@volar/typescript - npm Package Compare versions

Comparing version 2.4.19 to 2.4.20

lib/quickstart/runTsc.d.ts

@@ -10,3 +10,3 @@ import type * as ts from 'typescript';
     extraExtensionsToRemove: string[];
-}, _getLanguagePlugins: typeof getLanguagePlugins, typescriptObject?: string): void;
+}, _getLanguagePlugins: typeof getLanguagePlugins, typescriptObject?: string): any;
 /**
@@ -13,0 +13,0 @@ * Replaces the code of typescript to add support for additional extensions and language plugins.

lib/quickstart/runTsc.js

@@ -46,3 +46,3 @@ "use strict";
     try {
-        require(tscPath);
+        return require(tscPath);
     }
@@ -49,0 +49,0 @@ finally {

package.json

 {
 	"name": "@volar/typescript",
-	"version": "2.4.19",
+	"version": "2.4.20",
 	"license": "MIT",
@@ -15,3 +15,3 @@ "files": [
 	"dependencies": {
-		"@volar/language-core": "2.4.19",
+		"@volar/language-core": "2.4.20",
 		"path-browserify": "^1.0.1",
@@ -23,5 +23,5 @@ "vscode-uri": "^3.0.8"
 		"@types/path-browserify": "latest",
-		"@volar/language-service": "2.4.19"
+		"@volar/language-service": "2.4.20"
 	},
-	"gitHead": "1bf8e87e3d451369e0cc3f0eb6d8ecaf2a9365f8"
+	"gitHead": "a95effedf7b74d3fa8f5d5e168b6d597e3aaca62"
 }

New alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

AI-detected potential code anomaly

Supply chain risk

AI has identified unusual behaviors that may pose a security risk.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

212260

0

Number of low supply chain risk alerts

8

-11.11%

Dependency changes

• + Added

  @volar/language-core@2.4.20
  (transitive)

• + Added

  @volar/source-map@2.4.20
  (transitive)

• - Removed

  @volar/language-core@2.4.19
  (transitive)

• - Removed

  @volar/source-map@2.4.19
  (transitive)

• Updated

  @volar/language-core@2.4.20