create-nocobase-app - npm Package Compare versions

Comparing version 0.5.0-alpha.38 to 0.7.0-alpha.0

bin/create-nocobase-app.js

 #!/usr/bin/env node
 
-require('../lib/cli');
+require('../src/create-nocobase-app');

package.json

 {
   "name": "create-nocobase-app",
-  "version": "0.5.0-alpha.38",
-  "main": "lib/index.js",
-  "types": "lib/index.d.ts",
-  "files": [
-    "lib",
-    "bin",
-    "templates"
+  "version": "0.7.0-alpha.0",
+  "main": "src/index.js",
+  "license": "Apache-2.0",
+  "licenses": [
+    {
+      "type": "Apache-2.0",
+      "url": "http://www.apache.org/licenses/LICENSE-2.0"
+    }
   ],
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/nocobase/nocobase.git",
-    "directory": "packages/create-nocobase-app"
-  },
-  "license": "MIT",
   "dependencies": {
     "@nocobase/utils": "^0.5.0-alpha.38",
-    "@umijs/utils": "3.5.17",
+    "axios": "^0.26.1",
+    "chalk": "^4.1.1",
     "commander": "^8.2.0",
-    "execa": "^5.1.1",
-    "ora": "^5.4.1"
+    "execa": "5",
+    "fs-extra": "^10.0.1",
+    "ora": "^5.4.1",
+    "tar": "^6.1.11"
   },
-  "bin": {
-    "create-nocobase-app": "bin/create-nocobase-app.js"
+  "bin": "./bin/create-nocobase-app.js",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/nocobase/nocobase.git",
+    "directory": "packages/core/create-nocobase-app"
   },
-  "gitHead": "ac34f5b49e78963b9d8f03159f02cf15b450c0b5"
+  "gitHead": "82167c6c4781195ae536cbc35c3c0006f655e044"
 }

New alerts

No README

Quality

Package does not have a README. This may indicate a failed publish or a low quality package.

Found 1 instance in 1 package

Unpublished package

Supply chain risk

Package version was not found on the registry. It may exist on a different registry and need to be configured to pull from that registry.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 3 instances in 1 package

Fixed alerts

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Worsened metrics

Total package byte prevSize

28634

decreased by-34.68%

Dependency count

8

increased by60%

Number of package files

30

decreased by-18.92%

Lines of code

408

decreased by-39.1%

Number of medium quality alerts

1

increased byInfinity%

Number of lines in readme file

0

decreased by-100%

Number of low supply chain risk alerts

11

increased by175%

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Addedaxios@^0.26.1

• + Addedchalk@^4.1.1

• + Addedfs-extra@^10.0.1

• + Addedtar@^6.1.11

• + Addedaxios@0.26.1(transitive)

• + Addedchownr@2.0.0(transitive)

• + Addedfollow-redirects@1.15.9(transitive)

• + Addedfs-extra@10.1.0(transitive)

• + Addedfs-minipass@2.1.0(transitive)

• + Addedgraceful-fs@4.2.11(transitive)

• + Addedjsonfile@6.1.0(transitive)

• + Addedminipass@3.3.65.0.0(transitive)

• + Addedminizlib@2.1.2(transitive)

• + Addedmkdirp@1.0.4(transitive)

• + Addedtar@6.2.1(transitive)

• + Addeduniversalify@2.0.1(transitive)

• + Addedyallist@4.0.0(transitive)

• - Removed@umijs/utils@3.5.17

• - Removed@bloomberg/record-tuple-polyfill@0.0.3(transitive)

• - Removed@umijs/deps@3.5.17(transitive)

• - Removed@umijs/utils@3.5.17(transitive)

• - Removedanymatch@3.1.3(transitive)

• - Removedarch@2.2.0(transitive)

• - Removedbinary-extensions@2.3.0(transitive)

• - Removedbraces@3.0.3(transitive)

• - Removedchokidar@3.5.1(transitive)

• - Removedclipboardy@2.3.0(transitive)

• - Removedcross-spawn@6.0.6(transitive)

• - Removedend-of-stream@1.4.4(transitive)

• - Removedesbuild@0.12.15(transitive)

• - Removedexeca@1.0.0(transitive)

• - Removedfill-range@7.1.1(transitive)

• - Removedfsevents@2.3.3(transitive)

• - Removedget-stream@4.1.0(transitive)

• - Removedglob-parent@5.1.2(transitive)

• - Removedhas-flag@3.0.0(transitive)

• - Removedis-binary-path@2.1.0(transitive)

• - Removedis-docker@2.2.1(transitive)

• - Removedis-extglob@2.1.1(transitive)

• - Removedis-glob@4.0.3(transitive)

• - Removedis-number@7.0.0(transitive)

• - Removedis-stream@1.1.0(transitive)

• - Removedis-wsl@2.2.0(transitive)

• - Removedjest-worker@24.9.0(transitive)

• - Removednice-try@1.0.5(transitive)

• - Removednormalize-path@3.0.0(transitive)

• - Removednpm-run-path@2.0.2(transitive)

• - Removedonce@1.4.0(transitive)

• - Removedp-finally@1.0.0(transitive)

• - Removedpath-key@2.0.1(transitive)

• - Removedpicomatch@2.3.1(transitive)

• - Removedprettier@2.2.1(transitive)

• - Removedpump@3.0.2(transitive)

• - Removedreaddirp@3.5.0(transitive)

• - Removedsemver@5.7.2(transitive)

• - Removedshebang-command@1.2.0(transitive)

• - Removedshebang-regex@1.0.0(transitive)

• - Removedstrip-eof@1.0.0(transitive)

• - Removedsupports-color@6.1.0(transitive)

• - Removedto-regex-range@5.0.1(transitive)

• - Removedwhich@1.3.1(transitive)

• - Removedwrappy@1.0.2(transitive)

• Updatedexeca@5