npm-install-security-check - npm Package Compare versions

Comparing version 1.0.2 to 1.0.3

index.js

 #! /usr/bin/env node
 
-var warn = require('cli-color').yellow
-
 var msg = 'Warning: You are running "npm install" with scripts enabled which is a potential security risk.\n' +
@@ -10,2 +8,2 @@ 'You should run npm install with the --ignore-scripts flag or update your npm config via:\n\n' +
 
-console.log(warn(msg))
+console.log(msg)

package.json

 {
   "name": "npm-install-security-check",
-  "version": "1.0.2",
+  "version": "1.0.3",
   "description": "Warn users when they are running npm install with scripts enabled",
@@ -9,6 +9,3 @@ "scripts": {
   "author": "Matthew Dahl (https://github.com/sandersky)",
-  "license": "MIT",
-  "dependencies": {
-    "cli-color": "^1.1.0"
-  }
+  "license": "MIT"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Trivial Package

Supply chain risk

Packages less than 10 lines of code are easily copied into your own project and may not warrant the additional supply chain risk of an external dependency.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Trivial Package

Supply chain risk

Packages less than 10 lines of code are easily copied into your own project and may not warrant the additional supply chain risk of an external dependency.

Found 1 instance in 1 package

Improved metrics

Dependency count

0

decreased by-100%

Worsened metrics

Total package byte prevSize

1319

decreased by-6.85%

Lines of code

6

decreased by-14.29%

Dependency changes

• - Removedcli-color@^1.1.0

• - Removedansi-regex@2.1.1(transitive)

• - Removedcli-color@1.4.0(transitive)

• - Removedd@1.0.2(transitive)

• - Removedes5-ext@0.10.64(transitive)

• - Removedes6-iterator@2.0.3(transitive)

• - Removedes6-symbol@3.1.4(transitive)

• - Removedes6-weak-map@2.0.3(transitive)

• - Removedesniff@2.0.1(transitive)

• - Removedevent-emitter@0.3.5(transitive)

• - Removedext@1.7.0(transitive)

• - Removedis-promise@2.2.2(transitive)

• - Removedlru-queue@0.1.0(transitive)

• - Removedmemoizee@0.4.17(transitive)

• - Removednext-tick@1.1.0(transitive)

• - Removedtimers-ext@0.1.8(transitive)

• - Removedtype@2.7.3(transitive)