@daily-co/daily-js - npm Package Compare versions

Comparing version 0.54.0 to 0.55.0

package.json

 {
   "name": "@daily-co/daily-js",
-  "version": "0.54.0",
+  "version": "0.55.0",
   "engines": {
@@ -8,7 +8,7 @@ "node": ">=10.0.0"
   "homepage": "https://github.com/daily-co/daily-js/",
-  "main": "dist/daily-iframe.js",
-  "module": "dist/daily-iframe-esm.js",
+  "main": "dist/daily.js",
+  "module": "dist/daily-esm.js",
   "types": "index.d.ts",
   "files": "dist",
-  "unpkg": "dist/daily-iframe.js",
+  "unpkg": "dist/daily.js",
   "browserslist": [
@@ -38,3 +38,6 @@ "defaults",
     "@rollup/plugin-babel": "^6.0.3",
+    "@rollup/plugin-commonjs": "^24.0.1",
+    "@rollup/plugin-node-resolve": "^15.0.2",
     "@rollup/plugin-replace": "^5.0.2",
+    "@rollup/plugin-terser": "^0.4.0",
     "@semantic-release/git": "^10.0.1",
@@ -49,5 +52,2 @@ "babel-jest": "^27.4.6",
     "rollup": "^3.20.2",
-    "@rollup/plugin-commonjs": "^24.0.1",
-    "@rollup/plugin-node-resolve": "^15.0.2",
-    "@rollup/plugin-terser": "^0.4.0",
     "semantic-release": "^19.0.3",
@@ -61,2 +61,3 @@ "ts-jest": "^27.1.2",
     "@babel/runtime": "^7.12.5",
+    "@sentry/browser": "^7.60.1",
     "bowser": "^2.8.1",
@@ -63,0 +64,0 @@ "dequal": "^2.0.3",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Empty package

Supply chain risk

Package does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Native code

Supply chain risk

Contains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 4 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Number of low supply chain risk alerts

1

decreased by-87.5%

Number of medium supply chain risk alerts

5

decreased by-44.44%

Worsened metrics

Total package byte prevSize

254295

decreased by-63.82%

Dependency count

7

increased by16.67%

Number of package files

4

decreased by-90.91%

Lines of code

0

decreased by-100%

Dependency changes

• + Added@sentry/browser@^7.60.1

• + Added@sentry-internal/feedback@7.120.0(transitive)

• + Added@sentry-internal/replay-canvas@7.120.0(transitive)

• + Added@sentry-internal/tracing@7.120.0(transitive)

• + Added@sentry/browser@7.120.0(transitive)

• + Added@sentry/core@7.120.0(transitive)

• + Added@sentry/integrations@7.120.0(transitive)

• + Added@sentry/replay@7.120.0(transitive)

• + Added@sentry/types@7.120.0(transitive)

• + Added@sentry/utils@7.120.0(transitive)

• + Addedimmediate@3.0.6(transitive)

• + Addedlie@3.1.1(transitive)

• + Addedlocalforage@1.10.0(transitive)