@sveltejs/vite-plugin-svelte - npm Package Compare versions

Comparing version 2.3.0 to 2.4.0

package.json

 {
   "name": "@sveltejs/vite-plugin-svelte",
-  "version": "2.3.0",
+  "version": "2.4.0",
   "license": "MIT",
   "author": "dominikg",
   "files": [
-    "dist",
-    "src",
-    "*.d.ts"
+    "src"
   ],
   "type": "module",
-  "types": "dist/index.d.ts",
+  "types": "src/index.d.ts",
   "exports": {
     ".": {
-      "types": "./dist/index.d.ts",
-      "import": "./dist/index.js"
+      "types": "./src/index.d.ts",
+      "import": "./src/index.js"
     },
@@ -54,12 +52,9 @@ "./package.json": "./package.json"
     "esbuild": "^0.17.18",
-    "rollup": "^3.21.6",
     "svelte": "^3.59.1",
-    "tsup": "^6.7.0",
     "vite": "^4.3.5"
   },
   "scripts": {
-    "dev": "pnpm build:ci --sourcemap --watch src",
-    "build:ci": "rimraf dist && tsup-node src/index.ts --format esm",
-    "build": "pnpm build:ci --dts --sourcemap"
+    "check:publint": "publint --strict",
+    "check:types": "tsc --noEmit"
   }
 }

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 2 instances in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 2 instances in 1 package

SPDX disjunction

License

SPDX disjunction for an artifact's license information

Found 1 instance in 1 package

Fixed alerts

Uses eval

Supply chain risk

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 2 instances in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 2 instances in 1 package

SPDX disjunction

License

SPDX disjunction for an artifact's license information

Found 1 instance in 1 package

Improved metrics

Dev dependency count

4

decreased by-33.33%

Number of low supply chain risk alerts

17

decreased by-26.09%

Worsened metrics

Total package byte prevSize

114621

decreased by-67.54%

Number of package files

32

decreased by-3.03%

Lines of code

3461

decreased by-39.98%

Number of medium supply chain risk alerts

2

increased by100%

No dependency changes