npm-run-all2 - npm Package Compare versions

Comparing version 6.1.1 to 6.1.2

lib/read-package-json.js

@@ -9,2 +9,4 @@ /**
 
+const readPackage = require('read-package-json-fast')
+
 // ------------------------------------------------------------------------------
@@ -27,3 +29,3 @@ // Requirements
   const path = joinPath(process.cwd(), 'package.json')
-  return import('read-pkg').then(({ readPackage }) => readPackage(path)).then(body => ({
+  return readPackage(path).then(body => ({
     taskList: Object.keys(body.scripts || {}),
@@ -30,0 +32,0 @@ packageInfo: { path, body }

package.json

 {
   "name": "npm-run-all2",
-  "version": "6.1.1",
+  "version": "6.1.2",
   "description": "A CLI tool to run multiple npm-scripts in parallel or sequential. (Maintainence fork)",
@@ -12,7 +12,2 @@ "bin": {
   "main": "lib/index.js",
-  "files": [
-    "bin",
-    "lib",
-    "docs"
-  ],
   "engines": {
@@ -40,3 +35,3 @@ "node": "^14.18.0 || >=16.0.0",
     "pidtree": "^0.6.0",
-    "read-pkg": "^8.0.0",
+    "read-package-json-fast": "^3.0.2",
     "shell-quote": "^1.7.3"
@@ -46,3 +41,3 @@ },
     "auto-changelog": "^2.2.0",
-    "c8": "^8.0.0",
+    "c8": "^9.0.0",
     "fs-extra": "^11.1.0",
@@ -53,4 +48,4 @@ "gh-release": "^7.0.0",
     "p-queue": "^7.3.4",
-    "yarn": "^1.12.3",
-    "standard": "^17.1.0"
+    "standard": "^17.1.0",
+    "yarn": "^1.12.3"
   },
@@ -57,0 +52,0 @@ "repository": {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 6 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

222700

increased by143.82%

Number of package files

74

increased by146.67%

Lines of code

4102

increased by133.07%

Worsened metrics

Number of low supply chain risk alerts

22

increased by100%

Number of medium supply chain risk alerts

3

increased byInfinity%

Dependency changes

• + Addedread-package-json-fast@^3.0.2

• + Addednpm-normalize-package-bin@3.0.1(transitive)

• + Addedread-package-json-fast@3.0.2(transitive)

• - Removedread-pkg@^8.0.0

• - Removed@babel/code-frame@7.24.7(transitive)

• - Removed@babel/helper-validator-identifier@7.24.7(transitive)

• - Removed@babel/highlight@7.24.7(transitive)

• - Removed@types/normalize-package-data@2.4.4(transitive)

• - Removedansi-styles@3.2.1(transitive)

• - Removedchalk@2.4.2(transitive)

• - Removedcolor-convert@1.9.3(transitive)

• - Removedcolor-name@1.1.3(transitive)

• - Removederror-ex@1.3.2(transitive)

• - Removedescape-string-regexp@1.0.5(transitive)

• - Removedhas-flag@3.0.0(transitive)

• - Removedhosted-git-info@7.0.2(transitive)

• - Removedis-arrayish@0.2.1(transitive)

• - Removedjs-tokens@4.0.0(transitive)

• - Removedlines-and-columns@2.0.4(transitive)

• - Removedlru-cache@10.4.3(transitive)

• - Removednormalize-package-data@6.0.2(transitive)

• - Removedparse-json@7.1.1(transitive)

• - Removedpicocolors@1.1.0(transitive)

• - Removedread-pkg@8.1.0(transitive)

• - Removedsemver@7.6.3(transitive)

• - Removedspdx-correct@3.2.0(transitive)

• - Removedspdx-exceptions@2.5.0(transitive)

• - Removedspdx-expression-parse@3.0.1(transitive)

• - Removedspdx-license-ids@3.0.20(transitive)

• - Removedsupports-color@5.5.0(transitive)

• - Removedtype-fest@3.13.14.26.1(transitive)

• - Removedvalidate-npm-package-license@3.0.4(transitive)