Skip to content

chore(deps): update dependency typescript to v7#51

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/typescript-7.x
Open

chore(deps): update dependency typescript to v7#51
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/typescript-7.x

Conversation

@renovate

@renovate renovate Bot commented Jul 10, 2026

Copy link
Copy Markdown

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
typescript (source) ^5.3.3 β†’ ^7.0.0 age adoption passing confidence

Release Notes

microsoft/TypeScript (typescript)

v7.0.2

Compare Source

v6.0.3: TypeScript 6.0.3

Compare Source

For release notes, check out the release announcement blog post.

Downloads are available on:

v6.0.2: TypeScript 6.0

Compare Source

For release notes, check out the release announcement blog post.

Downloads are available on:

v5.9.3: TypeScript 5.9.3

Compare Source

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

Downloads are available on:

v5.9.2: TypeScript 5.9

Compare Source

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

Downloads are available on:

v5.8.3: TypeScript 5.8.3

Compare Source

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement.

Downloads are available on:

v5.8.2: TypeScript 5.8

Compare Source

For release notes, check out the release announcement.

Downloads are available on:

v5.7.3: TypeScript 5.7.3

Compare Source

For release notes, check out the release announcement.

Downloads are available on npm

v5.7.2: TypeScript 5.7

Compare Source

For release notes, check out the release announcement.

Downloads are available on:

v5.6.3: TypeScript 5.6.3

Compare Source

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

Downloads are available on:

v5.6.2: TypeScript 5.6

Compare Source

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

Downloads are available on:

v5.5.4: TypeScript 5.5.4

Compare Source

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

Downloads are available on:

v5.5.3: TypeScript 5.5.3

Compare Source

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

Downloads are available on:

v5.5.2: TypeScript 5.5

Compare Source

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

Downloads are available on:

v5.4.5: TypeScript 5.4.5

Compare Source

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

Downloads are available on:

v5.4.4: TypeScript 5.4.4

Compare Source

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

Downloads are available on:

v5.4.3: TypeScript 5.4.3

Compare Source

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

Downloads are available on:

v5.4.2: TypeScript 5.4

Compare Source

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

Downloads are available on:


Configuration

πŸ“… Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

β™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from Codeize as a code owner July 10, 2026 04:17
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addedtypescript@​7.0.2941008999100

View full report

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "β–Ά" to expand/collapse)
Warn High
Publisher changed: npm @typescript/typescript-aix-ppc64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-aix-ppc64@7.0.2

β„Ή Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-aix-ppc64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-darwin-arm64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-darwin-arm64@7.0.2

β„Ή Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-darwin-arm64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-darwin-x64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-darwin-x64@7.0.2

β„Ή Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-darwin-x64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-freebsd-arm64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-freebsd-arm64@7.0.2

β„Ή Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-freebsd-arm64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-freebsd-x64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-freebsd-x64@7.0.2

β„Ή Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-freebsd-x64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-linux-arm is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-linux-arm@7.0.2

β„Ή Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-linux-arm@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-linux-arm64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-linux-arm64@7.0.2

β„Ή Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-linux-arm64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-linux-loong64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-linux-loong64@7.0.2

β„Ή Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-linux-loong64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-linux-mips64el is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-linux-mips64el@7.0.2

β„Ή Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-linux-mips64el@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-linux-ppc64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-linux-ppc64@7.0.2

β„Ή Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-linux-ppc64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-linux-riscv64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-linux-riscv64@7.0.2

β„Ή Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-linux-riscv64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-linux-s390x is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-linux-s390x@7.0.2

β„Ή Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-linux-s390x@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-linux-x64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-linux-x64@7.0.2

β„Ή Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-linux-x64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-netbsd-arm64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-netbsd-arm64@7.0.2

β„Ή Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-netbsd-arm64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-netbsd-x64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-netbsd-x64@7.0.2

β„Ή Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-netbsd-x64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-openbsd-arm64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-openbsd-arm64@7.0.2

β„Ή Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-openbsd-arm64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-openbsd-x64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-openbsd-x64@7.0.2

β„Ή Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-openbsd-x64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-sunos-x64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-sunos-x64@7.0.2

β„Ή Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-sunos-x64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-win32-arm64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-win32-arm64@7.0.2

β„Ή Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-win32-arm64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm @typescript/typescript-win32-x64 is now published by microsoft1es

Author: microsoft1es

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-win32-x64@7.0.2

β„Ή Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-win32-x64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Publisher changed: npm typescript is now published by microsoft1es

Author: microsoft1es

From: package.json β†’ npm/typescript@7.0.2

β„Ή Read more on: This package | This alert | What is unstable ownership?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Try to reduce the number of authors you depend on to reduce the risk to malicious actors gaining access to your supply chain. Packages should remove inactive collaborators with publishing rights from packages on npm.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/typescript@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Low
Publisher changed: npm @typescript/typescript-aix-ppc64 is now published by microsoft1es instead of typescript-deploys

New Author: microsoft1es

Previous Author: typescript-deploys

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-aix-ppc64@7.0.2

β„Ή Read more on: This package | This alert | What is new author?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-aix-ppc64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Low
Publisher changed: npm @typescript/typescript-darwin-arm64 is now published by microsoft1es instead of typescript-deploys

New Author: microsoft1es

Previous Author: typescript-deploys

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-darwin-arm64@7.0.2

β„Ή Read more on: This package | This alert | What is new author?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-darwin-arm64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Low
Publisher changed: npm @typescript/typescript-darwin-x64 is now published by microsoft1es instead of typescript-deploys

New Author: microsoft1es

Previous Author: typescript-deploys

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-darwin-x64@7.0.2

β„Ή Read more on: This package | This alert | What is new author?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-darwin-x64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Low
Publisher changed: npm @typescript/typescript-freebsd-arm64 is now published by microsoft1es instead of typescript-deploys

New Author: microsoft1es

Previous Author: typescript-deploys

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-freebsd-arm64@7.0.2

β„Ή Read more on: This package | This alert | What is new author?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-freebsd-arm64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Low
Publisher changed: npm @typescript/typescript-freebsd-x64 is now published by microsoft1es instead of typescript-deploys

New Author: microsoft1es

Previous Author: typescript-deploys

From: pnpm-lock.yaml β†’ npm/typescript@7.0.2 β†’ npm/@typescript/typescript-freebsd-x64@7.0.2

β„Ή Read more on: This package | This alert | What is new author?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript/typescript-freebsd-x64@7.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

See 16 more rows in the dashboard

View full report

@datadog-buape-studios

Copy link
Copy Markdown

Pipelines

⚠️ Warnings

🚦 1 Pipeline job failed

Build | Docker Image Β Β View in Datadog Β  GitHub Actions

Useful? React with πŸ‘ / πŸ‘Ž

This comment will be updated automatically if new data arrives.
πŸ”— Commit SHA: 2664056 | Docs | Give us feedback!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants