create-esm - npm Package Compare versions

Comparing version 0.0.1 to 1.0.0

package.json

 {
   "name": "create-esm",
-  "version": "0.0.1",
-  "description": "Create ES modules in Node today!",
+  "version": "1.0.0",
+  "description": "Create `esm` enabled packages.",
   "keywords": "commonjs, ecmascript, export, import, modules, node, require",
@@ -9,17 +9,27 @@ "repository": "standard-things/create-esm",
   "author": "John-David Dalton <john.david.dalton@gmail.com>",
-  "bin": "./bin/create-esm",
+  "bin": "bin/create-esm",
   "main": "index.js",
   "engines": {
-    "node": ">=4"
+    "node": ">=6"
   },
   "scripts": {
+    "lint": "eslint '**/*.js' --fix --quiet",
     "test": "echo \"Error: no test specified\" && exit 1"
   },
   "dependencies": {
+    "esm": "^3.0.0",
+    "execa": "^0.10.0",
     "fs-extra": "^5.0.0"
   },
+  "devDependencies": {
+    "babel-eslint": "^8.2.2",
+    "eslint": "^4.19.1",
+    "eslint-plugin-import": "^2.9.0",
+    "eslint-plugin-node": "^6.0.1"
+  },
   "files": [
     "index.js",
+    "main.js",
     "bin/create-esm"
   ]
 }

README.md

 # create-esm
 
-A package initialization template for [@std/esm](https://github.com/standard-things/esm).
+A package initialization template for [`esm`](https://github.com/standard-things/esm).

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Empty package

Supply chain risk

Package does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

4597

increased by139.05%

Number of package files

6

increased by20%

Lines of code

99

increased byInfinity%

Number of low quality alerts

2

decreased by-33.33%

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Dependency count

3

increased by200%

Dev dependency count

4

increased byInfinity%

Number of low supply chain risk alerts

3

increased by200%

Dependency changes

• + Addedesm@^3.0.0

• + Addedexeca@^0.10.0

• + Addedcross-spawn@6.0.5(transitive)

• + Addedesm@3.2.25(transitive)

• + Addedexeca@0.10.0(transitive)

• + Addedget-stream@3.0.0(transitive)

• + Addedis-stream@1.1.0(transitive)

• + Addedisexe@2.0.0(transitive)

• + Addednice-try@1.0.5(transitive)

• + Addednpm-run-path@2.0.2(transitive)

• + Addedp-finally@1.0.0(transitive)

• + Addedpath-key@2.0.1(transitive)

• + Addedsemver@5.7.2(transitive)

• + Addedshebang-command@1.2.0(transitive)

• + Addedshebang-regex@1.0.0(transitive)

• + Addedsignal-exit@3.0.7(transitive)

• + Addedstrip-eof@1.0.0(transitive)

• + Addedwhich@1.3.1(transitive)