@tunnel/cli - npm Package Compare versions

Comparing version 0.4.1 to 0.4.2

package.json

 {
 	"name": "@tunnel/cli",
 	"type": "commonjs",
-	"version": "0.4.1",
+	"version": "0.4.2",
 	"bin": {
@@ -6,0 +6,0 @@ "tunnel": "./bin/tunnel.js"

New alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 2 instances in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 4 instances in 1 package

Fixed alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 4 instances in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

817399

increased by20.26%

Number of medium supply chain risk alerts

11

decreased by-57.69%

Worsened metrics

Number of low supply chain risk alerts

54

increased by14.89%

No dependency changes