@xo-union/pagelet
Advanced tools
Comparing version 4.0.0-uep1.beta.2 to 4.0.0-uep1.beta.3
| { | ||
| "name": "@xo-union/pagelet", | ||
| "version": "4.0.0-uep1.beta.2", | ||
| "version": "4.0.0-uep1.beta.3", | ||
| "main": "lib/core/index.js", | ||
@@ -35,3 +35,3 @@ "types": "lib/core/index.js", | ||
| "build.e2e": "UNION_INTERNAL_WEBPACK_OUTPUT_PATH=./dist-e2e yarn build.code", | ||
| "validate.pkg": "union-pkg-validator", | ||
| "validate.pkg": "ow-package-lint", | ||
| "deploy.promote": "union-deploy-promote", | ||
@@ -43,10 +43,10 @@ "deploy.stage": "union-deploy-stage", | ||
| "@babel/runtime-corejs3": "^7.23.9", | ||
| "@xo-union/dist-url": "^4.0.0-uep1.beta.2", | ||
| "@xo-union/dist-url": "^4.0.0-uep1.beta.3", | ||
| "@xo-union/event-target-shim": "^5.0.0", | ||
| "@xo-union/util-snippet-generator": "^4.0.0-uep1.beta.2", | ||
| "@xo-union/util-snippet-generator": "^4.0.0-uep1.beta.3", | ||
| "customevent": "^1.0.1" | ||
| }, | ||
| "devDependencies": { | ||
| "@xo-union/deploy": "^4.0.0-uep1.beta.2", | ||
| "@xo-union/pkg-validator": "^3.2.3", | ||
| "@tkww/orion-web-package-lint": "^1.0.0-uep1.beta.3", | ||
| "@xo-union/deploy": "^4.0.0-uep1.beta.3", | ||
| "exports-loader": "^0.7.0", | ||
@@ -58,6 +58,6 @@ "imports-loader": "^0.8.0", | ||
| "files": [ | ||
| "lib/*", | ||
| "*.js", | ||
| "*.mjs", | ||
| "*.d.ts", | ||
| "lib", | ||
| "./*.js", | ||
| "./*.mjs", | ||
| "./*.d.ts", | ||
| "!webpack.config.js" | ||
@@ -64,0 +64,0 @@ ], |
New alerts
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Fixed alerts
Uses eval
Supply chain riskPackage uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 2 instances in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Improved metrics
- Number of low supply chain risk alerts
- decreased by-100%
0
- Number of medium supply chain risk alerts
- decreased by-75%
2
Worsened metrics
- Total package byte prevSize
- decreased by-92.48%
30017
- Number of package files
- decreased by-73.08%
7
- Lines of code
- decreased by-94.79%
498
Dependency changes
+ Added@babel/runtime-corejs3@7.24.6(transitive)
+ Added@xo-union/dist-url@4.0.0-uep1.beta.5(transitive)
+ Added@xo-union/url-template@3.0.0-uep1.beta.5(transitive)
+ Added@xo-union/util-snippet-generator@4.0.0-uep1.beta.5(transitive)
- Removed@babel/runtime-corejs3@7.24.7(transitive)
- Removed@xo-union/dist-url@4.0.0-uep1.beta.8(transitive)
- Removed@xo-union/url-template@3.0.0-uep1.beta.8(transitive)
- Removed@xo-union/util-snippet-generator@4.0.0-uep1.beta.8(transitive)