@expo/steps - npm Package Compare versions

Comparing version 18.13.1 to 19.0.0

package.json

 {
   "name": "@expo/steps",
-  "version": "18.13.1",
+  "version": "19.0.0",
   "bugs": "https://github.com/expo/eas-cli/issues",
@@ -30,4 +30,4 @@ "license": "BUSL-1.1",
   "dependencies": {
-    "@expo/eas-build-job": "18.13.1",
-    "@expo/logger": "18.5.0",
+    "@expo/eas-build-job": "19.0.0",
+    "@expo/logger": "19.0.0",
     "@expo/spawn-async": "^1.7.2",
@@ -60,3 +60,3 @@ "arg": "^5.0.2",
   },
-  "gitHead": "dbf597957dc93133d15e99298c55c0ad31b994c1"
+  "gitHead": "fc7c2950e773245d987c756b2bd2e8ba2ac6ee22"
 }

New alerts

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 2 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 2 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Worsened metrics

Total package byte prevSize

156440

0

Dependency changes

• + Added

  @expo/eas-build-job@19.0.0
  (transitive)

• + Added

  @expo/logger@19.0.0
  (transitive)

• + Added

  @expo/turtle-spawn@19.0.0
  (transitive)

• - Removed

  @expo/eas-build-job@18.13.1
  (transitive)

• - Removed

  @expo/logger@18.5.0
  (transitive)

• - Removed

  @expo/turtle-spawn@18.5.0
  (transitive)

• Updated

  @expo/eas-build-job@19.0.0

• Updated

  @expo/logger@19.0.0