react-addons-update
Advanced tools
react-addons-update - npm Package Compare versions
Comparing version 15.6.2 to 15.6.3
32
index.js
@@ -11,5 +11,35 @@ /** | ||
| var _assign = require('object-assign'); | ||
| var invariant = require('fbjs/lib/invariant'); | ||
| var hasOwnProperty = {}.hasOwnProperty; | ||
| var validateFormat = function validateFormat(format) {}; | ||
| if (process.env.NODE_ENV !== 'production') { | ||
| validateFormat = function validateFormat(format) { | ||
| if (format === undefined) { | ||
| throw new Error('invariant requires an error message argument'); | ||
| } | ||
| }; | ||
| } | ||
| function invariant(condition, format, a, b, c, d, e, f) { | ||
| validateFormat(format); | ||
| if (!condition) { | ||
| var error; | ||
| if (format === undefined) { | ||
| error = new Error('Minified exception occurred; use the non-minified dev environment ' + 'for the full error message and additional helpful warnings.'); | ||
| } else { | ||
| var args = [a, b, c, d, e, f]; | ||
| var argIndex = 0; | ||
| error = new Error(format.replace(/%s/g, function () { | ||
| return args[argIndex++]; | ||
| })); | ||
| error.name = 'Invariant Violation'; | ||
| } | ||
| error.framesToPop = 1; // we don't care about invariant's own frame | ||
| throw error; | ||
| } | ||
| } | ||
| function shallowCopy(x) { | ||
@@ -16,0 +46,0 @@ if (Array.isArray(x)) { |
| { | ||
| "name": "react-addons-update", | ||
| "version": "15.6.2", | ||
| "version": "15.6.3", | ||
| "main": "index.js", | ||
@@ -12,3 +12,2 @@ "repository": "facebook/react", | ||
| "dependencies": { | ||
| "fbjs": "^0.8.9", | ||
| "object-assign": "^4.1.0" | ||
@@ -15,0 +14,0 @@ }, |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by3.15%
27479
- Dependency count
- decreased by-50%
1
- Lines of code
- increased by5%
525
- Number of medium supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Number of low supply chain risk alerts
- increased by100%
2
Dependency changes
- Removedfbjs@^0.8.9
- Removedasap@2.0.6(transitive)
- Removedcore-js@1.2.7(transitive)
- Removedencoding@0.1.13(transitive)
- Removedfbjs@0.8.18(transitive)
- Removediconv-lite@0.6.3(transitive)
- Removedis-stream@1.1.0(transitive)
- Removedisomorphic-fetch@2.2.1(transitive)
- Removedjs-tokens@4.0.0(transitive)
- Removedloose-envify@1.4.0(transitive)
- Removednode-fetch@1.7.3(transitive)
- Removedpromise@7.3.1(transitive)
- Removedsafer-buffer@2.1.2(transitive)
- Removedsetimmediate@1.0.5(transitive)
- Removedua-parser-js@0.7.39(transitive)
- Removedwhatwg-fetch@3.6.20(transitive)