@rushstack/rig-package - npm Package Compare versions

Comparing version 0.0.0 to 0.1.0

package.json

 {
-  "license": "MIT",
-  "name": "@rushstack/rig-package",
-  "version": "0.0.0"
+	"name": "@rushstack/rig-package",
+	"version": "0.1.0",
+	"description": "A system for sharing tool configurations between projects without duplicating config files.",
+	"main": "lib/index.js",
+	"typings": "dist/rig-package.d.ts",
+	"license": "MIT",
+	"repository": {
+		"url": "https://github.com/microsoft/rushstack/tree/master/libraries/rig-package"
+	},
+	"scripts": {
+		"build": "heft test --clean"
+	},
+	"dependencies": {
+		"@types/node": "10.17.13",
+		"resolve": "~1.17.0",
+		"strip-json-comments": "~3.1.1"
+	},
+	"devDependencies": {
+		"@microsoft/rush-stack-compiler-3.5": "0.8.21",
+		"@rushstack/eslint-config": "2.1.1",
+		"@rushstack/heft": "0.13.9",
+		"@types/heft-jest": "1.0.1",
+		"@types/resolve": "1.17.1",
+		"@types/strip-json-comments": "3.0.0",
+		"ajv": "~6.12.5",
+		"resolve": "~1.17.0"
+	}
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Empty package

Supply chain risk

Package does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.

Found 1 instance in 1 package

No README

Quality

Package does not have a README. This may indicate a failed publish or a low quality package.

Found 1 instance in 1 package

No repository

Supply chain risk

Package does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

50026

increased by61660.49%

Number of package files

16

increased by1500%

Lines of code

537

increased byInfinity%

Number of medium quality alerts

0

decreased by-100%

Number of lines in readme file

203

increased byInfinity%

Worsened metrics

Dependency count

3

increased byInfinity%

Dev dependency count

8

increased byInfinity%

Number of low supply chain risk alerts

2

increased by100%

Number of medium supply chain risk alerts

2

increased by100%

Dependency changes

• + Added@types/node@10.17.13

• + Addedresolve@~1.17.0

• + Addedstrip-json-comments@~3.1.1

• + Added@types/node@10.17.13(transitive)

• + Addedpath-parse@1.0.7(transitive)

• + Addedresolve@1.17.0(transitive)

• + Addedstrip-json-comments@3.1.1(transitive)