dependency-lint
Advanced tools
dependency-lint - npm Package Compare versions
Comparing version 4.3.2 to 5.0.0
| # Changelog | ||
| ### 5.0.0 (2017-03-18) | ||
| * add formatters: minimal (the new default), json, summary (the previous default) | ||
| --- | ||
| ### 4.3.1 (2016-12-27) | ||
@@ -4,0 +10,0 @@ |
| { | ||
| "name": "dependency-lint", | ||
| "version": "4.3.2", | ||
| "version": "5.0.0", | ||
| "description": "Lints package.json dependencies and devDependencies", | ||
@@ -12,3 +12,3 @@ "main": "index.js", | ||
| "cucumber-test": "cucumber-js", | ||
| "lint-coffeescript": "coffeelint src", | ||
| "lint-coffeescript": "coffeelint src -q", | ||
| "feature-test": "yarn run cucumber-test && yarn run self-test", | ||
@@ -15,0 +15,0 @@ "prefeature-test": "yarn run build", |
@@ -52,1 +52,16 @@ # dependency-lint | ||
| Any options not set in your configuration file will be given there default value. | ||
| ## Formatters | ||
| Three formatters are available and can be switched between with the `--format` option | ||
| ``` | ||
| dependency-lint --format <format> | ||
| ``` | ||
| * `minimal` (default) - prints only the modules with errors | ||
| * `summary` - prints all modules | ||
| * `json` - prints JSON of the form `{dependencies, devDependencies}` where each is array of objects with the keys | ||
| * `name` - name of the module | ||
| * `files` - list of the files that require the module or execute the module | ||
| * `scripts` - list of scripts in your `package.json` that execute the module | ||
| * `error` - null or one of the following strings: "missing", "should be dependency", "should be dev dependency", "unused" | ||
| * `errorIgnored` - if dependency lint has been configured to ignore this error. |
New alerts
Empty package
Supply chain riskPackage does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Fixed alerts
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 2 instances in 1 package
Improved metrics
- Number of lines in readme file
- increased by28.85%
67
- Number of low supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Total package byte prevSize
- decreased by-76.06%
10744
- Number of package files
- decreased by-81.82%
4
- Lines of code
- decreased by-100%
0
- Number of medium supply chain risk alerts
- increased byInfinity%
2