@vercel/nft
Advanced tools
@vercel/nft - npm Package Compare versions
+3
-3
| { | ||
| "name": "@vercel/nft", | ||
| "version": "0.30.4", | ||
| "version": "1.0.0", | ||
| "repository": "vercel/nft", | ||
@@ -32,3 +32,3 @@ "license": "MIT", | ||
| "estree-walker": "2.0.2", | ||
| "glob": "^10.5.0", | ||
| "glob": "^13.0.0", | ||
| "graceful-fs": "^4.2.9", | ||
@@ -145,3 +145,3 @@ "node-gyp-build": "^4.2.2", | ||
| "engines": { | ||
| "node": ">=18" | ||
| "node": ">=20" | ||
| }, | ||
@@ -148,0 +148,0 @@ "publishConfig": { |
New alerts
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Fixed alerts
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Improved metrics
- Number of low quality alerts
1
-50%Worsened metrics
- Total package byte prevSize
332244
0Dependency changes
+ Added
balanced-match@4.0.4(transitive)+ Added
brace-expansion@5.0.4(transitive)+ Added
glob@13.0.6(transitive)+ Added
lru-cache@11.2.6(transitive)+ Added
minimatch@10.2.4(transitive)+ Added
path-scurry@2.0.2(transitive)- Removed
@isaacs/cliui@8.0.2(transitive)- Removed
@pkgjs/parseargs@0.11.0(transitive)- Removed
ansi-regex@5.0.16.2.2(transitive)- Removed
ansi-styles@4.3.06.2.3(transitive)- Removed
balanced-match@1.0.2(transitive)- Removed
brace-expansion@2.0.2(transitive)- Removed
color-convert@2.0.1(transitive)- Removed
color-name@1.1.4(transitive)- Removed
cross-spawn@7.0.6(transitive)- Removed
eastasianwidth@0.2.0(transitive)- Removed
emoji-regex@8.0.09.2.2(transitive)- Removed
foreground-child@3.3.1(transitive)- Removed
glob@10.5.0(transitive)- Removed
is-fullwidth-code-point@3.0.0(transitive)- Removed
isexe@2.0.0(transitive)- Removed
jackspeak@3.4.3(transitive)- Removed
lru-cache@10.4.3(transitive)- Removed
minimatch@9.0.9(transitive)- Removed
package-json-from-dist@1.0.1(transitive)- Removed
path-key@3.1.1(transitive)- Removed
path-scurry@1.11.1(transitive)- Removed
shebang-command@2.0.0(transitive)- Removed
shebang-regex@3.0.0(transitive)- Removed
signal-exit@4.1.0(transitive)- Removed
string-width@4.2.35.1.2(transitive)- Removed
strip-ansi@6.0.17.2.0(transitive)- Removed
which@2.0.2(transitive)- Removed
wrap-ansi@7.0.08.1.0(transitive)Updated
glob@^13.0.0