@bonniernews/local-esi - npm Package Compare versions

Comparing version 1.2.6 to 1.2.7

CHANGELOG.md

@@ -9,2 +9,6 @@ # Changelog
 
+## [1.2.7] - 2021-08-25
+### Changed
+- Use bonniernews scoped packaged fork of atlas-html-stream dependency
+
 ## [1.2.6] - 2021-02-16
@@ -11,0 +15,0 @@ ### Changed

lib/ESIEvaluator.js

 "use strict";
 
-const HtmlParser = require("atlas-html-stream");
+const HtmlParser = require("@bonniernews/atlas-html-stream");
 const request = require("request");
@@ -5,0 +5,0 @@ const url = require("url");

lib/transformHtml.js

 "use strict";
 
-const HtmlParser = require("atlas-html-stream");
+const HtmlParser = require("@bonniernews/atlas-html-stream");
 const ESIParser = require("./ESIParser");
@@ -5,0 +5,0 @@ const pump = require("pump"); // replace with stream.pipeline when upping to node 10

package.json

 {
   "name": "@bonniernews/local-esi",
-  "version": "1.2.6",
+  "version": "1.2.7",
   "description": "Local Edge Side Includes parser",
@@ -24,3 +24,3 @@ "main": "index.js",
   "dependencies": {
-    "atlas-html-stream": "https://github.com/BonnierNews/atlas-html-stream.git",
+    "@bonniernews/atlas-html-stream": "^1.2.2",
     "pump": "^3.0.0",
@@ -27,0 +27,0 @@ "pumpify": "^2.0.1",

README.md

@@ -76,3 +76,3 @@ Local-ESI
 
-const HtmlParser = require("atlas-html-stream");
+const HtmlParser = require("@bonniernews/atlas-html-stream");
 const {createParser: createESIParser, htmlWriter} = require("@bonniernews/local-esi");
@@ -79,0 +79,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

HTTP dependency

Supply chain risk

Contains a dependency which resolves to a remote HTTP URL which could be used to inject untrusted code and reduce overall package reliability.

Found 1 instance in 1 package

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

51661

increased by0.22%

Number of high supply chain risk alerts

0

decreased by-100%

Dependency changes

• + Added@bonniernews/atlas-html-stream@^1.2.2

• + Added@bonniernews/atlas-html-stream@1.2.2(transitive)

• + Added@bonniernews/atlas-seq-matcher@1.0.4(transitive)

• - Removedatlas-html-stream@https://github.com/BonnierNews/atlas-html-stream.git