gc-profiler - npm Package Compare versions

Comparing version 1.0.2 to 1.1.0

package.json

 {
   "name": "gc-profiler",
   "description": "Allows you to profile when the garbage collector runs, and how long it takes.",
-  "version": "1.0.2",
+  "version": "1.1.0",
   "author": "Bret Copeland <bret@atlantisflight.org>",
@@ -19,4 +19,4 @@ "main": "./main.js",
   "dependencies": {
-    "nan": "rvagg/nan#df2cdbcc4869af5ed1e29e2e6d5aeed9ad5a3f41"
+    "nan": "git+https://github.com/rvagg/nan.git#df2cdbcc4869af5ed1e29e2e6d5aeed9ad5a3f41"
   }
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Git dependency

Supply chain risk

Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

GitHub dependency

Supply chain risk

Contains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

7573

increased by6.86%

Worsened metrics

Number of medium supply chain risk alerts

2

increased by100%

Dependency changes

• Updatednan@git+https://github.com/rvagg/nan.git#df2cdbcc4869af5ed1e29e2e6d5aeed9ad5a3f41