@fanoutio/pubcontrol - npm Package Compare versions

Comparing version 2.0.0-beta.8 to 2.0.0-beta.9

package.json

 {
   "name": "@fanoutio/pubcontrol",
-  "version": "2.0.0-beta.8",
+  "version": "2.0.0-beta.9",
   "author": "Fanout, Inc. <info@fanout.io>",
@@ -5,0 +5,0 @@ "description": "EPCP Library",

rollup.commonjs.config.js

 import commonjs from '@rollup/plugin-commonjs';
-import nodeResolve from 'rollup-plugin-node-resolve';
 import babel from 'rollup-plugin-babel';
@@ -16,5 +15,2 @@ import json from '@rollup/plugin-json';
         json(),
-        nodeResolve({
-            preferBuiltins: true,
-        }),
         babel({
@@ -28,3 +24,8 @@ babelrc: false,
     ],
-    external: builtins,
+    external: [
+        ...builtins,
+        'isomorphic-fetch',
+        'agentkeepalive',
+        'jwt-simple',
+    ],
 };

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 2 instances in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 5 instances in 1 package

High entropy strings

Supply chain risk

Contains high entropy strings. This could be a sign of encrypted data, leaked secrets or obfuscated code.

Found 1 instance in 1 package

Improved metrics

Number of low supply chain risk alerts

0

decreased by-100%

Number of medium supply chain risk alerts

4

decreased by-42.86%

Worsened metrics

Total package byte prevSize

474577

decreased by-47.44%

Lines of code

13016

decreased by-51.81%

No dependency changes