npm-registry-fetch - npm Package Compare versions

Comparing version 3.9.0 to 3.9.1

CHANGELOG.md

@@ -5,2 +5,7 @@ # Change Log
 
+<a name="3.9.1"></a>
+## [3.9.1](https://github.com/npm/registry-fetch/compare/v3.9.0...v3.9.1) (2019-07-02)
+
+
+
 <a name="3.9.0"></a>
@@ -7,0 +12,0 @@ # [3.9.0](https://github.com/npm/registry-fetch/compare/v3.8.0...v3.9.0) (2019-01-24)

package.json

 {
   "name": "npm-registry-fetch",
-  "version": "3.9.0",
+  "version": "3.9.1",
   "description": "Fetch-based http client for use with npm registry APIs",
@@ -35,8 +35,8 @@ "main": "index.js",
     "figgy-pudding": "^3.4.1",
-    "lru-cache": "^4.1.3",
-    "make-fetch-happen": "^4.0.1",
+    "lru-cache": "^5.1.1",
+    "make-fetch-happen": "^4.0.2",
     "npm-package-arg": "^6.1.0"
   },
   "devDependencies": {
-    "cacache": "^11.0.2",
+    "cacache": "^11.3.3",
     "get-stream": "^4.0.0",
@@ -43,0 +43,0 @@ "mkdirp": "^0.5.1",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

42279

increased by0.26%

Worsened metrics

Number of medium supply chain risk alerts

2

increased by100%

Dependency changes

• - Removedlru-cache@4.1.5(transitive)

• - Removedpseudomap@1.0.2(transitive)

• - Removedyallist@2.1.2(transitive)

• Updatedlru-cache@^5.1.1

• Updatedmake-fetch-happen@^4.0.2