J
J
In some of my projects, I have URLs in TypeScript comments and the README for documentation purposes. It seems like Socket is flagging these as a supply chain risk, even though it is not in the code itself. Examples:
  1. https://socket.dev/npm/package/@twocaretcat/astro-snapshot/alerts/2.2.0?alert_name=urlStrings. I can't tell whether it has a problem with README.md or types.ts but I'd assume it's the latter.
  2. https://socket.dev/npm/package/@twocaretcat/tally-ts/alerts/2.0.0?alert_name=urlStrings
Is this intentional? If so, what is the risk here? Obviously, I don't want to remove links to external documentation just to appease Socket.