@squaredup/cli
Advanced tools
@squaredup/cli - npm Package Compare versions
+3
-1
| { | ||
| "name": "@squaredup/cli", | ||
| "version": "0.1.7", | ||
| "version": "0.1.8", | ||
| "description": "CLI tool for managing SquaredUp plugins", | ||
@@ -31,2 +31,3 @@ "main": "dist/index.js", | ||
| "conf": "^15.1.0", | ||
| "json-source-map": "^0.6.1", | ||
| "ora": "^9.3.0", | ||
@@ -39,2 +40,3 @@ "semver": "^7.7.4" | ||
| "@types/adm-zip": "^0.5.7", | ||
| "@types/json-source-map": "^0.6.0", | ||
| "@types/node": "^25.3.0", | ||
@@ -41,0 +43,0 @@ "@types/semver": "^7.7.1", |
+1
-1
@@ -13,3 +13,3 @@ # @squaredup/cli | ||
| Requires Node.js 22 or later | ||
| Requires Node.js 20 or later | ||
@@ -16,0 +16,0 @@ ## Authentication |
Sorry, the diff of this file is too big to display
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 6 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 6 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
527192
3.42%- Lines of code
14600
3.37%- Number of medium supply chain risk alerts
6
-50%Worsened metrics
- Dependency count
8
14.29%- Dev dependency count
13
8.33%- Number of low supply chain risk alerts
131
3.15%Dependency changes
+ Added
json-source-map@^0.6.1+ Added
json-source-map@0.6.1(transitive)