pacote - npm Package Compare versions

Comparing version 11.3.3 to 11.3.4

package.json

 {
   "name": "pacote",
-  "version": "11.3.3",
+  "version": "11.3.4",
   "description": "JavaScript package downloader",
@@ -49,3 +49,3 @@ "author": "Isaac Z. Schlueter <i@izs.me> (https://izs.me)",
     "npm-pick-manifest": "^6.0.0",
-    "npm-registry-fetch": "^10.0.0",
+    "npm-registry-fetch": "^11.0.0",
     "promise-retry": "^2.0.1",
@@ -52,0 +52,0 @@ "read-package-json-fast": "^2.0.1",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Number of medium supply chain risk alerts

3

decreased by-25%

Dependency changes

• + Addedmake-fetch-happen@9.1.0(transitive)

• + Addednegotiator@0.6.3(transitive)

• + Addednpm-registry-fetch@11.0.0(transitive)

• + Addedsocks-proxy-agent@6.2.1(transitive)

• - Removedmake-fetch-happen@8.0.14(transitive)

• - Removednpm-registry-fetch@10.1.2(transitive)

• - Removedsocks-proxy-agent@5.0.1(transitive)

• Updatednpm-registry-fetch@^11.0.0