@rushstack/node-core-library - npm Package Compare versions

Comparing version 0.0.0 to 3.19.4

package.json

 {
-  "license": "MIT",
-  "name": "@rushstack/node-core-library",
-  "version": "0.0.0"
+	"name": "@rushstack/node-core-library",
+	"version": "3.19.4",
+	"description": "Core libraries that every NodeJS toolchain project should use",
+	"main": "lib/index.js",
+	"typings": "dist/node-core-library.d.ts",
+	"license": "MIT",
+	"repository": {
+		"url": "https://github.com/microsoft/rushstack/tree/master/libraries/node-core-library"
+	},
+	"scripts": {
+		"build": "gulp test --clean"
+	},
+	"dependencies": {
+		"@types/node": "10.17.13",
+		"colors": "~1.2.1",
+		"fs-extra": "~7.0.1",
+		"jju": "~1.4.0",
+		"semver": "~5.3.0",
+		"timsort": "~0.3.0",
+		"z-schema": "~3.18.3"
+	},
+	"devDependencies": {
+		"@microsoft/node-library-build": "6.3.11",
+		"@microsoft/rush-stack-compiler-3.5": "0.3.11",
+		"@rushstack/eslint-config": "0.5.4",
+		"@types/fs-extra": "5.0.4",
+		"@types/jest": "23.3.11",
+		"@types/jju": "1.4.1",
+		"@types/semver": "5.3.33",
+		"@types/timsort": "0.3.0",
+		"@types/z-schema": "3.16.31",
+		"gulp": "~4.0.2"
+	}
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 2 instances in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Empty package

Supply chain risk

Package does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.

Found 1 instance in 1 package

No README

Quality

Package does not have a README. This may indicate a failed publish or a low quality package.

Found 1 instance in 1 package

No repository

Supply chain risk

Package does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

612801

increased by704268.97%

Number of package files

111

increased by11000%

Lines of code

8398

increased byInfinity%

Number of low quality alerts

1

decreased by-50%

Number of medium quality alerts

0

decreased by-100%

Number of lines in readme file

32

increased byInfinity%

Worsened metrics

Dependency count

7

increased byInfinity%

Dev dependency count

10

increased byInfinity%

Number of low supply chain risk alerts

6

increased by500%

Number of medium supply chain risk alerts

4

increased by300%

Dependency changes

• + Added@types/node@10.17.13

• + Addedcolors@~1.2.1

• + Addedfs-extra@~7.0.1

• + Addedjju@~1.4.0

• + Addedsemver@~5.3.0

• + Addedtimsort@~0.3.0

• + Addedz-schema@~3.18.3

• + Added@types/node@10.17.13(transitive)

• + Addedcolors@1.2.5(transitive)

• + Addedcommander@2.20.3(transitive)

• + Addedfs-extra@7.0.1(transitive)

• + Addedgraceful-fs@4.2.11(transitive)

• + Addedjju@1.4.0(transitive)

• + Addedjsonfile@4.0.0(transitive)

• + Addedlodash.get@4.4.2(transitive)

• + Addedlodash.isequal@4.5.0(transitive)

• + Addedsemver@5.3.0(transitive)

• + Addedtimsort@0.3.0(transitive)

• + Addeduniversalify@0.1.2(transitive)

• + Addedvalidator@8.2.0(transitive)

• + Addedz-schema@3.18.4(transitive)