dorapan - npm Package Compare versions

Comparing version 0.0.0 to 1.0.1

package.json

 {
   "name": "dorapan",
-  "version": "0.0.0",
-  "description": "",
+  "version": "1.0.1",
+  "description": "A Mirror of Pandora.js",
   "main": "index.js",
@@ -9,4 +9,14 @@ "scripts": {
   },
-  "author": "",
-  "license": "MIT"
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/midwayjs/dorapan.git"
+  },
+  "keywords": [
+    "Pandora.js"
+  ],
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/midwayjs/dorapan/issues"
+  },
+  "homepage": "https://github.com/midwayjs/dorapan#readme"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

No contributors or author data

Maintenance

Package does not specify a list of contributors or an author in package.json.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Empty package

Supply chain risk

Package does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.

Found 1 instance in 1 package

No README

Quality

Package does not have a README. This may indicate a failed publish or a low quality package.

Found 1 instance in 1 package

No bug tracker

Maintenance

Package does not have a linked bug tracker in package.json.

Found 1 instance in 1 package

No repository

Supply chain risk

Package does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

No website

Quality

Package does not have a website.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

3243

increased by1497.54%

Number of package files

6

increased by500%

Lines of code

17

increased byInfinity%

Number of low maintenance alerts

2

decreased by-33.33%

Number of low quality alerts

1

decreased by-66.67%

Number of medium quality alerts

1

decreased by-50%

Number of lines in readme file

15

increased byInfinity%

Worsened metrics

Number of low supply chain risk alerts

2

increased by100%

No dependency changes