@openstax/highlighter - npm Package Compare versions

Comparing version 1.4.1-fix1 to 1.4.1-fix2

package.json

 {
   "name": "@openstax/highlighter",
-  "version": "1.4.1-fix1",
+  "version": "1.4.1-fix2",
   "main": "dist/index.js",
@@ -26,3 +26,3 @@ "license": "MIT",
     "client:build": "./script/build-client.bash",
-    "client:install": "yarn add ./highlights-client",
+    "client:install": "mkdir -p node_modules/\\@openstax/highlights-client && cp -r highlights-client node_modules/\\@openstax",
     "client:rebuild": "npm-run-all client:clean client:build client:install"
@@ -78,3 +78,2 @@ },
   "dependencies": {
-    "@openstax/highlights-client": "./highlights-client",
     "change-case": "^4.0.0",
@@ -81,0 +80,0 @@ "serialize-selection": "^1.1.1",

Fixed alerts

GitHub dependency

Supply chain risk

Contains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Improved metrics

Dependency count

3

decreased by-25%

Number of high supply chain risk alerts

1

decreased by-50%

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

324092

decreased by-21.82%

Number of package files

111

decreased by-31.06%

Lines of code

5796

decreased by-25.88%

Dependency changes

• - Removed@openstax/highlights-client@./highlights-client