npm-pick-manifest
Advanced tools
npm-pick-manifest - npm Package Compare versions
Comparing version 6.1.1 to 7.0.0
| { | ||
| "name": "npm-pick-manifest", | ||
| "version": "6.1.1", | ||
| "version": "7.0.0", | ||
| "description": "Resolves a matching manifest from a package metadata document according to standard npm semver resolution rules.", | ||
| "main": "index.js", | ||
| "main": "./lib", | ||
| "files": [ | ||
| "*.js" | ||
| "bin", | ||
| "lib" | ||
| ], | ||
| "scripts": { | ||
| "coverage": "tap", | ||
| "lint": "standard", | ||
| "lint": "eslint '**/*.js'", | ||
| "test": "tap", | ||
@@ -16,3 +17,7 @@ "posttest": "npm run lint", | ||
| "postversion": "npm publish", | ||
| "prepublishOnly": "git push origin --follow-tags" | ||
| "prepublishOnly": "git push origin --follow-tags", | ||
| "postlint": "npm-template-check", | ||
| "template-copy": "npm-template-copy --force", | ||
| "lintfix": "npm run lint -- --fix", | ||
| "snap": "tap" | ||
| }, | ||
@@ -25,7 +30,3 @@ "repository": "https://github.com/npm/npm-pick-manifest", | ||
| ], | ||
| "author": { | ||
| "name": "Kat Marchán", | ||
| "email": "kzm@sykosomatic.org", | ||
| "twitter": "maybekatz" | ||
| }, | ||
| "author": "GitHub Inc.", | ||
| "license": "ISC", | ||
@@ -35,12 +36,18 @@ "dependencies": { | ||
| "npm-normalize-package-bin": "^1.0.1", | ||
| "npm-package-arg": "^8.1.2", | ||
| "semver": "^7.3.4" | ||
| "npm-package-arg": "^9.0.0", | ||
| "semver": "^7.3.5" | ||
| }, | ||
| "devDependencies": { | ||
| "standard": "^14.3.1", | ||
| "tap": "^14.11.0" | ||
| "@npmcli/template-oss": "^2.7.1", | ||
| "tap": "^15.1.6" | ||
| }, | ||
| "tap": { | ||
| "check-coverage": true | ||
| }, | ||
| "engines": { | ||
| "node": "^12.13.0 || ^14.15.0 || >=16" | ||
| }, | ||
| "templateOSS": { | ||
| "version": "2.7.1" | ||
| } | ||
| } |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Worsened metrics
- Total package byte prevSize
- decreased by-28.64%
16117
- Number of package files
- decreased by-20%
4
- Number of medium supply chain risk alerts
- increased by100%
2
Dependency changes
+ Addedbuiltins@5.1.0(transitive)
+ Addedhosted-git-info@5.2.1(transitive)
+ Addedlru-cache@7.18.3(transitive)
+ Addednpm-package-arg@9.1.2(transitive)
+ Addedproc-log@2.0.1(transitive)
+ Addedvalidate-npm-package-name@4.0.0(transitive)
- Removedbuiltins@1.0.3(transitive)
- Removedhosted-git-info@4.1.0(transitive)
- Removedlru-cache@6.0.0(transitive)
- Removednpm-package-arg@8.1.5(transitive)
- Removedvalidate-npm-package-name@3.0.0(transitive)
- Removedyallist@4.0.0(transitive)
Updatednpm-package-arg@^9.0.0
Updatedsemver@^7.3.5