🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
require-at - npm Package Compare versions
Comparing version 1.0.5 to 1.0.6
| { | ||
| "name": "require-at", | ||
| "version": "1.0.5", | ||
| "version": "1.0.6", | ||
| "main": "require-at.js", | ||
@@ -18,2 +18,3 @@ "description": "Call require pretending your are at another directory", | ||
| "files": [ | ||
| "create-require.js", | ||
| "require-at.js" | ||
@@ -20,0 +21,0 @@ ], |
New alerts
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
5882
29.5%- Number of package files
4
33.33%- Lines of code
61
117.86%Worsened metrics
- Number of low supply chain risk alerts
2
100%- Number of medium supply chain risk alerts
1
Infinity%No dependency changes