socc-deploy

The README itself contains no embedded malicious code, but it instructs a supply-chain-sensitive workflow that involves downloading and executing a third-party npm package and providing an API token. The main risks are: (1) executing unreviewed remote code (supply-chain compromise), (2) potential credential capture or insecure token storage, and (3) accidental or malicious exfiltration of files beyond the intended build directory. Recommend auditing the socclink package and dependencies, using isolated execution environments, verifying token storage/usage, and ensuring the working directory contains only intended artifacts before deploying.