@mapbox/node-pre-gyp
Advanced tools
@mapbox/node-pre-gyp - npm Package Compare versions
@@ -19,3 +19,3 @@ # https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-nodejs | ||
| steps: | ||
| - uses: actions/checkout@v5 | ||
| - uses: actions/checkout@v6 | ||
| - uses: actions/setup-node@v6 | ||
@@ -22,0 +22,0 @@ with: |
@@ -41,3 +41,3 @@ # For most projects, this workflow file will not need changing; you simply need | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v5 | ||
| uses: actions/checkout@v6 | ||
@@ -44,0 +44,0 @@ # Initializes the CodeQL tools for scanning. |
@@ -16,3 +16,3 @@ name: release | ||
| steps: | ||
| - uses: actions/checkout@v5 | ||
| - uses: actions/checkout@v6 | ||
@@ -47,3 +47,3 @@ - uses: actions/setup-node@v6 | ||
| steps: | ||
| - uses: actions/checkout@v5 | ||
| - uses: actions/checkout@v6 | ||
@@ -50,0 +50,0 @@ - uses: actions/setup-node@v6 |
@@ -26,3 +26,3 @@ name: S3 Bucket Test | ||
| - name: Checkout ${{ github.ref }} | ||
| uses: actions/checkout@v5 | ||
| uses: actions/checkout@v6 | ||
@@ -29,0 +29,0 @@ - name: Setup node ${{ matrix.node }} |
+3
-0
@@ -5,2 +5,5 @@ # node-pre-gyp changelog | ||
| ## 2.0.3 | ||
| - Revert "Bump nopt from 8.0.0 to 9.0.0 (#919)" (#925)[https://github.com/mapbox/node-pre-gyp/pull/925] | ||
| ## 2.0.2 | ||
@@ -7,0 +10,0 @@ - Support private ACL for S3 buckets [#923](https://github.com/mapbox/node-pre-gyp/pull/923) |
+2
-2
| { | ||
| "name": "@mapbox/node-pre-gyp", | ||
| "description": "Node.js native addon binary install tool", | ||
| "version": "2.0.2", | ||
| "version": "2.0.3", | ||
| "keywords": [ | ||
@@ -30,3 +30,3 @@ "native", | ||
| "node-fetch": "^2.6.7", | ||
| "nopt": "^9.0.0", | ||
| "nopt": "^8.0.0", | ||
| "semver": "^7.5.3", | ||
@@ -33,0 +33,0 @@ "tar": "^7.4.0" |
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 2 instances in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 12 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 2 instances in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 12 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
192858
0.06%Dependency changes
+ Added
abbrev@3.0.1(transitive)+ Added
nopt@8.1.0(transitive)- Removed
abbrev@4.0.0(transitive)- Removed
nopt@9.0.0(transitive)Updated
nopt@^8.0.0