rox-react-native - npm Package Compare versions

Comparing version 4.9.4-alpha.0 to 4.9.4

package.json

 {
   "name": "rox-react-native",
-  "version": "4.9.4-alpha.0",
+  "version": "4.9.4",
   "description": "Rollout.io ROX JS SDK Client",
@@ -63,3 +63,3 @@ "author": "Rollout.io <support@rollout.io>",
     "react-dom": "^15.6.1",
-    "rox-base": "^4.9.2-alpha.0",
+    "rox-base": "^4.9.4",
     "style-loader": "^0.18.2",
@@ -86,3 +86,3 @@ "uglifyjs-webpack-plugin": "^1.2.3",
   },
-  "gitHead": "aa0182a9ccee19655b1569fd1194fe78cbe8075e"
+  "gitHead": "77444a24f7ade959923e25061f058f5ab037c472"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 2 instances in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

925529

increased by0.2%

Lines of code

23375

increased by0.09%

Number of low quality alerts

0

decreased by-100%

Worsened metrics

Number of low supply chain risk alerts

1

increased byInfinity%

Number of medium supply chain risk alerts

8

increased byInfinity%

No dependency changes