couchbase
couchbase - npm Package Compare versions
Comparing version 1.2.4 to 2.0.0-beta
New alerts
Missing package tarball
QualityThis package is missing it's tarball. It could be removed from the npm registry or there may have been an error when publishing.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Native code
Supply chain riskContains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.
Found 3 instances in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 2 instances in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 5 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Mixed license
License(Experimental) Package contains multiple licenses.
Found 1 instance in 1 package
No contributors or author data
MaintenancePackage does not specify a list of contributors or an author in package.json.
Found 1 instance in 1 package
Improved metrics
- Dependency count
- decreased by-100%
0
- Dev dependency count
- decreased by-100%
0
- Number of low license alerts
- decreased by-100%
0
- Number of low maintenance alerts
- decreased by-100%
0
- Number of low supply chain risk alerts
- decreased by-100%
0
- Number of medium supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Total package byte prevSize
- decreased by-100%
0
- Number of package files
- decreased by-100%
0
- License quality
- decreased by-100%
0
- Lines of code
- decreased by-100%
0
- Number of critical quality alerts
- increased byInfinity%
1
- Number of lines in readme file
- decreased by-100%
0
Dependency changes
- Removedbindings@~1.0.0
- Removednan@~0.8.0
- Removedrequest@~2.30.0
- Removedasn1@0.1.11(transitive)
- Removedassert-plus@0.1.5(transitive)
- Removedasync@0.9.2(transitive)
- Removedaws-sign2@0.5.0(transitive)
- Removedbindings@1.0.0(transitive)
- Removedboom@0.4.2(transitive)
- Removedcombined-stream@0.0.7(transitive)
- Removedcryptiles@0.2.2(transitive)
- Removedctype@0.5.3(transitive)
- Removeddelayed-stream@0.0.5(transitive)
- Removedforever-agent@0.5.2(transitive)
- Removedform-data@0.1.4(transitive)
- Removedhawk@1.0.0(transitive)
- Removedhoek@0.9.1(transitive)
- Removedhttp-signature@0.10.1(transitive)
- Removedjson-stringify-safe@5.0.1(transitive)
- Removedmime@1.2.11(transitive)
- Removednan@0.8.0(transitive)
- Removednode-uuid@1.4.8(transitive)
- Removedoauth-sign@0.3.0(transitive)
- Removedpunycode@2.3.1(transitive)
- Removedqs@0.6.6(transitive)
- Removedrequest@2.30.0(transitive)
- Removedsntp@0.2.4(transitive)
- Removedtough-cookie@0.9.15(transitive)
- Removedtunnel-agent@0.3.0(transitive)