commit-status - npm Package Compare versions

Comparing version 1.0.0 to 2.0.0

commit-status.js

 #!/usr/bin/env node
 
-var token = process.env.GH_TOKEN;
+var token = process.env.GH_STATUS_TOKEN || process.env.GH_TOKEN;
 var sha   = process.env.CIRCLE_SHA1 || process.env.TRAVIS_COMMIT;
@@ -12,3 +12,3 @@ var owner = process.env.CIRCLE_PROJECT_USERNAME || extractSlug(process.env.TRAVIS_REPO_SLUG, 0);
 validate(
-  [token, 'GitHub token not configured (use GH_TOKEN env var)'],
+  [token, 'GitHub token not configured (use GH_STATUS_TOKEN env var)'],
   [sha,   'Unable to detect current build’s SHA'],
@@ -15,0 +15,0 @@ [owner, 'Unable to detect repository owner'],

package.json

 {
   "name": "commit-status",
-  "version": "1.0.0",
+  "version": "2.0.0",
   "description": "Simple command-line application to post commit status to GitHub (for use in CI)",
@@ -5,0 +5,0 @@ "main": "index.js",

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

3797

increased by1.01%

Worsened metrics

Number of low supply chain risk alerts

9

increased by12.5%

No dependency changes