@twilio/notifications - npm Package Compare versions

Comparing version 1.0.3 to 1.0.4-canary.1

package.json

 {
   "name": "@twilio/notifications",
-  "version": "1.0.3",
+  "version": "1.0.4-canary.1+a593ec5",
   "description": "Client library for Twilio Notifications service",
@@ -9,2 +9,3 @@ "author": "Twilio",
   "browser": "./dist/browser.js",
+  "react-native": "./dist/lib/index.js",
   "types": "./dist/lib.d.ts",
@@ -38,12 +39,11 @@ "repository": {
     "ci": "yarn clean && yarn lint && yarn build && yarn ssri",
-    "precommit": "yarn lint && yarn test:unit && yarn test:integration",
-    "postinstall": "if [ -f ./dist/post-install.js ]; then node ./dist/post-install.js; fi"
+    "precommit": "yarn lint && yarn test:unit && yarn test:integration"
   },
   "dependencies": {
     "@babel/runtime": "^7.14.5",
-    "@twilio/declarative-type-validator": "^0.1.9",
-    "@twilio/operation-retrier": "^4.0.5",
+    "@twilio/declarative-type-validator": "^0.1.10-canary.1+a593ec5",
+    "@twilio/operation-retrier": "^4.0.6-canary.1+a593ec5",
     "core-js": "^3.17.3",
     "loglevel": "^1.6.3",
-    "twilsock": "^0.12.0"
+    "twilsock": "^0.12.1-canary.1+a593ec5"
   },
@@ -71,3 +71,2 @@ "devDependencies": {
     "rollup": "^2.51.1",
-    "rollup-plugin-copy": "^3.4.0",
     "rollup-plugin-polyfill-node": "^0.6.2",
@@ -81,3 +80,3 @@ "rollup-plugin-terser": "^7.0.2",
   "engines": {
-    "node": ">=10"
+    "node": ">=14"
   },
@@ -95,3 +94,4 @@ "browserslist": [
     "last 2 UCAndroid versions"
-  ]
+  ],
+  "gitHead": "a593ec59cbb34801a5bf478866f8597ff2aab27c"
 }

New alerts

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Fixed alerts

Install scripts

Supply chain risk

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1201266

increased by0.74%

Dev dependency count

26

decreased by-3.7%

Number of package files

37

increased by164.29%

Lines of code

19875

increased by1.49%

Number of high supply chain risk alerts

0

decreased by-100%

Number of low supply chain risk alerts

0

decreased by-100%

Worsened metrics

Number of low quality alerts

2

increased by100%

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• Updated@twilio/declarative-type-validator@^0.1.10-canary.1+a593ec5

• Updated@twilio/operation-retrier@^4.0.6-canary.1+a593ec5

• Updatedtwilsock@^0.12.1-canary.1+a593ec5