bson - npm Package Compare versions

Comparing version 0.0.3 to 0.0.4

package.json

@@ -1,22 +0,23 @@
-{
-  "name": "bson",
-  "version": "0.0.3",
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/0ctave/node-bson.git"
-  },
-  "description": "BSON library for node",
-  "author": "Christian Amor Kvalheim <christkv@gmail.com>",
-  "contributors": [
-    "Yuri Bogdanov <chinsay@gmail.com>"
-  ],
-  "scripts": {
-    "install": "make all"
-  },
-  "main": "./bson.node",
-  "engines": {
-    "node": ">=0.4.0"
-  },
-  "dependencies": {},
-  "devDependencies": {}
-}
+{ "name" :            "bson"
+, "description" :     "A bson parser for node.js and the browser"
+, "keywords" :        ["mongodb", "bson", "parser"]
+, "version" :         "0.0.4"
+, "author" :          "Christian Amor Kvalheim <christkv@gmail.com>"
+, "contributors" :  []
+
+, "repository" :    { "type" :  "git"
+                    , "url" :   "git@github.com:christkv/bson.git" }
+, "bugs" :          { "mail" :  "node-mongodb-native@googlegroups.com"
+                    , "url" :   "https://github.com/christkv/bson/issues" }
+, "devDependencies": {
+      "nodeunit": "0.7.3"
+	  , "gleak": "0.2.3"
+  }
+, "config":         { "native" : false }                    
+, "main":             "./lib/bson/index"
+, "directories" :   { "lib" : "./lib/bson" }
+, "engines" :       { "node" : ">=0.4.0" }
+, "scripts": { "install" : "node install.js", "test" : "make test" }
+, "licenses" :    [ { "type" :  "Apache License, Version 2.0"
+                    , "url" :   "http://www.apache.org/licenses/LICENSE-2.0" } ]
+}

New alerts

Install scripts

Supply chain risk

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 3 instances in 1 package

No bug tracker

Maintenance

Package does not have a linked bug tracker in package.json.

Found 1 instance in 1 package

No website

Quality

Package does not have a website.

Found 1 instance in 1 package

Fixed alerts

Install scripts

Supply chain risk

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Found 1 instance in 1 package

Non-existent author

Supply chain risk

The package was published by an npm account that no longer exists.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

575733

increased by220.05%

Number of package files

42

increased by75%

Lines of code

11309

increased by3467.51%

Number of high supply chain risk alerts

1

decreased by-50%

Worsened metrics

Dev dependency count

2

increased byInfinity%

Number of low maintenance alerts

1

increased byInfinity%

Number of low quality alerts

2

increased by100%

Number of lines in readme file

1

decreased by-83.33%

Number of low supply chain risk alerts

12

increased by1100%

Number of medium supply chain risk alerts

6

increased byInfinity%

No dependency changes