nconf - npm Package Compare versions

Comparing version 0.6.8 to 0.6.9

lib/nconf.js

@@ -15,5 +15,5 @@ /*
 //
-// Expose the version from the package.json using `pkginfo`.
+// Expose the version from the package.json
 //
-require('pkginfo')(module, 'version');
+nconf.version = require('../package.json').version;
 
@@ -41,1 +41,2 @@ //
 nconf.Provider      = Provider;
+

package.json

 {
   "name": "nconf",
   "description": "Hierarchical node.js configuration with files, environment variables, command-line arguments, and atomic object merging.",
-  "version": "0.6.8",
+  "version": "0.6.9",
   "author": "Nodejitsu Inc. <info@nodejitsu.com>",
@@ -19,6 +19,5 @@ "maintainers": [
   "dependencies": {
-    "async": "0.1.x",
+    "async": "0.2.9",
     "ini": "1.x.x",
-    "optimist": "0.3.x",
-    "pkginfo": "0.2.x"
+    "optimist": "0.6.0"
   },
@@ -25,0 +24,0 @@ "devDependencies": {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Dependency count

3

decreased by-25%

Number of medium supply chain risk alerts

3

decreased by-25%

Worsened metrics

Total package byte prevSize

264213

decreased by-0.01%

Dependency changes

• + Addedasync@0.2.9(transitive)

• + Addedminimist@0.0.10(transitive)

• + Addedoptimist@0.6.0(transitive)

• - Removedpkginfo@0.2.x

• - Removedasync@0.1.22(transitive)

• - Removedoptimist@0.3.7(transitive)

• - Removedpkginfo@0.2.3(transitive)

• Updatedasync@0.2.9

• Updatedoptimist@0.6.0