resolve - npm Package Compare versions

Comparing version 1.22.8 to 1.22.9

lib/core.json

@@ -92,3 +92,5 @@ {
 	"node:repl": [">= 14.18 && < 15", ">= 16"],
+	"node:sea": [">= 20.12 && < 21", ">= 21.7"],
 	"smalloc": ">= 0.11.5 && < 3",
+	"node:sqlite": ">= 23.4",
 	"_stream_duplex": ">= 0.9.4",
@@ -120,2 +122,4 @@ "node:_stream_duplex": [">= 14.18 && < 15", ">= 16"],
 	"node:test/reporters": [">= 18.17 && < 19", ">= 19.9", ">= 20"],
+	"test/mock_loader": ">= 22.3 && < 22.7",
+	"node:test/mock_loader": ">= 22.3 && < 22.7",
 	"node:test": [">= 16.17 && < 17", ">= 18"],
@@ -122,0 +126,0 @@ "timers": true,

package.json

 {
 	"name": "resolve",
 	"description": "resolve like require.resolve() on behalf of files asynchronously and synchronously",
-	"version": "1.22.8",
+	"version": "1.22.9",
 	"repository": {
@@ -29,9 +29,8 @@ "type": "git",
 		"test": "npm run --silent tests-only",
-		"posttest": "npm run test:multirepo && aud --production",
+		"posttest": "npm run test:multirepo && npx npm@'>= 10.2' audit --production",
 		"test:multirepo": "cd ./test/resolver/multirepo && npm install && npm test"
 	},
 	"devDependencies": {
-		"@ljharb/eslint-config": "^21.1.0",
-		"array.prototype.map": "^1.0.6",
-		"aud": "^2.0.3",
+		"@ljharb/eslint-config": "^21.1.1",
+		"array.prototype.map": "^1.0.7",
 		"copy-dir": "^1.3.0",
@@ -43,3 +42,3 @@ "eclint": "^2.8.1",
 		"mv": "^2.1.1",
-		"npmignore": "^0.3.0",
+		"npmignore": "^0.3.1",
 		"object-keys": "^1.1.1",
@@ -50,3 +49,3 @@ "rimraf": "^2.7.1",
 		"tap": "0.4.13",
-		"tape": "^5.7.0",
+		"tape": "^5.9.0",
 		"tmp": "^0.0.31"
@@ -64,3 +63,3 @@ },
 	"dependencies": {
-		"is-core-module": "^2.13.0",
+		"is-core-module": "^2.16.0",
 		"path-parse": "^1.0.7",
@@ -67,0 +66,0 @@ "supports-preserve-symlinks-flag": "^1.0.0"

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 5 instances in 1 package

Unidentified License

License

(Experimental) Something that seems like a license was found, but its contents could not be matched with a known license.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

3087705

increased by2023.68%

Dev dependency count

16

decreased by-5.88%

Number of package files

1472

increased by1417.53%

Lines of code

92112

increased by2702.31%

Worsened metrics

Number of low license alerts

2

increased by100%

License quality

80

decreased by-20%

Number of high supply chain risk alerts

3

increased by200%

Number of low supply chain risk alerts

40

increased by48.15%

Number of medium supply chain risk alerts

5

increased byInfinity%

Dependency changes

• Updatedis-core-module@^2.16.0