@withone/cli - npm Package Compare versions

Comparing version 1.31.0 to 1.32.0

dist/flow-runner-6IFPWOS4.js

+import {
+  FlowRunner,
+  collectStepTypes,
+  flowRequiresBash,
+  flowUsesCodeModules,
+  getFlowRootDir,
+  listFlows,
+  loadFlow,
+  loadFlowWithMeta,
+  resolveFlowPath,
+  saveFlow,
+  summarizeFlowInputs,
+  walkSteps
+} from "./chunk-T7LTS2IE.js";
+export {
+  FlowRunner,
+  collectStepTypes,
+  flowRequiresBash,
+  flowUsesCodeModules,
+  getFlowRootDir,
+  listFlows,
+  loadFlow,
+  loadFlowWithMeta,
+  resolveFlowPath,
+  saveFlow,
+  summarizeFlowInputs,
+  walkSteps
+};

package.json

 {
   "name": "@withone/cli",
-  "version": "1.31.0",
+  "version": "1.32.0",
   "description": "CLI for managing One",
@@ -5,0 +5,0 @@ "type": "module",

dist/flow-runner-HT74FKPD.js

-import {
-  FlowRunner,
-  collectStepTypes,
-  flowRequiresBash,
-  flowUsesCodeModules,
-  getFlowRootDir,
-  listFlows,
-  loadFlow,
-  loadFlowWithMeta,
-  resolveFlowPath,
-  saveFlow,
-  summarizeFlowInputs,
-  walkSteps
-} from "./chunk-645Z3ARQ.js";
-export {
-  FlowRunner,
-  collectStepTypes,
-  flowRequiresBash,
-  flowUsesCodeModules,
-  getFlowRootDir,
-  listFlows,
-  loadFlow,
-  loadFlowWithMeta,
-  resolveFlowPath,
-  saveFlow,
-  summarizeFlowInputs,
-  walkSteps
-};

New alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 6 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 6 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

AI-detected potential code anomaly

Supply chain risk

AI has identified unusual behaviors that may pose a security risk.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

510253

1.12%

Lines of code

11499

1.25%

Number of low supply chain risk alerts

79

-1.25%

Worsened metrics

Number of medium supply chain risk alerts

36

2.86%

No dependency changes