node-expat - npm Package Compare versions

Comparing version 2.3.17 to 2.3.18

package.json

 {
   "name": "node-expat",
-  "version": "2.3.17",
+  "version": "2.3.18",
   "main": "./lib/node-expat",
@@ -22,4 +22,4 @@ "description": "NodeJS binding for fast XML parsing.",
   "dependencies": {
-    "bindings": "^1.2.1",
-    "nan": "^2.10.0"
+    "bindings": "^1.5.0",
+    "nan": "^2.13.2"
   },
@@ -30,3 +30,2 @@ "devDependencies": {
     "iconv": "^2.2.0",
-    "libxmljs": "^0.18.0",
     "ltx": "^2.3.0",
@@ -33,0 +32,0 @@ "node-xml": "^1.0.2",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Native code

Supply chain risk

Contains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.

Found 6 instances in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Mixed license

License

(Experimental) Package contains multiple licenses.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Mixed license

License

(Experimental) Package contains multiple licenses.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

3681999

increased by62.92%

Dev dependency count

8

decreased by-11.11%

Number of package files

116

increased by18.37%

Worsened metrics

Number of medium supply chain risk alerts

8

increased by700%

Dependency changes

• Updatedbindings@^1.5.0

• Updatednan@^2.13.2