cashaccounts - npm Package Compare versions

Comparing version 0.3.1 to 0.3.2

package.json

 {
   "name": "cashaccounts",
-  "version": "0.3.1",
+  "version": "0.3.2",
   "description": "decentralized identity system for bitcoin cash by Jonathan Silverblood",
@@ -14,6 +14,6 @@ "main": "index.js",
     "base58check": "^2.0.0",
-    "bchaddrjs-slp": "git://github.com/simpleledger/bchaddrjs.git#master",
+    "bchaddrjs-slp": "https://github.com/simpleledger/bchaddrjs.git",
     "bitcoin-cash-rpc": "^0.4.2",
-    "bitcoincashjs-lib": "git@github.com:Bitcoin-com/bitcoincashjs-lib.git",
-    "bitcore-lib-cash": "git@github.com:paOol/bitcore-lib-cash.git",
+    "bitcoincashjs-lib": "https://github.com/Bitcoin-com/bitcoincashjs-lib.git",
+    "bitcore-lib-cash": "https://github.com/paOol/bitcore-lib-cash.git",
     "cashaddrjs": "^0.3.3"
@@ -20,0 +20,0 @@ },

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

HTTP dependency

Supply chain risk

Contains a dependency which resolves to a remote HTTP URL which could be used to inject untrusted code and reduce overall package reliability.

Found 3 instances in 1 package

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 3 instances in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Git dependency

Supply chain risk

Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable and can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 1 instance in 1 package

GitHub dependency

Supply chain risk

Contains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 2 instances in 1 package

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 2 instances in 1 package

Improved metrics

Total package byte prevSize

27719

increased by0.01%

Worsened metrics

Number of medium supply chain risk alerts

3

increased by50%

Dependency changes

• Updatedbchaddrjs-slp@https://github.com/simpleledger/bchaddrjs.git

• Updatedbitcoincashjs-lib@https://github.com/Bitcoin-com/bitcoincashjs-lib.git

• Updatedbitcore-lib-cash@https://github.com/paOol/bitcore-lib-cash.git