You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Socket flags example.com, example.net, example.org as external URLs that the package "may be accessing at runtime."
Why this is a false positive
This package is a textlint rule that detects placeholder domains in documentation and suggests RFC 2606 reserved domains. The flagged strings are string constants used purely for comparison — the package never makes any network requests.
// These are comparison constants, not URLs accessed at runtimeconstRESERVED_DOMAINS=newSet(["example.com","example.net","example.org"]);
Excluding RFC 2606 reserved domains (example.com, example.net, example.org) from the URL strings heuristic, since they are explicitly reserved for documentation use and cannot pose a supply chain risk
Package
textlint-rule-rfc2606-domains
Alert
URL strings (SUPPLY CHAIN RISK)
Socket flags
example.com,example.net,example.orgas external URLs that the package "may be accessing at runtime."Why this is a false positive
This package is a textlint rule that detects placeholder domains in documentation and suggests RFC 2606 reserved domains. The flagged strings are string constants used purely for comparison — the package never makes any network requests.
The entire source is a single file with zero runtime dependencies and no
fetch,http,https, or any network imports: https://github.com/h13/textlint-rule-rfc2606-domains/blob/main/src/index.tsRequest
Please consider either:
example.com,example.net,example.org) from the URL strings heuristic, since they are explicitly reserved for documentation use and cannot pose a supply chain risk