js-git
Advanced tools
Comparing version 0.7.4 to 0.7.5
{ | ||
"name": "js-git", | ||
"version": "0.7.4", | ||
"version": "0.7.5", | ||
"description": "Git Implemented in JavaScript", | ||
"keywords": ["git", "js-git"], | ||
"keywords": [ | ||
"git", | ||
"js-git" | ||
], | ||
"repository": { | ||
@@ -19,8 +22,8 @@ "type": "git", | ||
"dependencies": { | ||
"bodec": "git://github.com/creationix/bodec.git", | ||
"pathjoin": "git://github.com/creationix/pathjoin.git", | ||
"git-sha1": "git://github.com/creationix/git-sha1.git", | ||
"pako": "git://github.com/nodeca/pako.git", | ||
"culvert": "~0.1.1" | ||
"bodec": "^0.1.0", | ||
"culvert": "^0.1.2", | ||
"git-sha1": "^0.1.2", | ||
"pako": "^0.2.5", | ||
"pathjoin": "git://github.com/creationix/pathjoin.git" | ||
} | ||
} |
Git dependency
Supply chain riskContains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 3 instances in 1 package
1
254049
+ Addedbodec@0.1.0(transitive)
+ Addedgit-sha1@0.1.2(transitive)
+ Addedpako@0.2.9(transitive)
Updatedbodec@^0.1.0
Updatedculvert@^0.1.2
Updatedgit-sha1@^0.1.2
Updatedpako@^0.2.5