engine.io
Advanced tools
Comparing version 0.3.7 to 0.3.8
0.3.8 / 2012-10-23 | ||
================== | ||
* package: bumped engine.io-client | ||
* examples: added first example | ||
0.3.7 / 2012-10-21 | ||
@@ -3,0 +9,0 @@ ================== |
{ | ||
"name": "engine.io" | ||
, "version": "0.3.7" | ||
, "version": "0.3.8" | ||
, "description": "The realtime engine behind Socket.IO. Provides the foundation of a bidirectional connection between client and server" | ||
@@ -15,3 +15,3 @@ , "main": "./lib/engine.io" | ||
, "ws": "~0.4.21" | ||
, "engine.io-client": "0.3.7" | ||
, "engine.io-client": "0.3.8" | ||
, "base64id": "0.1.0" | ||
@@ -18,0 +18,0 @@ } |
Uses eval
Supply chain riskPackage uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
156704
30
4750
8
7
+ Addedengine.io-client@0.3.8(transitive)
- Removedengine.io-client@0.3.7(transitive)
Updatedengine.io-client@0.3.8