@opuscapita/react-autocompletes - npm Package Compare versions

Comparing version 3.0.0 to 3.0.1

CHANGELOG.md

@@ -0,1 +1,10 @@
+
+Release 3.0.1 Thu May 31 2018 14:44:09 GMT+0300 (MSK)
+=======================================================
+
+- Removed dependencies from production bundle ([#6](https://github.com/OpusCapita/react-autocompletes/issues/6)) (GitHub 31243790+estambakio-sc@users.noreply.github.com, 2018-05-31 14:41:26 +0300)
+- Adding an issue template file [ci skip] (Egor Stambakio egor.stambakio@opuscapita.com, 2018-05-02 12:21:22 +0300)
+- Updated build config. (Dmitry Shienok dshienok@scand.com, 2018-02-26 16:51:02 +0300)
+- Update package.json (GitHub kvolkovich-sc@users.noreply.github.com, 2018-01-31 13:07:35 +0300)
+- Updating to a version to  3.0.1 (Kirill Volkovich kirill.volkovich@jcatalog.com, 2017-12-13 12:04:54 +0300)
 ## [v3.0.0](https://github.com/OpusCapita/react-ui-autocompletes/compare/v2.0.3...v3.0.0) (Wed, 13 Dec 2017 09:04:41 GMT)
@@ -2,0 +11,0 @@ - Merge pull request #4 from OpusCapita/migrate-react-16/#3

package.json

 {
   "name": "@opuscapita/react-autocompletes",
-  "version": "3.0.0",
+  "version": "3.0.1",
   "description": "Autocomplete components",
@@ -10,5 +10,4 @@ "scripts": {
     "start": "node www/index",
-    "npm-publish": "update-changelog -- --all && npm run npm-build && npm-publish",
-    "publish-snapshot": "npm run npm-publish",
-    "publish-release": "npm run npm-publish -- --release"
+    "npm-publish": "npm run npm-build && npm publish",
+    "publish-release": "npm run npm-publish"
   },
@@ -31,5 +30,10 @@ "main": "lib/index.js",
   },
+  "dependencies": {
+    "fuzzysearch": "1.0.3",
+    "prop-types": "15.6.0",
+    "react-motion": "0.5.2"
+  },
   "devDependencies": {
     "@opuscapita/npm-scripts": "2.0.1-beta.1",
-    "@opuscapita/react-showroom-client": "1.3.0-beta.4",
+    "@opuscapita/react-showroom-client": "1.3.0-beta.6",
     "@opuscapita/react-showroom-server": "1.2.0",
@@ -46,4 +50,4 @@ "autoprefixer": "6.4.1",
     "babel-register": "6.23.0",
+    "body-parser": "1.15.2",
     "compression": "1.6.2",
-    "body-parser": "1.15.2",
     "css-loader": "0.26.1",
@@ -68,9 +72,5 @@ "eslint": "3.12.2",
     "webpack-dev-middleware": "1.10.1",
+    "webpack-node-externals": "1.7.2",
     "write-file-webpack-plugin": "3.4.2"
-  },
-  "dependencies": {
-    "fuzzysearch": "1.0.3",
-    "prop-types": "15.6.0",
-    "react-motion": "0.5.2"
   }
 }

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

Uses eval

Supply chain risk

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 2 instances in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Improved metrics

Number of low supply chain risk alerts

1

decreased by-50%

Worsened metrics

Total package byte prevSize

53761

decreased by-56.63%

Dev dependency count

36

increased by2.86%

Lines of code

738

decreased by-69.24%

No dependency changes