New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
can-stache-bindings
Advanced tools
can-stache-bindings - npm Package Compare versions
Comparing version 5.0.0-pre.2 to 5.0.0-pre.3
| { | ||
| "name": "can-stache-bindings", | ||
| "version": "5.0.0-pre.2", | ||
| "version": "5.0.0-pre.3", | ||
| "description": "Default binding syntaxes for can-stache", | ||
@@ -44,3 +44,3 @@ "homepage": "https://canjs.com/doc/can-stache-bindings.html", | ||
| "can-observation-recorder": "^1.0.0", | ||
| "can-queues": "canjs/can-queues#dom-queue", | ||
| "can-queues": "^1.3.0", | ||
| "can-reflect": "^1.6.0", | ||
@@ -47,0 +47,0 @@ "can-reflect-dependencies": "^1.0.0", |
Fixed alerts
GitHub dependency
Supply chain riskContains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
Manifest confusion
Supply chain riskThis package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.
Found 1 instance in 1 package
Improved metrics
- Number of high supply chain risk alerts
- decreased by-20%
4
- Number of medium supply chain risk alerts
- decreased by-20%
4
Worsened metrics
- Total package byte prevSize
- decreased by-0.01%
219733
Dependency changes
Updatedcan-queues@^1.3.0