@eggjs/tegg-metadata
Advanced tools
@eggjs/tegg-metadata - npm Package Compare versions
+21
| MIT License | ||
| Copyright (c) 2017-present Alibaba Group Holding Limited and other contributors. | ||
| Permission is hereby granted, free of charge, to any person obtaining a copy | ||
| of this software and associated documentation files (the "Software"), to deal | ||
| in the Software without restriction, including without limitation the rights | ||
| to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
| copies of the Software, and to permit persons to whom the Software is | ||
| furnished to do so, subject to the following conditions: | ||
| The above copyright notice and this permission notice shall be included in all | ||
| copies or substantial portions of the Software. | ||
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
| IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
| FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
| AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
| LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
| OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||
| SOFTWARE. |
+6
-6
| { | ||
| "name": "@eggjs/tegg-metadata", | ||
| "version": "3.73.0-beta.0", | ||
| "version": "3.73.0-beta.1", | ||
| "description": "tegg metadata", | ||
@@ -38,6 +38,6 @@ "keywords": [ | ||
| "dependencies": { | ||
| "@eggjs/core-decorator": "^3.73.0-beta.0", | ||
| "@eggjs/tegg-common-util": "^3.73.0-beta.0", | ||
| "@eggjs/tegg-lifecycle": "^3.73.0-beta.0", | ||
| "@eggjs/tegg-types": "^3.73.0-beta.0", | ||
| "@eggjs/core-decorator": "^3.73.0-beta.1", | ||
| "@eggjs/tegg-common-util": "^3.73.0-beta.1", | ||
| "@eggjs/tegg-lifecycle": "^3.73.0-beta.1", | ||
| "@eggjs/tegg-types": "^3.73.0-beta.1", | ||
| "egg-errors": "^2.2.3" | ||
@@ -58,3 +58,3 @@ }, | ||
| }, | ||
| "gitHead": "419d966f3efc649e533f165ba5d15994d7076722" | ||
| "gitHead": "b29319ee49b55f6e777d5581d70bfea224bf6e1f" | ||
| } |
New alerts
Unstable ownership
Supply chain riskA new collaborator has begun publishing package versions. Package stability and security risk may be elevated.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Fixed alerts
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
167164
0.67%- Number of package files
47
2.17%Worsened metrics
- Number of high supply chain risk alerts
1
Infinity%- Number of medium supply chain risk alerts
1
Infinity%