js-crypto-random
Advanced tools
js-crypto-random - npm Package Compare versions
Comparing version 0.1.1 to 0.1.2
| { | ||
| "name": "js-crypto-random", | ||
| "version": "0.1.1", | ||
| "version": "0.1.2", | ||
| "description": "Universal Module for Secure Random Generator in JavaScript", | ||
| "main": "dist/index.js", | ||
| "main": "dist/jscrandom.bundle.js", | ||
| "scripts": { | ||
| "test": "./node_modules/.bin/mocha --require @babel/register --recursive $(find test -name '*.spec.js')", | ||
| "karma": "./node_modules/.bin/karma start", | ||
| "build": "NODE_ENV=production ./node_modules/.bin/babel src -d dist/ --keep-file-extension" | ||
| "webpack": "./node_modules/.bin/webpack --optimize-minimize --mode production", | ||
| "build": "NODE_ENV=production ./node_modules/.bin/babel src -d dist/ --keep-file-extension && npm run webpack" | ||
| }, | ||
@@ -11,0 +12,0 @@ "author": "Jun Kurihara", |
@@ -44,13 +44,3 @@ Universal Module for Secure Random Generator in JavaScript | ||
| ## How to bundle scripts importing this module via Webpack | ||
| When you bundle files importing this module via Webpack for web, the bundler tries to simultaneously bundle modules that are compatible to some native modules of Node.js, i.e., those in`node-libs-browser` module. But this module automatically chooses the native `crypto` module in Node.js and `crypto.subtle` of Web API in browsers by checking its running environment, and hence the bundled modules of `node-libs-browser` are redundant. From this observation, you should exclude them wen you create bundle scripts importing this module. In particular, the `externals` option of `webpack.config.js` is useful as follows. | ||
| ```javascript | ||
| { | ||
| externals: { | ||
| 'crypto': true | ||
| } | ||
| } | ||
| ``` | ||
| # License | ||
| Licensed under the MIT license, see `LICENSE` file. |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Minified code
QualityThis package contains minified code. This may be harmless in some cases where minified code is included in packaged libraries, however packages on npm should not minify code.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by93.53%
18654
- Number of package files
- increased by16.67%
7
Worsened metrics
- Number of low quality alerts
- increased by100%
2
- Number of lines in readme file
- decreased by-18.18%
45
- Number of medium supply chain risk alerts
- increased byInfinity%
2