beard - npm Package Compare versions

Comparing version 0.6.0 to 0.8.0

package.json

 {
   "name": "beard",
-  "version": "0.6.0",
+  "version": "0.8.0",
   "description": "More than a mustache.",
@@ -16,8 +16,17 @@ "license": "MIT",
   "engine": ">= 0.4.1",
-  "main": "./beard",
+  "main": "./lib/index",
   "scripts": {
     "test": "mocha"
   },
+  "bin": {
+    "beard": "./cli.js"
+  },
   "dependencies": {
-    "traversy": "0.0.2"
+    "cheerio": "github:cheeriojs/cheerio#3368605edb3c5babecc8576602a9d54ccfdaef1e",
+    "fs-extra": "7.0.1",
+    "merge-anything": "~3.0.3",
+    "mismatch": "^1.2.0",
+    "normalize-selector": "0.2.0",
+    "traversy": "0.0.2",
+    "xregexp": "4.2.4"
   },
@@ -27,4 +36,5 @@ "devDependencies": {
     "chai": "4.1.2",
+    "chai-string": "1.5.0",
     "brisky-performance": "1.4.2"
   }
 }

New alerts

GitHub dependency

Supply chain risk

Contains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

Uses eval

Supply chain risk

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

33173

increased by74.98%

Number of package files

33

increased by450%

Lines of code

855

increased by173.16%

Worsened metrics

Dependency count

7

increased by600%

Dev dependency count

4

increased by33.33%

Number of high supply chain risk alerts

1

increased byInfinity%

Number of low supply chain risk alerts

7

increased by250%

Number of medium supply chain risk alerts

3

increased by50%

Dependency changes

• + Addedcheerio@github:cheeriojs/cheerio#3368605edb3c5babecc8576602a9d54ccfdaef1e

• + Addedfs-extra@7.0.1

• + Addedmerge-anything@~3.0.3

• + Addedmismatch@^1.2.0

• + Addednormalize-selector@0.2.0

• + Addedxregexp@4.2.4

• + Added@babel/runtime-corejs2@7.24.7(transitive)

• + Addedcore-js@2.6.12(transitive)

• + Addedfs-extra@7.0.1(transitive)

• + Addedgraceful-fs@4.2.11(transitive)

• + Addedis-what@3.14.1(transitive)

• + Addedjsonfile@4.0.0(transitive)

• + Addedmerge-anything@3.0.7(transitive)

• + Addedmismatch@1.2.0(transitive)

• + Addednormalize-selector@0.2.0(transitive)

• + Addedregenerator-runtime@0.14.1(transitive)

• + Addedts-toolbelt@6.15.5(transitive)

• + Addeduniversalify@0.1.2(transitive)

• + Addedxregexp@4.2.4(transitive)