arbundles - npm Package Compare versions

Comparing version 0.6.14 to 0.6.15

package.json

 {
   "name": "arbundles",
-  "version": "0.6.14",
+  "version": "0.6.15",
   "description": "Arweave bundling library",
@@ -62,3 +62,3 @@ "author": "Josh Benaron <joshbenaron@gmail.com>",
     "arweave-stream-tx": "^1.1.0",
-    "avsc": "git://github.com/JesseTheRobot/avsc#csp-fixes",
+    "avsc": "https://github.com/Bundlr-Network/avsc#csp-fixes",
     "axios": "^0.21.3",
@@ -65,0 +65,0 @@ "base64url": "^3.0.1",

New alerts

HTTP dependency

Supply chain risk

Contains a dependency which resolves to a remote HTTP URL which could be used to inject untrusted code and reduce overall package reliability.

Found 1 instance in 1 package

Fixed alerts

Git dependency

Supply chain risk

Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 1 instance in 1 package

Deprecated

Maintenance

The maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

214037

Number of medium maintenance alerts

0

decreased by-100%

Dependency changes

• Updatedavsc@https://github.com/Bundlr-Network/avsc#csp-fixes