pacote - npm Package Compare versions
+6
-5
| { | ||
| "name": "pacote", | ||
| "version": "19.0.1", | ||
| "version": "19.0.2", | ||
| "description": "JavaScript package downloader", | ||
@@ -31,3 +31,3 @@ "author": "GitHub Inc.", | ||
| "@npmcli/eslint-config": "^5.0.0", | ||
| "@npmcli/template-oss": "4.23.3", | ||
| "@npmcli/template-oss": "4.29.0", | ||
| "hosted-git-info": "^8.0.0", | ||
@@ -65,3 +65,3 @@ "mutate-fs": "^2.1.1", | ||
| "ssri": "^12.0.0", | ||
| "tar": "^6.1.11" | ||
| "tar": "^7.5.10" | ||
| }, | ||
@@ -77,6 +77,7 @@ "engines": { | ||
| "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", | ||
| "version": "4.23.3", | ||
| "version": "4.29.0", | ||
| "windowsCI": false, | ||
| "publish": "true" | ||
| "publish": "true", | ||
| "backport": 19 | ||
| } | ||
| } |
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 4 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 4 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
73682
0.03%Dependency changes
- Removed
chownr@2.0.0(transitive)- Removed
fs-minipass@2.1.0(transitive)- Removed
minipass@5.0.0(transitive)- Removed
minizlib@2.1.2(transitive)- Removed
mkdirp@1.0.4(transitive)- Removed
tar@6.2.1(transitive)Updated
tar@^7.5.10