grafbase - npm Package Compare versions

Comparing version 0.1.0 to 0.1.1

package.json

 {
   "name": "grafbase",
-  "version": "0.1.0",
-  "description": "placeholder",
-  "main": "index.js",
-  "author": "grafbase",
+  "version": "0.1.1",
+  "description": "The Grafbase command line interface",
+  "repository": {
+    "type": "git",
+    "directory": "cli",
+    "url": "https://github.com/grafbase/grafbase"
+  },
+  "bin": {
+    "grafbase": "grafbase"
+  },
+  "scripts": {
+    "postinstall": "node ./postinstall.js"
+  },
+  "files": [
+    ".npmrc",
+    "grafbase",
+    "postinstall.js",
+    "ACKNOWLEDGEMENTS.md"
+  ],
+  "keywords": [
+    "grafbase"
+  ],
   "license": "Apache-2.0",
-  "homepage": "https://grafbase.com"
+  "bugs": {
+    "url": "https://github.com/grafbase/grafbase/issues"
+  },
+  "homepage": "https://grafbase.com",
+  "dependencies": {
+    "detect-libc": "^2.0.1"
+  },
+  "engines": {
+    "node": ">=16.7.0"
+  },
+  "optionalDependencies": {
+    "@grafbase/cli-macos-arm64": "^0.1.0-pre.3"
+  }
 }

New alerts

Install scripts

Supply chain risk

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Found 1 instance in 1 package

Deprecated

Maintenance

The maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.

Found 1 instance in 1 package

No README

Quality

Package does not have a README. This may indicate a failed publish or a low quality package.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

No contributors or author data

Maintenance

Package does not specify a list of contributors or an author in package.json.

Found 1 instance in 1 package

Fixed alerts

Empty package

Supply chain risk

Package does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.

Found 1 instance in 1 package

No bug tracker

Maintenance

Package does not have a linked bug tracker in package.json.

Found 1 instance in 1 package

No repository

Supply chain risk

Package does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.

Found 1 instance in 1 package

Improved metrics

Lines of code

38

increased byInfinity%

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

2465

decreased by-78.75%

Dependency count

2

increased byInfinity%

Number of package files

4

decreased by-33.33%

Number of medium maintenance alerts

1

increased byInfinity%

Number of medium quality alerts

1

increased byInfinity%

Number of lines in readme file

0

decreased by-100%

Number of high supply chain risk alerts

1

increased byInfinity%

Number of low supply chain risk alerts

2

increased by100%

Dependency changes

• + Addeddetect-libc@^2.0.1

• + Addeddetect-libc@2.0.3(transitive)