koishi - npm Package Compare versions

Comparing version 2.0.0-alpha.50 to 2.0.0-alpha.51

package.json

 {
   "name": "koishi",
   "description": "A QQ bot framework based on CQHTTP",
-  "version": "2.0.0-alpha.50",
+  "version": "2.0.0-alpha.51",
   "main": "dist/index.js",
@@ -41,8 +41,8 @@ "typings": "dist/index.d.ts",
     "kleur": "^4.0.2",
-    "koishi-core": "^2.0.0-alpha.28",
-    "koishi-plugin-common": "^3.0.0-alpha.30",
-    "koishi-plugin-recorder": "^2.0.0-alpha.28",
-    "koishi-plugin-schedule": "^2.0.0-alpha.31",
-    "koishi-plugin-status": "^2.0.0-alpha.30",
-    "koishi-plugin-teach": "^1.0.0-alpha.47",
+    "koishi-core": "^2.0.0-alpha.29",
+    "koishi-plugin-common": "^3.0.0-alpha.31",
+    "koishi-plugin-recorder": "^2.0.0-alpha.29",
+    "koishi-plugin-schedule": "^2.0.0-alpha.32",
+    "koishi-plugin-status": "^2.0.0-alpha.31",
+    "koishi-plugin-teach": "^1.0.0-alpha.48",
     "koishi-utils": "^2.0.3",
@@ -49,0 +49,0 @@ "prompts": "^2.3.2"

New alerts

Empty package

Supply chain risk

Package does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Fixed alerts

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 3 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Number of low supply chain risk alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

8096

decreased by-77.99%

Number of package files

2

decreased by-90%

Lines of code

0

decreased by-100%

Number of medium supply chain risk alerts

2

increased by100%

Dependency changes

• Updatedkoishi-core@^2.0.0-alpha.29

• Updatedkoishi-plugin-common@^3.0.0-alpha.31

• Updatedkoishi-plugin-recorder@^2.0.0-alpha.29

• Updatedkoishi-plugin-schedule@^2.0.0-alpha.32

• Updatedkoishi-plugin-status@^2.0.0-alpha.31

• Updatedkoishi-plugin-teach@^1.0.0-alpha.48