@pitcher/canvas-ui - npm Package Compare versions

Comparing version 1.0.1 to 1.0.2

package.json

 {
     "name": "@pitcher/canvas-ui",
-    "version": "1.0.1",
+    "version": "1.0.2",
     "type": "module",
     "main": "canvas-ui.js"
 }

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

Empty package

Supply chain risk

Package does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

2515876

increased by2266454.95%

Number of package files

18

increased by1700%

Lines of code

24583

increased byInfinity%

Worsened metrics

Number of low supply chain risk alerts

21

increased by2000%

Number of medium supply chain risk alerts

2

increased by100%

No dependency changes