esy - npm Package Compare versions
Comparing version 0.6.7 to 0.6.8-macos.arm64.dev.1
| { | ||
| "description": "Package builder for esy.", | ||
| "license": "MIT", | ||
| "name": "esy", | ||
| "version": "0.6.7", | ||
| "license": "MIT", | ||
| "description": "Package builder for esy.", | ||
| "dependencies": { | ||
| "esy-solve-cudf": "^0.1.10" | ||
| }, | ||
| "version": "0.6.8-macos.arm64.dev.1", | ||
| "scripts": { | ||
| "postinstall": "node ./postinstall.js" | ||
| "postinstall": | ||
| "node -e \"process.env['OCAML_VERSION']='ocaml'; process.env['OCAML_PKG_NAME']='n.00.0000'; require('./esyInstallRelease.js')\"" | ||
| }, | ||
| "bin": { | ||
| "esy": "_build/default/bin/esy.exe" | ||
| }, | ||
| "files": [ | ||
| "bin/", | ||
| "postinstall.js", | ||
| "Linux/", | ||
| "macOS/", | ||
| "Windows/", | ||
| "_build/default/**/*.exe" | ||
| ] | ||
| } | ||
| "esy": "bin/esy", | ||
| "esyBuildPackageCommand": "bin/esyBuildPackageCommand", | ||
| "esyRewritePrefixCommand": "bin/esyRewritePrefixCommand", | ||
| "esySolveCudfCommand": "bin/esySolveCudfCommand" | ||
| } | ||
| } |
@@ -51,3 +51,3 @@ # esy | ||
| │ This dune library implements sandbox builder - a routine which builds | ||
| │ the enture dependency graph and provides other introspection APIs. | ||
| │ the entire dependency graph and provides other introspection APIs. | ||
| │ | ||
@@ -101,3 +101,3 @@ ├── esy/bin | ||
| ├── test-e2e-slow | ||
| │ End-to-end test suite which takes a significiant amount of time. | ||
| │ End-to-end test suite which takes a significant amount of time. | ||
| │ We execute it on CI by placing `@slowtest` token in commit messages. | ||
@@ -114,7 +114,8 @@ │ | ||
| % git clone git://github.com/esy/esy.git | ||
| % cd esy | ||
| % make bootstrap | ||
| % cd esy # Change to the cloned directory | ||
| % esy # install and build dependencies | ||
| ``` | ||
| And then run newly built `esy` executable from anywhere like `PATH_TO_REPO/bin/esy`. | ||
| And then run newly built `esy` executable from anywhere by adding `PATH_TO_REPO/_build/install/default/bin` | ||
| to the $PATH during the shell's session. On Windows, append `PATH_TO_REPO/bin` too. | ||
@@ -121,0 +122,0 @@ ### Updating `bin/esyInstallRelease.js` |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Install scripts
Supply chain riskInstall scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Found 1 instance in 1 package
Native code
Supply chain riskContains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.
Found 5 instances in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 2 instances in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Install scripts
Supply chain riskInstall scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Found 1 instance in 1 package
Native code
Supply chain riskContains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.
Found 12 instances in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Improved metrics
- Dependency count
- decreased by-100%
0
- Number of lines in readme file
- increased by0.36%
276
- Number of low supply chain risk alerts
- decreased by-63.41%
15
- Number of medium supply chain risk alerts
- decreased by-63.33%
11
Worsened metrics
- Total package byte prevSize
- decreased by-87.13%
25830370
- Number of package files
- decreased by-42.11%
11
- Lines of code
- decreased by-66.75%
11420
Dependency changes
- Removedesy-solve-cudf@^0.1.10
- Removedesy-solve-cudf@0.1.10(transitive)