nanoislands
Advanced tools
nanoislands - npm Package Compare versions
Comparing version 1.0.15-beta to 1.0.15-gamma
@@ -104,3 +104,3 @@ /** | ||
| var ch = value.charAt(0); | ||
| return (ch === '[' || ch === '{') ? eval('(' + value + ')') : value; | ||
| return (ch === '[' || ch === '{') ? JSON.parse(value) : value; | ||
| } | ||
@@ -107,0 +107,0 @@ }; |
@@ -9,3 +9,3 @@ { | ||
| "description": "Yate/Stylus/jQuery-UI library for Yandex corporate style", | ||
| "version": "1.0.15-beta", | ||
| "version": "1.0.15-gamma", | ||
| "licence": "MIT", | ||
@@ -12,0 +12,0 @@ "homepage": "http://yandex-ui.github.io/nanoislands/", |
New alerts
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Fixed alerts
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 2 instances in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Improved metrics
- Number of low supply chain risk alerts
- decreased by-50%
2
- Number of medium supply chain risk alerts
- decreased by-66.67%
1
Worsened metrics
- Total package byte prevSize
- decreased by-45.54%
1818904
- Number of package files
- decreased by-3.23%
210
- Lines of code
- decreased by-53.32%
36105