@shipengine/js-api
Advanced tools
@shipengine/js-api - npm Package Compare versions
+2
-2
| { | ||
| "name": "@shipengine/js-api", | ||
| "version": "0.1.2-next.1", | ||
| "version": "0.1.2", | ||
| "main": "./index.js", | ||
@@ -18,2 +18,2 @@ "types": "./index.d.ts", | ||
| } | ||
| } | ||
| } |
New alerts
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Fixed alerts
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Improved metrics
- Number of medium supply chain risk alerts
2
-33.33%Worsened metrics
- Total package byte prevSize
213343
0