cosy-js - npm Package Compare versions

Comparing version 0.4.14 to 0.4.15

lib/cosy.js

@@ -29,5 +29,6 @@ // Generated by CoffeeScript 1.3.3
     up: up,
-    isAwesome: true
+    isAwesome: true,
+    snuggle: require('./snuggle')
   };
 
 }).call(this);

package.json

 {
   "name": "cosy-js",
-  "version": "0.4.14",
+  "version": "0.4.15",
   "description": "A cosy little library.",
@@ -23,2 +23,3 @@ "keywords": [],
   "devDependencies": {
+    "browserify": "1.16.x",
     "chai": "1.1.x",
@@ -25,0 +26,0 @@ "coffee-script": "1.3.x",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

245709

increased by80.04%

Number of package files

106

increased by6%

Lines of code

5791

increased by142%

Worsened metrics

Dev dependency count

9

increased by12.5%

Number of low supply chain risk alerts

8

increased byInfinity%

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes