lambda-local - npm Package Compare versions

Comparing version 1.6.3 to 1.7.0

CHANGELOG.md

 # ChangeLog
 
+## 1.7.0 (2020-01/17)
+* Migrate to TypeScript (#191)
+
 ## 1.6.3 (2019/07/04)
@@ -4,0 +7,0 @@ * Security updates (update dependencies that had vulnerabilities: [mocha](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md#614--2019-04-18)).

package.json

 {
   "name": "lambda-local",
-  "version": "1.6.3",
+  "version": "1.7.0",
   "description": "Commandline tool to run Lambda functions on your local machine.",
+  "main": "build/lambdalocal.js",
+  "types": "build/lambdalocal.d.ts",
+  "bin": {
+    "lambda-local": "build/cli.js"
+  },
+  "scripts": {
+    "test": "mocha",
+    "build": "tsc --declaration"
+  },
+  "files": [
+    "*.json",
+    "build",
+    "examples",
+    "Makefile"
+  ],
   "keywords": [
@@ -24,6 +39,8 @@ "lambda",
   "dependencies": {
+    "@types/node": "^13.1.7",
     "aws-sdk": "^2.488.0",
-    "commander": "^2.20.0",
+    "commander": "^4.1.0",
     "dotenv": "^8.0.0",
     "mute": "^2.0.6",
+    "typescript": "^3.7.5",
     "winston": "^3.2.1"
@@ -33,12 +50,6 @@ },
     "chai": "^4.2.0",
-    "mocha": "^6.1.4",
-    "sinon": "^7.3.2"
+    "mocha": "^7.0.0",
+    "sinon": "^8.1.0"
   },
-  "scripts": {
-    "test": "mocha"
-  },
   "preferGlobal": true,
-  "bin": {
-    "lambda-local": "./bin/lambda-local"
-  },
   "repository": {
@@ -45,0 +56,0 @@ "type": "git",

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Fixed alerts

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 10 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Number of low supply chain risk alerts

31

decreased by-45.61%

Worsened metrics

Total package byte prevSize

49693

decreased by-37.41%

Dependency count

7

increased by40%

Number of package files

28

decreased by-50%

Lines of code

1042

decreased by-34.26%

Dependency changes

• + Added@types/node@^13.1.7

• + Addedtypescript@^3.7.5

• + Added@types/node@13.13.52(transitive)

• + Addedcommander@4.1.1(transitive)

• + Addedtypescript@3.9.10(transitive)

• - Removedcommander@2.20.3(transitive)

• Updatedcommander@^4.1.0