steem - npm Package Compare versions

Comparing version 0.5.5 to 0.5.6-beta.2

package.json

 {
   "name": "steem",
-  "version": "0.5.5",
+  "version": "0.5.6-beta.2",
   "description": "Steem.js the JavaScript API for Steem blockchain",
@@ -12,3 +12,4 @@ "main": "index.js",
     "build-node": "mkdir -p ./lib && cp -r ./src/* ./lib/ && babel ./src --out-dir ./lib",
-    "prepublish": "npm run test && npm run build"
+    "prepublish": "npm run test && npm run build",
+    "postinstall": "scripts/post-install.js"
   },
@@ -40,6 +41,7 @@ "browser": {
     "bs58": "^4.0.0",
+    "buffer": "^5.0.6",
     "bytebuffer": "^5.0.1",
     "create-hash": "^1.1.2",
     "create-hmac": "^1.1.4",
-    "debug": "^2.2.0",
+    "debug": "^2.6.8",
     "detect-node": "^2.0.3",
@@ -46,0 +48,0 @@ "ecurve": "^1.0.5",

New alerts

Install scripts

Supply chain risk

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

12630536

increased by0.33%

Number of low supply chain risk alerts

8

decreased by-20%

Worsened metrics

Dependency count

14

increased by7.69%

Number of package files

51

decreased by-54.46%

Lines of code

5795

decreased by-59.23%

Number of high supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Addedbuffer@^5.0.6

• + Addedbase64-js@1.5.1(transitive)

• + Addedbuffer@5.7.1(transitive)

• + Addedieee754@1.2.1(transitive)

• Updateddebug@^2.6.8