@soos-io/api-client - npm Package Compare versions

Comparing version 1.0.16-pre.1 to 1.0.16-pre.2

dist/services/AnalysisService.js

@@ -41,9 +41,7 @@ "use strict";
     "TEAMCITY.BUILD.TRIGGEREDBY.USERNAME",
+    "vcsroot.username",
+    "vcsroot_username",
     "TRAVIS_JOB_RESTARTED_BY",
     "SOOS_CONTRIBUTING_DEVELOPER",
 ];
-const contributingDeveloperStringInterpolationVariables = [
-    "${env.CHANGE_AUTHOR}",
-    "\$CHANGE_AUTHOR",
-];
 const GeneratedScanTypes = [enums_2.ScanType.CSA, enums_2.ScanType.SBOM, enums_2.ScanType.SCA];
@@ -118,8 +116,7 @@ exports.GeneratedScanTypes = GeneratedScanTypes;
         }
-        contributingDeveloperStringInterpolationVariables
-            .map((v) => {
-            logging_1.soosLogger.info(`VAR: ${v}`);
-            return v && v.length > 0 ? v : null;
-        })
-            .filter((a) => a !== null);
+        contributingDeveloperAudit.push({
+            source: enums_2.ContributingDeveloperSource.EnvironmentVariable,
+            sourceName: "tc-vcsroot.username",
+            contributingDeveloperId: process.env.vcsroot_username ?? "",
+        });
         const result = await this.analysisApiClient.createScan({
@@ -126,0 +123,0 @@ clientId: clientId,

package.json

 {
   "name": "@soos-io/api-client",
-  "version": "1.0.16-pre.1",
+  "version": "1.0.16-pre.2",
   "description": "This is the SOOS API Client for registered clients leveraging the various integrations to the SOOS platform.",
@@ -5,0 +5,0 @@ "main": "dist/index.js",

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Worsened metrics

Total package byte prevSize

323453

decreased by-0.02%

Lines of code

3160

decreased by-0.09%

Number of low supply chain risk alerts

6

increased by20%

No dependency changes