New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@guildofweavers/merkle
Advanced tools
@guildofweavers/merkle - npm Package Compare versions
Comparing version 0.3.9 to 0.3.10
| { | ||
| "name": "@guildofweavers/merkle", | ||
| "version": "0.3.9", | ||
| "version": "0.3.10", | ||
| "description": "Merkle tree and other data structures", | ||
@@ -25,3 +25,3 @@ "main": "index.js", | ||
| "dependencies": { | ||
| "assemblyscript": "github:AssemblyScript/assemblyscript" | ||
| "@assemblyscript/loader": "0.8.x" | ||
| }, | ||
@@ -32,2 +32,3 @@ "devDependencies": { | ||
| "@types/node": "12.7.x", | ||
| "assemblyscript": "0.8.x", | ||
| "chai": "4.2.x", | ||
@@ -34,0 +35,0 @@ "del": "5.0.x", |
Fixed alerts
GitHub dependency
Supply chain riskContains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.02%
48770
- Number of high supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Dev dependency count
- increased by12.5%
9
Dependency changes
+ Added@assemblyscript/loader@0.8.x
+ Added@assemblyscript/loader@0.8.1(transitive)
- Removedassemblyscript@github:AssemblyScript/assemblyscript