journeyapps - npm Package Compare versions

Comparing version 1.0.2-0 to 1.0.3-0

package.json

 {
   "name": "journeyapps",
-  "version": "1.0.2-0",
+  "version": "1.0.3-0",
   "description": "Journey JS library",
@@ -22,3 +22,2 @@ "keywords": [
     "prepare": "rm -rf ./dist && export NODE_ENV=production && webpack && yarn run symlinks:clean && yarn run symlinks:create",
-    "postpublish": "yarn run symlinks:clean",
     "symlinks:clean": "rm -f api app db push util",
@@ -39,2 +38,9 @@ "symlinks:create": "ln -s ./src/api api && ln -s ./src/app app && ln -s ./src/db db && ln -s ./src/push push && ln -s ./src/util util",
   },
+  "files": [
+    "./api",
+    "./app",
+    "./db",
+    "./push",
+    "./util"
+  ],
   "devDependencies": {
@@ -41,0 +47,0 @@ "app-module-path": "^2.2.0",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Empty package

Supply chain risk

Package does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 2 instances in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

High entropy strings

Supply chain risk

Contains high entropy strings. This could be a sign of encrypted data, leaked secrets or obfuscated code.

Found 1 instance in 1 package

Improved metrics

Number of low supply chain risk alerts

1

decreased by-90.91%

Number of medium supply chain risk alerts

2

decreased by-77.78%

Worsened metrics

Total package byte prevSize

29522

decreased by-98.17%

Number of package files

3

decreased by-95.71%

Lines of code

0

decreased by-100%

No dependency changes