mafintosh
npm/timers-browserify@2.0.12	None	+1	18.9 kB	jryans
npm/tty-browserify@0.0.1	None	0	2 kB	goto-bus-stop
npm/uuid@8.3.2	None	0	116 kB	ctavan
npm/v8-compile-cache@2.3.0	environment, filesystem, unsafe	0	16.8 kB	zertosh
npm/vm-browserify@1.1.2	None	0	15.5 kB	goto-bus-stop

🚮 Removed packages: npm/@apollo/client@3.6.9, npm/@apollo/client@3.9.6, npm/@babel/cli@7.19.3, npm/@babel/core@7.19.6, npm/@babel/helper-plugin-test-runner@7.16.7, npm/@babel/plugin-proposal-decorators@7.23.2, npm/@babel/plugin-transform-class-properties@7.22.5, npm/@babel/plugin-transform-modules-commonjs@7.23.0, npm/@babel/plugin-transform-object-rest-spread@7.22.15, npm/@babel/plugin-transform-runtime@7.23.2, npm/@babel/preset-env@7.23.2, npm/@babel/preset-react@7.22.15, npm/@babel/preset-typescript@7.22.15, npm/@babel/register@7.18.9, npm/@babel/runtime@7.20.0, npm/@babel/runtime@7.23.2, npm/@babel/types@7.22.3, npm/@graphql-modules/core@0.7.17, npm/@graphql-tools/schema@10.0.2, npm/@jest/test-result@26.6.2, npm/@mdx-js/mdx@1.6.21, npm/@mdx-js/react@1.6.22, npm/@monaco-editor/react@4.4.6, npm/@parcel/css@1.14.0, npm/@pmmmwh/react-refresh-webpack-plugin@0.5.4, npm/@pnpm/client@10.0.48, npm/@pnpm/colorize-semver-diff@1.0.1, npm/@pnpm/config@20.4.3, npm/@pnpm/core@13.5.1, npm/@pnpm/default-reporter@12.5.0, npm/@pnpm/dependency-path@2.1.8, npm/@pnpm/error@5.0.3, npm/@pnpm/fetch@7.0.7, npm/@pnpm/list@9.1.12, npm/@pnpm/lockfile-file@8.1.8, npm/@pnpm/logger@5.0.0, npm/@pnpm/modules-yaml@12.1.7, npm/@pnpm/network.ca-file@2.0.1, npm/@pnpm/package-store@19.0.17, npm/@pnpm/parse-overrides@4.0.3, npm/@pnpm/pick-registry-for-package@5.0.6, npm/@pnpm/plugin-commands-publishing@7.5.6, npm/@pnpm/plugin-commands-rebuild@10.0.21, npm/@pnpm/registry-mock@3.4.0, npm/@pnpm/reviewing.dependencies-hierarchy@2.1.11, npm/@pnpm/semver-diff@1.1.0, npm/@pnpm/sort-packages@5.0.9, npm/@pnpm/store-connection-manager@7.0.28, npm/@pnpm/types@9.4.2, npm/@pnpm/worker@0.3.15, npm/@pnpm/workspace.pkgs-graph@2.0.15, npm/@prerenderer/prerenderer@1.2.4, npm/@prerenderer/renderer-jsdom@1.1.8, npm/@prerenderer/webpack-plugin@5.3.9, npm/@react-hook/latest@1.0.3, npm/@svgr/webpack@5.5.0, npm/@swc/css@0.0.20, npm/@teambit/any-fs@0.0.5, npm/@teambit/base-ui.constants.storage@1.0.0, npm/@teambit/base-ui.graph.tree.collapsable-tree-node@0.0.4, npm/@teambit/base-ui.graph.tree.indent@1.0.0, npm/@teambit/base-ui.graph.tree.inflate-paths@1.0.0, npm/@teambit/base-ui.graph.tree.recursive-tree@1.0.0, npm/@teambit/base-ui.graph.tree.root-node@1.0.0, npm/@teambit/base-ui.graph.tree.tree-context@1.0.0, npm/@teambit/base-ui.layout.breakpoints@1.0.0, npm/@teambit/base-ui.layout.page-frame@1.0.0, npm/@teambit/base-ui.loaders.loader-ribbon@1.0.0, npm/@teambit/base-ui.loaders.skeleton@1.0.1, npm/@teambit/base-ui.routing.nav-link@1.0.0, npm/@teambit/base-ui.styles.flex-center@1.0.0, npm/@teambit/base-ui.surfaces.background@1.0.1, npm/@teambit/base-ui.surfaces.card@1.0.1, npm/@teambit/base-ui.surfaces.split-pane.hover-splitter@1.0.0, npm/@teambit/base-ui.surfaces.split-pane.split-pane@1.0.0, npm/@teambit/base-ui.text.muted-text@1.0.1, npm/@teambit/base-ui.text.paragraph@1.0.1, npm/@teambit/base-ui.text.text-sizes@1.0.0, npm/@teambit/base-ui.text.themed-text@1.0.1, npm/@teambit/base-ui.theme.accent-color@1.1.0, npm/@teambit/base-ui.theme.colors@1.0.0, npm/@teambit/base-ui.theme.dark-theme@1.0.2, npm/@teambit/base-ui.theme.fonts.book@1.0.2, npm/@teambit/base-ui.theme.fonts.roboto@1.0.0, npm/@teambit/base-ui.theme.theme-provider@1.0.1, npm/@teambit/base-ui.utils.composer@1.0.0, npm/@teambit/base-ui.utils.string.affix@1.0.0, npm/@teambit/base-ui.utils.time-ago@1.0.1, npm/@teambit/bit-error@0.0.404, npm/@teambit/bit-roots@0.0.133, npm/@teambit/bvm.config@0.2.5, npm/@teambit/bvm.list@0.1.13, npm/@teambit/bvm.path@0.1.2, npm/@teambit/capsule@0.0.12, npm/@teambit/chokidar@3.5.6, npm/@teambit/code.ui.code-compare-section@0.0.5, npm/@teambit/code.ui.code-editor@0.0.8, npm/@teambit/code.ui.code-tab-tree@0.0.613, npm/@teambit/code.ui.dependency-tree@0.0.546, npm/@teambit/code.ui.hooks.use-code-params@0.0.496, npm/@teambit/code.ui.queries.get-component-code@0.0.502, npm/@teambit/code.ui.queries.get-file-content@0.0.504, npm/@teambit/code.ui.utils.get-file-icon@0.0.495, npm/@teambit/component-id@1.2.0, npm/@teambit/component-issues@0.0.145, npm/@teambit/component-version@1.0.3, npm/@teambit/component.instructions.exporting-components@0.0.7, npm/@teambit/component.ui.artifacts.artifacts-tree@0.0.26, npm/@teambit/component.ui.artifacts.models.component-artifacts-model@0.0.12, npm/@teambit/component.ui.artifacts.queries.use-component-artifacts@0.0.14, npm/@teambit/component.ui.badges.component-count@0.0.15, npm/@teambit/component.ui.component-compare.compare-aspects.compare-aspect-view@0.0.14, npm/@teambit/component.ui.component-compare.compare-aspects.compare-aspects@0.0.146, npm/@teambit/component.ui.component-compare.compare-aspects.context@0.0.12, npm/@teambit/component.ui.component-compare.compare-aspects.hooks.use-compare-aspects@0.0.118, npm/@teambit/component.ui.component-compare.compare-aspects.models.component-compare-aspects-model@0.0.11, npm/@teambit/component.ui.component-compare.hooks.use-component-compare-url@0.0.9, npm/@teambit/component.ui.component-compare.hooks.use-component-compare@0.0.113, npm/@teambit/component.ui.component-compare.layouts.compare-split-layout-preset@0.0.10, npm/@teambit/component.ui.component-compare.models.component-compare-change-type@0.0.7, npm/@teambit/component.ui.component-compare.models.component-compare-hooks@0.0.10, npm/@teambit/component.ui.component-compare.models.component-compare-model@0.0.111, npm/@teambit/component.ui.component-compare.models.component-compare-state@0.0.7, npm/@teambit/component.ui.component-compare.status-resolver@0.0.9, npm/@teambit/component.ui.component-compare.utils.group-by-version@0.0.8, npm/@teambit/component.ui.component-compare.utils.sort-logs@0.0.8, npm/@teambit/component.ui.component-compare.utils.sort-tabs@0.0.102, npm/@teambit/component.ui.component-deprecated@0.0.39, npm/@teambit/component.ui.component-meta@0.0.358, npm/@teambit/component.ui.component-size@0.0.77, npm/@teambit/component.ui.component-status-resolver@0.0.510, npm/@teambit/component.ui.component-status@0.0.504, npm/@teambit/component.ui.component-tooltip@0.0.509, npm/@teambit/component.ui.deprecation-icon@0.0.509, npm/@teambit/component.ui.hooks.use-fetch-docs@0.0.21, npm/@teambit/component.ui.version-label@0.0.509, npm/@teambit/compositions.ui.composition-compare-section@0.0.100, npm/@teambit/compositions.ui.composition-compare@0.0.255, npm/@teambit/compositions.ui.compositions-menu-bar@0.0.177, npm/@teambit/compositions.ui.compositions-overview@0.0.10, npm/@teambit/compositions.ui.hooks.use-composition@0.0.177, npm/@teambit/defender.ui.test-compare-section@0.0.100, npm/@teambit/defender.ui.test-loader@0.0.504, npm/@teambit/defender.ui.test-row@0.0.503, npm/@teambit/defender.ui.test-table@0.0.510, npm/@teambit/dependencies.modules.packages-excluder@1.0.8, npm/@teambit/design.elements.icon@1.0.5, npm/@teambit/design.inputs.dropdown@1.2.16, npm/@teambit/design.inputs.selectors.checkbox-item@1.1.11, npm/@teambit/design.inputs.selectors.multi-select@0.0.20, npm/@teambit/design.inputs.toggle-button@0.0.9, npm/@teambit/design.theme.icons-font@2.0.29, npm/@teambit/design.ui.alert-card@0.0.26, npm/@teambit/design.ui.cli-snippet@0.0.359, npm/@teambit/design.ui.contributors@0.0.514, npm/@teambit/design.ui.elements.level-icon@0.0.20, npm/@teambit/design.ui.empty-box@0.0.363, npm/@teambit/design.ui.error-page@0.0.364, npm/@teambit/design.ui.heading@1.0.16, npm/@teambit/design.ui.icon-button@1.0.16, npm/@teambit/design.ui.input.option-button@1.0.0, npm/@teambit/design.ui.input.radio@1.1.13, npm/@teambit/design.ui.input.toggle@1.0.12, npm/@teambit/design.ui.pages.not-found@0.0.366, npm/@teambit/design.ui.pages.server-error@0.0.366, npm/@teambit/design.ui.pages.standalone-not-found-page@0.0.369, npm/@teambit/design.ui.pill-label@0.0.356, npm/@teambit/design.ui.round-loader@0.0.355, npm/@teambit/design.ui.separator@0.0.354, npm/@teambit/design.ui.skeletons.sidebar-loader@0.0.4, npm/@teambit/design.ui.styles.colors-by-letter@0.0.41, npm/@teambit/design.ui.styles.ellipsis@0.0.357, npm/@teambit/design.ui.styles.muted-italic@0.0.44, npm/@teambit/design.ui.surfaces.menu.item@0.0.354, npm/@teambit/design.ui.surfaces.menu.link-item@1.0.0, npm/@teambit/design.ui.surfaces.menu.section@0.0.357, npm/@teambit/design.ui.surfaces.message-card@0.0.17, npm/@teambit/design.ui.surfaces.status-message-card@0.0.17, npm/@teambit/design.ui.time-ago@0.0.366, npm/@teambit/design.ui.tooltip@0.0.361, npm/@teambit/design.ui.tree@0.0.15

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Install scripts	npm/core-js@2.6.12	Install script: postinstall Source: node -e "try{require('./postinstall')}catch(e){}"	orphan: npm/core-js@2.6.12
Install scripts	npm/core-js@3.36.0	Install script: postinstall Source: node -e "try{require('./postinstall')}catch(e){}"	orphan: npm/core-js@3.36.0

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/core-js@2.6.12
• @SocketSecurity ignore npm/core-js@3.36.0