@aspecto/core
Advanced tools
@aspecto/core - npm Package Compare versions
Comparing version 1.0.17 to 1.0.18
| { | ||
| "name": "@aspecto/core", | ||
| "version": "1.0.17", | ||
| "version": "1.0.18", | ||
| "description": "Aspecto metric collector", | ||
@@ -40,5 +40,5 @@ "main": "index.js", | ||
| "hooks": { | ||
| "pre-commit": "npm run tsc && npm run test" | ||
| "pre-commit": "npm run tsc && npm run test && git add ." | ||
| } | ||
| } | ||
| } |
New alerts
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 4 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by181.88%
62399
- Number of package files
- increased by141.67%
58
- Lines of code
- increased by105.76%
1251
Worsened metrics
- Number of low supply chain risk alerts
- increased by750%
17
- Number of medium supply chain risk alerts
- increased by100%
2