Dependency confusion supply-chain vulnerability detected #3
Description
Hi,
I'm a Cybersecurity researcher developing PackjGuard [1]. Our tool has detected a dependency confusion vulnerability in this repository. In order for me to disclose it, kindly enable GitHub Private vulnerability reporting, which allows security research to responsibly disclose a security vulnerability.
Thanks!
PackjGuard is a Github app that monitors repos for malicious, vulnerable, abandoned, and other "risky" dependencies and mitigates attacks by creating pull requests for automatic remediation https://github.com/marketplace/packjguard