Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement →

@instana/core

Advanced tools

License

Install Socket

Detect and block malicious and high-risk dependencies

Install

@instana/core - npm Package Compare versions

Comparing version

5.4.3

5.5.0

+7

-7

package.json

		{
		"name": "@instana/core",
		"version": "5.4.3",
		"version": "5.5.0",
		"description": "Core library for Instana's Node.js packages",
		@@ -63,6 +63,6 @@ "main": "src/index.js",
		"@opentelemetry/context-async-hooks": "1.25.0",
		"@opentelemetry/core": "2.6.1",
		"@opentelemetry/instrumentation-fs": "0.34.0",
		"@opentelemetry/instrumentation-oracledb": "0.39.0",
		"@opentelemetry/instrumentation-restify": "0.59.0",
		"@opentelemetry/core": "2.7.1",
		"@opentelemetry/instrumentation-fs": "0.36.0",
		"@opentelemetry/instrumentation-oracledb": "0.40.0",
		"@opentelemetry/instrumentation-restify": "0.60.0",
		"@opentelemetry/instrumentation-socket.io": "0.61.0",
		@@ -77,3 +77,3 @@ "@opentelemetry/instrumentation-tedious": "0.28.0",
		"read-yaml-file": "^2.1.0",
		"semver": "^7.7.4",
		"semver": "^7.8.0",
		"shimmer": "^1.2.1"
		@@ -85,3 +85,3 @@ },
		},
		"gitHead": "a04f29996f49529d4cfb5749fa964ad030c8ad12"
		"gitHead": "da9ae25a9d8f772b67c12e9cd0070f9a01e74fb2"
		}

CHANGELOG.md

Sorry, the diff of this file is too big to display

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 4 instances in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 2 instances in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 30 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

AI-detected potential code anomaly

Supply chain risk

AI has identified unusual behaviors that may pose a security risk.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 4 instances in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 2 instances in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 30 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

AI-detected potential code anomaly

Supply chain risk

AI has identified unusual behaviors that may pose a security risk.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

@instana/core - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Dependency changes