nativescript-telerik-ui - npm Package Compare versions

Comparing version 3.1.0-2017.9.4.1 to 3.1.0-2017.9.5.5

package.json

 {
   "name": "nativescript-telerik-ui",
-  "version": "3.1.0-2017.9.4.1",
+  "version": "3.1.0-2017.9.5.5",
   "description": "Progress NativeScript UI is a set of rich-ui, cross-platform components based on the native iOS and Android libraries provided by Telerik.",
@@ -5,0 +5,0 @@ "nativescript": {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 4 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Number of low supply chain risk alerts

0

decreased by-100%

Number of medium supply chain risk alerts

2

decreased by-60%

Worsened metrics

Total package byte prevSize

34628857

decreased by-2.49%

Number of package files

381

decreased by-0.26%

Lines of code

47162

decreased by-34.44%

No dependency changes