Closing of Threads after 6 months - I want to add a Security Warning

Hi this is largely for streamlit /snowfake team and more feedback than a question. This seemed like the best category to post in.

Thanks for the great package, it helps me make POCs for breakfast!

I recently came across a post and found reference to a streamlit component. It was just what I was looking for and more! However, when I looked on Snyk it had some major indirect security issues, there is no way I can install it. We have to get approval for every package installed and I have never seen a package so bad as this wrt to security health.

So I wanted to warn others and post this on the thread but couldn’t as its over 365 days old. This is extremely important information, even more so considering that the general users of streamlit will not be thinking about vulnerabilities that could have a huge impact on deployment.

image

Hi @scatter,

Thanks for sharing this question. Streamlit custom components are developed by community members rather than the Streamlit team, so the best course of action in this case would likely be to post in the GitHub Issues section of the component so that the creator of the component can answer your question – if you can share the name of the component, I can point you towards the repo.

Re: closed threads – threads in the forum close after prolonged periods of inactivity, but you can always feel free to create a new post.