False positive - confusing npm packages: ionicabizau/parse-url & parseurl:1.3.3

Clean Code Report False-positive / False-negative...
1

Filename: parseurl:1.3.3 | Reference: CVE-2022-2216 | CVSS Score: 9.8 | Category: CWE-918 | Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0.

NPM package ionicabizau/parse-url is not parseurl.

2

I suggest getting in touch with the maintainer of the OWASP dependency check plugin: GitHub - dependency-check/dependency-check-sonar-plugin: Integrates Dependency-Check reports into SonarQube