auth0-spa-js

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The setup scripts include an automated installer that fetches and executes remote code via the Auth0 CLI install script (curl -sSfL https://raw.githubusercontent.com/auth0/auth0-cli/main/install.sh | sh), which is a runtime dependency used to provision the required auth0 CLI and thus can execute remote code on the host.