New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
scramjet-core
Advanced tools
scramjet-core - npm Package Compare versions
Comparing version 4.29.0 to 4.29.1
| { | ||
| "name": "scramjet-core", | ||
| "version": "4.29.0", | ||
| "version": "4.29.1", | ||
| "description": "A pluggable minimal version of Scramjet that focuses only on stream transform and exposes only core features", | ||
@@ -52,3 +52,5 @@ "main": "lib/index.js", | ||
| "lib", | ||
| "docs" | ||
| "docs", | ||
| "scripts", | ||
| "test" | ||
| ], | ||
@@ -55,0 +57,0 @@ "devDependencies": { |
New alerts
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 2 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by54.84%
225884
- Number of package files
- increased by100%
48
- Lines of code
- increased by68.42%
4635
Worsened metrics
- Number of low supply chain risk alerts
- increased by2500%
26
- Number of medium supply chain risk alerts
- increased byInfinity%
1
No dependency changes