@empiricalrun/llm - npm Package Compare versions

Comparing version 0.9.15 to 0.9.16

CHANGELOG.md

 # @empiricalrun/llm
 
+## 0.9.16
+
+### Patch Changes
+
+- 25f3601: fix: npmignore config
+
 ## 0.9.15
@@ -4,0 +10,0 @@

dist/prompts/provider/index.js

@@ -6,4 +6,4 @@ "use strict";
 const langfuse = new langfuse_1.Langfuse({
-    secretKey: "sk-lf-30eee545-9c2c-4646-bfd9-8f38acf2fa8f",
-    publicKey: "pk-lf-c5c7cf23-de76-4098-ad81-594bce7cf330",
+    secretKey: process.env.LANGFUSE_SK,
+    publicKey: process.env.LANGFUSE_PK,
     baseUrl: "https://us.cloud.langfuse.com",
@@ -10,0 +10,0 @@ flushAt: 1,

dist/trace/index.js

@@ -6,4 +6,4 @@ "use strict";
 exports.langfuseInstance = new langfuse_1.Langfuse({
-    secretKey: "sk-lf-30eee545-9c2c-4646-bfd9-8f38acf2fa8f",
-    publicKey: "pk-lf-c5c7cf23-de76-4098-ad81-594bce7cf330",
+    secretKey: process.env.LANGFUSE_SK,
+    publicKey: process.env.LANGFUSE_PK,
     baseUrl: "https://us.cloud.langfuse.com",
@@ -10,0 +10,0 @@ flushAt: 1,

package.json

 {
   "name": "@empiricalrun/llm",
-  "version": "0.9.15",
+  "version": "0.9.16",
   "main": "dist/index.js",
@@ -5,0 +5,0 @@ "exports": {

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Worsened metrics

Total package byte prevSize

40955

decreased by-99.45%

Number of package files

42

decreased by-26.32%

Number of low supply chain risk alerts

7

increased by133.33%

No dependency changes