swagger-ui-dist - npm Package Compare versions

Comparing version 3.17.4 to 3.17.5

package.json

 {
   "name": "swagger-ui-dist",
-  "version": "3.17.4",
+  "version": "3.17.5",
   "main": "index.js",
@@ -5,0 +5,0 @@ "repository": "git@github.com:swagger-api/swagger-ui.git",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Native code

Supply chain risk

Contains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Worsened metrics

Total package byte prevSize

11283786

decreased by-3.52%

Lines of code

8324

decreased by-24.15%

Number of low supply chain risk alerts

2

increased by100%

Number of medium supply chain risk alerts

15

increased by36.36%

No dependency changes