azure-pipelines-task-lib - npm Package Compare versions

Comparing version 2.11.0 to 2.11.1

package.json

 {
   "name": "azure-pipelines-task-lib",
-  "version": "2.11.0",
+  "version": "2.11.1",
   "description": "Azure Pipelines Task SDK",
@@ -5,0 +5,0 @@ "main": "./task.js",

typings.json

 {
-  "name": "azure-pipelines-task-lib",
-  "version": false,
-  "dependencies": {},
-  "globalDependencies": {
-    "glob": "registry:dt/glob#5.0.10+20160317120654",
-    "minimatch": "registry:dt/minimatch#2.0.8+20160317120654",
-    "mocha": "registry:dt/mocha#2.2.5+20160619032855",
-    "mockery": "registry:dt/mockery#1.4.0+20160316155526",
-    "node": "registry:dt/node#6.0.0+20160709114037",
-    "q": "registry:dt/q#0.0.0+20160613154756",
-    "semver": "registry:dt/semver#4.3.4+20160608054219",
-    "shelljs": "registry:dt/shelljs#0.0.0+20160526131156"
-  }
+	"name": "azure-pipelines-task-lib",
+	"main": "task.d.ts",
+	"globalDependencies": {
+		"node": "registry:dt/node#6.0.0+20160709114037",
+		"q": "registry:dt/q#0.0.0+20160613154756"
+	}
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 17 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Worsened metrics

Total package byte prevSize

361029

decreased by-65.72%

Number of package files

36

decreased by-61.29%

Lines of code

6216

decreased by-69.06%

Number of low supply chain risk alerts

52

increased by420%

Number of medium supply chain risk alerts

5

increased by150%

No dependency changes