sails-stdlib - npm Package Compare versions

Comparing version 0.3.8 to 0.3.9

package.json

 {
   "name": "sails-stdlib",
-  "version": "0.3.8",
+  "version": "0.3.9",
   "description": "Standard library for Node/Sails applications. Hand-picked and maintained by the Sails.js core team.",
@@ -30,3 +30,3 @@ "scripts": {
     "machinepack-fs": "git://github.com/mikermcneil/machinepack-fs.git#41522a8446fdbac34f89157ec6e8d646551c2555",
-    "machinepack-gravatar": "git://github.com/irlnathan/machinepack-gravatar.git#7b2b2afd24481ca3fb40c8aac18002cad9837aac",
+    "machinepack-gravatar": "git://github.com/irlnathan/machinepack-gravatar.git#b29071b150e3ed8df062d0553ce3e64084c6596f",
     "machinepack-http": "git://github.com/mikermcneil/machinepack-http.git#d445c00a35ba5e652c86cb923551cd1996ffe159",
@@ -46,3 +46,3 @@ "machinepack-ifthen": "git://github.com/treelinehq/machinepack-ifthen.git#18b1ead1fcee421a792ba73544c750005ad3ffad",
     "machinepack-urls": "git://github.com/mikermcneil/machinepack-urls.git#4cc9393c7e46b51e57066d31b3e1edc12fec372a",
-    "machinepack-util": "git://github.com/treelinehq/machinepack-util.git#4fc3f5065491c1544fdbebb918262ec74678f2dc",
+    "machinepack-util": "git://github.com/treelinehq/machinepack-util.git#2baecb44450134fa07c7317c4557910d7d5f8e53",
     "machinepack-waterline": "git://github.com/treelinehq/machinepack-waterline.git#5aef25bdc7aa1e81eea6f3b2f5974d91323988a6"
@@ -49,0 +49,0 @@ },

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Git dependency

Supply chain risk

Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 2 instances in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Git dependency

Supply chain risk

Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 2 instances in 1 package

Worsened metrics

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• Updatedmachinepack-gravatar@git://github.com/irlnathan/machinepack-gravatar.git#b29071b150e3ed8df062d0553ce3e64084c6596f

• Updatedmachinepack-util@git://github.com/treelinehq/machinepack-util.git#2baecb44450134fa07c7317c4557910d7d5f8e53