pacote - npm Package Compare versions
Comparing version 11.1.11 to 11.1.12
| { | ||
| "name": "pacote", | ||
| "version": "11.1.11", | ||
| "version": "11.1.12", | ||
| "description": "JavaScript package downloader", | ||
| "author": "Isaac Z. Schlueter <i@izs.me> (https://izs.me)", | ||
| "bin": "lib/bin.js", | ||
| "bin": { | ||
| "pacote": "lib/bin.js" | ||
| }, | ||
| "license": "ISC", | ||
@@ -26,3 +28,3 @@ "main": "lib/index.js", | ||
| "require-inject": "^1.4.4", | ||
| "tap": "^14.10.6" | ||
| "tap": "^14.10.8" | ||
| }, | ||
@@ -51,3 +53,3 @@ "files": [ | ||
| "npm-pick-manifest": "^6.0.0", | ||
| "npm-registry-fetch": "^8.1.3", | ||
| "npm-registry-fetch": "^9.0.0", | ||
| "promise-retry": "^1.1.1", | ||
@@ -54,0 +56,0 @@ "read-package-json-fast": "^1.1.3", |
| # pacote | ||
| JavaScript Package Handler | ||
| Fetches package manifests and tarballs from the npm registry. | ||
@@ -24,6 +24,16 @@ ## USAGE | ||
| Anything that you can do to with kind of package, you can do to any kind of | ||
| package. Data that isn't relevant (like a packument for a tarball) will be | ||
| `pacote` works with any kind of package specifier that npm can install. If | ||
| you can pass it to the npm CLI, you can pass it to pacote. (In fact, that's | ||
| exactly what the npm CLI does.) | ||
| Anything that you can do with one kind of package, you can do with another. | ||
| Data that isn't relevant (like a packument for a tarball) will be | ||
| simulated. | ||
| `prepare` scripts will be run when generating tarballs from `git` and | ||
| `directory` locations, to simulate what _would_ be published to the | ||
| registry, so that you get a working package instead of just raw source | ||
| code that might need to be transpiled. | ||
| ## CLI | ||
@@ -30,0 +40,0 @@ |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.83%
58527
- Number of lines in readme file
- increased by4.08%
255
Worsened metrics
- Number of medium supply chain risk alerts
- increased by33.33%
4
Dependency changes
+ Addednpm-registry-fetch@9.0.0(transitive)
- Removednpm-registry-fetch@8.1.5(transitive)
Updatednpm-registry-fetch@^9.0.0