@sveltejs/vite-plugin-svelte
Advanced tools
Comparing version 2.3.0 to 2.4.0
{ | ||
"name": "@sveltejs/vite-plugin-svelte", | ||
"version": "2.3.0", | ||
"version": "2.4.0", | ||
"license": "MIT", | ||
"author": "dominikg", | ||
"files": [ | ||
"dist", | ||
"src", | ||
"*.d.ts" | ||
"src" | ||
], | ||
"type": "module", | ||
"types": "dist/index.d.ts", | ||
"types": "src/index.d.ts", | ||
"exports": { | ||
".": { | ||
"types": "./dist/index.d.ts", | ||
"import": "./dist/index.js" | ||
"types": "./src/index.d.ts", | ||
"import": "./src/index.js" | ||
}, | ||
@@ -54,12 +52,9 @@ "./package.json": "./package.json" | ||
"esbuild": "^0.17.18", | ||
"rollup": "^3.21.6", | ||
"svelte": "^3.59.1", | ||
"tsup": "^6.7.0", | ||
"vite": "^4.3.5" | ||
}, | ||
"scripts": { | ||
"dev": "pnpm build:ci --sourcemap --watch src", | ||
"build:ci": "rimraf dist && tsup-node src/index.ts --format esm", | ||
"build": "pnpm build:ci --dts --sourcemap" | ||
"check:publint": "publint --strict", | ||
"check:types": "tsc --noEmit" | ||
} | ||
} |
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 2 instances in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 2 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 2 instances in 1 package
SPDX disjunction
LicenseSPDX disjunction for an artifact's license information
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 2 instances in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 2 instances in 1 package
SPDX disjunction
LicenseSPDX disjunction for an artifact's license information
Found 1 instance in 1 package
4
17
114621
32
3461
2