Ergonomic, hermetic, user-friendly software build system for Python, Go, Java, Kotlin, Protobuf, Scala, Shell. Pants lets you fearlessly scale up your codebase!

Pants

Serious compromise. <https://www.theregister.com/2021/10/25/in_brief_security/|https://www.theregister.com/2021/10/25/in_brief_security/>

that package is mentioned in our yarn.lock:
```tdyas@paradox:~/TC/toolchain$ git grep  ua-parser-js
src/node/yarn.lock:    ua-parser-js "^0.7.18"
src/node/yarn.lock:ua-parser-js@^0.7.18:
src/node/yarn.lock:  resolved "<https://registry.yarnpkg.com/ua-parser-js/-/ua-parser-js-0.7.28.tgz#8ba04e653f35ce210239c64661685bf9121dec31>" ```

the compromised version is 0.7.29 so we seem to have avoided the malware

<https://us-cert.cisa.gov/ncas/current-activity/2021/10/22/malware-discovered-popular-npm-package-ua-parser-js>

<https://twitter.com/rbm/status/1451799009274646532>