module-deps - npm Package Compare versions

Comparing version 3.5.11 to 3.5.12

package.json

 {
   "name": "module-deps",
-  "version": "3.5.11",
+  "version": "3.5.12",
   "description": "walk the dependency graph to generate json output that can be fed into browser-pack",
@@ -5,0 +5,0 @@ "main": "index.js",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

48155

increased by43.63%

Number of package files

91

increased by1.11%

Lines of code

1197

increased by52.48%

Worsened metrics

Number of low supply chain risk alerts

12

increased by50%

Number of medium supply chain risk alerts

18

increased by5.88%

No dependency changes