@npmcli/arborist
Advanced tools
@npmcli/arborist - npm Package Compare versions
Comparing version 0.0.0-pre.8 to 0.0.0-pre.9
| { | ||
| "name": "@npmcli/arborist", | ||
| "version": "0.0.0-pre.8", | ||
| "version": "0.0.0-pre.9", | ||
| "description": "Manage node_modules trees", | ||
@@ -8,3 +8,3 @@ "dependencies": { | ||
| "@npmcli/run-script": "^1.2.1", | ||
| "bin-links": "github:npm/bin-links#v2", | ||
| "bin-links": "^2.0.0", | ||
| "json-stringify-nice": "^1.1.1", | ||
@@ -11,0 +11,0 @@ "mkdirp-infer-owner": "^1.0.2", |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
GitHub dependency
Supply chain riskContains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Number of high supply chain risk alerts
- decreased by-100%
0
- Number of medium supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Total package byte prevSize
- decreased by-0.01%
189677
Dependency changes
+ Addedbin-links@2.3.0(transitive)
+ Addedcmd-shim@4.1.0(transitive)
+ Addedmkdirp-infer-owner@2.0.0(transitive)
+ Addedread-cmd-shim@2.0.0(transitive)
+ Addedtypedarray-to-buffer@3.1.5(transitive)
+ Addedwrite-file-atomic@3.0.3(transitive)
Updatedbin-links@^2.0.0