New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
mendel-deps
Advanced tools
mendel-deps - npm Package Compare versions
Comparing version 3.0.0 to 3.1.0-beta1
| { | ||
| "name": "mendel-deps", | ||
| "version": "3.0.0", | ||
| "version": "3.1.0-beta1", | ||
| "description": "Depedency detector based on AST. Supports custom cache and custom resolver.", | ||
@@ -18,3 +18,3 @@ "main": "src/deps.js", | ||
| "acorn-jsx": "^3.0.1", | ||
| "ast-types": "^0.9.0" | ||
| "ast-types": "^0.9.11" | ||
| }, | ||
@@ -24,3 +24,3 @@ "devDependencies": { | ||
| "tap": "^7.1.2", | ||
| "mendel-resolver": "3.0.0" | ||
| "mendel-resolver": "^3.0.0" | ||
| }, | ||
@@ -27,0 +27,0 @@ "files": [ |
| const acorn = require('acorn-jsx/inject')(require('acorn')); | ||
| const {visit} = require('ast-types'); | ||
| const GLOBAL_WHITELIST = ['process']; | ||
| // `console` is not included as it works flawlessly in Node and browser. | ||
| const GLOBAL_WHITELIST = [ | ||
| 'global', | ||
| 'process', | ||
| ]; | ||
@@ -36,3 +40,2 @@ // { | ||
| visitMemberExpression(nodePath) { | ||
| // console.log(nodePath.parentPath.node) | ||
| const node = nodePath.value; | ||
@@ -39,0 +42,0 @@ if (node.object.type === 'Identifier' && |
New alerts
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by1.07%
4623
- Lines of code
- increased by2.73%
113
Worsened metrics
- Number of low quality alerts
- increased by100%
2
- Number of medium supply chain risk alerts
- increased byInfinity%
1
Dependency changes
Updatedast-types@^0.9.11