In the pcf gallery itself, I found a control and ran it thru snyk and a low level vunerability was identified,
it has an easy fix too, update the version.
Im new to this, so asking, is there some way of knowing that a project is registered with an automated dependency checking, and calling out to it to determine the current status of the components you are displaying ?
If the author doesnt do this, is there a way for you to regsiter all open source components with say snyk and check it yourselves, automating notifications to the author to get on with fixing when detected and for you to display the message on the site that this component needs attention and possibly notify users that downloaded a component from yourselves that what they have needs updating//checking.
Customer support service by UserEcho