auth0-react
Warn
Audited by Snyk on Feb 19, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The setup scripts fetch and execute remote install scripts at runtime (e.g., curl -sSfL https://raw.githubusercontent.com/auth0/auth0-cli/main/install.sh | sh, /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)", and iwr -useb https://get.scoop.sh | iex), which runs remote code as a required part of the automated setup, so these URLs present a runtime code-execution risk.
Audit Metadata