loadjs - npm Package Compare versions

Comparing version 0.1.0 to 1.0.0

package.json

 {
-    "name": "loadjs",
-    "description": "A powerful loader for javascript modules.",
-    "author": [{
-        "name" : "Bogdan Mustiata",
-        "email" : "bogdan.mustiata@gmail.com"
-    }],
-    "version": "0.1.0",
-    "dependencies": {
-		
-    },
-    "keywords": ["loadjs"],
-    "main": "./lib/loadjs.js",
-    "bugs": {
-        "url": "https://github.com/bmustiata/loadjs/issues"
-    },
-    "licenses": [
-        {
-            "type": "BSD",
-            "url": "https://github.com/bmustiata/loadjs/blob/master/LICENSE"
-        }
-    ],
-    "repository": {
-        "type": "git",
-        "url": "https://github.com/bmustiata/loadjs.git"
-    },
-    "readme": "A powerful loader for javascript modules.",
-    "readmeFilename": "README.md",
-    "homepage": "http://blog.ciplogic.com"
+  "name": "loadjs",
+  "version": "1.0.0",
+  "license": "MIT",
+  "description": "Tiny async loader for modern browsers",
+  "keywords": [
+    "async",
+    "loader",
+    "dependency manager"
+  ],
+  "homepage": "https://github.com/muicss/loadjs",
+  "bugs": {
+    "url": "https://github.com/muicss/loadjs/issues",
+    "email": "contact@muicss.com"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/muicss/loadjs.git"
+  },
+  "main": "dist/loadjs.umd.js",
+  "devDependencies": {
+    "del": "2.2.0",
+    "gulp": "git+https://github.com/gulpjs/gulp#c4a7542986107949b049fc81aa081d72d95e98ff",
+    "gulp-jshint": "2.0.0",
+    "gulp-rename": "1.2.2",
+    "gulp-uglify": "1.5.3",
+    "gulp-umd": "^0.2.0"
+  }
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

No contributors or author data

Maintenance

Package does not specify a list of contributors or an author in package.json.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

No README

Quality

Package does not have a README. This may indicate a failed publish or a low quality package.

Found 1 instance in 1 package

Trivial Package

Supply chain risk

Packages less than 10 lines of code are easily copied into your own project and may not warrant the additional supply chain risk of an external dependency.

Found 1 instance in 1 package

No bug tracker

Maintenance

Package does not have a linked bug tracker in package.json.

Found 1 instance in 1 package

No License Found

License

(Experimental) License information could not be found.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

No website

Quality

Package does not have a website.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

330764

increased by34790.72%

Number of package files

34

increased by1600%

Number of low license alerts

0

decreased by-100%

Lines of code

11384

increased by142200%

Number of low maintenance alerts

1

decreased by-50%

Number of low quality alerts

0

decreased by-100%

Number of medium quality alerts

0

decreased by-100%

Number of lines in readme file

207

increased byInfinity%

Worsened metrics

Dev dependency count

6

increased byInfinity%

Number of low supply chain risk alerts

13

increased byInfinity%

Number of medium supply chain risk alerts

3

increased by200%

No dependency changes