bitcoinjs-lib - npm Package Compare versions

Comparing version 1.5.6 to 1.5.7

package.json

 {
   "name": "bitcoinjs-lib",
-  "version": "1.5.6",
+  "version": "1.5.7",
   "description": "Client-side Bitcoin JavaScript library",
@@ -5,0 +5,0 @@ "main": "./src/index.js",

src/hdnode.js

@@ -47,2 +47,3 @@ var assert = require('assert')
     this.privKey = K
+    this.pubKey = K.pub
   } else if (K instanceof ECPubKey) {
@@ -49,0 +50,0 @@ assert(K.compressed, 'ECPubKey must be compressed')

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Improved metrics

Number of low supply chain risk alerts

0

decreased by-100%

Number of medium supply chain risk alerts

1

decreased by-50%

Worsened metrics

Total package byte prevSize

92436

decreased by-87.61%

Number of package files

23

decreased by-4.17%

Lines of code

2551

decreased by-89.06%

No dependency changes