@endo/lockdown
Advanced tools
Comparing version 0.1.26 to 0.1.27
{ | ||
"name": "@endo/lockdown", | ||
"version": "0.1.26", | ||
"version": "0.1.27", | ||
"description": "Wrappers for hardening JavaScript for Endo", | ||
@@ -19,3 +19,3 @@ "type": "module", | ||
"dependencies": { | ||
"ses": "^0.18.2" | ||
"ses": "^0.18.3" | ||
}, | ||
@@ -46,3 +46,3 @@ "files": [ | ||
"extends": [ | ||
"@endo" | ||
"plugin:@endo/internal" | ||
] | ||
@@ -53,11 +53,6 @@ }, | ||
], | ||
"prettier": { | ||
"arrowParens": "avoid", | ||
"trailingComma": "all", | ||
"singleQuote": true | ||
}, | ||
"publishConfig": { | ||
"access": "public" | ||
}, | ||
"gitHead": "0053227a37ee76ee8a3dce6059dd55140ed0ce6d" | ||
"gitHead": "8141f58debaec420cbc2a7cb698e888566d430ba" | ||
} |
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
2
0
27805
Updatedses@^0.18.3