tediousjs / tedious

Node TDS module for connecting to SQL Server databases.

Home Page:http://tediousjs.github.io/tedious/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[FEATURE REQUEST] Supply Chain Security Analisys

elliot-huffman opened this issue · comments

Is your feature request related to a problem? If so, please give a short summary of the problem and how the feature would resolve it
Having a supply chain analysis solution to identify potential supply chain attacks is now more important than ever with attacks like the recent attempted XZ attack.
Because of this, we need to up our defenses against nation state threat actors attacking us directly or through our dependencies.
This project is a larger one with ~1.4million downloads a week. A threat actor would love to breach this.

Describe the preferred solution
Integrate https://socket.dev/ into this project.
Socket is free for open-source projects, like this one :)
I would make a PR for this, but it runs as a GitHub App/bot, and I don't have the permissions to turn it on.

Describe alternatives you've considered
Getting hacked eventually, lol

Additional context
https://en.wikipedia.org/wiki/XZ_Utils_backdoor
https://www.bleepingcomputer.com/news/security/red-hat-warns-of-backdoor-in-xz-tools-used-by-most-linux-distros/
https://socket.dev/npm/package/tedious

Reference Documentations/Specifications
https://docs.socket.dev/docs/getting-started
https://socket.dev/features/github

Thanks for the explanation and background information! will spend some time on catching up on the background readings.