@rushstack/node-core-library
Advanced tools
@rushstack/node-core-library - npm Package Compare versions
+8
-1
| # Change Log - @rushstack/node-core-library | ||
| This log was last generated on Tue, 24 Feb 2026 01:13:27 GMT and should not be manually modified. | ||
| This log was last generated on Wed, 25 Feb 2026 00:34:29 GMT and should not be manually modified. | ||
| ## 5.20.3 | ||
| Wed, 25 Feb 2026 00:34:29 GMT | ||
| ### Patches | ||
| - Update `ajv` dependency to `~8.18.0` to mitigate CVE-2025-69873. | ||
| ## 5.20.2 | ||
@@ -6,0 +13,0 @@ Tue, 24 Feb 2026 01:13:27 GMT |
+4
-4
| { | ||
| "name": "@rushstack/node-core-library", | ||
| "version": "5.20.2", | ||
| "version": "5.20.3", | ||
| "description": "Core libraries that every NodeJS toolchain project should use", | ||
@@ -42,3 +42,3 @@ "main": "./lib-commonjs/index.js", | ||
| "semver": "~7.5.4", | ||
| "ajv": "~8.13.0", | ||
| "ajv": "~8.18.0", | ||
| "ajv-draft-04": "~1.0.0", | ||
@@ -54,4 +54,4 @@ "ajv-formats": "~3.0.1" | ||
| "eslint": "~9.37.0", | ||
| "@rushstack/problem-matcher": "0.2.1", | ||
| "decoupled-local-node-rig": "1.0.0" | ||
| "decoupled-local-node-rig": "1.0.0", | ||
| "@rushstack/problem-matcher": "0.2.1" | ||
| }, | ||
@@ -58,0 +58,0 @@ "peerDependencies": { |
Sorry, the diff of this file is too big to display
New alerts
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
2053302
0.02%- Lines of code
24774
0.05%Dependency changes
+ Added
ajv@8.18.0(transitive)+ Added
fast-uri@3.1.0(transitive)- Removed
ajv@8.13.0(transitive)- Removed
punycode@2.3.1(transitive)- Removed
uri-js@4.4.1(transitive)Updated
ajv@~8.18.0