js-interpreter - npm Package Compare versions

Comparing version 1.4.4 to 1.4.5

package.json

 {
   "name": "js-interpreter",
-  "version": "1.4.4",
+  "version": "1.4.5",
   "description": "NPM package for https://github.com/NeilFraser/JS-Interpreter",
@@ -23,9 +23,11 @@ "main": "lib/index.js",
   "devDependencies": {
-    "acorn": "^4.0.11",
     "babel-core": "^6.24.0",
     "babel-loader": "^6.4.1",
     "babel-preset-es2015": "^6.24.0",
-    "clone": "aminmarashi/clone#d97b4f",
     "webpack": "^2.2.1"
+  },
+  "dependencies": {
+    "acorn": "^4.0.11",
+    "clone": "aminmarashi/clone#d97b4f"
   }
 }

New alerts

GitHub dependency

Supply chain risk

Contains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 1 instance in 1 package

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

877586

Dev dependency count

4

decreased by-33.33%

Worsened metrics

Dependency count

2

increased byInfinity%

Number of high supply chain risk alerts

1

increased byInfinity%

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Addedacorn@^4.0.11

• + Addedclone@aminmarashi/clone#d97b4f

• + Addedacorn@4.0.13(transitive)