New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@vercel/redwood
Advanced tools
@vercel/redwood - npm Package Compare versions
Comparing version 1.0.16 to 1.0.17
@@ -15,10 +15,9 @@ "use strict"; | ||
| await (0, build_utils_1.download)(files, workPath, meta); | ||
| Object.keys(process.env) | ||
| .filter(key => key.startsWith('VERCEL_')) | ||
| .forEach(key => { | ||
| const newKey = `REDWOOD_ENV_${key}`; | ||
| if (!(newKey in process.env)) { | ||
| process.env[newKey] = process.env[key]; | ||
| } | ||
| const prefixedEnvs = (0, build_utils_1.getPrefixedEnvVars)({ | ||
| envPrefix: 'REDWOOD_ENV_', | ||
| envs: process.env, | ||
| }); | ||
| for (const [key, value] of Object.entries(prefixedEnvs)) { | ||
| process.env[key] = value; | ||
| } | ||
| const { installCommand, buildCommand } = config; | ||
@@ -25,0 +24,0 @@ const mountpoint = (0, path_1.dirname)(entrypoint); |
| { | ||
| "name": "@vercel/redwood", | ||
| "version": "1.0.16", | ||
| "version": "1.0.17", | ||
| "main": "./dist/index.js", | ||
@@ -30,5 +30,5 @@ "license": "MIT", | ||
| "@types/semver": "6.0.0", | ||
| "@vercel/build-utils": "5.2.0" | ||
| "@vercel/build-utils": "5.3.0" | ||
| }, | ||
| "gitHead": "32afd67d29d46f67027091ab9695d8ff330355b5" | ||
| "gitHead": "47e3381c6df661168e8be335cc58df03f3cf2414" | ||
| } |
Fixed alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Improved metrics
- Number of low supply chain risk alerts
3
-40%Worsened metrics
- Total package byte prevSize
22393
-0.1%- Lines of code
234
-0.43%No dependency changes