New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
@stackbit/dev
Advanced tools
@stackbit/dev - npm Package Compare versions
+3
-3
| { | ||
| "name": "@stackbit/dev", | ||
| "version": "0.0.15", | ||
| "version": "0.0.16", | ||
| "description": "stackbit-dev", | ||
@@ -26,3 +26,3 @@ "main": "dist/index.js", | ||
| "@stackbit/cms-core": "^0.0.8", | ||
| "@stackbit/dev-common": "^0.0.13", | ||
| "@stackbit/dev-common": "^0.0.14", | ||
| "@stackbit/sdk": "^0.2.22", | ||
@@ -58,3 +58,3 @@ "axios": "^0.25.0", | ||
| }, | ||
| "gitHead": "6d9739126e1da0dd431a7c75585cacba805883bc" | ||
| "gitHead": "b7dd37ca92546855157a302d3cad80babf423493" | ||
| } |
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 2 instances in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 4 instances in 1 package
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 2 instances in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 4 instances in 1 package
No metric changes
Dependency changes
+ Added
@stackbit/dev-common@0.0.14(transitive)- Removed
@stackbit/dev-common@0.0.13(transitive)Updated
@stackbit/dev-common@^0.0.14