@erickmerchant/checkup - npm Package Compare versions

Comparing version 11.1.2 to 11.2.0

package.json

 {
   "name": "@erickmerchant/checkup",
-  "version": "11.1.2",
+  "version": "11.2.0",
   "description": "Check multiple projects for various things.",
@@ -25,9 +25,10 @@ "bin": {
     "execa": "^1.0.0",
-    "globby": "^9.0.0",
+    "globby": "^9.1.0",
     "kleur": "^3.0.2",
     "semver": "^5.6.0",
-    "sergeant": "^24.1.2"
+    "sergeant": "^24.1.3"
   },
   "devDependencies": {
-    "@erickmerchant/lint": "^1.10.1",
+    "@erickmerchant/lint": "^2.0.1",
+    "eslint": "^5.15.0",
     "proxyquire": "^2.1.0",
@@ -34,0 +35,0 @@ "tape": "^4.10.0"

src/check-dependencies.js

@@ -108,4 +108,16 @@ const fs = require('fs')
         }
+      }
+    }
 
-        if (found) break
+    if (!found) {
+      for (const subPkgDep of pkgDeps) {
+        const pkgDepPkg = require(path.join(directory, 'node_modules', subPkgDep, 'package.json'))
+
+        if (pkgDepPkg.peerDependencies != null) {
+          if (Object.keys(pkgDepPkg.peerDependencies).includes(pkgDep)) {
+            found = true
+
+            break
+          }
+        }
       }
@@ -112,0 +124,0 @@ }

New alerts

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

19312

increased by1.91%

Lines of code

623

increased by1.63%

Worsened metrics

Dev dependency count

4

increased by33.33%

Number of low supply chain risk alerts

9

increased by12.5%

Dependency changes

• Updatedglobby@^9.1.0

• Updatedsergeant@^24.1.3