sigstore - npm Package Compare versions
Comparing version 2.2.0 to 2.2.1
| { | ||
| "name": "sigstore", | ||
| "version": "2.2.0", | ||
| "version": "2.2.1", | ||
| "description": "code-signing for npm packages", | ||
@@ -32,3 +32,3 @@ "main": "dist/index.js", | ||
| "@sigstore/jest": "^0.0.0", | ||
| "@sigstore/mock": "^0.6.3", | ||
| "@sigstore/mock": "^0.6.4", | ||
| "@tufjs/repo-mock": "^2.0.0", | ||
@@ -39,7 +39,7 @@ "@types/make-fetch-happen": "^10.0.4" | ||
| "@sigstore/bundle": "^2.1.1", | ||
| "@sigstore/core": "^0.2.0", | ||
| "@sigstore/core": "^1.0.0", | ||
| "@sigstore/protobuf-specs": "^0.2.1", | ||
| "@sigstore/sign": "^2.2.1", | ||
| "@sigstore/sign": "^2.2.2", | ||
| "@sigstore/tuf": "^2.3.0", | ||
| "@sigstore/verify": "^0.1.0" | ||
| "@sigstore/verify": "^1.0.0" | ||
| }, | ||
@@ -46,0 +46,0 @@ "engines": { |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Improved metrics
- Number of medium supply chain risk alerts
- decreased by-100%
0
Dependency changes
+ Added@sigstore/verify@1.2.1(transitive)
- Removed@sigstore/core@0.2.0(transitive)
- Removed@sigstore/verify@0.1.0(transitive)
Updated@sigstore/core@^1.0.0
Updated@sigstore/sign@^2.2.2
Updated@sigstore/verify@^1.0.0