function-exec-sync - npm Package Compare versions

Comparing version 1.4.14 to 1.5.0

package.json

 {
   "name": "function-exec-sync",
-  "version": "1.4.14",
+  "version": "1.5.0",
   "description": "Run a function in a node process",
@@ -49,18 +49,18 @@ "keywords": [
   "dependencies": {
-    "async-compat": "*",
-    "mkdirp-classic": "*",
-    "os-shim": "*",
-    "randombytes": "*",
-    "short-hash": "*",
-    "temp-suffix": "*",
-    "thread-sleep-compat": "*"
+    "async-compat": "^1.7.7",
+    "mkdirp-classic": "^0.5.3",
+    "os-shim": "^0.1.3",
+    "randombytes": "^2.1.0",
+    "short-hash": "^1.0.0",
+    "temp-suffix": "^1.0.8",
+    "thread-sleep-compat": "^1.1.0"
   },
   "devDependencies": {
-    "@types/mocha": "*",
-    "@types/node": "*",
-    "lodash.keys": "*",
-    "node-version-use": "*",
-    "pinkie-promise": "*",
-    "ts-dev-stack": "*",
-    "tsds-config": "*"
+    "@types/mocha": "^10.0.10",
+    "@types/node": "^25.0.0",
+    "lodash.keys": "^4.2.0",
+    "node-version-use": "^2.0.0",
+    "pinkie-promise": "^2.0.1",
+    "ts-dev-stack": "^1.21.2",
+    "tsds-config": "^0.2.0"
   },
@@ -67,0 +67,0 @@ "engines": {

New alerts

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

Wildcard dependency

Quality

Package has a dependency with a floating version range. This can cause issues if the dependency publishes a new major version.

Found 7 instances in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

93393

0.08%

Number of medium quality alerts

0

-100%

Dependency changes

• Updated

  async-compat@^1.7.7

• Updated

  mkdirp-classic@^0.5.3

• Updated

  os-shim@^0.1.3

• Updated

  randombytes@^2.1.0

• Updated

  short-hash@^1.0.0

• Updated

  temp-suffix@^1.0.8

• Updated

  thread-sleep-compat@^1.1.0