@vercel/python - npm Package Compare versions

Comparing version 2.3.1-canary.4 to 2.3.1

package.json

 {
   "name": "@vercel/python",
-  "version": "2.3.1-canary.4",
+  "version": "2.3.1",
   "main": "./dist/index.js",
@@ -25,3 +25,3 @@ "license": "MIT",
     "@types/jest": "27.4.1",
-    "@vercel/build-utils": "2.16.1-canary.4",
+    "@vercel/build-utils": "2.17.0",
     "@vercel/ncc": "0.24.0",
@@ -31,3 +31,3 @@ "execa": "^1.0.0",
   },
-  "gitHead": "ec57654b5bb44bca26ed665ec68995cca0948825"
+  "gitHead": "15c7ad241a44d037ceed0101b89e3a73f09fab2b"
 }

New alerts

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 8 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 8 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Improved metrics

Number of low quality alerts

0

-100%

Worsened metrics

Total package byte prevSize

139000

-0.01%

No dependency changes