cloudant-nano - npm Package Compare versions

Comparing version 6.5.0 to 6.6.0

CHANGES.md

@@ -1,4 +0,5 @@
-# UNRELEASED
+# 6.6.0 (2017-10-20)
+- [UPGRADED] Upgrade package: debug@^3.1.0.
 
 # 6.5.0 (2017-05-23)
 - [UPGRADED] Using cloudant-follow==0.13.0 dependancy.

package.json

@@ -10,3 +10,3 @@ {
   },
-  "version": "6.5.0",
+  "version": "6.6.0",
   "author": {
@@ -32,3 +32,3 @@ "name": "IBM Cloudant",
     "underscore": "^1.8.3",
-    "debug": "^2.2.0"
+    "debug": "^3.1.0"
   },
@@ -35,0 +35,0 @@ "devDependencies": {

README.md

@@ -1,3 +0,13 @@
-[![Build Status](https://travis-ci.org/apache/couchdb-nano.svg?branch=master)](https://travis-ci.org/apache/couchdb-nano)![Coverage](https://img.shields.io/badge/coverage-100%-ff69b4.svg)[![dependencies Status](https://david-dm.org/apache/couchdb-nano/status.svg)](https://david-dm.org/apache/couchdb-nano)[![NPM](http://img.shields.io/npm/v/nano.svg?style=flat-square)](https://www.npmjs.com/package/nano)
+[![Travis](https://img.shields.io/travis/cloudant-labs/cloudant-nano.svg?branch=master)](https://travis-ci.org/cloudant-labs/cloudant-nano)
 
+[![NPM](https://nodei.co/npm/cloudant-nano.png?compact=true)](https://nodei.co/npm/cloudant-nano/)
+
+---
+
+This is a fork of the Apache [couchdb-nano](https://github.com/apache/couchdb-nano) project.
+
+This fork is maintained by IBM Cloudant in order to provide fixes for the [nodejs-cloudant](https://github.com/cloudant/nodejs-cloudant) library.
+
+---
+
 # nano
@@ -4,0 +14,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Number of lines in readme file

1005

increased by1.01%

Number of low supply chain risk alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

56462

decreased by-76.64%

Number of package files

7

decreased by-94.78%

Lines of code

778

decreased by-86%

Dependency changes

• + Addeddebug@3.2.7(transitive)

• + Addedms@2.1.3(transitive)

• Updateddebug@^3.1.0