@sap/cds-foss - npm Package Compare versions

Comparing version 3.1.1 to 4.0.0

CHANGELOG.md

@@ -9,2 +9,10 @@ # Changelog
 
+## Version 4.0.0 - 2022-06-14
+
+### Changed
+
+- Dependencies are no longer pinned and have open ranges, allowing more flexibility in reuse scenarios
+- `fs-extra` got removed
+- `yaml` got bumped to version 2
+
 ## Version 3.1.1 - 2022-03-24
@@ -11,0 +19,0 @@

index.js

@@ -6,5 +6,2 @@
   get big()  { return super.big  = require('big.js') }
-  get fs()   { return super.fs = super.fsx = super.fse = require('fs-extra') }
-  get fsx()  { return super.fs = super.fsx = super.fse = require('fs-extra') }
-  get fse()  { return super.fs = super.fsx = super.fse = require('fs-extra') }
   get pool() { return super.pool = require('generic-pool') }
@@ -11,0 +8,0 @@ get xmlbuilder() { return super.xmlbuilder = require('xmlbuilder') }

package.json

 {
   "name": "@sap/cds-foss",
-  "version": "3.1.1",
+  "version": "4.0.0",
   "description": "SAP Cloud Application Programming Model - External Dependencies",
@@ -13,15 +13,20 @@ "homepage": "https://cap.cloud.sap/",
   "dependencies": {
-    "generic-pool": "3.8.2",
-    "uuid": "8.3.2",
-    "yaml": "1.10.2",
-    "fs-extra": "10.0.1",
-    "big.js": "6.1.1",
-    "xmlbuilder": "15.1.1"
+    "generic-pool": "^3.8.2",
+    "uuid": "^8.3.2",
+    "yaml": "^2.1.1",
+    "big.js": "^6.1.1",
+    "xmlbuilder": "^15.1.1"
   },
+  "devDependencies": {},
+  "engines": {
+    "node": ">=14"
+  },
+  "scripts": {
+    "test": "echo 'no tests here'"
+  },
   "main": "index.js",
   "files": [
     "index.js",
-    "npm-shrinkwrap.json",
     "LICENSE"
   ]
 }

README.md

 # @sap/cds-foss
 
 This package lists the open-source modules for CDS modules.
-It’s only to be used as a dependency by SAP, not by consumer apps.
+It's only to be used as a dependency by SAP, not by consumer apps.
 
 ## License
 This package is provided under the terms of the [SAP Developer License Agreement](https://tools.hana.ondemand.com/developer-license-3_1.txt).

New alerts

Trivial Package

Supply chain risk

Packages less than 10 lines of code are easily copied into your own project and may not warrant the additional supply chain risk of an external dependency.

Found 1 instance in 1 package

No tests

Quality

Package does not have any tests. This is a strong signal of a poorly maintained or low quality package.

Found 1 instance in 1 package

Fixed alerts

NPM Shrinkwrap

Supply chain risk

Package contains a shrinkwrap file. This may allow the package to bypass normal install procedures.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Dependency count

5

decreased by-16.67%

Number of high supply chain risk alerts

0

decreased by-100%

Number of low supply chain risk alerts

1

decreased by-75%

Worsened metrics

Total package byte prevSize

15397

decreased by-23.04%

Number of package files

5

decreased by-16.67%

Lines of code

9

decreased by-94.37%

Number of low quality alerts

1

increased byInfinity%

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Addedbig.js@6.2.1(transitive)

• + Addedgeneric-pool@3.9.0(transitive)

• + Addedyaml@2.4.5(transitive)

• - Removedfs-extra@10.0.1

• - Removedbig.js@6.1.1(transitive)

• - Removedfs-extra@10.0.1(transitive)

• - Removedgeneric-pool@3.8.2(transitive)

• - Removedgraceful-fs@4.2.6(transitive)

• - Removedjsonfile@6.1.0(transitive)

• - Removeduniversalify@2.0.0(transitive)

• - Removedyaml@1.10.2(transitive)

• Updatedbig.js@^6.1.1

• Updatedgeneric-pool@^3.8.2

• Updateduuid@^8.3.2

• Updatedxmlbuilder@^15.1.1

• Updatedyaml@^2.1.1