configstore - npm Package Compare versions

Comparing version 0.3.1 to 0.3.2

package.json

 {
   "name": "configstore",
-  "version": "0.3.1",
+  "version": "0.3.2",
   "description": "Easily load and save config without having to think about where and how",
@@ -20,3 +20,2 @@ "keywords": [
   },
-  "main": "configstore.js",
   "repository": "yeoman/configstore",
@@ -31,8 +30,10 @@ "scripts": {
   "dependencies": {
-    "graceful-fs": "~3.0.1",
-    "js-yaml": "~3.0.1",
-    "mkdirp": "~0.5.0",
-    "object-assign": "~0.3.1",
-    "osenv": "~0.1.0",
-    "uuid": "~1.4.1"
+    "graceful-fs": "^3.0.1",
+    "js-yaml": "^3.1.0",
+    "mkdirp": "^0.5.0",
+    "object-assign": "^2.0.0",
+    "osenv": "^0.1.0",
+    "user-home": "^1.0.0",
+    "uuid": "^2.0.1",
+    "xdg-basedir": "^1.0.0"
   },
@@ -43,4 +44,4 @@ "devDependencies": {
   "files": [
-    "configstore.js"
+    "index.js"
   ]
 }

readme.md

 # configstore [![Build Status](https://secure.travis-ci.org/yeoman/configstore.svg?branch=master)](http://travis-ci.org/yeoman/configstore)
 
-Easily load and persist config without having to think about where and how.
+> Easily load and persist config without having to think about where and how.
 
@@ -8,3 +8,3 @@ Config is stored in a YAML file to make it simple for users to edit the config directly themselves. The file is located in `$XDG_CONFIG_HOME` or `~/.config`. Eg: `~/.config/configstore/id-of-your-choosing.yml`
 
-## Example usage
+## Usage
 
@@ -11,0 +11,0 @@ ```js

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

4873

increased by0.64%

Lines of code

88

increased by1.15%

Number of low supply chain risk alerts

1

decreased by-50%

Worsened metrics

Dependency count

8

increased by33.33%

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Addeduser-home@^1.0.0

• + Addedxdg-basedir@^1.0.0

• + Addedargparse@1.0.10(transitive)

• + Addedesprima@4.0.1(transitive)

• + Addedjs-yaml@3.14.1(transitive)

• + Addedobject-assign@2.1.1(transitive)

• + Addedsprintf-js@1.0.3(transitive)

• + Addeduser-home@1.1.1(transitive)

• + Addeduuid@2.0.3(transitive)

• + Addedxdg-basedir@1.0.1(transitive)

• - Removedargparse@0.1.16(transitive)

• - Removedesprima@1.0.4(transitive)

• - Removedjs-yaml@3.0.2(transitive)

• - Removedobject-assign@0.3.1(transitive)

• - Removedunderscore@1.7.0(transitive)

• - Removedunderscore.string@2.4.0(transitive)

• - Removeduuid@1.4.2(transitive)

• Updatedgraceful-fs@^3.0.1

• Updatedjs-yaml@^3.1.0

• Updatedmkdirp@^0.5.0

• Updatedobject-assign@^2.0.0

• Updatedosenv@^0.1.0

• Updateduuid@^2.0.1