amazon-mws-cli - npm Package Compare versions

Comparing version 1.0.0-alpha.1 to 1.0.0-alpha.2

package.json

 {
   "name": "amazon-mws-cli",
-  "version": "1.0.0-alpha.1",
+  "version": "1.0.0-alpha.2",
   "description": "A command-line tool to access the Amazon Marketplace Web Services API",
-  "main": "index.js",
   "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1",
-    "postinstall" : "./install.sh"
+    "test": "echo \"Error: no test specified\" && exit 1"
   },
   "bin": {
-    "getMatchingProductForId": "./GetMatchingProductForId.php",
-    "getCompetitivePricingForASIN": "./Products.GetCompetitivePricingForASIN.php"
+    "getMatchingProductForId": "src/getMatchingProductForId.js",
+    "getCompetitivePricingForASIN": "src/getCompetitivePricingForASIN.js"
   },
@@ -24,3 +22,6 @@ "preferGlobal": true,
   },
-  "homepage": "https://github.com/simonjayhawkins/amazon-mws-cli#readme"
+  "homepage": "https://github.com/simonjayhawkins/amazon-mws-cli#readme",
+  "dependencies": {
+    "shiny-robot": "git+https://github.com/simonjayhawkins/shiny-robot.git#70f53e7002757e4f6c5fa7d5a0079e4eb852a7ae"
+  }
 }

README.md

 # amazon-mws-cli
 
 [![npm version](https://badge.fury.io/js/amazon-mws-cli.svg)](https://badge.fury.io/js/amazon-mws-cli)
+[![JavaScript Style Guide](https://img.shields.io/badge/code%20style-standard-brightgreen.svg)](http://standardjs.com/)
 
 ## Installation
 
-install php5-cli and php5-curl (this package depends on the official Amazon PHP SDK)
-```
-sudo apt-get install php5-cli php5-curl
-```
-
 install amazon-mws-cli globally using npm so that it may be run from the command line.
@@ -24,2 +20,3 @@ ```
 export MARKETPLACE_ID="<Your Marketplace Id>"
+export ENDPOINT="<Your Amazon MWS Endpoint>"
 ```
@@ -37,3 +34,3 @@
 ```
-getCompetitivePricingForASIN <ASIN1> [...ASIN10]
+getCompetitivePricingForASIN <ASIN1> [...ASIN20]
 ```

New alerts

Git dependency

Supply chain risk

Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 5 instances in 1 package

Fixed alerts

Install scripts

Supply chain risk

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Found 1 instance in 1 package

Empty package

Supply chain risk

Package does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.

Found 1 instance in 1 package

Improved metrics

Lines of code

41

increased byInfinity%

Number of high supply chain risk alerts

0

decreased by-100%

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

4513

decreased by-73.62%

Dependency count

1

increased byInfinity%

Number of package files

6

decreased by-33.33%

Number of lines in readme file

34

decreased by-8.11%

Number of critical supply chain risk alerts

1

increased byInfinity%

Number of low supply chain risk alerts

10

increased byInfinity%

Dependency changes

• + Addedshiny-robot@git+https://github.com/simonjayhawkins/shiny-robot.git#70f53e7002757e4f6c5fa7d5a0079e4eb852a7ae