From 5bfd66b3241ef4f0701f204af1abe4556a3ed890 Mon Sep 17 00:00:00 2001 From: Kevin Cui Date: Tue, 16 Sep 2025 10:06:38 +0800 Subject: [PATCH 1/2] feat: add @ctrl/tinycolor and 40+ packages Signed-off-by: Kevin Cui --- package.json | 248 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 248 insertions(+) diff --git a/package.json b/package.json index fc3c0d1..fd5dbd1 100644 --- a/package.json +++ b/package.json @@ -1384,6 +1384,254 @@ "version": "4.1.0", "reason": "https://github.com/debug-js/debug/issues/1005" } + }, + "angulartics2": { + "14.1.2": { + "version": "14.1.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "@ctrl/deluge": { + "7.2.2": { + "version": "7.2.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "@ctrl/golang-template": { + "1.4.3": { + "version": "1.4.1", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "@ctrl/magnet-link": { + "4.0.4": { + "version": "4.0.2", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "@ctrl/ngx-codemirror": { + "7.0.2": { + "version": "7.0.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "@ctrl/ngx-csv": { + "6.0.2": { + "version": "6.0.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "@ctrl/ngx-emoji-mart": { + "9.2.2": { + "version": "9.2.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "@ctrl/ngx-rightclick": { + "4.0.2": { + "version": "4.0.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "@ctrl/qbittorrent": { + "9.7.2": { + "version": "9.7.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "@ctrl/react-adsense": { + "2.0.2": { + "version": "2.0.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "@ctrl/shared-torrent": { + "6.3.2": { + "version": "6.3.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "@ctrl/tinycolor": { + "4.1.1": { + "version": "4.1.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + }, + "4.1.2": { + "version": "4.1.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "@ctrl/torrent-file": { + "4.1.2": { + "version": "4.1.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "@ctrl/transmission": { + "7.3.1": { + "version": "7.3.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "@ctrl/ts-base32": { + "4.0.2": { + "version": "4.0.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "encounter-playground": { + "0.0.5": { + "version": "0.0.4", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "json-rules-engine-simplified": { + "0.2.1": { + "version": "0.2.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + }, + "0.2.2": { + "version": "0.2.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + }, + "0.2.3": { + "version": "0.2.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + }, + "0.2.4": { + "version": "0.2.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "koa2-swagger-ui": { + "5.11.1": { + "version": "5.11.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + }, + "5.11.2": { + "version": "5.11.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "@nativescript-community/gesturehandler": { + "2.0.35": { + "version": "2.0.34", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "@nativescript-community/sentry": { + "4.6.43": { + "version": "4.6.42", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "@nativescript-community/text": { + "1.6.13": { + "version": "1.6.9", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "@nativescript-community/ui-collectionview": { + "6.0.6": { + "version": "6.0.5", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "@nativescript-community/ui-drawer": { + "0.1.30": { + "version": "0.1.29", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "@nativescript-community/ui-image": { + "4.5.6": { + "version": "4.5.5", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "@nativescript-community/ui-material-bottomsheet": { + "7.2.72": { + "version": "7.2.71", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "@nativescript-community/ui-material-core": { + "7.2.76": { + "version": "7.2.71", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "@nativescript-community/ui-material-core-tabs": { + "7.2.76": { + "version": "7.2.71", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "ngx-color": { + "10.0.2": { + "version": "10.0.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "ngx-toastr": { + "19.0.2": { + "version": "19.0.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "ngx-trend": { + "8.0.1": { + "version": "8.0.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "react-complaint-image": { + "0.0.35": { + "version": "0.0.34", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "react-jsonschema-form-conditionals": { + "0.3.21": { + "version": "0.3.20", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "react-jsonschema-form-extras": { + "1.0.4": { + "version": "1.0.3", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "rxnt-authentication": { + "0.0.6": { + "version": "0.0.5", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "rxnt-healthchecks-nestjs": { + "1.0.5": { + "version": "1.0.4", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "rxnt-kue": { + "1.0.7": { + "version": "1.0.6", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "swc-plugin-component-annotate": { + "1.9.2": { + "version": "1.9.0", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } + }, + "ts-gaussian": { + "3.0.6": { + "version": "3.0.4", + "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" + } } } } From 7127e32fda297503b68c1f85592d1456330dd1be Mon Sep 17 00:00:00 2001 From: "MK (fengmk2)" Date: Tue, 16 Sep 2025 10:43:35 +0800 Subject: [PATCH 2/2] Update package.json --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index fd5dbd1..2bb0e2c 100644 --- a/package.json +++ b/package.json @@ -1527,7 +1527,7 @@ }, "@nativescript-community/text": { "1.6.13": { - "version": "1.6.9", + "version": "1.6.8", "reason": "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages" } },