New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
rive-js - npm Package Compare versions
Comparing version 0.7.18 to 0.7.19
| { | ||
| "name": "rive-js", | ||
| "version": "0.7.18", | ||
| "version": "0.7.19", | ||
| "description": "Rive's web api.", | ||
@@ -36,2 +36,4 @@ "main": "dist/rive.dev.js", | ||
| "dist/rive.d.ts", | ||
| "dist/rive_canvas.js", | ||
| "dist/rive_canvas.d.ts", | ||
| "src/rive.ts" | ||
@@ -38,0 +40,0 @@ ], |
New alerts
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by14.7%
2398473
- Number of package files
- increased by16.67%
14
- Lines of code
- increased by31.2%
16784
Worsened metrics
- Number of low supply chain risk alerts
- increased byInfinity%
2
- Number of medium supply chain risk alerts
- increased by33.33%
20
No dependency changes