@vercel/node
Advanced tools
@vercel/node - npm Package Compare versions
+5
-5
| { | ||
| "name": "@vercel/node", | ||
| "version": "2.8.10", | ||
| "version": "2.8.11", | ||
| "license": "MIT", | ||
@@ -34,5 +34,5 @@ "main": "./dist/index", | ||
| "@types/node": "14.18.33", | ||
| "@vercel/build-utils": "workspace:5.8.2", | ||
| "@vercel/node-bridge": "workspace:3.1.7", | ||
| "@vercel/static-config": "workspace:2.0.10", | ||
| "@vercel/build-utils": "5.8.3", | ||
| "@vercel/node-bridge": "3.1.8", | ||
| "@vercel/static-config": "2.0.11", | ||
| "edge-runtime": "2.0.0", | ||
@@ -68,3 +68,3 @@ "esbuild": "0.14.47", | ||
| }, | ||
| "gitHead": "e54da8a2e5504987a956e2baaad6d817028b597f" | ||
| "gitHead": "b5cdc82a1cca4d0b3369490f8a19fd8f8478fe94" | ||
| } |
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 2 instances in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 7 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 2 instances in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 7 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Number of medium supply chain risk alerts
7
-12.5%Worsened metrics
- Total package byte prevSize
15241665
0Dependency changes
+ Added
@nodelib/fs.scandir@2.1.5(transitive)+ Added
@nodelib/fs.stat@2.0.5(transitive)+ Added
@nodelib/fs.walk@1.2.8(transitive)+ Added
@ts-morph/common@0.11.1(transitive)+ Added
@types/json-schema@7.0.15(transitive)+ Added
@vercel/build-utils@5.8.3(transitive)+ Added
@vercel/node-bridge@3.1.8(transitive)+ Added
@vercel/static-config@2.0.11(transitive)+ Added
ajv@8.6.3(transitive)+ Added
balanced-match@1.0.2(transitive)+ Added
brace-expansion@1.1.12(transitive)+ Added
braces@3.0.3(transitive)+ Added
code-block-writer@10.1.1(transitive)+ Added
concat-map@0.0.1(transitive)+ Added
fast-deep-equal@3.1.3(transitive)+ Added
fast-glob@3.3.3(transitive)+ Added
fastq@1.20.1(transitive)+ Added
fill-range@7.1.1(transitive)+ Added
glob-parent@5.1.2(transitive)+ Added
is-extglob@2.1.1(transitive)+ Added
is-glob@4.0.3(transitive)+ Added
is-number@7.0.0(transitive)+ Added
json-schema-to-ts@1.6.4(transitive)+ Added
json-schema-traverse@1.0.0(transitive)+ Added
merge2@1.4.1(transitive)+ Added
micromatch@4.0.8(transitive)+ Added
minimatch@3.1.5(transitive)+ Added
mkdirp@1.0.4(transitive)+ Added
path-browserify@1.0.1(transitive)+ Added
picomatch@2.3.2(transitive)+ Added
punycode@2.3.1(transitive)+ Added
queue-microtask@1.2.3(transitive)+ Added
require-from-string@2.0.2(transitive)+ Added
reusify@1.1.0(transitive)+ Added
run-parallel@1.2.0(transitive)+ Added
to-regex-range@5.0.1(transitive)+ Added
ts-morph@12.0.0(transitive)+ Added
ts-toolbelt@6.15.5(transitive)+ Added
uri-js@4.4.1(transitive)Updated
@vercel/build-utils@5.8.3Updated
@vercel/node-bridge@3.1.8Updated
@vercel/static-config@2.0.11