@toruslabs/torus.js - npm Package Compare versions

Comparing version 2.1.6 to 2.1.7

package.json

 {
   "name": "@toruslabs/torus.js",
-  "version": "2.1.6",
+  "version": "2.1.7",
   "description": "Handle communication with torus nodes",
@@ -5,0 +5,0 @@ "main": "dist/torusUtils.cjs.js",

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Fixed alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 4 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Improved metrics

Number of low supply chain risk alerts

5

decreased by-64.29%

Number of medium supply chain risk alerts

18

decreased by-14.29%

Worsened metrics

Total package byte prevSize

1615813

decreased by-27.55%

Lines of code

8011

decreased by-69.86%

No dependency changes