@superset-ui/switchboard - npm Package Compare versions

Comparing version 1.5.0 to 2.1.0

package.json

 {
   "name": "@superset-ui/switchboard",
-  "version": "1.5.0",
+  "version": "2.1.0",
   "description": "Switchboard is a library to make it easier to communicate across browser windows using the MessageChannel API",
-  "sideEffects": false,
-  "main": "lib/index.js",
-  "module": "esm/index.js",
-  "files": [
-    "esm",
-    "lib"
-  ],
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/apache/superset.git"
-  },
   "keywords": [
@@ -24,11 +13,23 @@ "switchboard",
   ],
-  "author": "Superset",
-  "license": "Apache-2.0",
+  "homepage": "https://github.com/apache/superset#readme",
   "bugs": {
     "url": "https://github.com/apache/superset/issues"
   },
-  "homepage": "https://github.com/apache/superset#readme",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/apache/superset.git"
+  },
+  "license": "Apache-2.0",
+  "author": "Superset",
+  "sideEffects": false,
+  "main": "lib/index.js",
+  "module": "esm/index.js",
+  "files": [
+    "esm",
+    "lib"
+  ],
   "publishConfig": {
     "access": "public"
-  }
+  },
+  "gitHead": "9bab31a55f5345cdbc1fefdda160e000b163ece0"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Empty package

Supply chain risk

Package does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Improved metrics

Number of medium supply chain risk alerts

3

decreased by-40%

Worsened metrics

Total package byte prevSize

830

decreased by-98.15%

Number of package files

1

decreased by-92.31%

Lines of code

0

decreased by-100%

No dependency changes