nwjs-download
Advanced tools
Comparing version 1.4.1 to 1.4.2
@@ -24,3 +24,3 @@ | ||
var Flow = require('node-flow'); | ||
var Flow = require('@evshiron/node-flow'); | ||
@@ -27,0 +27,0 @@ var _require4 = require('./util'); |
@@ -38,3 +38,3 @@ | ||
var Flow = require('node-flow'); | ||
var Flow = require('@evshiron/node-flow'); | ||
@@ -41,0 +41,0 @@ var DIR_CACHES = join(homedir(), '.nwjs-download', 'caches'); |
{ | ||
"name": "nwjs-download", | ||
"version": "1.4.1", | ||
"version": "1.4.2", | ||
"description": "", | ||
@@ -29,2 +29,3 @@ "main": "./lib/index.js", | ||
"dependencies": { | ||
"@evshiron/node-flow": "^1.1.0", | ||
"babel-polyfill": "^6.9.0", | ||
@@ -34,3 +35,2 @@ "commander": "^2.9.0", | ||
"fs-extra": "^0.30.0", | ||
"node-flow": "evshiron/node-flow", | ||
"progress": "^1.1.8", | ||
@@ -37,0 +37,0 @@ "request": "^2.72.0", |
GitHub dependency
Supply chain riskContains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
Manifest confusion
Supply chain riskThis package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.
Found 1 instance in 1 package
30407
0
0
+ Added@evshiron/node-flow@^1.1.0
+ Added@evshiron/node-flow@1.2.0(transitive)
+ Addedansi-regex@2.1.1(transitive)
+ Addedansi-styles@2.2.1(transitive)
+ Addedchalk@1.1.3(transitive)
+ Addedescape-string-regexp@1.0.5(transitive)
+ Addedhas-ansi@2.0.0(transitive)
+ Addedstrip-ansi@3.0.1(transitive)
+ Addedsupports-color@2.0.0(transitive)
- Removednode-flow@evshiron/node-flow