Skip to content

chore(deps-dev): bump the development-dependencies group across 1 directory with 8 updates#25

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/development-dependencies-44b355d572
Open

chore(deps-dev): bump the development-dependencies group across 1 directory with 8 updates#25
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/development-dependencies-44b355d572

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the development-dependencies group with 8 updates in the / directory:

Package From To
@types/node 25.9.1 26.1.0
@typescript/native-preview 7.0.0-dev.20260526.1 7.0.0-dev.20260706.1
oxfmt 0.52.0 0.57.0
oxlint 1.67.0 1.72.0
rolldown 1.0.2 1.1.4
tsx 4.22.3 4.23.0
vitest 4.1.7 4.1.10
vscode-languageserver-types 3.17.5 3.18.0

Updates @types/node from 25.9.1 to 26.1.0

Commits

Updates @typescript/native-preview from 7.0.0-dev.20260526.1 to 7.0.0-dev.20260706.1

Commits
Maintainer changes

This version was pushed to npm by microsoft1es, a new releaser for @​typescript/native-preview since your current version.


Updates oxfmt from 0.52.0 to 0.57.0

Changelog

Sourced from oxfmt's changelog.

Changelog

All notable changes to this package will be documented in this file.

The format is based on Keep a Changelog.

[0.55.0] - 2026-06-15

🚀 Features

  • 9a2788b linter/unicorn: Implement prefer-export-from rule (#22935) (AliceLanniste)

[0.54.0] - 2026-06-08

📚 Documentation

  • dadafe3 oxlint, oxfmt: Mention migrate skills in npm READMEs (#22965) (Boshen)
  • f88961a oxfmt: Annotate each config option with supported languages (#22953) (leaysgur)
Commits
  • 5306f24 release(apps): oxlint v1.72.0 && oxfmt v0.57.0 (#23935)
  • c4be770 release(apps): oxlint v1.71.0 && oxfmt v0.56.0 (#23707)
  • aa79b5b release(apps): oxlint v1.70.0 && oxfmt v0.55.0 (#23442)
  • 9a2788b feat(linter/unicorn): implement prefer-export-from rule (#22935)
  • 44ae845 release(apps): oxlint v1.69.0 && oxfmt v0.54.0 (#23116)
  • dadafe3 docs(oxlint, oxfmt): mention migrate skills in npm READMEs (#22965)
  • f88961a docs(oxfmt): annotate each config option with supported languages (#22953)
  • 964a758 release(apps): oxlint v1.68.0 && oxfmt v0.53.0 (#22883)
  • See full diff in compare view

Updates oxlint from 1.67.0 to 1.72.0

Release notes

Sourced from oxlint's releases.

oxlint v1.27.0 && oxfmt v0.12.0

Oxlint v1.27.0

🚀 Features

  • 222a8f0 linter/plugins: Implement SourceCode#isSpaceBetween (#15498) (overlookmotel)
  • 2f9735d linter/plugins: Implement context.languageOptions (#15486) (overlookmotel)
  • bc731ff linter/plugins: Stub out all Context APIs (#15479) (overlookmotel)
  • 5822cb4 linter/plugins: Add extend method to FILE_CONTEXT (#15477) (overlookmotel)
  • 7b1e6f3 apps: Add pure rust binaries and release to github (#15469) (Boshen)
  • 2a89b43 linter: Introduce debug assertions after fixes to assert validity (#15389) (camc314)
  • ad3c45a editor: Add oxc.path.node option (#15040) (Sysix)

🐛 Bug Fixes

  • 6f3cd77 linter/no-var: Incorrect warning for blocks (#15504) (Hamir Mahal)
  • 6957fb9 linter/plugins: Do not allow access to Context#id in createOnce (#15489) (overlookmotel)
  • 7409630 linter/plugins: Allow access to cwd in createOnce in ESLint interop mode (#15488) (overlookmotel)
  • 732205e parser: Reject using / await using in a switch case / default clause (#15225) (sapphi-red)
  • a17ca32 linter/plugins: Replace Context class (#15448) (overlookmotel)
  • ecf2f7b language_server: Fail gracefully when tsgolint executable not found (#15436) (camc314)
  • 3c8d3a7 lang-server: Improve logging in failure case for tsgolint (#15299) (camc314)
  • ef71410 linter: Use jsx if source type is JS in fix debug assertion (#15434) (camc314)
  • e32bbf6 linter/no-var: Handle TypeScript declare keyword in fixer (#15426) (camc314)
  • 6565dbe linter/switch-case-braces: Skip comments when searching for : token (#15425) (camc314)
  • 85bd19a linter/prefer-class-fields: Insert value after type annotation in fixer (#15423) (camc314)
  • fde753e linter/plugins: Block access to context.settings in createOnce (#15394) (overlookmotel)
  • ddd9f9f linter/forward-ref-uses-ref: Dont suggest removing wrapper in invalid positions (#15388) (camc314)
  • dac2a9c linter/no-template-curly-in-string: Remove fixer (#15387) (camc314)
  • 989b8e3 linter/no-var: Only fix to const if the var has an initializer (#15385) (camc314)
  • cc403f5 linter/plugins: Return empty object for unimplemented parserServices (#15364) (magic-akari)

⚡ Performance

  • 25d577e language_server: Start tools in parallel (#15500) (Sysix)
  • 3c57291 linter/plugins: Optimize loops (#15449) (overlookmotel)
  • 3166233 linter/plugins: Remove Arcs (#15431) (overlookmotel)
  • 9de1322 linter/plugins: Lazily deserialize settings JSON (#15395) (overlookmotel)
  • 3049ec2 linter/plugins: Optimize deepFreezeSettings (#15392) (overlookmotel)
  • 444ebfd linter/plugins: Use single object for parserServices (#15378) (overlookmotel)

📚 Documentation

  • 97d2104 linter: Update comment in lint.rs about default value for tsconfig path (#15530) (Connor Shea)
  • 2c6bd9e linter: Always refer as "ES2015" instead of "ES6" (#15411) (sapphi-red)
  • a0c5203 linter/import/named: Update "ES7" comment in examples (#15410) (sapphi-red)
  • 3dc24b5 linter,minifier: Always refer as "ES Modules" instead of "ES6 Modules" (#15409) (sapphi-red)
  • 2ad77fb linter/no-this-before-super: Correct "Why is this bad?" section (#15408) (sapphi-red)
  • 57f0ce1 linter: Add backquotes where appropriate (#15407) (sapphi-red)

Oxfmt v0.12.0

... (truncated)

Changelog

Sourced from oxlint's changelog.

[1.72.0] - 2026-06-29

🚀 Features

  • 1c8f50c linter: Add schema for eslint/no-restricted-import (#23642) (Sysix)

🐛 Bug Fixes

  • 742be36 refactor/node/handle-callback-err: Reject invalid regex config (#23740) (camc314)

[1.71.0] - 2026-06-22

🚀 Features

  • 0dc2405 linter: Add schema for eslint/no-restricted-properties (#23619) (Sysix)
  • b638d0e linter: Add schema for node/callback-return (#23615) (Sysix)
  • eb8bedc linter: Add schema for import/extensions (#23557) (WaterWhisperer)
  • 46f3625 linter: Implement node/no-sync rule (#23589) (fujitani sora)
  • b01739a linter: Add schema for unicorn/numeric-separators-style (#23554) (Mikhail Baev)
  • 68afd2a linter/node: Implement no-mixed-requires rule (#23539) (fujitani sora)
  • a421215 linter: Add schema for eslint/prefer-destructuring (#23410) (WaterWhisperer)
  • 84438be linter/jsdoc: Added missing options to require-param-description (#23416) (kapobajza)
  • 51910df linter/jsdoc: Add missing options to require-param-type rule (#23418) (kapobajza)
  • e90925f linter/unicorn: Implement prefer-number-coercion rule (#23497) (Shekhu☺️)
  • dd1c866 linter/vue: Implement no-async-in-computed-properties rule (#23493) (bab)
  • b02444e linter: Add schema for react/jsx-no-script-url (#23475) (WaterWhisperer)
  • a8dce46 linter/unicorn: Implement max-nested-calls rule (#23461) (arieleli01212)

🐛 Bug Fixes

  • a303c23 linter/jsx-a11y: Align anchor-is-valid config with upstream (#23446) (camc314)

📚 Documentation

  • b50bf4d linter: Remove manually written options doc for eslint/arrow-body-style (#23490) (Mikhail Baev)

[1.70.0] - 2026-06-15

🚀 Features

  • 2e8bda4 linter/vue: Implement no-dupe-keys rule (#23350) (bab)
  • 1490a0a linter/react: Implement react-compiler rule (#23202) (Boshen)
  • dd560ae linter/unicorn: Implement no-array-fill-with-reference-type rule (#23397) (Mikhail Baev)
  • af36c2f linter: Add schema for react/jsx-curly-brace-presence (#23400) (WaterWhisperer)
  • 47d34a3 linter: Add schema for react/jsx-handler-names (#23393) (WaterWhisperer)
  • f4250d0 linter: Add schema for unicorn/import-style (#23386) (WaterWhisperer)
  • 30c74ce linter: Add schema for jsx_a11y/no-noninteractive-element-to-interactive-role (#23384) (Sysix)
  • cfbe8dc linter: Add schema for jsx_a11y/no-interactive-element-to-noninteractive-role (#23382) (WaterWhisperer)
  • d15b7ff linter: Add schema for typescript/no-restricted-types (#23381) (WaterWhisperer)
  • 028a811 linter: Add schema for jsx-a11y/media-has-caption (#23377) (Sysix)

... (truncated)

Commits
  • 5306f24 release(apps): oxlint v1.72.0 && oxfmt v0.57.0 (#23935)
  • 742be36 fix(refactor/node/handle-callback-err): reject invalid regex config (#23740)
  • 1c8f50c feat(linter): add schema for eslint/no-restricted-import (#23642)
  • c4be770 release(apps): oxlint v1.71.0 && oxfmt v0.56.0 (#23707)
  • 0dc2405 feat(linter): add schema for eslint/no-restricted-properties (#23619)
  • b638d0e feat(linter): add schema for node/callback-return (#23615)
  • 6d355ab refactor(linter): remove number_as_object_schema helper (#23614)
  • eb8bedc feat(linter): add schema for import/extensions (#23557)
  • 46f3625 feat(linter): implement node/no-sync rule (#23589)
  • 953c7b3 refactor(linter): make unicorn/numeric-separators-style options u32 (#23558)
  • Additional commits viewable in compare view

Updates rolldown from 1.0.2 to 1.1.4

Release notes

Sourced from rolldown's releases.

v1.1.4

[1.1.4] - 2026-07-01

🚀 Features

🐛 Bug Fixes

🚜 Refactor

📚 Documentation

⚡ Performance

... (truncated)

Changelog

Sourced from rolldown's changelog.

[1.1.4] - 2026-07-01

🚀 Features

🐛 Bug Fixes

🚜 Refactor

📚 Documentation

⚡ Performance

... (truncated)

Commits
  • 6cbd233 release: v1.1.4 (#10072)
  • a0bd64e feat: disable experimental.lazyBarrel by default (#10071)
  • e041753 chore: remove the unused BindingGenerateHmrPatchReturn napi type (#10034)
  • d8e5790 chore: remove the unused ScheduledBuild napi struct (#10033)
  • 4468f65 fix: keep fragments after the newline fragment in MagicString::last_line (#10...
  • 50db1f3 revert: "fix(plugin): make lazy hook metadata enumerable (#9991)" (#10005)
  • e0dfef1 fix: avoid spurious leading newline in addon hooks (banner/footer/intro/outro...
  • d3303b7 fix(plugin): make lazy hook metadata enumerable (#9991)
  • dc7bc73 test(dev): reject unknown lazy compile modules (#9969)
  • e77f7c7 release: v1.1.3 (#9958)
  • Additional commits viewable in compare view

Updates tsx from 4.22.3 to 4.23.0

Release notes

Sourced from tsx's releases.

v4.23.0

4.23.0 (2026-07-03)

Bug Fixes

Features


This release is also available on:

v4.22.5

4.22.5 (2026-07-02)

Bug Fixes

  • isolate hook state per async module.register() registration (a305f36)

This release is also available on:

v4.22.4

4.22.4 (2026-05-31)

Bug Fixes

  • resolve CommonJS directory requires inside dependencies (#803) (1ce8463)

This release is also available on:

Commits
  • 1dfad37 docs: cite esbuild's extension-resolution model in node notes
  • 257bbbb fix: avoid redundant filesystem probes during module resolution
  • c178197 feat: add multi-scenario startup benchmark suite
  • 51800ac docs: add Node internals knowledge base (notes/node)
  • a305f36 fix: isolate hook state per async module.register() registration
  • ca501a9 chore: upgrade skills-npm to v1.2.0
  • 596cd1f test: cover __dirname, __filename, & require.cache in CJS TS file
  • 75d9bf0 test: lock in lenient ESM for ambiguous and CJS-typed packages
  • 1472f3e test: cover ESM-syntax dependency with omitted "type" field
  • 1ce8463 fix: resolve CommonJS directory requires inside dependencies (#803)
  • See full diff in compare view

Updates vitest from 4.1.7 to 4.1.10

Release notes

Sourced from vitest's releases.

v4.1.10

   🐞 Bug Fixes

    View changes on GitHub

v4.1.9

🐞 Bug Fixes

View changes on GitHub

v4.1.8

   🐞 Bug Fixes

    View changes on GitHub
Commits
  • db616d2 chore: release v4.1.10 (#10718)
  • bae52b5 fix(vm): fix external module resolve error with deps optimizer query for enco...
  • a7a61e7 chore: release v4.1.9 (#10598)
  • 934b0f5 fix(pool): prevent test run hang on worker crash (#10543) [backport to v4] (#...
  • 7fb2965 fix(browser): wait for orchestrator readiness before resolving browser sessio...
  • a518019 fix: fix importOriginal with optimizer and query import [backport to v4] (#...
  • e61f2dd chore: release v4.1.8
  • e4067b3 fix(browser): disable client cdp API when allowWrite/allowExec: false [ba...
  • See full diff in compare view

Updates vscode-languageserver-types from 3.17.5 to 3.18.0

Release notes

Sourced from vscode-languageserver-types's releases.

release/protocol/3.18.0

No release notes provided.

release/types/3.18.0

Changes:

Feature Requests:

  • #1691: Use NoInfer for better typing
  • #1692: setImmediate Implementation in browser RAL for json-rpc is not ideal.
  • #1698: RenameParams does not reference TextDocumentPositionParams interface in the JSON metamodel

Bugs:

  • #752: Edits are applied twice
  • #1717: Client requests textDocument/diagnostics before textDocument/didOpen
  • #1693: Output channel leak when stopping LanguageClient
  • #1581: Client error 'Failed to determine file type' after undoing rename with Cmd+Z
  • #1548: Extra true in the output log when a language server disconnects

Others:

  • #1785: Allow returning null in SemanticTokensFeatureShape.on handler
  • #1784: SemanticTokensFeatureShape.on handler does not allow returning null
  • #1780: Add getMessageString function to Diagnostic namespace
  • #1779: Add 3.17 version check method for Diagnostic
  • #1778: Merge next release into main
  • #1777: Update lock files for dependencies
  • #1775: Update dependencies and improve compatibility
  • #1774: Bump qs from 6.15.0 to 6.15.2
  • #1773: Implement TextDocumentSnapshot for delay open notifications
  • #1772: Prevent pulling diagnostics on untitled documents
  • #1770: Update documentation and fix lint errors
  • #1767: Inline value documentation improvements
  • #1769: Fix glob pattern documentation
  • #1768: Make document color requests consistent with the specification
  • #1766: Add optional MarkupContent support to diagnostics
  • #1751: forgetDocument is crashing the extension host
  • #1765: Fixes #1751: Prevent crash in forgetDocument when disposed
  • #1752: fix: random pipe path length extends limit on macos
  • #1764: Fixes double application of edits during renaming
  • #1762: Bump brace-expansion from 5.0.3 to 5.0.6 in /client

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by microsoft1es, a new releaser for vscode-languageserver-types since your current version.


@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 8, 2026
@socket-security

socket-security Bot commented Jun 8, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addedoxfmt@​0.57.0691008995100
Addedvscode-languageserver-types@​3.18.0100100799170
Addedtsx@​4.23.0951007193100
Addedrolldown@​1.1.4911007899100
Added@​types/​node@​26.1.01001008196100
Addedoxlint@​1.72.0911009295100
Added@​typescript/​native-preview@​7.0.0-dev.20260706.1100100100100100
Addedvitest@​4.1.10100100100100100

View full report

…ectory with 8 updates

Bumps the development-dependencies group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.9.1` | `26.1.0` |
| [@typescript/native-preview](https://github.com/microsoft/typescript-go) | `7.0.0-dev.20260526.1` | `7.0.0-dev.20260706.1` |
| [oxfmt](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt) | `0.52.0` | `0.57.0` |
| [oxlint](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint) | `1.67.0` | `1.72.0` |
| [rolldown](https://github.com/rolldown/rolldown/tree/HEAD/packages/rolldown) | `1.0.2` | `1.1.4` |
| [tsx](https://github.com/privatenumber/tsx) | `4.22.3` | `4.23.0` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.7` | `4.1.10` |
| [vscode-languageserver-types](https://github.com/Microsoft/vscode-languageserver-node/tree/HEAD/types) | `3.17.5` | `3.18.0` |



Updates `@types/node` from 25.9.1 to 26.1.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@typescript/native-preview` from 7.0.0-dev.20260526.1 to 7.0.0-dev.20260706.1
- [Changelog](https://github.com/microsoft/typescript-go/blob/main/CHANGES.md)
- [Commits](https://github.com/microsoft/typescript-go/commits)

Updates `oxfmt` from 0.52.0 to 0.57.0
- [Release notes](https://github.com/oxc-project/oxc/releases)
- [Changelog](https://github.com/oxc-project/oxc/blob/main/npm/oxfmt/CHANGELOG.md)
- [Commits](https://github.com/oxc-project/oxc/commits/oxfmt_v0.57.0/npm/oxfmt)

Updates `oxlint` from 1.67.0 to 1.72.0
- [Release notes](https://github.com/oxc-project/oxc/releases)
- [Changelog](https://github.com/oxc-project/oxc/blob/main/npm/oxlint/CHANGELOG.md)
- [Commits](https://github.com/oxc-project/oxc/commits/oxlint_v1.72.0/npm/oxlint)

Updates `rolldown` from 1.0.2 to 1.1.4
- [Release notes](https://github.com/rolldown/rolldown/releases)
- [Changelog](https://github.com/rolldown/rolldown/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rolldown/rolldown/commits/v1.1.4/packages/rolldown)

Updates `tsx` from 4.22.3 to 4.23.0
- [Release notes](https://github.com/privatenumber/tsx/releases)
- [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs)
- [Commits](privatenumber/tsx@v4.22.3...v4.23.0)

Updates `vitest` from 4.1.7 to 4.1.10
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.10/packages/vitest)

Updates `vscode-languageserver-types` from 3.17.5 to 3.18.0
- [Release notes](https://github.com/Microsoft/vscode-languageserver-node/releases)
- [Commits](https://github.com/Microsoft/vscode-languageserver-node/commits/release/types/3.18.0/types)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.9.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: "@typescript/native-preview"
  dependency-version: 7.0.0-dev.20260608.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: oxfmt
  dependency-version: 0.53.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: oxlint
  dependency-version: 1.68.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: rolldown
  dependency-version: 1.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: tsx
  dependency-version: 4.22.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: vitest
  dependency-version: 4.1.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: vscode-languageserver-types
  dependency-version: 3.18.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/development-dependencies-44b355d572 branch from e546210 to c884909 Compare July 6, 2026 09:22
@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: pnpm-lock.yamlnpm/rolldown@1.1.4npm/@emnapi/runtime@1.11.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm oxfmt is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package.jsonnpm/oxfmt@0.57.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/oxfmt@0.57.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm oxfmt is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package.jsonnpm/oxfmt@0.57.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/oxfmt@0.57.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants