analytics-node - npm Package Compare versions

Comparing version 2.4.1 to 3.0.0

package.json

 {
   "name": "analytics-node",
-  "repository": "git://github.com/segmentio/analytics-node",
-  "version": "2.4.1",
-  "description": "The hassle-free way to integrate analytics into any node application.",
+  "version": "3.0.0",
+  "description": "The hassle-free way to integrate analytics into any Node.js application",
+  "license": "MIT",
+  "repository": "segmentio/analytics-node",
+  "author": {
+    "name": "Segment",
+    "email": "tools+npm@segment.com",
+    "url": "segment.com"
+  },
+  "bin": {
+    "analytics": "cli.js"
+  },
+  "engines": {
+    "node": ">=4"
+  },
+  "scripts": {
+    "test": "standard && ava",
+    "prepublish": "npm run check-deps",
+    "check-deps": "nsp check"
+  },
+  "files": [
+    "index.js",
+    "cli.js"
+  ],
   "keywords": [
     "analytics",
+    "stats",
     "segment.io",
     "segmentio",
+    "segment",
     "client",
     "driver"
   ],
-  "main": "lib/index.js",
-  "browserify": {
-    "transform": [
-      "brfs"
-    ]
-  },
-  "bin": {
-    "analytics": "bin/analytics"
-  },
   "dependencies": {
     "@segment/loosely-validate-event": "^1.1.2",
-    "clone": "^2.1.1",
     "commander": "^2.9.0",
     "crypto-token": "^1.0.1",
     "debug": "^2.6.2",
-    "lodash": "^4.17.4",
     "remove-trailing-slash": "^0.1.0",
-    "superagent": "^3.5.0",
-    "superagent-retry": "^0.6.0"
+    "superagent": "^3.5.0"
   },
   "devDependencies": {
+    "ava": "^0.21.0",
     "body-parser": "^1.17.1",
-    "brfs": "^1.4.3",
-    "browserify": "^14.1.0",
+    "delay": "^2.0.0",
     "express": "^4.15.2",
-    "mocha": "^3.2.0",
     "nsp": "^2.6.3",
+    "pify": "^3.0.0",
+    "sinon": "^2.3.8",
     "standard": "^9.0.1"
-  },
-  "engines": {
-    "node": ">= 0.12.x"
-  },
-  "scripts": {
-    "test": "make test"
-  },
-  "standard": {
-    "ignore": [
-      "analytics-node.js"
-    ]
-  },
-  "license": "MIT"
+  }
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

No repository

Supply chain risk

Package does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 2 instances in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 4 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

No contributors or author data

Maintenance

Package does not specify a list of contributors or an author in package.json.

Found 1 instance in 1 package

No repository

Supply chain risk

Package does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.

Found 1 instance in 1 package

Improved metrics

Dependency count

6

decreased by-33.33%

Number of low maintenance alerts

1

decreased by-50%

Number of low supply chain risk alerts

2

decreased by-85.71%

Number of medium supply chain risk alerts

1

decreased by-50%

Worsened metrics

Total package byte prevSize

12212

decreased by-98.53%

Dev dependency count

8

increased by14.29%

Number of package files

5

decreased by-61.54%

Lines of code

305

decreased by-98.71%

Number of lines in readme file

35

decreased by-7.89%

Dependency changes

• - Removedclone@^2.1.1

• - Removedlodash@^4.17.4

• - Removedsuperagent-retry@^0.6.0

• - Removedclone@2.1.2(transitive)

• - Removedlodash@4.17.21(transitive)

• - Removedsuperagent-retry@0.6.0(transitive)