@sigstore/tuf - npm Package Compare versions

Comparing version 1.0.0 to 1.0.1

package.json

 {
   "name": "@sigstore/tuf",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "Client for the Sigstore TUF repository",
@@ -30,13 +30,9 @@ "main": "dist/index.js",
   "devDependencies": {
-    "@total-typescript/shoehorn": "^0.1.0",
-    "@tufjs/repo-mock": "^1.1.0",
-    "@types/node": "^20.2.5",
-    "nock": "^13.2.4",
-    "shx": "^0.3.3",
-    "typescript": "^5.1.3"
+    "@sigstore/jest": "^0.0.0",
+    "@tufjs/repo-mock": "^1.1.0"
   },
   "dependencies": {
     "@sigstore/protobuf-specs": "^0.1.0",
-    "tuf-js": "^1.1.3",
-    "make-fetch-happen": "^11.0.1"
+    "@types/make-fetch-happen": "^10.0.0",
+    "tuf-js": "^1.1.7"
   },
@@ -43,0 +39,0 @@ "engines": {

README.md

@@ -1,2 +0,2 @@
-# @sigstore/tuf · [![npm version](https://img.shields.io/npm/v/@sigstore/tuf.svg?style=flat)](https://www.npmjs.com/package/sigstore) [![CI Status](https://github.com/sigstore/sigstore-js/workflows/CI/badge.svg)](https://github.com/sigstore/sigstore-js/actions/workflows/ci.yml) [![Smoke Test Status](https://github.com/sigstore/sigstore-js/workflows/smoke-test/badge.svg)](https://github.com/sigstore/sigstore-js/actions/workflows/smoke-test.yml)
+# @sigstore/tuf · [![npm version](https://img.shields.io/npm/v/@sigstore/tuf.svg?style=flat)](https://www.npmjs.com/package/@sigstore/tuf) [![CI Status](https://github.com/sigstore/sigstore-js/workflows/CI/badge.svg)](https://github.com/sigstore/sigstore-js/actions/workflows/ci.yml) [![Smoke Test Status](https://github.com/sigstore/sigstore-js/workflows/smoke-test/badge.svg)](https://github.com/sigstore/sigstore-js/actions/workflows/smoke-test.yml)
 
@@ -3,0 +3,0 @@ A JavaScript library for securely retrieving targets from the Sigstore [TUF][1]

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Dev dependency count

2

decreased by-66.67%

Worsened metrics

Total package byte prevSize

32586

decreased by-0.31%

Dependency changes

• + Added@types/make-fetch-happen@^10.0.0

• + Added@types/make-fetch-happen@10.0.4(transitive)

• + Added@types/node@22.7.6(transitive)

• + Added@types/node-fetch@3.0.3(transitive)

• + Added@types/retry@0.12.5(transitive)

• + Added@types/ssri@7.1.5(transitive)

• + Addeddata-uri-to-buffer@4.0.1(transitive)

• + Addedfetch-blob@3.2.0(transitive)

• + Addedformdata-polyfill@4.0.10(transitive)

• + Addednode-domexception@1.0.0(transitive)

• + Addednode-fetch@3.3.2(transitive)

• + Addedundici-types@6.19.8(transitive)

• + Addedweb-streams-polyfill@3.3.3(transitive)

• - Removedmake-fetch-happen@^11.0.1

• Updatedtuf-js@^1.1.7