customizr - npm Package Compare versions

Comparing version 1.1.0 to 1.2.0

package.json

 {
   "name": "customizr",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "Build out a lean, mean Modernizr machine.",
@@ -11,4 +11,3 @@ "main": "src",
     "pretest": "node test/pretest.js",
-    "test": "node test/runner.js",
-    "postinstall": "node scripts/postinstall.js"
+    "test": "node test/runner.js"
   },
@@ -30,19 +29,19 @@ "repository": {
   "dependencies": {
-    "colors": "~1.3.0",
-    "cross-spawn": "~6.0.5",
-    "fast-deep-equal": "~2.0.1",
-    "glob": "~7.1.2",
-    "mkdirp": "~0.5.1",
-    "modernizr": "~3.6.0",
-    "nopt": "~4.0.1",
-    "optimist": "~0.6.1",
-    "promised-io": "~0.3.5",
-    "underscore": "~1.9.1"
+    "colors": "^1.3.3",
+    "cross-spawn": "^6.0.5",
+    "fast-deep-equal": "^2.0.1",
+    "glob": "^7.1.3",
+    "lodash": "^4.17.11",
+    "mkdirp": "^0.5.1",
+    "modernizr": "^3",
+    "nopt": "^4.0.1",
+    "optimist": "^0.6.1",
+    "promised-io": "^0.3.5"
   },
   "devDependencies": {
-    "expect.js": "~0.3.1",
-    "fs-extra": "~6.0.1",
-    "mocha": "~5.2.0",
-    "nexpect": "~0.5.0"
+    "chai": "^4.2.0",
+    "fs-extra": "^7.0.1",
+    "mocha": "^6.0.2",
+    "nexpect": "^0.5.0"
   }
 }

src/builder.js

@@ -1,2 +0,1 @@
-/* jshint node: true */
 module.exports = function (modernizrPath) {
@@ -3,0 +2,0 @@ "use strict";

src/crawler.js

@@ -1,6 +0,5 @@
-/* jshint node: true */
 module.exports = function (modernizrPath) {
 	"use strict";
 
-	var _ = require("underscore");
+	var _ = require("lodash");
 
@@ -7,0 +6,0 @@ // Dependencies

src/index.js

@@ -1,2 +0,1 @@
-/* jshint node: true */
 module.exports = function (settings, callback) {
@@ -3,0 +2,0 @@ "use strict";

src/metadata.js

@@ -1,2 +0,1 @@
-/* jshint node: true */
 module.exports = function (modernizrPath) {
@@ -3,0 +2,0 @@ "use strict";

src/utils.js

@@ -1,2 +0,1 @@
-/* jshint node: true */
 module.exports = function (modernizrPath) {
@@ -12,3 +11,3 @@ "use strict";
 		mkdirp = require("mkdirp"),
-		_ = require("underscore");
+		_ = require("lodash");
 
@@ -49,3 +48,3 @@ // Lovingly lifted verbatim from Grunt: https://github.com/gruntjs/grunt/blob/master/lib/grunt/file.js
 	return {
-		_ : require("underscore"),
+		_ : require("lodash"),
 
@@ -52,0 +51,0 @@ file : {

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

Install scripts

Supply chain risk

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

598369

1750.93%

Number of package files

26

116.67%

Lines of code

14285

2139.03%

Number of high supply chain risk alerts

0

-100%

Worsened metrics

Number of low supply chain risk alerts

8

60%

Number of medium supply chain risk alerts

2

100%

Dependency changes

• + Added

  lodash@^4.17.11

• + Added

  ansi-regex@5.0.1
  (transitive)

• + Added

  ansi-styles@4.3.0
  (transitive)

• + Added

  argparse@2.0.1
  (transitive)

• + Added

  camelcase@5.3.1
  (transitive)

• + Added

  cliui@6.0.0
  (transitive)

• + Added

  color-convert@2.0.1
  (transitive)

• + Added

  color-name@1.1.4
  (transitive)

• + Added

  colors@1.4.0
  (transitive)

• + Added

  doctrine@3.0.0
  (transitive)

• + Added

  emoji-regex@8.0.0
  (transitive)

• + Added

  entities@3.0.1
  (transitive)

• + Added

  find-up@4.1.0
  (transitive)

• + Added

  get-caller-file@2.0.5
  (transitive)

• + Added

  glob@7.2.3
  (transitive)

• + Added

  is-fullwidth-code-point@3.0.0
  (transitive)

• + Added

  linkify-it@4.0.1
  (transitive)

• + Added

  locate-path@5.0.0
  (transitive)

• + Added

  lodash@4.17.21
  (transitive)

• + Added

  markdown-it@13.0.2
  (transitive)

• + Added

  mdurl@1.0.1
  (transitive)

• + Added

  modernizr@3.13.1
  (transitive)

• + Added

  p-limit@2.3.0
  (transitive)

• + Added

  p-locate@4.1.0
  (transitive)

• + Added

  p-try@2.2.0
  (transitive)

• + Added

  path-exists@4.0.0
  (transitive)

• + Added

  require-main-filename@2.0.0
  (transitive)

• + Added

  requirejs@2.3.7
  (transitive)

• + Added

  string-width@4.2.3
  (transitive)

• + Added

  strip-ansi@6.0.1
  (transitive)

• + Added

  uc.micro@1.0.6
  (transitive)

• + Added

  which-module@2.0.1
  (transitive)

• + Added

  wrap-ansi@6.2.0
  (transitive)

• + Added

  y18n@4.0.3
  (transitive)

• + Added

  yargs@15.4.1
  (transitive)

• + Added

  yargs-parser@18.1.3
  (transitive)

• - Removed

  underscore@~1.9.1

• - Removed

  ansi-regex@2.1.1
  (transitive)

• - Removed

  argparse@1.0.10
  (transitive)

• - Removed

  autolinker@0.28.1
  (transitive)

• - Removed

  call-bind@1.0.8
  (transitive)

• - Removed

  call-bind-apply-helpers@1.0.2
  (transitive)

• - Removed

  call-bound@1.0.4
  (transitive)

• - Removed

  camelcase@3.0.0
  (transitive)

• - Removed

  cliui@3.2.0
  (transitive)

• - Removed

  code-point-at@1.1.0
  (transitive)

• - Removed

  colors@1.3.3
  (transitive)

• - Removed

  concat-with-sourcemaps@1.1.0
  (transitive)

• - Removed

  core-util-is@1.0.3
  (transitive)

• - Removed

  define-data-property@1.1.4
  (transitive)

• - Removed

  define-properties@1.2.1
  (transitive)

• - Removed

  doctrine@1.2.3
  (transitive)

• - Removed

  dunder-proto@1.0.1
  (transitive)

• - Removed

  error-ex@1.3.2
  (transitive)

• - Removed

  es-define-property@1.0.1
  (transitive)

• - Removed

  es-errors@1.3.0
  (transitive)

• - Removed

  es-object-atoms@1.1.1
  (transitive)

• - Removed

  find-parent-dir@0.3.0
  (transitive)

• - Removed

  find-up@1.1.2
  (transitive)

• - Removed

  function-bind@1.1.2
  (transitive)

• - Removed

  get-caller-file@1.0.3
  (transitive)

• - Removed

  get-intrinsic@1.3.0
  (transitive)

• - Removed

  get-proto@1.0.1
  (transitive)

• - Removed

  glob@7.1.7
  (transitive)

• - Removed

  gopd@1.2.0
  (transitive)

• - Removed

  graceful-fs@4.2.11
  (transitive)

• - Removed

  gulp-header@1.8.12
  (transitive)

• - Removed

  has-property-descriptors@1.0.2
  (transitive)

• - Removed

  has-symbols@1.1.0
  (transitive)

• - Removed

  hasown@2.0.2
  (transitive)

• - Removed

  hosted-git-info@2.8.9
  (transitive)

• - Removed

  invert-kv@1.0.0
  (transitive)

• - Removed

  is-arrayish@0.2.1
  (transitive)

• - Removed

  is-core-module@2.16.1
  (transitive)

• - Removed

  is-fullwidth-code-point@1.0.0
  (transitive)

• - Removed

  is-utf8@0.2.1
  (transitive)

• - Removed

  isarray@1.0.0
  (transitive)

• - Removed

  lcid@1.0.0
  (transitive)

• - Removed

  load-json-file@1.1.0
  (transitive)

• - Removed

  lodash@4.17.4
  (transitive)

• - Removed

  lodash._reinterpolate@3.0.0
  (transitive)

• - Removed

  lodash.template@4.5.0
  (transitive)

• - Removed

  lodash.templatesettings@4.2.0
  (transitive)

• - Removed

  math-intrinsics@1.1.0
  (transitive)

• - Removed

  minimist@0.0.8
  (transitive)

• - Removed

  mkdirp@0.5.1
  (transitive)

• - Removed

  modernizr@3.6.0
  (transitive)

• - Removed

  normalize-package-data@2.5.0
  (transitive)

• - Removed

  number-is-nan@1.0.1
  (transitive)

• - Removed

  object-keys@1.1.1
  (transitive)

• - Removed

  object.assign@4.1.7
  (transitive)

• - Removed

  os-locale@1.4.0
  (transitive)

• - Removed

  parse-json@2.2.0
  (transitive)

• - Removed

  path-exists@2.1.0
  (transitive)

• - Removed

  path-parse@1.0.7
  (transitive)

• - Removed

  path-type@1.1.0
  (transitive)

• - Removed

  pify@2.3.0
  (transitive)

• - Removed

  pinkie@2.0.4
  (transitive)

• - Removed

  pinkie-promise@2.0.1
  (transitive)

• - Removed

  process-nextick-args@2.0.1
  (transitive)

• - Removed

  read-pkg@1.1.0
  (transitive)

• - Removed

  read-pkg-up@1.0.1
  (transitive)

• - Removed

  readable-stream@2.3.8
  (transitive)

• - Removed

  remarkable@1.7.4
  (transitive)

• - Removed

  require-main-filename@1.0.1
  (transitive)

• - Removed

  requirejs@2.1.22
  (transitive)

• - Removed

  resolve@1.22.10
  (transitive)

• - Removed

  safe-buffer@5.1.2
  (transitive)

• - Removed

  set-function-length@1.2.2
  (transitive)

• - Removed

  source-map@0.6.1
  (transitive)

• - Removed

  spdx-correct@3.2.0
  (transitive)

• - Removed

  spdx-exceptions@2.5.0
  (transitive)

• - Removed

  spdx-expression-parse@3.0.1
  (transitive)

• - Removed

  spdx-license-ids@3.0.21
  (transitive)

• - Removed

  sprintf-js@1.0.3
  (transitive)

• - Removed

  string-width@1.0.2
  (transitive)

• - Removed

  string_decoder@1.1.1
  (transitive)

• - Removed

  strip-ansi@3.0.1
  (transitive)

• - Removed

  strip-bom@2.0.0
  (transitive)

• - Removed

  supports-preserve-symlinks-flag@1.0.0
  (transitive)

• - Removed

  through2@2.0.5
  (transitive)

• - Removed

  underscore@1.9.2
  (transitive)

• - Removed

  util-deprecate@1.0.2
  (transitive)

• - Removed

  validate-npm-package-license@3.0.4
  (transitive)

• - Removed

  which-module@1.0.0
  (transitive)

• - Removed

  wrap-ansi@2.1.0
  (transitive)

• - Removed

  xtend@4.0.2
  (transitive)

• - Removed

  y18n@3.2.2
  (transitive)

• - Removed

  yargs@7.0.2
  (transitive)

• - Removed

  yargs-parser@5.0.1
  (transitive)

• Updated

  colors@^1.3.3

• Updated

  cross-spawn@^6.0.5

• Updated

  fast-deep-equal@^2.0.1

• Updated

  glob@^7.1.3

• Updated

  mkdirp@^0.5.1

• Updated

  modernizr@^3

• Updated

  nopt@^4.0.1

• Updated

  optimist@^0.6.1

• Updated

  promised-io@^0.3.5