showdown - npm Package Compare versions

Comparing version 2.0.0 to 2.0.1

package.json

 {
   "name": "showdown",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "description": "A Markdown to HTML converter written in Javascript",
@@ -41,6 +41,2 @@ "author": "Estevão Santos",
   },
-  "files": [
-    "bin",
-    "dist"
-  ],
   "devDependencies": {
@@ -47,0 +43,0 @@ "chai": "^4.3.4",

README.md

@@ -0,0 +0,0 @@ ![Showdown][sd-logo]

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1338974

increased by68.24%

Number of package files

776

increased by9600%

Lines of code

11324

increased by133.39%

Worsened metrics

Number of low supply chain risk alerts

7

increased byInfinity%

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes