@npmcli/metavuln-calculator - npm Package Compare versions

Comparing version 4.0.0 to 5.0.0

package.json

 {
   "name": "@npmcli/metavuln-calculator",
-  "version": "4.0.0",
+  "version": "5.0.0",
   "main": "lib/index.js",
@@ -37,3 +37,3 @@ "files": [
     "@npmcli/eslint-config": "^3.0.1",
-    "@npmcli/template-oss": "4.4.4",
+    "@npmcli/template-oss": "4.5.1",
     "require-inject": "^1.4.4",
@@ -43,5 +43,5 @@ "tap": "^16.0.1"
   "dependencies": {
-    "cacache": "^16.0.0",
-    "json-parse-even-better-errors": "^2.3.1",
-    "pacote": "^14.0.0",
+    "cacache": "^17.0.0",
+    "json-parse-even-better-errors": "^3.0.0",
+    "pacote": "^15.0.0",
     "semver": "^7.3.5"
@@ -54,4 +54,4 @@ },
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.4.4"
+    "version": "4.5.1"
   }
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Worsened metrics

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Added@isaacs/cliui@8.0.2(transitive)

• + Added@npmcli/fs@3.1.1(transitive)

• + Added@npmcli/git@4.1.0(transitive)

• + Added@npmcli/installed-package-contents@2.1.0(transitive)

• + Added@npmcli/node-gyp@3.0.0(transitive)

• + Added@npmcli/promise-spawn@6.0.2(transitive)

• + Added@npmcli/run-script@6.0.2(transitive)

• + Added@pkgjs/parseargs@0.11.0(transitive)

• + Added@sigstore/bundle@1.1.0(transitive)

• + Added@sigstore/protobuf-specs@0.2.1(transitive)

• + Added@sigstore/sign@1.0.0(transitive)

• + Added@sigstore/tuf@1.0.3(transitive)

• + Added@tufjs/canonical-json@1.0.0(transitive)

• + Added@tufjs/models@1.0.4(transitive)

• + Addedansi-regex@6.1.0(transitive)

• + Addedansi-styles@4.3.06.2.1(transitive)

• + Addedcacache@17.1.4(transitive)

• + Addedcolor-convert@2.0.1(transitive)

• + Addedcolor-name@1.1.4(transitive)

• + Addedcross-spawn@7.0.5(transitive)

• + Addedeastasianwidth@0.2.0(transitive)

• + Addedemoji-regex@9.2.2(transitive)

• + Addedforeground-child@3.3.0(transitive)

• + Addedfs-minipass@3.0.3(transitive)

• + Addedglob@10.4.5(transitive)

• + Addedhosted-git-info@6.1.1(transitive)

• + Addedjackspeak@3.4.3(transitive)

• + Addedjson-parse-even-better-errors@3.0.2(transitive)

• + Addedlru-cache@10.4.3(transitive)

• + Addedmake-fetch-happen@11.1.1(transitive)

• + Addedminipass@7.1.2(transitive)

• + Addedminipass-fetch@3.0.5(transitive)

• + Addednormalize-package-data@5.0.0(transitive)

• + Addednpm-bundled@3.0.1(transitive)

• + Addednpm-install-checks@6.3.0(transitive)

• + Addednpm-normalize-package-bin@3.0.1(transitive)

• + Addednpm-package-arg@10.1.0(transitive)

• + Addednpm-pick-manifest@8.0.2(transitive)

• + Addednpm-registry-fetch@14.0.5(transitive)

• + Addedpackage-json-from-dist@1.0.1(transitive)

• + Addedpacote@15.2.0(transitive)

• + Addedpath-key@3.1.1(transitive)

• + Addedpath-scurry@1.11.1(transitive)

• + Addedproc-log@3.0.0(transitive)

• + Addedread-package-json@6.0.4(transitive)

• + Addedread-package-json-fast@3.0.2(transitive)

• + Addedshebang-command@2.0.0(transitive)

• + Addedshebang-regex@3.0.0(transitive)

• + Addedsignal-exit@4.1.0(transitive)

• + Addedsigstore@1.9.0(transitive)

• + Addedssri@10.0.6(transitive)

• + Addedstring-width@5.1.2(transitive)

• + Addedstrip-ansi@7.1.0(transitive)

• + Addedtuf-js@1.1.7(transitive)

• + Addedunique-filename@3.0.0(transitive)

• + Addedunique-slug@4.0.0(transitive)

• + Addedvalidate-npm-package-name@5.0.1(transitive)

• + Addedwhich@3.0.1(transitive)

• + Addedwrap-ansi@7.0.08.1.0(transitive)

• - Removed@npmcli/git@3.0.2(transitive)

• - Removed@npmcli/installed-package-contents@1.0.7(transitive)

• - Removed@npmcli/node-gyp@2.0.0(transitive)

• - Removed@npmcli/promise-spawn@3.0.0(transitive)

• - Removed@npmcli/run-script@4.2.1(transitive)

• - Removedbuiltins@5.1.0(transitive)

• - Removedhosted-git-info@5.2.1(transitive)

• - Removedjson-parse-even-better-errors@2.3.1(transitive)

• - Removednormalize-package-data@4.0.1(transitive)

• - Removednpm-bundled@1.1.2(transitive)

• - Removednpm-install-checks@5.0.0(transitive)

• - Removednpm-normalize-package-bin@1.0.12.0.0(transitive)

• - Removednpm-package-arg@9.1.2(transitive)

• - Removednpm-pick-manifest@7.0.2(transitive)

• - Removednpm-registry-fetch@13.3.1(transitive)

• - Removedpacote@14.0.0(transitive)

• - Removedproc-log@2.0.1(transitive)

• - Removedread-package-json@5.0.2(transitive)

• - Removedread-package-json-fast@2.0.3(transitive)

• - Removedvalidate-npm-package-name@4.0.0(transitive)

• Updatedcacache@^17.0.0

• Updatedjson-parse-even-better-errors@^3.0.0

• Updatedpacote@^15.0.0