@stoplight/spectral
Advanced tools
Comparing version 1.1.1 to 1.1.2
{ | ||
"name": "@stoplight/spectral", | ||
"version": "1.1.1", | ||
"version": "1.1.2", | ||
"description": "A flexible object linter with out of the box support for OpenAPI v2 and v3.", | ||
@@ -33,3 +33,3 @@ "keywords": [ | ||
"ajv": "6.x.x", | ||
"jsonpath": "git://github.com/stoplightio/jsonpath.git#78140eb1980d4ff385780e2fa12177735685ec3e", | ||
"jsonpath": "https://github.com/stoplightio/jsonpath#78140eb1980d4ff385780e2fa12177735685ec3e", | ||
"lodash": ">=4.17.5" | ||
@@ -36,0 +36,0 @@ }, |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
HTTP dependency
Supply chain riskContains a dependency which resolves to a remote HTTP URL which could be used to inject untrusted code and reduce overall package reliability.
Found 1 instance in 1 package
Manifest confusion
Supply chain riskThis package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Git dependency
Supply chain riskContains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable and can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
229075
1