Comparing version 1.0.1 to 2.0.0
10
index.js
@@ -1,1 +0,9 @@ | ||
console.warn(`attempting to run the max api outside of max! this package will do nothing.`); | ||
const { homepage } = require("./package.json"); | ||
throw new Error( | ||
`It appears that you installed the 'max-api' package from npm. This leads to undesired behaviour and errors. | ||
Please remove the package using 'npm uninstall max-api'. | ||
For more info please visit ${homepage} | ||
`); |
{ | ||
"name": "max-api", | ||
"version": "1.0.1", | ||
"description": "dummy package to prevent more malicious squatting. cycling74 should... probably have done this themselves.", | ||
"main": "index.js", | ||
"scripts": { | ||
"postinstall": "echo 'attempted to install the max api outside a max environment! this package will do nothing.'" | ||
}, | ||
"author": "s", | ||
"license": "ISC" | ||
"name": "max-api", | ||
"version": "2.0.0", | ||
"description": "Placeholder / Stub Node package for users that accidentally install \"max-api\" when attempting to use the dynamic \"max-api\" within [node.script]", | ||
"main": "index.js", | ||
"scripts": { | ||
"test": "echo \"Error: no test specified\" && exit 1" | ||
}, | ||
"repository": { | ||
"type": "git", | ||
"url": "git+https://github.com/Cycling74/n4m-max-api.git" | ||
}, | ||
"keywords": [ | ||
"Max", | ||
"Max MSP", | ||
"Node For Max", | ||
"node.script", | ||
"max-api" | ||
], | ||
"author": "Cycling '74", | ||
"contributors": [ | ||
{ | ||
"name": "Ben Bracken", | ||
"email": "ben@cycling74.com" | ||
}, | ||
{ | ||
"name": "Florian Demmer", | ||
"email": "florian@cycling74.com" | ||
} | ||
], | ||
"license": "MIT", | ||
"bugs": { | ||
"url": "https://github.com/Cycling74/n4m-max-api/issues" | ||
}, | ||
"homepage": "https://github.com/Cycling74/n4m-max-api#readme", | ||
"files": [ | ||
"index.js" | ||
] | ||
} |
@@ -1,1 +0,12 @@ | ||
dummy package to prevent more malicious squatting. cycling74 should... probably have done this themselves. | ||
# max-api | ||
## Intro | ||
This package is simply a placeholder package to prevent malicious usage of the `max-api` package name. It simply throws an error when required in order to showcase that a user has accidentally installed a `max-api` package when using `[node.script]`. | ||
## Background | ||
When using `[node.script]`in [Cycling '74](http://cycling74.com) Max one gets access to an API that allows bi-directional communication between Node and Max. This API is made dynamically available and can be required using `require("max-api")`. To avoid any issues or unexpected behaviour with an installed dependency of `max-api` that might overwrite the dynamic API module this package immediately throws an error. | ||
## License | ||
[MIT](./LICENSE) |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Trivial Package
Supply chain riskPackages less than 10 lines of code are easily copied into your own project and may not warrant the additional supply chain risk of an external dependency.
Found 1 instance in 1 package
No tests
QualityPackage does not have any tests. This is a strong signal of a poorly maintained or low quality package.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Install scripts
Supply chain riskInstall scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Found 1 instance in 1 package
Trivial Package
Supply chain riskPackages less than 10 lines of code are easily copied into your own project and may not warrant the additional supply chain risk of an external dependency.
Found 1 instance in 1 package
No bug tracker
MaintenancePackage does not have a linked bug tracker in package.json.
Found 1 instance in 1 package
No repository
Supply chain riskPackage does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.
Found 1 instance in 1 package
No website
QualityPackage does not have a website.
Found 1 instance in 1 package
2946
4
6
1
13
0
0
2