@botpress/client - npm Package Compare versions

Comparing version 0.36.2 to 0.37.0

package.json

 {
   "name": "@botpress/client",
-  "version": "0.36.2",
+  "version": "0.37.0",
   "description": "Botpress Client",
@@ -34,10 +34,8 @@ "main": "./dist/index.cjs",
   "devDependencies": {
-    "@botpress/api": "0.53.0",
+    "@botpress/api": "0.55.0",
     "@types/qs": "^6.9.7",
     "esbuild": "^0.16.12",
     "lodash": "^4.17.21",
-    "ts-node": "^10.9.2",
-    "tsup": "^8.0.2",
-    "vitest": "^0.33.0"
+    "tsup": "^8.0.2"
   }
 }

New alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 10 instances in 1 package

Fixed alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 10 instances in 1 package

Improved metrics

Total package byte prevSize

4180899

increased by0.89%

Dev dependency count

5

decreased by-28.57%

Lines of code

16549

increased by0.5%

Number of low supply chain risk alerts

25

decreased by-3.85%

No dependency changes