@live-change/dao-sockjs - npm Package Compare versions

Comparing version 0.1.0 to 0.1.1

package.json

 {
   "name": "@live-change/dao-sockjs",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "author": {
@@ -13,5 +13,5 @@ "email": "m8@em8.pl",
   "dependencies": {
+    "@live-change/dao": "git+https://github.com/live-change/dao.git",
     "debug": "^4.1.1",
-    "@live-change/dao": "git+https://github.com/live-change/dao.git",
-    "sockjs-client": "https://github.com/sockjs/sockjs-client.git",
+    "sockjs-client": "git+https://github.com/sockjs/sockjs-client.git",
     "supports-color": "^7.1.0"
@@ -18,0 +18,0 @@ },

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Git dependency

Supply chain risk

Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

HTTP dependency

Supply chain risk

Contains a dependency which resolves to a remote HTTP URL which could be used to inject untrusted code and reduce overall package reliability.

Found 1 instance in 1 package

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

3338

increased by0.12%

Number of medium supply chain risk alerts

0

decreased by-100%

Dependency changes

• Updatedsockjs-client@git+https://github.com/sockjs/sockjs-client.git