marionettejs
Advanced tools
Comparing version 0.0.0 to 1.0.0-alpha.1
{ | ||
"name": "marionettejs", | ||
"version": "0.0.0", | ||
"description": "", | ||
"main": "index.js", | ||
"version": "1.0.0-alpha.1", | ||
"license": "MIT", | ||
"repository": "LinusU/marionettejs", | ||
"scripts": { | ||
"test": "echo \"Error: no test specified\" && exit 1" | ||
}, | ||
"author": "", | ||
"license": "ISC" | ||
"test": "node test", | ||
"postinstall": "swift build -c release -Xswiftc -target -Xswiftc x86_64-apple-macosx10.13 -Xlinker -undefined -Xlinker dynamic_lookup && mv .build/release/libMarionetteJS.dylib .build/release/MarionetteJS.node" | ||
} | ||
} |
Install scripts
Supply chain riskInstall scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
spdx disjunction for an artifact's license information
Licensespdx disjunction for an artifact's license information
Found 1 instance in 1 package
No contributors or author data
MaintenancePackage does not specify a list of contributors or an author in package.json.
Found 1 instance in 1 package
Empty package
Supply chain riskPackage does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.
Found 1 instance in 1 package
No README
QualityPackage does not have a README. This may indicate a failed publish or a low quality package.
Found 1 instance in 1 package
spdx disjunction for an artifact's license information
Licensespdx disjunction for an artifact's license information
Found 1 instance in 1 package
No repository
Supply chain riskPackage does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.
Found 1 instance in 1 package
No tests
QualityPackage does not have any tests. This is a strong signal of a poorly maintained or low quality package.
Found 1 instance in 1 package
8667
12
46
2
1
27
1
2