🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
eslint-nibble
Advanced tools
eslint-nibble - npm Package Compare versions
Comparing version 6.0.0-beta.1 to 6.0.0-beta.2
| { | ||
| "name": "eslint-nibble", | ||
| "version": "6.0.0-beta.1", | ||
| "version": "6.0.0-beta.2", | ||
| "description": "Ease into ESLint, by fixing one rule at a time", | ||
@@ -39,6 +39,6 @@ "main": "index.js", | ||
| "dependencies": { | ||
| "@ianvs/eslint-stats": "^2.0.0", | ||
| "chalk": "^2.4.2", | ||
| "eslint-filtered-fix": "^0.1.1", | ||
| "eslint-formatter-friendly": "^7.0.0", | ||
| "eslint-stats": "@ianvs/eslint-stats@2.0.0", | ||
| "eslint-summary": "^1.0.0", | ||
@@ -45,0 +45,0 @@ "inquirer": "^7.0.1", |
Fixed alerts
GitHub dependency
Supply chain riskContains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
Improved metrics
- Number of high supply chain risk alerts
0
-100%Worsened metrics
- Total package byte prevSize
222579
-0.01%Dependency changes
+ Added
@ianvs/eslint-stats@^2.0.0+ Added
@ianvs/eslint-stats@2.0.0(transitive)