porter - npm Package Compare versions

Comparing version 0.0.3 to 0.0.4

package.json

 {
-  "author": "Karl Böhlmark <karl.bohlmark@radiantbits.se>",
+  "author": "",
   "name": "porter",
   "description": "CommonJS to browser exporter",
-  "version": "0.0.3",
-  "scripts": {
-    "test": "node test/run-tests.js"
+  "version": "0.0.4",
+  "main": "index.js",
+  "directories": {
+    "test": "test"
   },
-  "bin":{
-    "porter": "cli.js"
-  },
   "dependencies": {
-    "esprima": "~0.9.9",
-    "optimist": "~0.3.4",
-    "escodegen": "0.0.3"
+    "subdeps": "~0.0.1",
+    "commander": "~1.0.2",
+    "commondir": "0.0.1"
   },
   "devDependencies": {},
-  "optionalDependencies": {},
-  "engines": {
-    "node": "*"
-  }
+  "scripts": {
+    "test": "node test/run-test.js"
+  },
+  "bin": {
+    "porter": "bin/porter"
+  },
+  "repository": "",
+  "license": "BSD"
 }

New alerts

Non-existent author

Supply chain risk

The package was published by an npm account that no longer exists.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Misc. License Issues

License

(Experimental) A package's licensing information has fine-grained problems.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

No contributors or author data

Maintenance

Package does not specify a list of contributors or an author in package.json.

Found 1 instance in 1 package

Fixed alerts

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

No repository

Supply chain risk

Package does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1132133

increased by7290.38%

Lines of code

17815

increased by3747.73%

Number of low supply chain risk alerts

5

decreased by-28.57%

Worsened metrics

Number of package files

11

decreased by-35.29%

Number of medium license alerts

1

increased byInfinity%

Number of low maintenance alerts

3

increased by50%

Number of high supply chain risk alerts

1

increased byInfinity%

Number of medium supply chain risk alerts

10

increased byInfinity%

Dependency changes

• + Addedcommander@~1.0.2

• + Addedcommondir@0.0.1

• + Addedsubdeps@~0.0.1

• + Addedcommander@1.0.5(transitive)

• + Addedcommondir@0.0.1(transitive)

• + Addeddetective@0.1.1(transitive)

• + Addedkeypress@0.1.0(transitive)

• + Addedresolve@0.2.8(transitive)

• + Addedsubdeps@0.0.1(transitive)

• + Addeduglify-js@1.2.6(transitive)

• - Removedescodegen@0.0.3

• - Removedesprima@~0.9.9

• - Removedoptimist@~0.3.4

• - Removedescodegen@0.0.3(transitive)

• - Removedesprima@0.9.9(transitive)

• - Removedoptimist@0.3.7(transitive)

• - Removedwordwrap@0.0.3(transitive)