lowdb - npm Package Compare versions

Comparing version 0.13.0-beta.1 to 0.13.0-beta.2

lib/index.js

@@ -18,5 +18,2 @@ 'use strict';
 
-  // Apply mixin option
-  if (options.mixin) _.mixin(options.mixin);
-
   var db = _.chain({});
@@ -23,0 +20,0 @@

package.json

 {
   "name": "lowdb",
-  "version": "0.13.0-beta.1",
+  "version": "0.13.0-beta.2",
   "description": "JSON database for Node and the browser powered by lodash",
@@ -19,3 +19,3 @@ "keywords": [
   ],
-  "main": ".",
+  "main": "./lib",
   "scripts": {
@@ -68,2 +68,3 @@ "test": "babel-node test/all | tap-spec",
   "browser": {
+    "./src/file-sync.js": "./src/browser.js",
     "./lib/file-sync.js": "./lib/browser.js"
@@ -70,0 +71,0 @@ },

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 4 instances in 1 package

Improved metrics

Number of package files

14

increased by7.69%

Number of low supply chain risk alerts

0

decreased by-100%

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

613153

decreased by-35.4%

Lines of code

15781

decreased by-31.31%

No dependency changes