@contrast/heapdump - npm Package Compare versions

Comparing version 0.3.19 to 1.0.0

index.js

@@ -15,2 +15,10 @@ // Copyright (c) 2014, Ben Noordhuis <info@bnoordhuis.nl>
 
-module.exports = require(`${__dirname}/${process.platform}.node`);
+// when distributed, the root directory will include all of the built modules.
+// ie darwin-12.node, win32-12.node, linux-14.node.
+const version = process.version.split('.')[0].substring(1);
+try {
+  module.exports = require(`${__dirname}/${process.platform}-${version}/addon.node`);
+} catch(e) {
+  if (e.code !== 'MODULE_NOT_FOUND') throw e;
+  module.exports = require('./build/Release/addon.node');
+}

package.json

 {
   "name": "@contrast/heapdump",
-  "version": "0.3.19",
+  "version": "1.0.0",
   "description": "Make a dump of the V8 heap for later inspection.",
+  "homepage": "https://github.com/contrast-security-oss/node-heapdump",
   "author": {
@@ -10,11 +11,22 @@ "name": "Ben Noordhuis",
   },
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/contrast-security-oss/node-heapdump.git"
+  },
   "engines": {
     "node": ">=0.10.0"
   },
-  "homepage": "https://github.com/contrast-security-oss/node-heapdump",
   "license": "ISC",
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/contrast-security-oss/node-heapdump.git"
+  "scripts": {
+    "release": "node scripts/make-release.js",
+    "test": "tap test/test-*"
+  },
+  "dependencies": {
+    "nan": "^2.13.2"
+  },
+  "devDependencies": {
+    "shelljs": "~0.3.0",
+    "tap": "~0.4.12",
+    "yargs-interactive": "^3.0.0"
   }
 }

New alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

No README

Quality

Package does not have a README. This may indicate a failed publish or a low quality package.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Fixed alerts

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

No tests

Quality

Package does not have any tests. This is a strong signal of a poorly maintained or low quality package.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Unidentified License

License

(Experimental) Something that seems like a license was found, but its contents could not be matched with a known license

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1409120

increased by828.14%

Number of package files

11

increased by22.22%

Number of low license alerts

0

decreased by-100%

License quality

100

increased by25%

Lines of code

22

increased by57.14%

Number of low quality alerts

0

decreased by-100%

Worsened metrics

Dependency count

1

increased byInfinity%

Dev dependency count

3

increased byInfinity%

Number of medium quality alerts

2

increased by100%

Number of lines in readme file

0

decreased by-100%

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Addednan@^2.13.2

• + Addednan@2.19.0(transitive)