ssri - npm Package Compare versions

Comparing version 8.0.1 to 9.0.0

LICENSE.md

 ISC License
 
-Copyright (c) npm, Inc.
+Copyright 2021 (c) npm, Inc.
 
@@ -5,0 +5,0 @@ Permission to use, copy, modify, and/or distribute this software for

package.json

 {
   "name": "ssri",
-  "version": "8.0.1",
+  "version": "9.0.0",
   "description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.",
-  "main": "index.js",
-  "files": [],
+  "main": "lib/index.js",
+  "files": [
+    "bin/",
+    "lib/"
+  ],
   "scripts": {
     "prerelease": "npm t",
     "postrelease": "npm publish",
-    "prepublishOnly": "git push --follow-tags",
+    "prepublishOnly": "git push origin --follow-tags",
     "posttest": "npm run lint",
-    "release": "standard-version -s",
     "test": "tap",
     "coverage": "tap",
-    "lint": "standard"
+    "lint": "eslint \"**/*.js\"",
+    "postlint": "template-oss-check",
+    "template-oss-apply": "template-oss-apply --force",
+    "lintfix": "npm run lint -- --fix",
+    "preversion": "npm test",
+    "postversion": "npm publish",
+    "snap": "tap"
   },
@@ -20,3 +28,6 @@ "tap": {
   },
-  "repository": "https://github.com/npm/ssri",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/npm/ssri.git"
+  },
   "keywords": [
@@ -36,7 +47,3 @@ "w3c",
   ],
-  "author": {
-    "name": "Kat Marchán",
-    "email": "kzm@sykosomatic.org",
-    "twitter": "maybekatz"
-  },
+  "author": "GitHub Inc.",
   "license": "ISC",
@@ -47,9 +54,13 @@ "dependencies": {
   "devDependencies": {
-    "standard": "^16.0.3",
-    "standard-version": "^9.1.0",
-    "tap": "^14.10.6"
+    "@npmcli/eslint-config": "^3.0.1",
+    "@npmcli/template-oss": "3.2.2",
+    "tap": "^16.0.1"
   },
   "engines": {
-    "node": ">= 8"
+    "node": "^12.13.0 || ^14.15.0 || >=16.0.0"
+  },
+  "templateOSS": {
+    "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
+    "version": "3.2.2"
   }
 }

README.md

@@ -199,3 +199,3 @@ # ssri [![npm version](https://img.shields.io/npm/v/ssri.svg)](https://npm.im/ssri) [![license](https://img.shields.io/npm/l/ssri.svg)](https://npm.im/ssri) [![Travis](https://img.shields.io/travis/npm/ssri.svg)](https://travis-ci.org/npm/ssri) [![AppVeyor](https://ci.appveyor.com/api/projects/status/github/npm/ssri?svg=true)](https://ci.appveyor.com/project/npm/ssri) [![Coverage Status](https://coveralls.io/repos/github/npm/ssri/badge.svg?branch=latest)](https://coveralls.io/github/npm/ssri?branch=latest)
 This is useful when an integrity value may be upgraded with a stronger
-algorithm, you wish to prevent accidentally supressing integrity errors by
+algorithm, you wish to prevent accidentally suppressing integrity errors by
 overwriting the expected integrity value.
@@ -202,0 +202,0 @@

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Lines of code

452

increased by6.35%

Worsened metrics

Total package byte prevSize

36854

decreased by-21.43%

Number of package files

4

decreased by-20%

Number of medium supply chain risk alerts

2

increased by100%

No dependency changes