feat(web): Update shared FormModalBuilder with Zod validation and new field types by PenguinzTech · Pull Request #37 · penguintechinc/elder

PenguinzTech · 2026-01-23T03:17:52Z

Summary

Update shared FormModalBuilder library copy with latest upstream features
Add Zod dependency for automatic type-based validation
New field types: password_generate, file, file_multiple, multiline
Add helpText support for all fields
File uploads support drag & drop

Test plan

Verify existing forms still work correctly
Test password generate button functionality
Test file upload with drag and drop
Verify Zod validation errors display properly

🤖 Generated with Claude Code

- Entity modal: Change entity_sub_type to sub_type to match backend - Organizations: Add tenant_id field to Pydantic models, merge redundant organization files (organizations.py + organizations_pydal.py), add tenant cascade logic on update - Identity modal: Extend IdentityType to include all frontend options, add tenant_id, is_portal_user, portal_role, permission_scope fields - Issues modal: Add entity_ids and label_ids to CreateIssueRequest, support entity-based issue creation with automatic tenant derivation These fixes address 400 errors caused by extra="forbid" rejecting fields the frontend was sending but backend models didn't accept. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

Date inputs were not visible on dark backgrounds. Added CSS to: - Set color-scheme: dark for date inputs - Invert calendar picker indicator for visibility - Support both WebKit and Firefox browsers Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

Modals with scrollable content were causing input fields to be unclickable when scrolled. Fixed by restructuring modal layout: - Card: Use flex flex-col instead of overflow-y-auto - CardHeader: Add flex-shrink-0 to keep header fixed - CardContent: Add flex-1 overflow-y-auto for scrollable content Files fixed: - ModalFormBuilder.tsx (main form modal component) - GroupMembershipManager.tsx (2 modals) - Certificates.tsx, IAM.tsx, Keys.tsx (3 modals) - OrganizationDetail.tsx, Secrets.tsx (2 modals), Webhooks.tsx Also added reusable Modal.tsx component for future use. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

- Integrate shared react_libs FormModalBuilder component - Fixed footer with buttons outside scroll area resolves click issues - Auto-tab generation for forms with 8+ fields - Navy/gold dark theme styling - Add clickable dashboard stat tiles for navigation - Various modal scroll/focus improvements Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

… field types Update the shared library copy with latest upstream features: - Zod-based automatic type validation - password_generate field type with generate button - file and file_multiple with drag & drop support - multiline field type (returns string[] array) - helpText support for all fields - Add zod dependency Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

sourcery-ai

Sorry, we are unable to review this pull request

The GitHub API does not allow us to fetch diffs exceeding 20000 lines

github-actions · 2026-01-23T03:19:04Z

Test Summary

Job Results

Python Lint: failure
Python Tests: success
Node.js Tests: success
Security Scan: success
License Check: success

Note: Integration tests temporarily disabled during PyDAL migration

Commit: 786c977
Branch: 37/merge
Workflow Run: #253

socket-security · 2026-01-23T03:19:10Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Quality	Maintenance
	npm/jest@29.7.0
	npm/@types/bcryptjs@2.4.6
	npm/@types/express@5.0.3
	golang/github.com/gin-gonic/gin@v1.11.0
	npm/@types/compression@1.8.1
	npm/@types/jsonwebtoken@9.0.10
	npm/@types/morgan@1.9.10
	npm/@types/pg@8.15.5
	golang/golang.org/x/crypto@v0.47.0
	golang/google.golang.org/grpc@v1.78.0
	npm/eslint-plugin-node@11.1.0
	npm/@types/jest@29.5.14
	npm/joi@17.13.3
	npm/@types/react@18.3.24 ⏵ 18.3.27	⁺¹	⁺¹
	npm/@types/node@20.19.27 ⏵ 22.18.6	⁺¹	⁺¹	⁺¹
	npm/@types/cors@2.8.19
	npm/nodemon@3.1.10
	npm/ts-node@10.9.2
	npm/argon2@0.44.0 ⏵ 0.31.2	^-9
	npm/morgan@1.10.1
	npm/eslint-plugin-react@7.37.5
	npm/helmet@7.2.0
	npm/prom-client@15.1.3
	npm/bcryptjs@2.4.3
	npm/concurrently@9.2.1
	npm/react@18.3.1 ⏵ 19.2.3
	npm/compression@1.8.1
	npm/jsonwebtoken@9.0.2
	npm/puppeteer@24.31.0
	npm/dotenv@16.6.1
	npm/cors@2.8.5
	npm/winston@3.17.0
See 6 more rows in the dashboard

View full report

socket-security · 2026-01-23T03:19:12Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Filesystem access: golang `github.com/bytedance/gopkg` Location: Package overview From: `?` → `golang/github.com/gin-gonic/gin@v1.11.0` → `golang/github.com/bytedance/gopkg@v0.1.3` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/bytedance/gopkg@v0.1.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: golang `github.com/bytedance/sonic/loader` Location: Package overview From: `?` → `golang/github.com/gin-gonic/gin@v1.11.0` → `golang/github.com/bytedance/sonic/loader@v0.5.0` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/bytedance/sonic/loader@v0.5.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: golang `github.com/goccy/go-yaml` Location: Package overview From: `?` → `golang/github.com/gin-gonic/gin@v1.11.0` → `golang/github.com/goccy/go-yaml@v1.19.2` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/goccy/go-yaml@v1.19.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: golang `github.com/quic-go/qpack` Location: Package overview From: `?` → `golang/github.com/gin-gonic/gin@v1.11.0` → `golang/github.com/quic-go/qpack@v0.6.0` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/quic-go/qpack@v0.6.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: golang `github.com/quic-go/quic-go` Location: Package overview From: `?` → `golang/github.com/gin-gonic/gin@v1.11.0` → `golang/github.com/quic-go/quic-go@v0.59.0` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/github.com/quic-go/quic-go@v0.59.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: golang `go.uber.org/mock` Location: Package overview From: `?` → `golang/github.com/gin-gonic/gin@v1.11.0` → `golang/go.uber.org/mock@v0.6.0` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore golang/go.uber.org/mock@v0.6.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `@mapbox/node-pre-gyp` with module fs Module: fs Location: Package overview From: `?` → `npm/argon2@0.31.2` → `npm/@mapbox/node-pre-gyp@1.0.11` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@mapbox/node-pre-gyp@1.0.11`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Unmaintained: npm `@sideway/pinpoint` was last published 5 years ago Last Publish: 10/24/2020, 6:53:39 AM From: package-lock.json → `npm/joi@17.13.3` → `npm/@sideway/pinpoint@2.0.0` ℹ Read more on: This package \| This alert \| What are unmaintained packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@sideway/pinpoint@2.0.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `@tootallnate/quickjs-emscripten` with module fs Module: fs Location: Package overview From: package-lock.json → `npm/puppeteer@24.31.0` → `npm/@tootallnate/quickjs-emscripten@0.23.0` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@tootallnate/quickjs-emscripten@0.23.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Unmaintained: npm `array-flatten` was last published 6 years ago Last Publish: 11/21/2019, 5:14:39 AM From: package-lock.json → `npm/express@4.22.1` → `npm/array-flatten@1.1.1` ℹ Read more on: This package \| This alert \| What are unmaintained packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/array-flatten@1.1.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Unmaintained: npm `asap` was last published 9 years ago Last Publish: 7/10/2017, 3:21:36 PM From: package-lock.json → `npm/supertest@7.1.4` → `npm/asap@2.0.6` ℹ Read more on: This package \| This alert \| What are unmaintained packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/asap@2.0.6`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `babel-plugin-istanbul` with module fs Module: fs Location: Package overview From: package-lock.json → `npm/jest@29.7.0` → `npm/babel-plugin-istanbul@6.1.1` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/babel-plugin-istanbul@6.1.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Unmaintained: npm `basic-auth` was last published 7 years ago Last Publish: 9/20/2018, 3:26:02 AM From: package-lock.json → `npm/morgan@1.10.1` → `npm/basic-auth@2.0.1` ℹ Read more on: This package \| This alert \| What are unmaintained packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/basic-auth@2.0.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `basic-ftp` with module fs Module: fs Location: Package overview From: package-lock.json → `npm/puppeteer@24.31.0` → `npm/basic-ftp@5.0.5` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/basic-ftp@5.0.5`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Unmaintained: npm `bintrees` was last published 8 years ago Last Publish: 8/5/2017, 7:08:36 PM From: package-lock.json → `npm/prom-client@15.1.3` → `npm/bintrees@1.0.2` ℹ Read more on: This package \| This alert \| What are unmaintained packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/bintrees@1.0.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Unmaintained: npm `bser` was last published 6 years ago Last Publish: 10/22/2019, 4:20:14 PM From: package-lock.json → `npm/jest@29.7.0` → `npm/bser@2.1.1` ℹ Read more on: This package \| This alert \| What are unmaintained packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/bser@2.1.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Unmaintained: npm `buffer-equal-constant-time` was last published 12 years ago Last Publish: 12/16/2013, 8:12:17 PM From: package-lock.json → `npm/jsonwebtoken@9.0.2` → `npm/buffer-equal-constant-time@1.0.1` ℹ Read more on: This package \| This alert \| What are unmaintained packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/buffer-equal-constant-time@1.0.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `chokidar` with module fs Module: fs Location: Package overview From: package-lock.json → `npm/nodemon@3.1.10` → `npm/chokidar@3.6.0` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/chokidar@3.6.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `chokidar` with module fsevents Module: fsevents Location: Package overview From: package-lock.json → `npm/nodemon@3.1.10` → `npm/chokidar@3.6.0` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/chokidar@3.6.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `chownr` with module fs Module: fs Location: Package overview From: `?` → `npm/chownr@2.0.0` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/chownr@2.0.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Unmaintained: npm `co` was last published 11 years ago Last Publish: 7/9/2015, 10:30:44 PM From: package-lock.json → `npm/jest@29.7.0` → `npm/co@4.6.0` ℹ Read more on: This package \| This alert \| What are unmaintained packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/co@4.6.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Unmaintained: npm `color-support` was last published 9 years ago Last Publish: 6/6/2017, 8:40:54 PM From: `?` → `npm/color-support@1.1.3` ℹ Read more on: This package \| This alert \| What are unmaintained packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/color-support@1.1.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Unmaintained: npm `compressible` was last published 6 years ago Last Publish: 1/6/2020, 4:50:09 AM From: package-lock.json → `npm/compression@1.8.1` → `npm/compressible@2.0.18` ℹ Read more on: This package \| This alert \| What are unmaintained packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/compressible@2.0.18`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `concurrently` with module fs Module: fs Location: Package overview From: package-lock.json → `npm/concurrently@9.2.1` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/concurrently@9.2.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Unmaintained: npm `console-control-strings` was last published 10 years ago Last Publish: 6/15/2016, 11:29:58 PM From: `?` → `npm/console-control-strings@1.1.0` ℹ Read more on: This package \| This alert \| What are unmaintained packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/console-control-strings@1.1.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `cosmiconfig` with module fs/promises Module: fs/promises Location: Package overview From: package-lock.json → `npm/puppeteer@24.31.0` → `npm/cosmiconfig@9.0.0` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/cosmiconfig@9.0.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
See 75 more rows in the dashboard

View full report

@master

Trivy ecosystem supply chain attack (GHSA-69fq-xp46-6x23, March 19-20 2026): - aquasecurity/trivy-action @master and v0.0.1-v0.34.0 force-pushed with malware - Pinning to clean aquasecurity/trivy-action@v0.35.0 (uses trivy v0.69.3) - Pinning direct trivy binary to 0.69.3 (safe version) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

PenguinzTech and others added 9 commits January 22, 2026 09:38

Updating documentation to new base standard

0769bfc

Updating documentation to new base standard

3523670

Updating documentation to new base standard

79f224b

chore: bump version to v3.0.7

daebe68

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

sourcery-ai bot reviewed Jan 23, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat(web): Update shared FormModalBuilder with Zod validation and new field types#37

feat(web): Update shared FormModalBuilder with Zod validation and new field types#37
PenguinzTech wants to merge 10 commits intomainfrom
fix/docker-build-ghcr

PenguinzTech commented Jan 23, 2026

Uh oh!

sourcery-ai bot left a comment

Uh oh!

github-actions bot commented Jan 23, 2026

Uh oh!

socket-security bot commented Jan 23, 2026

Uh oh!

socket-security bot commented Jan 23, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

PenguinzTech commented Jan 23, 2026

Summary

Test plan

Uh oh!

sourcery-ai bot left a comment

Choose a reason for hiding this comment

Uh oh!

github-actions bot commented Jan 23, 2026

Test Summary

Job Results

Uh oh!

socket-security bot commented Jan 23, 2026

Uh oh!

socket-security bot commented Jan 23, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant