cueball - npm Package Compare versions
Comparing version 0.3.10 to 0.3.11
| { | ||
| "name": "cueball", | ||
| "version": "0.3.10", | ||
| "version": "0.3.11", | ||
| "description": "", | ||
@@ -11,3 +11,3 @@ "main": "lib/index.js", | ||
| "mooremachine": ">=1.2.0 <2.0.0", | ||
| "named-client": "git://github.com/arekinath/node-named-client#v0.3.1", | ||
| "named-client": "git://github.com/arekinath/node-named-client#v0.3.2", | ||
| "node-uuid": ">=1.4.7 <2.0.0", | ||
@@ -14,0 +14,0 @@ "restify-clients": ">=1.1.2 <2.0.0", |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Git dependency
Supply chain riskContains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable and can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
Manifest confusion
Supply chain riskThis package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Git dependency
Supply chain riskContains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable and can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
Manifest confusion
Supply chain riskThis package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.
Found 1 instance in 1 package