@meniga/d3 - npm Package Compare versions

Comparing version 5.0.0-alpha.14902 to 6.0.0

package.json

 {
   "name": "@meniga/d3",
-  "version": "5.0.0-alpha.14902+484600cf4",
+  "version": "6.0.0",
   "publishConfig": {
@@ -9,10 +9,15 @@ "registry": "https://registry.npmjs.org/",
   "description": "Meniga D3 Graphing component library",
-  "main": "lib/index.js",
+  "type": "module",
+  "module": "lib/index.js",
   "files": [
     "lib/*"
   ],
+  "scripts": {
+    "build": "vite build"
+  },
   "author": "Meniga",
   "license": "MIT",
   "dependencies": {
-    "@meniga/dates": "latest",
+    "@meniga/dates": "^6.0.0",
+    "@meniga/storage": "^6.0.0",
     "color": "^2.0.0",
@@ -24,2 +29,3 @@ "d3-array": "^1.2.0",
     "d3-hierarchy": "^1.1.5",
+    "d3-interpolate": "^3.0.1",
     "d3-interpolate-path": "2.0.1",
@@ -33,5 +39,13 @@ "d3-scale": "^1.0.6",
     "d3-zoom": "^1.7.1",
+    "lodash": "^4.17.15",
     "numeral": "^2.0.6"
   },
-  "gitHead": "484600cf4b00e7a745ddbcac679100a842ac8d3e"
+  "devDependencies": {
+    "@babel/core": "^7.15.8",
+    "@babel/plugin-transform-runtime": "^7.15.8",
+    "@babel/preset-env": "^7.15.8",
+    "core-js": "^3.33.2",
+    "vite": "^4.5.0"
+  },
+  "gitHead": "3cd430e3c4eff5fb9616bd5a0da83f92ac8d5768"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

883630

increased by491.78%

Lines of code

26246

increased by683.93%

Number of low quality alerts

1

decreased by-50%

Is type module

Yes

Worsened metrics

Dependency count

19

increased by18.75%

Dev dependency count

5

increased byInfinity%

Number of package files

3

decreased by-82.35%

Number of low supply chain risk alerts

6

increased by500%

Number of medium supply chain risk alerts

6

increased by500%

Dependency changes

• + Added@meniga/storage@^6.0.0

• + Addedd3-interpolate@^3.0.1

• + Addedlodash@^4.17.15

• + Added@meniga/dates@6.1.9(transitive)

• + Addedd3-color@3.1.0(transitive)

• + Addedd3-interpolate@3.0.1(transitive)

• - Removed@meniga/dates@6.1.27-alpha.0(transitive)

• Updated@meniga/dates@^6.0.0