@loopback/testlab - npm Package Compare versions

Comparing version 8.0.5 to 8.0.6

package.json

 {
   "name": "@loopback/testlab",
   "description": "A collection of test utilities we use to write LoopBack tests.",
-  "version": "8.0.5",
+  "version": "8.0.6",
   "license": "MIT",
@@ -38,3 +38,3 @@ "main": "dist/index.js",
     "@hapi/shot": "^6.0.2",
-    "@types/express": "^4.17.23",
+    "@types/express": "^4.17.25",
     "@types/fs-extra": "^11.0.4",
@@ -53,7 +53,7 @@ "@types/shot": "^4.0.5",
   "devDependencies": {
-    "@loopback/build": "^12.0.5",
+    "@loopback/build": "^12.0.6",
     "@loopback/eslint-config": "^16.0.1",
     "@types/node": "^16.18.126"
   },
-  "gitHead": "37fdde1b8bcd417c9e71a093b963f1bd05be5da7"
+  "gitHead": "ba6b2836b1bec5e65d35a7d901e4601efb0f9676"
 }

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 3 instances in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 2 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 3 instances in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 2 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

No metric changes

Dependency changes

• Updated

  @types/express@^4.17.25