postcss-focus-visible - npm Package Compare versions

Comparing version 6.0.2 to 6.0.3

CHANGELOG.md

 # Changes to PostCSS Focus Visible
 
+### 6.0.3 (January 2, 2022)
+
+- Removed Sourcemaps from package tarball.
+- Moved CLI to CLI Package. See [announcement](https://github.com/csstools/postcss-plugins/discussions/121).
+
 ### 6.0.2 (December 13, 2021)
@@ -4,0 +9,0 @@

package.json

 {
   "name": "postcss-focus-visible",
-  "version": "6.0.2",
+  "version": "6.0.3",
   "description": "Use the :focus-visible pseudo-selector in CSS",
@@ -14,3 +14,2 @@ "author": "Jonathan Neal <jonathantneal@hotmail.com>",
     "CHANGELOG.md",
-    "INSTALL.md",
     "LICENSE.md",
@@ -20,5 +19,2 @@ "README.md",
   ],
-  "bin": {
-    "postcss-focus-visible": "dist/cli.mjs"
-  },
   "scripts": {
@@ -30,3 +26,4 @@ "build": "rollup -c ../../rollup/default.js",
     "stryker": "stryker run --logLevel error",
-    "test": "postcss-tape --ci"
+    "test": "postcss-tape --ci && npm run test:exports",
+    "test:exports": "node ./test/_import.mjs && node ./test/_require.cjs"
   },
@@ -37,3 +34,3 @@ "engines": {
   "dependencies": {
-    "postcss-selector-parser": "^6.0.7"
+    "postcss-selector-parser": "^6.0.8"
   },
@@ -78,3 +75,6 @@ "devDependencies": {
     "directory": "plugins/postcss-focus-visible"
+  },
+  "volta": {
+    "extends": "../../package.json"
   }
 }

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Fixed alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Number of low supply chain risk alerts

0

decreased by-100%

Number of medium supply chain risk alerts

1

decreased by-66.67%

Worsened metrics

Total package byte prevSize

15299

decreased by-85.95%

Number of package files

7

decreased by-41.67%

Lines of code

12

decreased by-96.47%

Dependency changes

• Updatedpostcss-selector-parser@^6.0.8