fh-mbaas-express
Advanced tools
Comparing version 5.7.1 to 5.9.0
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
NPM Shrinkwrap
Supply chain riskPackage contains a shrinkwrap file. This may allow the package to bypass normal install procedures.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 5 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
No contributors or author data
MaintenancePackage does not specify a list of contributors or an author in package.json.
Found 1 instance in 1 package
No bug tracker
MaintenancePackage does not have a linked bug tracker in package.json.
Found 1 instance in 1 package
No website
QualityPackage does not have a website.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
NPM Shrinkwrap
Supply chain riskPackage contains a shrinkwrap file. This may allow the package to bypass normal install procedures.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
No contributors or author data
MaintenancePackage does not specify a list of contributors or an author in package.json.
Found 1 instance in 1 package
No bug tracker
MaintenancePackage does not have a linked bug tracker in package.json.
Found 1 instance in 1 package
No website
QualityPackage does not have a website.
Found 1 instance in 1 package
1584735
60
4778
170
3
+ Addedbody-parser@1.18.2(transitive)
+ Addedbytes@3.0.0(transitive)
+ Addeddepd@1.1.1(transitive)
+ Addedexpress@4.16.0(transitive)
+ Addedfinalhandler@1.1.0(transitive)
+ Addedforwarded@0.2.0(transitive)
+ Addedfresh@0.5.2(transitive)
+ Addedhttp-errors@1.6.2(transitive)
+ Addediconv-lite@0.4.19(transitive)
+ Addedipaddr.js@1.9.1(transitive)
+ Addedmime@1.4.1(transitive)
+ Addedmime-types@1.0.0(transitive)
+ Addedproxy-addr@2.0.7(transitive)
+ Addedqs@6.4.16.5.1(transitive)
+ Addedraw-body@2.3.2(transitive)
+ Addedsafe-buffer@5.1.1(transitive)
+ Addedsend@0.16.0(transitive)
+ Addedserve-static@1.13.0(transitive)
+ Addedtype-is@1.2.2(transitive)
+ Addedutils-merge@1.0.1(transitive)
- Removedbody-parser@1.17.1(transitive)
- Removedbytes@2.4.0(transitive)
- Removeddebug@2.6.1(transitive)
- Removedexpress@4.15.2(transitive)
- Removedfinalhandler@1.0.6(transitive)
- Removedforwarded@0.1.2(transitive)
- Removedfresh@0.5.0(transitive)
- Removediconv-lite@0.4.15(transitive)
- Removedipaddr.js@1.4.0(transitive)
- Removedmime@1.2.111.3.4(transitive)
- Removedms@0.7.2(transitive)
- Removedproxy-addr@1.1.5(transitive)
- Removedqs@6.4.0(transitive)
- Removedraw-body@2.2.0(transitive)
- Removedsafe-buffer@5.2.1(transitive)
- Removedsend@0.15.1(transitive)
- Removedserve-static@1.12.1(transitive)
- Removedtype-is@1.1.0(transitive)
- Removedutils-merge@1.0.0(transitive)
Updatedbody-parser@1.18.2
Updatedexpress@4.16.0
Updatedtype-is@~1.2.1