Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
"start": "node index.js" }, "dependencies": { "chalk": "^5.3.0", "cheerio": "^1.0.0", "commander": "^12.0.0", "ora": "^8.0.0"- Confidence
- 40% confidence
- Finding
- "chalk": "^5.3.0"
Security audit
Security checks across malware telemetry and agentic risk
This is a straightforward CLI that fetches public X trend data from getdaytrends.com and prints it locally.
Reasonable to install if you are comfortable with a CLI contacting getdaytrends.com and trusting its npm dependencies. Treat trend names and links as untrusted public web data, especially if piping JSON output into another tool.
"start": "node index.js"
},
"dependencies": {
"chalk": "^5.3.0",
"cheerio": "^1.0.0",
"commander": "^12.0.0",
"ora": "^8.0.0"},
"dependencies": {
"chalk": "^5.3.0",
"cheerio": "^1.0.0",
"commander": "^12.0.0",
"ora": "^8.0.0"
},"dependencies": {
"chalk": "^5.3.0",
"cheerio": "^1.0.0",
"commander": "^12.0.0",
"ora": "^8.0.0"
},
"author": "Ani","chalk": "^5.3.0",
"cheerio": "^1.0.0",
"commander": "^12.0.0",
"ora": "^8.0.0"
},
"author": "Ani",
"license": "MIT"66/66 vendors flagged this skill as clean.
No suspicious patterns detected.