beard - npm Package Compare versions
Comparing version 0.6.0 to 0.8.0
| { | ||
| "name": "beard", | ||
| "version": "0.6.0", | ||
| "version": "0.8.0", | ||
| "description": "More than a mustache.", | ||
@@ -16,8 +16,17 @@ "license": "MIT", | ||
| "engine": ">= 0.4.1", | ||
| "main": "./beard", | ||
| "main": "./lib/index", | ||
| "scripts": { | ||
| "test": "mocha" | ||
| }, | ||
| "bin": { | ||
| "beard": "./cli.js" | ||
| }, | ||
| "dependencies": { | ||
| "traversy": "0.0.2" | ||
| "cheerio": "github:cheeriojs/cheerio#3368605edb3c5babecc8576602a9d54ccfdaef1e", | ||
| "fs-extra": "7.0.1", | ||
| "merge-anything": "~3.0.3", | ||
| "mismatch": "^1.2.0", | ||
| "normalize-selector": "0.2.0", | ||
| "traversy": "0.0.2", | ||
| "xregexp": "4.2.4" | ||
| }, | ||
@@ -27,4 +36,5 @@ "devDependencies": { | ||
| "chai": "4.1.2", | ||
| "chai-string": "1.5.0", | ||
| "brisky-performance": "1.4.2" | ||
| } | ||
| } |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
GitHub dependency
Supply chain riskContains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by74.98%
33173
- Number of package files
- increased by450%
33
- Lines of code
- increased by173.16%
855
Worsened metrics
- Dependency count
- increased by600%
7
- Dev dependency count
- increased by33.33%
4
- Number of high supply chain risk alerts
- increased byInfinity%
1
- Number of low supply chain risk alerts
- increased by250%
7
- Number of medium supply chain risk alerts
- increased by50%
3
Dependency changes
+ Addedcheerio@github:cheeriojs/cheerio#3368605edb3c5babecc8576602a9d54ccfdaef1e
+ Addedfs-extra@7.0.1
+ Addedmerge-anything@~3.0.3
+ Addedmismatch@^1.2.0
+ Addednormalize-selector@0.2.0
+ Addedxregexp@4.2.4
+ Added@babel/runtime-corejs2@7.26.0(transitive)
+ Addedcore-js@2.6.12(transitive)
+ Addedfs-extra@7.0.1(transitive)
+ Addedgraceful-fs@4.2.11(transitive)
+ Addedis-what@3.14.1(transitive)
+ Addedjsonfile@4.0.0(transitive)
+ Addedmerge-anything@3.0.7(transitive)
+ Addedmismatch@1.2.0(transitive)
+ Addednormalize-selector@0.2.0(transitive)
+ Addedregenerator-runtime@0.14.1(transitive)
+ Addedts-toolbelt@6.15.5(transitive)
+ Addeduniversalify@0.1.2(transitive)
+ Addedxregexp@4.2.4(transitive)