		{
		"name": "@nx/react",
		"version": "22.7.0-rc.2",
		"version": "22.7.0",
		"private": false,
		@@ -41,8 +41,8 @@ "description": "The React plugin for Nx contains executors and generators for managing React applications and libraries within an Nx workspace. It provides:\n\n\n- Integration with libraries such as Jest, Vitest, Playwright, Cypress, and Storybook.\n\n- Generators for applications, libraries, components, hooks, and more.\n\n- Library build support for publishing packages to npm or other registries.\n\n- Utilities for automatic workspace refactoring.",
		"tslib": "^2.3.0",
		"@nx/devkit": "22.7.0-rc.2",
		"@nx/js": "22.7.0-rc.2",
		"@nx/eslint": "22.7.0-rc.2",
		"@nx/web": "22.7.0-rc.2",
		"@nx/module-federation": "22.7.0-rc.2",
		"@nx/rollup": "22.7.0-rc.2",
		"@nx/devkit": "22.7.0",
		"@nx/js": "22.7.0",
		"@nx/eslint": "22.7.0",
		"@nx/web": "22.7.0",
		"@nx/module-federation": "22.7.0",
		"@nx/rollup": "22.7.0",
		"express": "^4.21.2",
		@@ -53,13 +53,13 @@ "http-proxy-middleware": "^3.0.5",
		"devDependencies": {
		"@nx/cypress": "22.7.0-rc.2",
		"@nx/playwright": "22.7.0-rc.2",
		"@nx/rsbuild": "22.7.0-rc.2",
		"@nx/vite": "22.7.0-rc.2",
		"@nx/vitest": "22.7.0-rc.2",
		"@nx/webpack": "22.7.0-rc.2",
		"@nx/storybook": "22.7.0-rc.2",
		"nx": "22.7.0-rc.2"
		"@nx/cypress": "22.7.0",
		"@nx/playwright": "22.7.0",
		"@nx/rsbuild": "22.7.0",
		"@nx/vite": "22.7.0",
		"@nx/vitest": "22.7.0",
		"@nx/webpack": "22.7.0",
		"@nx/storybook": "22.7.0",
		"nx": "22.7.0"
		},
		"optionalDependencies": {
		"@nx/vite": "22.7.0-rc.2"
		"@nx/vite": "22.7.0"
		},
		@@ -66,0 +66,0 @@ "publishConfig": {

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 3 instances in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 10 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 3 instances in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 10 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

@nx/react - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes