@elastic.io/jsonata-moment - npm Package Compare versions

Comparing version 1.1.4 to 1.1.5-dev1

package.json

 {
   "name": "@elastic.io/jsonata-moment",
-  "version": "1.1.4",
+  "version": "1.1.5-dev1",
   "description": "Moment support for JSONata",
@@ -37,4 +37,4 @@ "main": "dist/jsonata-moment.js",
   "dependencies": {
-    "jsonata": "1.7.0"
+    "jsonata": "https://github.com/jsonata-js/jsonata#12a36f08d44616cb24cc2e08d7468e76197a0281"
   }
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

HTTP dependency

Supply chain risk

Contains a dependency which resolves to a remote HTTP URL which could be used to inject untrusted code and reduce overall package reliability.

Found 1 instance in 1 package

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

431557

increased by0.02%

Worsened metrics

Number of low quality alerts

2

increased by100%

Number of high supply chain risk alerts

1

increased byInfinity%

Dependency changes

• - Removedjsonata@1.7.0(transitive)

• Updatedjsonata@https://github.com/jsonata-js/jsonata#12a36f08d44616cb24cc2e08d7468e76197a0281