auth0-react

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The setup scripts include commands that fetch and execute remote install scripts at runtime (e.g., curl -sSfL https://raw.githubusercontent.com/auth0/auth0-cli/main/install.sh | sh, /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)", and PowerShell iwr -useb get.scoop.sh | iex), which download and run remote code and are required for the automated setup, so they present a clear execution-of-remote-code risk.