Comparing version 1.1.2 to 1.1.3
@@ -5,9 +5,18 @@ { | ||
| "author": "Isaac Z. Schlueter <i@izs.me> (http://blog.izs.me/)", | ||
| "version": "1.1.2", | ||
| "version": "1.1.3", | ||
| "main": "lib/sax.js", | ||
| "license": "ISC", | ||
| "scripts": { | ||
| "test": "node test/index.js" | ||
| "test": "tap test/*.js" | ||
| }, | ||
| "repository": "git://github.com/isaacs/sax-js.git" | ||
| "repository": "git://github.com/isaacs/sax-js.git", | ||
| "files": [ | ||
| "lib/sax.js", | ||
| "LICENSE", | ||
| "LICENSE-W3C.html", | ||
| "README.md" | ||
| ], | ||
| "devDependencies": { | ||
| "tap": "^1.4.1" | ||
| } | ||
| } |
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Improved metrics
- Number of low supply chain risk alerts
- decreased by-100%
0
- Number of medium supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Total package byte prevSize
- decreased by-86.64%
63431
- Dev dependency count
- increased byInfinity%
1
- Number of package files
- decreased by-92.42%
5
- Lines of code
- decreased by-51.24%
1302
No dependency changes