fh-sync - npm Package Compare versions

Comparing version 0.0.1 to 1.0.0-RC1

package.json

 {
   "name": "fh-sync",
-  "version": "0.0.1",
-  "description": "Placeholder for feedhenry/fh-sync",
-  "main": "index.js",
+  "version": "1.0.0-RC1",
+  "description": "JSON data syncronisation server",
+  "main": "lib/index.js",
+  "dependencies": {
+    "async": "2.1.5",
+    "backoff": "^2.5.0",
+    "debug": "2.6.3",
+    "fh-component-metrics": "2.7.0",
+    "mongodb": "2.1.18",
+    "mongodb-lock": "0.4.0",
+    "mongodb-queue": "2.2.0",
+    "parse-duration": "0.1.1",
+    "redis": "^2.6.5",
+    "underscore": "1.7.0"
+  },
+  "devDependencies": {
+    "jsdoc": "^3.4.3",
+    "grunt": "^0.4.5",
+    "grunt-cli": "^1.2.0",
+    "grunt-fh-build": "^0.5.0",
+    "grunt-mocha-test": "^0.13.2",
+    "istanbul": "0.2.14",
+    "jshint": "^2.5.2",
+    "mocha": "2.4.5",
+    "proxyquire": "1.4.0",
+    "sinon": "^1.17.5",
+    "valid-url": "1.0.9"
+  },
   "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "docs": "./node_modules/.bin/jsdoc -d docs/api ./lib",
+    "pretest": "./scripts/pretest.sh",
+    "test": "grunt fh:unit mochaTest:integration",
+    "posttest": "./scripts/posttest.sh"
   },
-  "author": "",
-  "license": "Apache-2.0"
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "git@github.com:feedhenry/fh-sync.git"
+  }
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Native code

Supply chain risk

Contains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

No contributors or author data

Maintenance

Package does not specify a list of contributors or an author in package.json.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Empty package

Supply chain risk

Package does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.

Found 1 instance in 1 package

No README

Quality

Package does not have a README. This may indicate a failed publish or a low quality package.

Found 1 instance in 1 package

No repository

Supply chain risk

Package does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.

Found 1 instance in 1 package

No tests

Quality

Package does not have any tests. This is a strong signal of a poorly maintained or low quality package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

201769

increased by82932.51%

Number of package files

41

increased by4000%

Lines of code

4787

increased byInfinity%

Number of low quality alerts

2

decreased by-33.33%

Number of medium quality alerts

1

decreased by-50%

Number of lines in readme file

56

increased byInfinity%

Worsened metrics

Dependency count

10

increased byInfinity%

Dev dependency count

11

increased byInfinity%

Number of low supply chain risk alerts

3

increased by200%

Number of medium supply chain risk alerts

3

increased by200%

Dependency changes

• + Addedasync@2.1.5

• + Addedbackoff@^2.5.0

• + Addeddebug@2.6.3

• + Addedfh-component-metrics@2.7.0

• + Addedmongodb@2.1.18

• + Addedmongodb-lock@0.4.0

• + Addedmongodb-queue@2.2.0

• + Addedparse-duration@0.1.1

• + Addedredis@^2.6.5

• + Addedunderscore@1.7.0

• + Addedasync@2.1.5(transitive)

• + Addedbackoff@2.5.0(transitive)

• + Addedbson@0.4.23(transitive)

• + Addedcore-util-is@1.0.3(transitive)

• + Addeddebug@2.6.3(transitive)

• + Addeddouble-ended-queue@2.1.0-0(transitive)

• + Addedes6-promise@3.0.2(transitive)

• + Addedfh-component-metrics@2.7.0(transitive)

• + Addedinherits@2.0.4(transitive)

• + Addedisarray@0.0.1(transitive)

• + Addedlodash@4.17.214.17.4(transitive)

• + Addedmongodb@2.1.18(transitive)

• + Addedmongodb-core@1.3.18(transitive)

• + Addedmongodb-lock@0.4.0(transitive)

• + Addedmongodb-queue@2.2.0(transitive)

• + Addedms@0.7.2(transitive)

• + Addedparse-duration@0.1.1(transitive)

• + Addedprecond@0.2.3(transitive)

• + Addedreadable-stream@1.0.31(transitive)

• + Addedredis@2.8.0(transitive)

• + Addedredis-commands@1.7.0(transitive)

• + Addedredis-parser@2.6.0(transitive)

• + Addedrequire_optional@1.0.1(transitive)

• + Addedresolve-from@2.0.0(transitive)

• + Addedsemver@5.7.2(transitive)

• + Addedstring_decoder@0.10.31(transitive)

• + Addedunderscore@1.7.0(transitive)