@changesets/cli - npm Package Compare versions

Comparing version 2.29.5 to 2.29.6

dist/changesets-cli.cjs.js

@@ -17,3 +17,3 @@ 'use strict';
 var writeChangeset = require('@changesets/write');
-var externalEditor = require('external-editor');
+var externalEditor = require('@inquirer/external-editor');
 var resolveFrom = require('resolve-from');
@@ -20,0 +20,0 @@ var termSize = require('term-size');

dist/changesets-cli.esm.js

@@ -17,3 +17,3 @@ import mri from 'mri';
 import writeChangeset from '@changesets/write';
-import { edit, ExternalEditor } from 'external-editor';
+import { edit, ExternalEditor } from '@inquirer/external-editor';
 import resolveFrom from 'resolve-from';
@@ -20,0 +20,0 @@ import termSize from 'term-size';

package.json

 {
   "name": "@changesets/cli",
-  "version": "2.29.5",
+  "version": "2.29.6",
   "description": "Organise your package versioning and publishing to make both contributors and maintainers happy",
@@ -83,2 +83,3 @@ "bin": {
     "@changesets/write": "^0.4.0",
+    "@inquirer/external-editor": "^1.0.0",
     "@manypkg/get-packages": "^1.1.3",
@@ -88,3 +89,2 @@ "ansi-colors": "^4.1.3",
     "enquirer": "^2.4.1",
-    "external-editor": "^3.1.0",
     "fs-extra": "^7.0.1",
@@ -91,0 +91,0 @@ "mri": "^1.2.0",

README.md

@@ -6,3 +6,3 @@ ## @changesets/cli 🦋
 
-The primary implementation of [changesets](https://github.com/Noviny/changesets). Helps you manage the versioning
+The primary implementation of [changesets](https://github.com/changesets/changesets). Helps you manage the versioning
 and changelog entries for your packages, with a focus on versioning within a mono-repository (though we support
@@ -9,0 +9,0 @@ single-package repositories too).

New alerts

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

130374

0.03%

Dependency changes

• + Added

  @inquirer/external-editor@^1.0.0

• + Added

  @inquirer/external-editor@1.0.3
  (transitive)

• + Added

  chardet@2.1.1
  (transitive)

• + Added

  iconv-lite@0.7.2
  (transitive)

• - Removed

  external-editor@^3.1.0

• - Removed

  chardet@0.7.0
  (transitive)

• - Removed

  external-editor@3.1.0
  (transitive)

• - Removed

  iconv-lite@0.4.24
  (transitive)

• - Removed

  os-tmpdir@1.0.2
  (transitive)

• - Removed

  tmp@0.0.33
  (transitive)