arrange - npm Package Compare versions
Comparing version 0.0.1-security to 0.1.0-beta1
| { | ||
| "name": "arrange", | ||
| "version": "0.0.1-security", | ||
| "description": "security holding package", | ||
| "repository": "npm/security-holder" | ||
| "version": "0.1.0-beta1", | ||
| "license": "MIT", | ||
| "main": "src/index.js", | ||
| "scripts": { | ||
| "prepublish": "npm run build", | ||
| "build": "rimraf dist/* && NODE_ENV=production webpack --config webpack.config.js", | ||
| "dev": "nuxt", | ||
| "deploy": "nuxt generate && push-dir --dir=gh-pages --branch=gh-pages --cleanup" | ||
| }, | ||
| "dependencies": {}, | ||
| "devDependencies": { | ||
| "autoprefixer": "^8.2.0", | ||
| "babel-preset-es2015": "^6.24.1", | ||
| "cssnano": "^3.10.0", | ||
| "extract-text-webpack-plugin": "^3.0.2", | ||
| "node-sass": "^4.8.3", | ||
| "normalize.css": "^8.0.0", | ||
| "nuxt": "^1.4.0", | ||
| "open-color": "^1.6.3", | ||
| "postcss": "^6.0.21", | ||
| "postcss-loader": "^2.1.3", | ||
| "push-dir": "^0.4.1", | ||
| "rimraf": "^2.6.2", | ||
| "sass-loader": "^6.0.7" | ||
| } | ||
| } |
@@ -1,9 +0,17 @@ | ||
| # Security holding package | ||
| # Arrange | ||
| This package name is not currently in use, but was formerly occupied | ||
| by another package. To avoid malicious use, npm is hanging on to the | ||
| package name, but loosely, and we'll probably give it to you if you | ||
| want it. | ||
| for App style vue/css library. | ||
| You may adopt this package by contacting support@npmjs.com and | ||
| requesting the name. | ||
| [Sample](https://corgidisco.github.io/arrange/) | ||
| ## Dependencies | ||
| - [Open Color](https://github.com/yeun/open-color) | ||
| ## Styling Guide | ||
| - [RSCSS](http://rscss.io) | ||
| ## Ref. | ||
| - [Framework 7](http://framework7.io/) |
New alerts
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
No repository
Supply chain riskPackage does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.
Found 1 instance in 1 package
Fixed alerts
Known malware
Supply chain riskThis package is malware. We have asked the package registry to remove it.
Found 1 instance in 1 package
Empty package
Supply chain riskPackage does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.
Found 1 instance in 1 package
No License Found
License(Experimental) License information could not be found.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by1558.46%
7745
- Number of package files
- increased by850%
19
- Number of low license alerts
- decreased by-100%
0
- Lines of code
- increased byInfinity%
137
- Number of lines in readme file
- increased by80%
18
- Number of critical supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Dev dependency count
- increased byInfinity%
13
- Number of low supply chain risk alerts
- increased by200%
3