@getgauge/cli - npm Package Compare versions

Comparing version 1.0.1-rc.1 to 1.0.1-rc.2

package.json

 {
   "name": "@getgauge/cli",
-  "version": "1.0.1-rc.1",
+  "version": "1.0.1-rc.2",
   "description": "npm wrapper for installing gauge command line",
   "main": "index.js",
   "scripts": {
+    "install": "node ./install.js",
     "test": "echo \"Error: no test specified\" && exit 1"
@@ -8,0 +9,0 @@ },

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Install scripts

Supply chain risk

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Found 1 instance in 1 package

Trivial Package

Supply chain risk

Packages less than 10 lines of code are easily copied into your own project and may not warrant the additional supply chain risk of an external dependency.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Empty package

Supply chain risk

Package does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1558

increased by77.65%

Number of package files

4

increased by100%

Lines of code

10

increased byInfinity%

Worsened metrics

Number of high supply chain risk alerts

1

increased byInfinity%

Number of low supply chain risk alerts

1

increased byInfinity%

No dependency changes