New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
ngx-mqtt - npm Package Compare versions
Comparing version 6.8.1 to 6.8.2
| { | ||
| "name": "ngx-mqtt", | ||
| "version": "6.8.1", | ||
| "version": "6.8.2", | ||
| "description": "ngx mqtt client library", | ||
@@ -42,3 +42,4 @@ "main": "bundles/ngx-mqtt.min.js", | ||
| "ecstatic": ">=3.2.0", | ||
| "ssri": ">=6.0.0" | ||
| "ssri": ">=6.0.0", | ||
| "mqtt": "github:mqttjs/MQTT.js#16848192d5e31918d5b63a697803231caef74a3a" | ||
| }, | ||
@@ -70,3 +71,2 @@ "devDependencies": { | ||
| "karma-webpack": "^3.0.0", | ||
| "mqtt": "github:mqttjs/MQTT.js#16848192d5e31918d5b63a697803231caef74a3a", | ||
| "reflect-metadata": "^0.1.12", | ||
@@ -73,0 +73,0 @@ "rimraf": "^2.6.2", |
New alerts
GitHub dependency
Supply chain riskContains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
Improved metrics
- Dev dependency count
- decreased by-2.7%
36
Worsened metrics
- Dependency count
- increased by16.67%
7
- Number of high supply chain risk alerts
- increased byInfinity%
1