@strapi/sdk-plugin
Advanced tools
@strapi/sdk-plugin - npm Package Compare versions
+17
-19
| { | ||
| "name": "@strapi/sdk-plugin", | ||
| "version": "5.3.0-alpha.1", | ||
| "version": "5.3.0", | ||
| "description": "Simple tools for developing Strapi plugins", | ||
@@ -44,18 +44,2 @@ "keywords": [ | ||
| ], | ||
| "scripts": { | ||
| "build": "pack-up build", | ||
| "check": "pack-up check", | ||
| "lint": "eslint .", | ||
| "prepare": "husky", | ||
| "prerelease:enter": "changeset pre enter", | ||
| "prerelease:exit": "changeset pre exit", | ||
| "prettier:check": "prettier --check .", | ||
| "prettier:write": "prettier --write .", | ||
| "release:add": "changeset add", | ||
| "release:publish": "changeset publish", | ||
| "release:version": "changeset version && pnpm install", | ||
| "test:ts": "tsc --noEmit", | ||
| "test:unit": "node --experimental-vm-modules node_modules/jest/bin/jest.js", | ||
| "watch": "pack-up watch" | ||
| }, | ||
| "dependencies": { | ||
@@ -100,7 +84,21 @@ "@strapi/pack-up": "^5.0.1", | ||
| }, | ||
| "packageManager": "pnpm@9.1.0", | ||
| "engines": { | ||
| "node": ">=18.0.0 <=22.x.x", | ||
| "npm": ">=6.0.0" | ||
| }, | ||
| "scripts": { | ||
| "build": "pack-up build", | ||
| "check": "pack-up check", | ||
| "lint": "eslint .", | ||
| "prerelease:enter": "changeset pre enter", | ||
| "prerelease:exit": "changeset pre exit", | ||
| "prettier:check": "prettier --check .", | ||
| "prettier:write": "prettier --write .", | ||
| "release:add": "changeset add", | ||
| "release:publish": "changeset publish", | ||
| "release:version": "changeset version && pnpm install", | ||
| "test:ts": "tsc --noEmit", | ||
| "test:unit": "node --experimental-vm-modules node_modules/jest/bin/jest.js", | ||
| "watch": "pack-up watch" | ||
| } | ||
| } | ||
| } |
New alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 2 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 2 instances in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Fixed alerts
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 2 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 2 instances in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Improved metrics
- Number of low quality alerts
1
-50%- Number of medium supply chain risk alerts
0
-100%Worsened metrics
- Total package byte prevSize
160719
-0.04%