renovate
Advanced tools
renovate - npm Package Compare versions
Comparing version
@@ -17,7 +17,5 @@ const logger = require('winston'); | ||
| config.packageFile = packageFile; | ||
| // We export the token back to ENV, on a per-repo basis | ||
| process.env.GITHUB_TOKEN = config.token; | ||
| // Initialize helpers | ||
| changelog.setGitHubToken(config.token); | ||
| logger.info(`Processing ${repoName} ${packageFile}`); | ||
@@ -24,0 +22,0 @@ |
| { | ||
| "name": "renovate", | ||
| "description": "Keep npm dependencies up-to-date via Pull Requests", | ||
| "version": "3.0.0", | ||
| "version": "3.0.1", | ||
| "bin": "renovate.js", | ||
@@ -34,3 +34,3 @@ "main": "lib/index.js", | ||
| "dependencies": { | ||
| "changelog": "singapore/changelog", | ||
| "changelog": "dylang/changelog#v1.2.0", | ||
| "commander": "2.9.0", | ||
@@ -37,0 +37,0 @@ "gh-got": "5.0.0", |
New alerts
GitHub dependency
Supply chain riskContains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
Manifest confusion
Supply chain riskThis package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.
Found 1 instance in 1 package
Fixed alerts
GitHub dependency
Supply chain riskContains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
Manifest confusion
Supply chain riskThis package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.
Found 1 instance in 1 package
Worsened metrics
- Total package byte prevSize
40948
-0.01%- Lines of code
747
-0.13%