ls-engines - npm Package Compare versions

Comparing version 0.6.5 to 0.6.6

CHANGELOG.md

@@ -10,2 +10,14 @@ # Changelog
 
+## [v0.6.6](https://github.com/ljharb/ls-engines/compare/v0.6.5...v0.6.6) - 2022-05-11
+
+### Commits
+
+- [Tests] mock out network requests [`5db4055`](https://github.com/ljharb/ls-engines/commit/5db405577a99e853410153b31fdaf671adf1657c)
+- [Refactor] extract `checkCurrent` [`d944205`](https://github.com/ljharb/ls-engines/commit/d94420553a95ecf1d9472d8b348d9ebc418f73ff)
+- [Refactor] extract `getLatestMajors` [`7f94a43`](https://github.com/ljharb/ls-engines/commit/7f94a433d1d8b926d6aa43af2f3438e7221cfc8e)
+- [meta] use `npmignore` to autogenerate an npmignore file [`deb785c`](https://github.com/ljharb/ls-engines/commit/deb785c02e093ae4cdc5bc682c1b40cdca1841a5)
+- [Deps] update `@npmcli/arborist`, `get-dep-tree`, `semver`, `yargs` [`e2dca87`](https://github.com/ljharb/ls-engines/commit/e2dca872610745922bba69f4b86f6e838ac7e72b)
+- [Dev Deps] update `@ljharb/eslint-config`, `tape` [`afefe4b`](https://github.com/ljharb/ls-engines/commit/afefe4b3c5cf7daf15da7fd85c42b53ca7495f0d)
+- [Deps] update `@npmcli/arborist`, `pacote` [`8bacc8a`](https://github.com/ljharb/ls-engines/commit/8bacc8aa5861734eb1e5166bbcef90e46be5cd6b)
+
 ## [v0.6.5](https://github.com/ljharb/ls-engines/compare/v0.6.4...v0.6.5) - 2022-02-10
@@ -12,0 +24,0 @@

package.json

 {
 	"name": "ls-engines",
-	"version": "0.6.5",
+	"version": "0.6.6",
 	"description": "Determine if your dependency graph's stated \"engines\" criteria is met.",
@@ -12,2 +12,3 @@ "bin": {
 	"scripts": {
+		"prepack": "npmignore --auto --commentLines=autogenerated",
 		"prepublish": "not-in-publish || npm run prepublishOnly",
@@ -17,5 +18,6 @@ "prepublishOnly": "safe-publish-latest",
 		"pretest": "npm run lint",
-		"tests-only": "nyc tape 'test/*.js'",
+		"tests-only": "NODE_OPTIONS='--require=./test/mocks' tape 'test/*.js'",
 		"test": "npm run tests-only",
 		"posttest": "npx aud --production",
+		"test:update-mocks": "curl http://nodejs.org/dist/index.json > test/mocks/node-versions.json",
 		"version": "auto-changelog && git add CHANGELOG.md",
@@ -45,22 +47,23 @@ "postversion": "auto-changelog && git add CHANGELOG.md && git commit --no-edit --amend && git tag -f \"v$(node -e \"console.log(require('./package.json').version)\")\""
 	"dependencies": {
-		"@npmcli/arborist": "^4.3.1",
+		"@npmcli/arborist": "^5.2.0",
 		"colors": "=1.4.0",
 		"fast_array_intersect": "^1.1.0",
-		"get-dep-tree": "^1.0.1",
+		"get-dep-tree": "^1.0.2",
 		"get-json": "^1.0.1",
 		"json-file-plus": "^3.3.1",
 		"lockfile-info": "^1.0.0",
-		"pacote": "^12.0.3",
-		"semver": "^7.3.5",
+		"pacote": "^13.3.0",
+		"semver": "^7.3.7",
 		"table": "^6.8.0",
-		"yargs": "^17.3.1"
+		"yargs": "^17.4.1"
 	},
 	"devDependencies": {
-		"@ljharb/eslint-config": "^20.2.0",
+		"@ljharb/eslint-config": "^21.0.0",
 		"aud": "^2.0.0",
 		"auto-changelog": "^2.4.0",
-		"eslint": "^8.8.0",
+		"eslint": "=8.8.0",
+		"npmignore": "^0.3.0",
 		"nyc": "^15.1.0",
 		"safe-publish-latest": "^2.0.0",
-		"tape": "^5.5.0"
+		"tape": "^5.5.3"
 	},
@@ -73,3 +76,9 @@ "auto-changelog": {
 		"backfillLimit": false
+	},
+	"publishConfig": {
+		"ignore": [
+			"test/fixtures/**",
+			".github/workflows"
+		]
 	}
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

46602

increased by5.45%

Number of package files

16

increased by33.33%

Lines of code

206

increased by60.94%

Worsened metrics

Dev dependency count

8

increased by14.29%

Number of low supply chain risk alerts

5

increased by66.67%

Dependency changes

• - Removed@npmcli/arborist@4.3.1(transitive)

• - Removed@npmcli/fs@1.1.1(transitive)

• - Removed@npmcli/git@2.1.0(transitive)

• - Removed@npmcli/metavuln-calculator@2.0.0(transitive)

• - Removed@npmcli/move-file@1.1.2(transitive)

• - Removed@npmcli/node-gyp@1.0.3(transitive)

• - Removed@npmcli/package-json@1.0.1(transitive)

• - Removed@npmcli/promise-spawn@1.3.2(transitive)

• - Removed@npmcli/run-script@2.0.0(transitive)

• - Removed@tootallnate/once@1.1.2(transitive)

• - Removedbuiltins@1.0.3(transitive)

• - Removedcacache@15.3.0(transitive)

• - Removedhosted-git-info@4.1.0(transitive)

• - Removedhttp-proxy-agent@4.0.1(transitive)

• - Removedignore-walk@4.0.1(transitive)

• - Removedlru-cache@6.0.0(transitive)

• - Removedmake-fetch-happen@9.1.0(transitive)

• - Removedminipass-fetch@1.4.1(transitive)

• - Removednode-gyp@8.4.1(transitive)

• - Removednopt@5.0.0(transitive)

• - Removednpm-install-checks@4.0.0(transitive)

• - Removednpm-package-arg@8.1.5(transitive)

• - Removednpm-packlist@3.0.0(transitive)

• - Removednpm-pick-manifest@6.1.1(transitive)

• - Removednpm-registry-fetch@12.0.2(transitive)

• - Removedpacote@12.0.3(transitive)

• - Removedproc-log@1.0.0(transitive)

• - Removedsocks-proxy-agent@6.2.1(transitive)

• - Removedssri@8.0.1(transitive)

• - Removedtreeverse@1.0.4(transitive)

• - Removedunique-filename@1.1.1(transitive)

• - Removedunique-slug@2.0.2(transitive)

• - Removedvalidate-npm-package-name@3.0.0(transitive)

• Updated@npmcli/arborist@^5.2.0

• Updatedget-dep-tree@^1.0.2

• Updatedpacote@^13.3.0

• Updatedsemver@^7.3.7

• Updatedyargs@^17.4.1