react-svg - npm Package Compare versions

Comparing version 2.1.6 to 2.1.7

package.json

 {
   "name": "react-svg",
-  "version": "2.1.6",
+  "version": "2.1.7",
   "description": "A react.js svg component for loading svg files into the dom.",
@@ -36,3 +36,4 @@ "main": "lib/index.js",
   "peerDependencies": {
-    "react": "^15.3.2"
+    "react": "^15.3.2",
+    "react-dom": "^15.3.2"
   },
@@ -39,0 +40,0 @@ "dependencies": {

README.md

@@ -64,3 +64,3 @@ # react-svg
 
-If you use these, make sure you have already included React as a dependency.
+If you use these, make sure you have already included React and ReactDOM as dependencies.
 
@@ -67,0 +67,0 @@ ## License

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Fixed alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Improved metrics

Number of low supply chain risk alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

43111

decreased by-95%

Dependency count

3

increased by50%

Lines of code

648

decreased by-96.54%

Number of medium supply chain risk alerts

3

increased by50%

No dependency changes