annotator - npm Package Compare versions

Comparing version 1.2.2 to 2.0.0-dev

package.json

 {
   "name": "annotator",
-  "version": "1.2.2",
+  "version": "2.0.0-dev",
   "description": "Inline annotation for the web. Select text, images, or (nearly) anything else, and add your notes.",
-  "repositories": [
-    {
-      "type": "git",
-      "url": "https://github.com/okfn/annotator.git"
-    }
-  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/okfn/annotator.git"
+  },
+  "dependencies": {
+    "through": "~2.3.4"
+  },
   "devDependencies": {
-    "coffee-script": "1.2.0",
-    "node-ffi": "0.5.0",
-    "uglify-js": "1.2.5",
-    "uglifycss": "0.0.5"
+    "backbone-events-standalone": "~0.2.1",
+    "backbone-extend-standalone": "~0.1.2",
+    "browser-resolve": "~1.2.1",
+    "coffee-script": "~1.6.3",
+    "uglify-js": "~2.4.12",
+    "uglifycss": "~0.0.5",
+    "mocha": "~1.12.1",
+    "mocha-phantomjs": "~3.3.2",
+    "chai": "~1.7.2",
+    "sinon": "~1.6.0",
+    "jwt-simple": "~0.1.0",
+    "iso8601": "~1.1.1",
+    "connect": "~2.10.1",
+    "browserify": "~3.30.1",
+    "coffeeify": "~0.6.0",
+    "convert-source-map": "~0.3.1",
+    "glob": "~3.2.6",
+    "kew": "~0.2.2",
+    "source-map": "~0.1.32",
+    "watchify": "0.6.2"
   },
-  "engines": { "node" : "~0.6.0" }
+  "engines": {
+    "node": ">=0.8 <0.12"
+  },
+  "scripts": {
+    "start": "./tools/serve",
+    "test": "./tools/test"
+  },
+  "browser": "./lib/annotator"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Minified code

Quality

This package contains minified code. This may be harmless in some cases where minified code is included in packaged libraries, however packages on npm should not minify code.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Native code

Supply chain risk

Contains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.

Found 2 instances in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 2 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Minified code

Quality

This package contains minified code. This may be harmless in some cases where minified code is included in packaged libraries, however packages on npm should not minify code.

Found 1 instance in 1 package

No repository

Supply chain risk

Package does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

3862508

increased by212.45%

Number of package files

208

increased by103.92%

Lines of code

28911

increased by102.49%

Number of lines in readme file

138

increased by6.98%

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Dependency count

1

increased byInfinity%

Dev dependency count

20

increased by400%

Number of low quality alerts

16

increased by700%

Number of low supply chain risk alerts

57

increased by1325%

Dependency changes

• + Addedthrough@~2.3.4

• + Addedthrough@2.3.8(transitive)