Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
esendex - npm Package Compare versions
Comparing version 0.1.7 to 0.1.8
| { | ||
| "name": "esendex", | ||
| "version": "0.1.7", | ||
| "version": "0.1.8", | ||
| "description": "Esendex Node.js client library.", | ||
@@ -33,3 +33,3 @@ "main": "build/lib/index.js", | ||
| "dependencies": { | ||
| "xml2js": "codesleuth/node-xml2js#62554a7" | ||
| "xml2js": "^0.4.16" | ||
| }, | ||
@@ -36,0 +36,0 @@ "devDependencies": { |
Fixed alerts
GitHub dependency
Supply chain riskContains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
Manifest confusion
Supply chain riskThis package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.
Found 1 instance in 1 package
Improved metrics
- Number of high supply chain risk alerts
- decreased by-100%
0
- Number of medium supply chain risk alerts
- decreased by-33.33%
2
Worsened metrics
- Total package byte prevSize
- decreased by-0.01%
389833
Dependency changes
+ Addedsax@1.4.1(transitive)
+ Addedxml2js@0.4.23(transitive)
+ Addedxmlbuilder@11.0.1(transitive)
Updatedxml2js@^0.4.16