Comparing version 1.0.4 to 1.0.5
{ | ||
"name": "fh-sync", | ||
"version": "1.0.4", | ||
"version": "1.0.5", | ||
"description": "FeedHenry Data Synchronization Server", | ||
@@ -13,3 +13,3 @@ "main": "index.js", | ||
"mongodb-lock": "0.4.0", | ||
"mongodb-queue": "david-martin/mongodb-queue#ttl-index-01", | ||
"mongodb-queue": "git+https://github.com/david-martin/mongodb-queue.git#ttl-index-01", | ||
"parse-duration": "0.1.1", | ||
@@ -16,0 +16,0 @@ "redis": "2.6.5", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Git dependency
Supply chain riskContains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
GitHub dependency
Supply chain riskContains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
Manifest confusion
Supply chain riskThis package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.
Found 1 instance in 1 package
239951
48
5649
0