Comparing version 0.1.1 to 0.1.2
@@ -15,3 +15,3 @@ { | ||
], | ||
"version": "0.1.1", | ||
"version": "0.1.2", | ||
"homepage": "http://github.com/benjamn/recast", | ||
@@ -27,3 +27,3 @@ "repository": { | ||
"dependencies": { | ||
"esprima": ">= 0.9.9" | ||
"esprima": "git://github.com/ariya/esprima.git#master" | ||
}, | ||
@@ -30,0 +30,0 @@ "devDependencies": {}, |
Git dependency
Supply chain riskContains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
65383
1
- Removedesprima@4.0.1(transitive)