c9 - npm Package Compare versions
Comparing version 0.1.20 to 3.0.783
| { | ||
| "name": "c9", | ||
| "version": "0.1.20", | ||
| "author": "ajax.org B.V. <info@ajax.org>", | ||
| "repository": { | ||
| "type": "git", | ||
| "url": "http://github.com/c9/c9local.git" | ||
| }, | ||
| "engines": { | ||
| "node": ">= 0.6.15" | ||
| }, | ||
| "scripts": { | ||
| "install": "cat README && exit 1" | ||
| "name": "c9", | ||
| "description": "Cloud9 Client", | ||
| "version": "3.0.783", | ||
| "author": "Cloud9 <info@c9.io>", | ||
| "contributors": [ | ||
| { | ||
| "name": "Ruben Daniels", | ||
| "email": "ruben@c9.io" | ||
| } | ||
| ], | ||
| "main": "bin/c9", | ||
| "repository": { | ||
| "type": "git", | ||
| "url": "http://github.com/c9/core.git" | ||
| }, | ||
| "dependencies": { | ||
| "debug": "~0.7.4", | ||
| "form-data": "~0.2.0", | ||
| "heapdump": "0.2.10", | ||
| "http-error": "~0.0.5", | ||
| "nak": "https://github.com/cloud9ide/nak/tarball/c9", | ||
| "optimist": "~0.6.0", | ||
| "read": "~1.0.5", | ||
| "rusha": "~0.7.2", | ||
| "simple-mime": "~0.0.8" | ||
| }, | ||
| "scripts": { | ||
| "sdk": "nodejs server.js" | ||
| }, | ||
| "licenses": [] | ||
| } |
New alerts
HTTP dependency
Supply chain riskContains a dependency which resolves to a remote HTTP URL which could be used to inject untrusted code and reduce overall package reliability.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 3 instances in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
No README
QualityPackage does not have a README. This may indicate a failed publish or a low quality package.
Found 1 instance in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 6 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Fixed alerts
Install scripts
Supply chain riskInstall scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Found 1 instance in 1 package
Non-existent author
Supply chain riskThe package was published by an npm account that no longer exists.
Found 1 instance in 1 package
Empty package
Supply chain riskPackage does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by39625%
343224
- Number of package files
- increased by1900%
40
- Lines of code
- increased byInfinity%
7786
- Number of low quality alerts
- decreased by-50%
1
- Number of high supply chain risk alerts
- decreased by-50%
1
Worsened metrics
- Dependency count
- increased byInfinity%
9
- Number of medium quality alerts
- increased by100%
2
- Number of lines in readme file
- decreased by-100%
0
- Number of low supply chain risk alerts
- increased byInfinity%
20
- Number of medium supply chain risk alerts
- increased by150%
5
Dependency changes
+ Addeddebug@~0.7.4
+ Addedform-data@~0.2.0
+ Addedheapdump@0.2.10
+ Addedhttp-error@~0.0.5
+ Addedoptimist@~0.6.0
+ Addedread@~1.0.5
+ Addedrusha@~0.7.2
+ Addedsimple-mime@~0.0.8
+ Addedabbrev@1.1.1(transitive)
+ Addedaccepts@1.0.3(transitive)
+ Addedargparse@0.1.16(transitive)
+ Addedasync@0.1.150.1.220.9.2(transitive)
+ Addedbasic-auth-connect@1.0.0(transitive)
+ Addedbatch@0.5.0(transitive)
+ Addedbody-parser@1.3.1(transitive)
+ Addedbuffer-crc32@0.2.1(transitive)
+ Addedbytes@1.0.0(transitive)
+ Addedcoffee-script@1.3.3(transitive)
+ Addedcolors@0.6.2(transitive)
+ Addedcombined-stream@0.0.7(transitive)
+ Addedcompressible@1.1.0(transitive)
+ Addedcompression@1.0.7(transitive)
+ Addedconnect@2.19.6(transitive)
+ Addedconnect-livereload@0.4.1(transitive)
+ Addedconnect-timeout@1.1.0(transitive)
+ Addedcookie@0.1.2(transitive)
+ Addedcookie-parser@1.1.0(transitive)
+ Addedcookie-signature@1.0.3(transitive)
+ Addedcore-util-is@1.0.3(transitive)
+ Addedcsrf-tokens@1.0.4(transitive)
+ Addedcsurf@1.2.1(transitive)
+ Addeddateformat@1.0.2-1.2.3(transitive)
+ Addeddebug@0.7.40.8.11.0.2(transitive)
+ Addeddelayed-stream@0.0.5(transitive)
+ Addedee-first@1.0.3(transitive)
+ Addederrorhandler@1.0.2(transitive)
+ Addedescape-html@1.0.1(transitive)
+ Addedesprima@1.0.4(transitive)
+ Addedeventemitter2@0.4.14(transitive)
+ Addedexit@0.1.2(transitive)
+ Addedexpress-session@1.2.1(transitive)
+ Addedfindup-sync@0.1.3(transitive)
+ Addedfinished@1.2.2(transitive)
+ Addedform-data@0.2.0(transitive)
+ Addedfresh@0.2.2(transitive)
+ Addedgetobject@0.1.0(transitive)
+ Addedglob@3.1.213.2.11(transitive)
+ Addedgraceful-fs@1.2.3(transitive)
+ Addedgrunt@0.4.5(transitive)
+ Addedgrunt-contrib-connect@0.8.0(transitive)
+ Addedgrunt-legacy-log@0.1.3(transitive)
+ Addedgrunt-legacy-log-utils@0.1.1(transitive)
+ Addedgrunt-legacy-util@0.2.0(transitive)
+ Addedheapdump@0.2.10(transitive)
+ Addedhooker@0.2.3(transitive)
+ Addedhttp-error@0.0.6(transitive)
+ Addediconv-lite@0.2.11(transitive)
+ Addedinherits@1.0.22.0.4(transitive)
+ Addedisarray@0.0.1(transitive)
+ Addedjs-yaml@2.0.5(transitive)
+ Addedlodash@0.9.22.4.2(transitive)
+ Addedlru-cache@2.7.3(transitive)
+ Addedmethod-override@2.0.2(transitive)
+ Addedmethods@1.0.1(transitive)
+ Addedmime@1.2.11(transitive)
+ Addedmime-db@1.12.0(transitive)
+ Addedmime-types@1.0.02.0.14(transitive)
+ Addedminimatch@0.2.140.3.0(transitive)
+ Addedminimist@0.0.10(transitive)
+ Addedmorgan@1.1.1(transitive)
+ Addedms@0.6.2(transitive)
+ Addedmultiparty@3.2.8(transitive)
+ Addedmute-stream@0.0.8(transitive)
+ Addednegotiator@0.4.6(transitive)
+ Addednopt@1.0.10(transitive)
+ Addedon-headers@0.0.0(transitive)
+ Addedopen@0.0.5(transitive)
+ Addedoptimist@0.6.1(transitive)
+ Addedparseurl@1.0.1(transitive)
+ Addedpause@0.0.1(transitive)
+ Addedportscanner@0.2.3(transitive)
+ Addedqs@0.6.6(transitive)
+ Addedrange-parser@1.0.3(transitive)
+ Addedraw-body@1.1.6(transitive)
+ Addedread@1.0.7(transitive)
+ Addedreadable-stream@1.1.14(transitive)
+ Addedresponse-time@2.0.0(transitive)
+ Addedrimraf@2.2.8(transitive)
+ Addedrndm@1.2.0(transitive)
+ Addedrusha@0.7.8(transitive)
+ Addedscmp@0.0.3(transitive)
+ Addedsend@0.4.3(transitive)
+ Addedserve-favicon@2.0.1(transitive)
+ Addedserve-index@1.1.1(transitive)
+ Addedserve-static@1.2.3(transitive)
+ Addedsigmund@1.0.1(transitive)
+ Addedsimple-mime@0.0.8(transitive)
+ Addedstream-counter@0.2.0(transitive)
+ Addedstring_decoder@0.10.31(transitive)
+ Addedtype-is@1.2.1(transitive)
+ Addeduid2@0.0.30.0.4(transitive)
+ Addedunderscore@1.7.0(transitive)
+ Addedunderscore.string@2.2.12.3.32.4.0(transitive)
+ Addedutils-merge@1.0.0(transitive)
+ Addedvary@0.1.0(transitive)
+ Addedvhost@1.0.0(transitive)
+ Addedwhich@1.0.9(transitive)
+ Addedwordwrap@0.0.3(transitive)