@npmcli/installed-package-contents - npm Package Compare versions

Comparing version 1.0.7 to 2.0.0

package.json

 {
   "name": "@npmcli/installed-package-contents",
-  "version": "1.0.7",
+  "version": "2.0.0",
   "description": "Get the list of files installed in a package in node_modules, including bundled dependencies",
-  "author": "Isaac Z. Schlueter <i@izs.me> (https://izs.me)",
-  "main": "index.js",
+  "author": "GitHub Inc.",
+  "main": "lib/index.js",
   "bin": {
@@ -14,25 +14,40 @@ "installed-package-contents": "index.js"
     "snap": "tap",
-    "preversion": "npm test",
-    "postversion": "npm publish",
-    "postpublish": "git push origin --follow-tags"
+    "lint": "eslint \"**/*.js\"",
+    "postlint": "template-oss-check",
+    "template-oss-apply": "template-oss-apply --force",
+    "lintfix": "npm run lint -- --fix",
+    "posttest": "npm run lint"
   },
-  "tap": {
-    "check-coverage": true,
-    "color": true
-  },
   "devDependencies": {
+    "@npmcli/eslint-config": "^4.0.0",
+    "@npmcli/template-oss": "4.5.1",
+    "mkdirp": "^1.0.4",
     "require-inject": "^1.4.4",
-    "tap": "^14.11.0"
+    "tap": "^16.3.0"
   },
   "dependencies": {
-    "npm-bundled": "^1.1.1",
-    "npm-normalize-package-bin": "^1.0.1"
+    "npm-bundled": "^3.0.0",
+    "npm-normalize-package-bin": "^3.0.0"
   },
-  "repository": "git+https://github.com/npm/installed-package-contents",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/npm/installed-package-contents.git"
+  },
   "files": [
-    "index.js"
+    "bin/",
+    "lib/"
   ],
   "engines": {
-    "node": ">= 10"
+    "node": "^14.17.0 || ^16.13.0 || >=18.0.0"
+  },
+  "templateOSS": {
+    "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
+    "version": "4.5.1"
+  },
+  "tap": {
+    "nyc-arg": [
+      "--exclude",
+      "tap-snapshots/**"
+    ]
   }
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

No repository

Supply chain risk

Package does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

13146

increased by3.61%

Lines of code

215

increased by2.38%

Number of low supply chain risk alerts

1

decreased by-50%

Worsened metrics

Dev dependency count

5

increased by150%

Number of medium supply chain risk alerts

2

increased byInfinity%

Dependency changes

• + Addednpm-bundled@3.0.1(transitive)

• + Addednpm-normalize-package-bin@3.0.1(transitive)

• - Removednpm-bundled@1.1.2(transitive)

• - Removednpm-normalize-package-bin@1.0.1(transitive)

• Updatednpm-bundled@^3.0.0

• Updatednpm-normalize-package-bin@^3.0.0