@heroku/frankenpurple
Advanced tools
Comparing version 1.1.11 to 1.1.12
{ | ||
"name": "@heroku/frankenpurple", | ||
"description": "A UI kit for Heroku's web interfaces. To get started, check out https://purple.herokuapp.com!", | ||
"version": "1.1.11", | ||
"version": "1.1.12", | ||
"keywords": [ | ||
@@ -17,4 +17,7 @@ "heroku", | ||
}, | ||
"engines": { | ||
"node": "10.22.0" | ||
}, | ||
"dependencies": { | ||
"bootstrap-sass": "git://github.com/heroku/bootstrap-sass.git#am-frankenbootstrap", | ||
"bootstrap-sass": "https://github.com/heroku/bootstrap-sass.git#am-frankenbootstrap", | ||
"bourbon": "4.2.7" | ||
@@ -21,0 +24,0 @@ }, |
Git dependency
Supply chain riskContains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Git dependency
Supply chain riskContains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
NPM Shrinkwrap
Supply chain riskPackage contains a shrinkwrap file. This may allow the package to bypass normal install procedures.
Found 1 instance in 1 package
0
479368
47
7141
1