eslint - npm Package Compare versions
+6
-6
| { | ||
| "name": "eslint", | ||
| "version": "9.39.3", | ||
| "version": "9.39.4", | ||
| "author": "Nicholas C. Zakas <nicholas+npm@nczconsulting.com>", | ||
@@ -111,7 +111,7 @@ "description": "An AST-based pattern checker for JavaScript.", | ||
| "@eslint-community/regexpp": "^4.12.1", | ||
| "@eslint/config-array": "^0.21.1", | ||
| "@eslint/config-array": "^0.21.2", | ||
| "@eslint/config-helpers": "^0.4.2", | ||
| "@eslint/core": "^0.17.0", | ||
| "@eslint/eslintrc": "^3.3.1", | ||
| "@eslint/js": "9.39.3", | ||
| "@eslint/eslintrc": "^3.3.5", | ||
| "@eslint/js": "9.39.4", | ||
| "@eslint/plugin-kit": "^0.4.1", | ||
@@ -122,3 +122,3 @@ "@humanfs/node": "^0.16.6", | ||
| "@types/estree": "^1.0.6", | ||
| "ajv": "^6.12.4", | ||
| "ajv": "^6.14.0", | ||
| "chalk": "^4.0.0", | ||
@@ -142,3 +142,3 @@ "cross-spawn": "^7.0.6", | ||
| "lodash.merge": "^4.6.2", | ||
| "minimatch": "^3.1.2", | ||
| "minimatch": "^3.1.5", | ||
| "natural-compare": "^1.4.0", | ||
@@ -145,0 +145,0 @@ "optionator": "^0.9.3" |
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 3 instances in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 2 instances in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 4 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 3 instances in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 2 instances in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 4 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Dependency changes
+ Added
@eslint/js@9.39.4(transitive)- Removed
@eslint/js@9.39.3(transitive)Updated
@eslint/config-array@^0.21.2Updated
@eslint/eslintrc@^3.3.5Updated
@eslint/js@9.39.4Updated
ajv@^6.14.0Updated
minimatch@^3.1.5