You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Package managers often display traction statistics per code package based on it's related GitHub repository. This statistics helps developers to evaluate code packages.
The statistics displayed by the package managers do not go through any validation process. It can easily be falsified to mislead developers because of how this information is acquired.
As part of the package metadata analysis capabilities Checkmarx has, StarJacking engine verifies the authenticity of such Git repository references and in case it's a false reference, this risk is shown
Vulnerable Package issue exists @ Npm-momnet-2.29.1 in branch main
There is a weak link between the package's listed metadata and the referenced Git repository "https://github.com/moment/moment"
About
Package managers often display traction statistics per code package based on it's related GitHub repository. This statistics helps developers to evaluate code packages.
The statistics displayed by the package managers do not go through any validation process. It can easily be falsified to mislead developers because of how this information is acquired.
As part of the package metadata analysis capabilities Checkmarx has, StarJacking engine verifies the authenticity of such Git repository references and in case it's a false reference, this risk is shown
Namespace: DganiRotem
Repository: ast-advanced-lab
Repository Url: https://github.com/DganiRotem/ast-advanced-lab
CxAST-Project: DganiRotem/ast-advanced-lab
CxAST platform scan: 552bdd0d-4eb2-4442-8bb5-bae118cf6ed5
Branch: main
Application: ast-advanced-lab
Severity: MEDIUM
State: NOT_IGNORED
Status: RECURRENT
CWE: StarJacking
Addition Info
The text was updated successfully, but these errors were encountered: