Comparing version 0.2.0 to 0.2.1
{ | ||
"name": "ddp", | ||
"version": "0.2.0", | ||
"version": "0.2.1", | ||
"description": "Node.js module to connect to servers using DDP protocol.", | ||
@@ -13,3 +13,3 @@ "author": "Tom Coleman", | ||
"dependencies": { | ||
"ws": "0.4.16", | ||
"ws": "git://github.com/possibilities/ws.git#slim-dependencies", | ||
"underscore": ">=1.3.3" | ||
@@ -16,0 +16,0 @@ }, |
Git dependency
Supply chain riskContains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
6095
1
- Removedcommander@0.5.2(transitive)
- Removedoptions@0.0.6(transitive)
- Removedws@0.4.16(transitive)
Updatedws@git://github.com/possibilities/ws.git#slim-dependencies