@nrk/core-css - npm Package Compare versions

Comparing version 1.11.1 to 1.12.0

package.json

@@ -6,3 +6,3 @@ {
   "author": "NRK <opensource@nrk.no> (https://www.nrk.no/)",
-  "version": "1.11.1",
+  "version": "1.12.0",
   "license": "MIT",
@@ -18,2 +18,5 @@ "scripts": {
   },
+  "files": [
+    "/core-css*"
+  ],
   "repository": {
@@ -26,16 +29,18 @@ "type": "git",
     "http-server": "0.11.1",
+    "jsdom": "13.1.0",
     "postcss": "7.0.6",
     "postcss-header": "1.0.0",
     "rollup": "0.66.2",
-    "rollup-plugin-babel": "^4.0.3",
+    "rollup-plugin-babel": "4.0.3",
     "rollup-plugin-buble": "0.19.2",
     "rollup-plugin-commonjs": "9.1.8",
-    "rollup-plugin-html": "^0.2.1",
+    "rollup-plugin-html": "0.2.1",
     "rollup-plugin-node-resolve": "3.4.0",
     "rollup-plugin-postcss": "1.6.2",
-    "rollup-plugin-replace": "^2.1.0",
+    "rollup-plugin-replace": "2.1.0",
     "rollup-plugin-serve": "0.6.0",
     "rollup-plugin-uglify": "6.0.0",
     "standard": "12.0.1"
-  }
+  },
+  "dependencies": {}
 }

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Fixed alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

112339

increased by123.73%

Number of package files

12

increased by20%

Number of low supply chain risk alerts

0

decreased by-100%

Worsened metrics

Dev dependency count

16

increased by6.67%

Lines of code

84

decreased by-80.09%

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes