comunica - npm Package Compare versions
Comparing version 0.0.1-security to 2.0.0
| { | ||
| "name": "comunica", | ||
| "version": "0.0.1-security", | ||
| "description": "security holding package", | ||
| "repository": "npm/security-holder" | ||
| } | ||
| "version": "2.0.0", | ||
| "description": "This is not a valid package", | ||
| "main": "index.js", | ||
| "scripts": { | ||
| "test": "echo \"Error: no test specified\" && exit 1" | ||
| }, | ||
| "author": "", | ||
| "license": "ISC" | ||
| } |
@@ -1,5 +0,8 @@ | ||
| # Security holding package | ||
| # This is not a valid package | ||
| This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future. | ||
| **Do not install me** | ||
| Please refer to www.npmjs.com/advisories?search={package-name} for more information. | ||
| You're probably looking for a Comunica query engine preset, such as [`@comunica/query-sparql`](https://www.npmjs.com/package/@comunica/query-sparql). | ||
| Learn more about Comunica on https://comunica.dev/ | ||
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
No repository
Supply chain riskPackage does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.
Found 1 instance in 1 package
No tests
QualityPackage does not have any tests. This is a strong signal of a poorly maintained or low quality package.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Known malware
Supply chain riskThis package is malware. We have asked the package registry to remove it.
Found 1 instance in 1 package
No contributors or author data
MaintenancePackage does not specify a list of contributors or an author in package.json.
Found 1 instance in 1 package
No License Found
License(Experimental) License information could not be found.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by14.29%
488
- Number of low license alerts
- decreased by-100%
0
- Number of lines in readme file
- increased by50%
9
- Number of critical supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Number of medium supply chain risk alerts
- increased by100%
2