Remove markdoc in favor of mdx

[filiphric]

No description provided.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
replay-documentation	Ready	Preview, Comment	Feb 23, 2026 11:09am

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​types/​mixpanel-browser@​2.49.0 ⏵ 2.66.0	-1		-31	-35
	@​types/​bun@​1.1.4 ⏵ 1.3.9	+1		+4
	eslint@​8.57.0 ⏵ 8.57.1	+1		+1
	next@​14.2.4 ⏵ 14.2.35		+58	+1	+47
	@​replayio/​playwright@​3.0.3 ⏵ 3.1.9	-14		+2	+13
	eslint-config-next@​14.2.4 ⏵ 14.2.35
	@​radix-ui/​react-accordion@​1.1.2 ⏵ 1.2.12			-3
	@​types/​mdx@​2.0.13
	@​types/​react-dom@​18.3.0 ⏵ 18.3.7	+1		+1
	logrocket@​8.1.0 ⏵ 8.1.3			+1	+5
	@​algolia/​autocomplete-core@​1.17.2 ⏵ 1.19.6				+6
	@​types/​react@​18.3.3 ⏵ 18.3.28	+1		+1
	fast-glob@​3.3.2 ⏵ 3.3.3	+1		+1
	@​types/​node@​20.14.5 ⏵ 20.19.33	+1		+1
	remark-mdx-frontmatter@​5.2.0
	@​vercel/​analytics@​1.3.1 ⏵ 1.6.1			+1	+2
	remark-gfm@​4.0.1
	rehype-slug@​6.0.0
	remark-frontmatter@​5.0.0
	gray-matter@​4.0.3
	unist-util-visit@​5.1.0
	@​mdx-js/​react@​3.1.1
	@​mdx-js/​loader@​3.1.1
	@​heroicons/​react@​2.1.4 ⏵ 2.2.0	+1		+1	-1
	prism-react-renderer@​2.3.1 ⏵ 2.4.1	+2		+1
	autoprefixer@​10.4.19 ⏵ 10.4.24			-2
	tailwindcss@​3.4.4 ⏵ 3.4.19			+1
	@​tailwindcss/​typography@​0.5.13 ⏵ 0.5.19	+1		+1
	typescript@​5.4.5 ⏵ 5.9.3
	acorn@​8.12.0 ⏵ 8.16.0	-5			+6
	prettier@​3.3.2 ⏵ 3.8.1				-1
	dotenv@​16.4.5 ⏵ 16.6.1	+1		+1
See 3 more rows in the dashboard

View full report

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Block		Telemetry collection: npm next Note: The code contains potential security risks due to the use of execSync without proper error handling, which could lead to command injection vulnerabilities. It should be reviewed and modified to use safer alternatives. From: package.json → npm/next@14.2.35 ℹ Read more on: This package | This alert | What is telemetry? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Most telemetry comes with settings to disable it. Consider disabling telemetry if you do not want to be tracked. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/next@14.2.35. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Install-time scripts: npm protobufjs during postinstall Install script: postinstall Source: node scripts/postinstall From: pnpm-lock.yaml → npm/@replayio/playwright@3.1.9 → npm/protobufjs@7.5.4 ℹ Read more on: This package | This alert | What is an install script? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/protobufjs@7.5.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Install-time scripts: npm unrs-resolver during postinstall Install script: postinstall Source: napi-postinstall unrs-resolver 1.11.1 check From: pnpm-lock.yaml → npm/eslint-config-next@14.2.35 → npm/unrs-resolver@1.11.1 ℹ Read more on: This package | This alert | What is an install script? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/unrs-resolver@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm @babel/helper-string-parser is 100.0% likely to have a medium risk anomaly Notes: The analyzed code is a standard, well-structured parsing utility for JavaScript string literals and escapes (consistent with Babel’s helper-string-parser). It includes thorough validation, proper Unicode handling, and defensive error reporting. There is no evidence of malicious behavior, data leakage, or network activity within this fragment. The security risk is low when used as part of a trusted toolchain; the code otherwise poses no evident supply-chain threat based on the provided snippet. Confidence: 1.00 Severity: 0.60 From: pnpm-lock.yaml → npm/next-video@0.16.2 → npm/@babel/helper-string-parser@7.27.1 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@babel/helper-string-parser@7.27.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm @napi-rs/snappy-wasm32-wasi is 100.0% likely to have a medium risk anomaly Notes: This loader establishes a Node.js WASI/worker environment that: 1) passes the entire host process.env into the WASI instance (exposing all environment variables, including secrets, to loaded modules); 2) preopens the filesystem root (granting broad file read/write access under the host’s root directory); and 3) implements importScripts via synchronous fs.readFileSync + eval (allowing any local JS file to be executed in the loader context). If an untrusted or compromised WASM module or script is provided, it can read sensitive environment variables, access or modify arbitrary files, and execute arbitrary JavaScript—posing a moderate security risk. Recommended mitigations: restrict WASI preopens to a minimal directory, limit or sanitize environment variables passed into WASI, and replace or sandbox the eval-based importScripts mechanism. Confidence: 1.00 Severity: 0.60 From: pnpm-lock.yaml → npm/@napi-rs/snappy-wasm32-wasi@7.3.3 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@napi-rs/snappy-wasm32-wasi@7.3.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm @napi-rs/wasm-runtime is 100.0% likely to have a medium risk anomaly Notes: The fragment appears to implement a substantial WASI/N-API bridge with comprehensive memory and filesystem interfacing. There is no concrete evidence of malicious payloads such as data exfiltration, backdoors, or remote command execution in this snippet. The primary concerns relate to the unusual in-browser input path (readStdin) and the large surface area for data flows across threads and FFI boundaries. A targeted, broader audit of the complete module and any wasm payloads loaded through these bindings is recommended to ensure rights enforcement and memory safety. Overall risk is moderate but current evidence does not indicate active malware. Confidence: 1.00 Severity: 0.60 From: pnpm-lock.yaml → npm/@napi-rs/wasm-runtime@0.2.12 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@napi-rs/wasm-runtime@0.2.12. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm @protobufjs/inquire is 100.0% likely to have a medium risk anomaly Notes: The code uses eval to dynamically require a module, which is highly unusual and considered unsafe. The usage of eval can lead to code injection vulnerabilities if the moduleName is not properly validated. Additionally, the use of string manipulation to form 'require' is a form of obfuscation and makes the code harder to read and understand. Confidence: 1.00 Severity: 0.60 From: pnpm-lock.yaml → npm/@replayio/playwright@3.1.9 → npm/@protobufjs/inquire@1.1.0 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@protobufjs/inquire@1.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm @rushstack/eslint-patch is 100.0% likely to have a medium risk anomaly Notes: The code is best described as an ESLint bulk-suppressions patch utility. It uses environment-driven toggles, filesystem discovery of ESLint configs, and dynamic modification of ESLint behavior to manage and persist suppressions. While not inherently malicious, its ability to patch tooling at runtime and write suppression data to disk warrants careful integrity checks in a supply chain context to prevent tampering that could suppress legitimate warnings or alter linting behavior without traceability. Confidence: 1.00 Severity: 0.60 From: pnpm-lock.yaml → npm/eslint-config-next@14.2.35 → npm/@rushstack/eslint-patch@1.16.1 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@rushstack/eslint-patch@1.16.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm @ungap/structured-clone is 100.0% likely to have a medium risk anomaly Notes: The code correctly reconstructs many built-in JS types and is functionally reasonable for trusted serialized inputs. However it performs dynamic constructor invocation using new envtype and env[name] for Error types without an allowlist or validation. If an attacker can control the serialized input, they can request instantiation of arbitrary global constructors (e.g., Function) or cause prototype pollution via crafted object keys, enabling code execution or other dangerous behavior. The module should only be used with trusted inputs or modified to restrict allowed constructor names and to guard against prototype pollution. Confidence: 1.00 Severity: 0.60 From: pnpm-lock.yaml → npm/eslint@8.57.1 → npm/@mdx-js/loader@3.1.1 → npm/@ungap/structured-clone@1.3.0 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@ungap/structured-clone@1.3.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm @unrs/resolver-binding-wasm32-wasi is 100.0% likely to have a medium risk anomaly Notes: This loader establishes a Node.js WASI/worker environment that: 1) passes the entire host process.env into the WASI instance (exposing all environment variables, including secrets, to loaded modules); 2) preopens the filesystem root (granting broad file read/write access under the host’s root directory); and 3) implements importScripts via synchronous fs.readFileSync + eval (allowing any local JS file to be executed in the loader context). If an untrusted or compromised WASM module or script is provided, it can read sensitive environment variables, access or modify arbitrary files, and execute arbitrary JavaScript—posing a moderate security risk. Recommended mitigations: restrict WASI preopens to a minimal directory, limit or sanitize environment variables passed into WASI, and replace or sandbox the eval-based importScripts mechanism. Confidence: 1.00 Severity: 0.60 From: pnpm-lock.yaml → npm/@unrs/resolver-binding-wasm32-wasi@1.11.1 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@unrs/resolver-binding-wasm32-wasi@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm ajv is 100.0% likely to have a medium risk anomaly Notes: The code augments a meta-schema to permit remote dereferencing of keyword schemas via a hardcoded data.json resource. This introduces network dependency and potential changes to validation semantics at runtime. While not inherently malicious, the remote reference constitutes a notable security and reliability risk that should be mitigated with local fallbacks, input validation, and explicit remote-resource governance. Confidence: 1.00 Severity: 0.60 From: pnpm-lock.yaml → npm/eslint@8.57.1 → npm/ajv@6.14.0 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/ajv@6.14.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm ajv is 100.0% likely to have a medium risk anomaly Notes: The code is a straightforward build script to bundle and minify a specified package using Browserify and UglifyJS. The primary security concern is potential path manipulation: json.main is used to form a require path without validating that it stays within the target package directory. If a malicious or misconfigured package.json includes an absolute path or traversal outside the package, the script could bundle unintended files. Otherwise, the script does not perform network access, data exfiltration, or backdoor actions, and there is no hard-coded secrets or dynamic code execution beyond standard bundling/minification. Confidence: 1.00 Severity: 0.60 From: pnpm-lock.yaml → npm/eslint@8.57.1 → npm/ajv@6.14.0 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/ajv@6.14.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm es-abstract is 100.0% likely to have a medium risk anomaly Notes: The analyzed code is a faithful, standard implementation of ECMAScript FlattenIntoArray with optional mapper support and depth control. No malicious activity detected within this fragment. The main risk vector is user-provided mapperFunction execution, which is a normal pattern for functional transforms and should be reviewed in the hosting environment for trust and sandboxing. Overall security posture in isolation is low to moderate, contingent on mapperFunction usage. Confidence: 1.00 Severity: 0.60 From: pnpm-lock.yaml → npm/eslint-config-next@14.2.35 → npm/es-abstract@1.24.1 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/es-abstract@1.24.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm extend is 100.0% likely to have a medium risk anomaly Notes: The analyzed code is a conventional object merge utility with explicit safeguards against prototype pollution and support for deep/shallow merging. It is self-contained, non-networking, and suitable for safe inclusion in many JavaScript projects. No malicious behavior detected under the provided scope. Security risk remains low when used with trusted inputs, but care should be taken when merging untrusted objects into critical targets. Confidence: 1.00 Severity: 0.60 From: pnpm-lock.yaml → npm/remark-frontmatter@5.0.0 → npm/remark-gfm@4.0.1 → npm/remark-mdx-frontmatter@5.2.0 → npm/@mdx-js/loader@3.1.1 → npm/extend@3.0.2 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/extend@3.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm format is 100.0% likely to have a medium risk anomaly Notes: The code functions as a focused test harness for a formatting library. The primary risk is the dynamic loading of a user-supplied module, which can lead to arbitrary code execution if inputs are not controlled. In trusted settings this is manageable; in open-source or extension ecosystems, it should be mitigated by restricting the module path, sandboxing, or avoiding dynamic requires from untrusted input. Confidence: 1.00 Severity: 0.60 From: pnpm-lock.yaml → npm/remark-frontmatter@5.0.0 → npm/format@0.2.2 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/format@0.2.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm get-intrinsic is 100.0% likely to have a medium risk anomaly Notes: The GetIntrinsic module is a conventional intrinsic resolver designed for sandboxed JavaScript environments. It includes careful validation, alias handling, and selective dynamic evaluation for specific intrinsics. While there is a real potential risk from Function-based evaluation if exposed to untrusted input, in this isolated code path there is no evidence of data leakage, backdoors, or external communications. The component is acceptable with proper sandbox boundaries; the most important mitigations are ensuring inputs are trusted and that dynamic evaluation cannot be triggered by untrusted sources. Confidence: 1.00 Severity: 0.60 From: pnpm-lock.yaml → npm/eslint-config-next@14.2.35 → npm/next-video@0.16.2 → npm/get-intrinsic@1.3.0 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/get-intrinsic@1.3.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm hast-util-to-jsx-runtime is 100.0% likely to have a medium risk anomaly Notes: This MDX/JSX runtime fragment relies on a dynamic ESTree evaluator to compute values from MDX attributes, which introduces a primary security risk if the evaluator is untrusted or sandboxed improperly. The code includes standard error handling and CSS/style parsing, with no explicit malware indicators. The overall risk is tied to the evaluator; if trusted and sandboxed, risk is moderate, otherwise it could enable arbitrary code execution or data leakage through untrusted input. Confidence: 1.00 Severity: 0.60 From: pnpm-lock.yaml → npm/@mdx-js/loader@3.1.1 → npm/hast-util-to-jsx-runtime@2.3.6 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/hast-util-to-jsx-runtime@2.3.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm ignore is 100.0% likely to have a medium risk anomaly Notes: The code fragment represents a conventional, well-structured path-ignore utility with caching and recursive parent-directory evaluation. Windows path normalization is present for compatibility but does not indicate malicious intent. No indicators of data leakage, external communication, or covert backdoors were found. Security impact primarily revolves around correct ignore semantics rather than intrinsic vulnerabilities. The component remains appropriate for use in a broader security-conscious pipeline if used with careful awareness of what is being ignored. Confidence: 1.00 Severity: 0.60 From: pnpm-lock.yaml → npm/eslint-config-next@14.2.35 → npm/ignore@7.0.5 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/ignore@7.0.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm js-yaml is 100.0% likely to have a medium risk anomaly Notes: The script functions as a straightforward JSON↔YAML translator CLI with standard error handling. The primary security concern is the use of yaml.loadAll without a safeLoad alternative, which could enable YAML deserialization risks if inputs contain crafted tags. To improve security, switch to a safe loader (e.g., yaml.safeLoadAll or equivalent) or ensure the library is configured to restrict risky constructors. Overall, no malware indicators were observed; the risk is confined to YAML deserialization semantics. Confidence: 1.00 Severity: 0.60 From: pnpm-lock.yaml → npm/gray-matter@4.0.3 → npm/js-yaml@3.14.2 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/js-yaml@3.14.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm launchdarkly-node-client-sdk is 68.0% likely to have a medium risk anomaly Notes: The examined code is a standard Node.js integration component for LaunchDarkly, implementing platform bindings, TLS param filtering, and lazy resource initialization. There is no evidence of malicious behavior, backdoors, data exfiltration, or supply-chain manipulation within this fragment. The only potential risk is normal disk/network activity inherent to LocalStorage and EventSource usage, which is expected for a client SDK. Overall, the code shows low to moderate risk with no malware indicators. Confidence: 0.68 Severity: 0.55 From: pnpm-lock.yaml → npm/@replayio/playwright@3.1.9 → npm/launchdarkly-node-client-sdk@3.3.1 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/launchdarkly-node-client-sdk@3.3.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm lilconfig is 100.0% likely to have a medium risk anomaly Notes: The analyzed code fragment implements a standard, non-malicious configuration loader system (lilconfig) with support for JS/JSON config files, dynamic import fallbacks, and caching. While it can execute JS-based config via dynamicImport/require, such behavior is typical for config loaders and not evidence of malicious intent. The primary risk lies in executing untrusted config code and the possibility of misusing user-provided loaders. No hardcoded secrets or direct network exfiltration are present in the snippet itself. Recommended mitigations include exercising caution with untrusted sources, enabling strict loader guarantees, and auditing loader implementations. Confidence: 1.00 Severity: 0.60 From: pnpm-lock.yaml → npm/tailwindcss@3.4.19 → npm/lilconfig@3.1.3 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/lilconfig@3.1.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
See 16 more rows in the dashboard

View full report

[replay-io]

Status	Complete ↗︎
Commit	a056b29
Results	✅ 5 Passed home page redirects to quickstart guide navigation collapsing works navigation expanding works player zoom in table of contents redirects to proper item