npm-pick-manifest
Advanced tools
Comparing version 6.1.1 to 7.0.0
{ | ||
"name": "npm-pick-manifest", | ||
"version": "6.1.1", | ||
"version": "7.0.0", | ||
"description": "Resolves a matching manifest from a package metadata document according to standard npm semver resolution rules.", | ||
"main": "index.js", | ||
"main": "./lib", | ||
"files": [ | ||
"*.js" | ||
"bin", | ||
"lib" | ||
], | ||
"scripts": { | ||
"coverage": "tap", | ||
"lint": "standard", | ||
"lint": "eslint '**/*.js'", | ||
"test": "tap", | ||
@@ -16,3 +17,7 @@ "posttest": "npm run lint", | ||
"postversion": "npm publish", | ||
"prepublishOnly": "git push origin --follow-tags" | ||
"prepublishOnly": "git push origin --follow-tags", | ||
"postlint": "npm-template-check", | ||
"template-copy": "npm-template-copy --force", | ||
"lintfix": "npm run lint -- --fix", | ||
"snap": "tap" | ||
}, | ||
@@ -25,7 +30,3 @@ "repository": "https://github.com/npm/npm-pick-manifest", | ||
], | ||
"author": { | ||
"name": "Kat Marchán", | ||
"email": "kzm@sykosomatic.org", | ||
"twitter": "maybekatz" | ||
}, | ||
"author": "GitHub Inc.", | ||
"license": "ISC", | ||
@@ -35,12 +36,18 @@ "dependencies": { | ||
"npm-normalize-package-bin": "^1.0.1", | ||
"npm-package-arg": "^8.1.2", | ||
"semver": "^7.3.4" | ||
"npm-package-arg": "^9.0.0", | ||
"semver": "^7.3.5" | ||
}, | ||
"devDependencies": { | ||
"standard": "^14.3.1", | ||
"tap": "^14.11.0" | ||
"@npmcli/template-oss": "^2.7.1", | ||
"tap": "^15.1.6" | ||
}, | ||
"tap": { | ||
"check-coverage": true | ||
}, | ||
"engines": { | ||
"node": "^12.13.0 || ^14.15.0 || >=16" | ||
}, | ||
"templateOSS": { | ||
"version": "2.7.1" | ||
} | ||
} |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
16117
4
2
+ Addedbuiltins@5.1.0(transitive)
+ Addedhosted-git-info@5.2.1(transitive)
+ Addedlru-cache@7.18.3(transitive)
+ Addednpm-package-arg@9.1.2(transitive)
+ Addedproc-log@2.0.1(transitive)
+ Addedvalidate-npm-package-name@4.0.0(transitive)
- Removedbuiltins@1.0.3(transitive)
- Removedhosted-git-info@4.1.0(transitive)
- Removedlru-cache@6.0.0(transitive)
- Removednpm-package-arg@8.1.5(transitive)
- Removedvalidate-npm-package-name@3.0.0(transitive)
- Removedyallist@4.0.0(transitive)
Updatednpm-package-arg@^9.0.0
Updatedsemver@^7.3.5