function-exec-sync
Advanced tools
function-exec-sync - npm Package Compare versions
+1
-2
| { | ||
| "name": "function-exec-sync", | ||
| "version": "1.4.2", | ||
| "version": "1.4.3", | ||
| "description": "Run a function in a node process", | ||
@@ -50,3 +50,2 @@ "keywords": [ | ||
| "os-shim": "^0.1.3", | ||
| "patch-package": "^8.0.0", | ||
| "randombytes": "^2.1.0", | ||
@@ -53,0 +52,0 @@ "short-hash": "^1.0.0", |
New alerts
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 2 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Fixed alerts
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 2 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Improved metrics
- Dependency count
7
-12.5%Worsened metrics
- Total package byte prevSize
89740
-0.03%Dependency changes
- Removed
patch-package@^8.0.0- Removed
@yarnpkg/lockfile@1.1.0(transitive)- Removed
ansi-styles@4.3.0(transitive)- Removed
async-function@1.0.0(transitive)- Removed
async-generator-function@1.0.0(transitive)- Removed
braces@3.0.3(transitive)- Removed
call-bind@1.0.8(transitive)- Removed
call-bind-apply-helpers@1.0.2(transitive)- Removed
call-bound@1.0.4(transitive)- Removed
chalk@4.1.2(transitive)- Removed
ci-info@3.9.0(transitive)- Removed
color-convert@2.0.1(transitive)- Removed
color-name@1.1.4(transitive)- Removed
cross-spawn@7.0.6(transitive)- Removed
define-data-property@1.1.4(transitive)- Removed
dunder-proto@1.0.1(transitive)- Removed
es-define-property@1.0.1(transitive)- Removed
es-errors@1.3.0(transitive)- Removed
es-object-atoms@1.1.1(transitive)- Removed
fill-range@7.1.1(transitive)- Removed
find-yarn-workspace-root@2.0.0(transitive)- Removed
fs-extra@10.1.0(transitive)- Removed
function-bind@1.1.2(transitive)- Removed
generator-function@2.0.1(transitive)- Removed
get-intrinsic@1.3.1(transitive)- Removed
get-proto@1.0.1(transitive)- Removed
gopd@1.2.0(transitive)- Removed
graceful-fs@4.2.11(transitive)- Removed
has-flag@4.0.0(transitive)- Removed
has-property-descriptors@1.0.2(transitive)- Removed
has-symbols@1.1.0(transitive)- Removed
hasown@2.0.2(transitive)- Removed
is-docker@2.2.1(transitive)- Removed
is-number@7.0.0(transitive)- Removed
is-wsl@2.2.0(transitive)- Removed
isarray@2.0.5(transitive)- Removed
isexe@2.0.0(transitive)- Removed
json-stable-stringify@1.3.0(transitive)- Removed
jsonfile@6.2.0(transitive)- Removed
jsonify@0.0.1(transitive)- Removed
klaw-sync@6.0.0(transitive)- Removed
math-intrinsics@1.1.0(transitive)- Removed
micromatch@4.0.8(transitive)- Removed
minimist@1.2.8(transitive)- Removed
object-keys@1.1.1(transitive)- Removed
open@7.4.2(transitive)- Removed
patch-package@8.0.1(transitive)- Removed
path-key@3.1.1(transitive)- Removed
picomatch@2.3.1(transitive)- Removed
semver@7.7.4(transitive)- Removed
set-function-length@1.2.2(transitive)- Removed
shebang-command@2.0.0(transitive)- Removed
shebang-regex@3.0.0(transitive)- Removed
slash@2.0.0(transitive)- Removed
supports-color@7.2.0(transitive)- Removed
tmp@0.2.5(transitive)- Removed
to-regex-range@5.0.1(transitive)- Removed
universalify@2.0.1(transitive)- Removed
which@2.0.2(transitive)- Removed
yaml@2.8.2(transitive)