@datadog/pprof - npm Package Compare versions

Comparing version 0.1.2 to 0.1.3

package.json

 {
   "name": "@datadog/pprof",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "description": "pprof support for Node.js",
@@ -40,3 +40,3 @@ "repository": "datadog/pprof-nodejs",
     "nan": "^2.14.0",
-    "node-gyp-build": "^4.2.3",
+    "node-gyp-build": "^3.9.0",
     "p-limit": "^3.0.0",
@@ -88,3 +88,5 @@ "pify": "^5.0.0",
     "README.md",
-    "scripts",
+    "scripts/preinstall.js",
+    "scripts/require-package-json.js",
+    "scripts/should_rebuild.js",
     "prebuilds"
@@ -91,0 +93,0 @@ ],

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Improved metrics

Number of low supply chain risk alerts

6

decreased by-50%

Number of medium supply chain risk alerts

29

decreased by-19.44%

Worsened metrics

Total package byte prevSize

6290874

decreased by-0.14%

Number of package files

68

decreased by-4.23%

Lines of code

4999

decreased by-5.43%

Dependency changes

• + Addednode-gyp-build@3.9.0(transitive)

• - Removednode-gyp-build@4.8.4(transitive)

• Updatednode-gyp-build@^3.9.0