@reason-native/pastel - npm Package Compare versions

Comparing version 0.2.3 to 0.3.0

CHANGELOG.md

@@ -0,1 +1,5 @@
+# January 15, 2020
+### Pastel 0.3.0
+* Add `Pastel.make` to provide better support for those not using the JSX PPX (e.g. OCaml)
+
 # December 20, 2019
@@ -2,0 +6,0 @@ ### Pastel 0.2.3

package.json

 {
   "name": "@reason-native/pastel",
-  "version": "0.2.3",
+  "version": "0.3.0",
   "description": "Native Reason ANSI terminal styling with an awesome API",
@@ -5,0 +5,0 @@ "author": "Facebook Engineering",

refmterr.json

 {
   "name": "refmterr",
-  "version": "3.2.2",
+  "version": "3.3.0",
   "description": "Reason Formatting of Errors",
@@ -12,3 +12,3 @@ "author": "Facebook Engineering",
     "@esy-ocaml/reason": "< 4.0.0",
-    "ocaml": " >= 4.2.0  < 4.9.0",
+    "ocaml": " >= 4.2.0 < 4.10.0",
     "@reason-native/pastel": "*",
@@ -18,5 +18,2 @@ "@opam/atdgen": "*",
   },
-  "author": {
-    "name": "Reason team at Facebook"
-  },
   "devDependencies": {
@@ -23,0 +20,0 @@ "@opam/merlin": "*",

New alerts

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Number of package files

606

increased by2.54%

Lines of code

1016

increased by39.94%

Worsened metrics

Total package byte prevSize

2842439

decreased by-18.12%

Number of low supply chain risk alerts

8

increased by300%

Number of medium supply chain risk alerts

2

increased by100%

No dependency changes