terser - npm Package Compare versions

Comparing version 1.0.0 to 3.7.1

package.json

 {
   "name": "terser",
-  "version": "1.0.0",
-  "description": "",
-  "main": "index.js",
+  "description": "JavaScript parser, mangler/compressor and beautifier toolkit for ES6+",
+  "homepage": "https://github.com/fabiosantoscode/uglify-es",
+  "author": "Mihai Bazon <mihai.bazon@gmail.com> (http://lisperator.net/)",
+  "license": "BSD-2-Clause",
+  "version": "3.7.1",
+  "engines": {
+    "node": ">=0.8.0"
+  },
+  "maintainers": [
+    "Alex Lam <alexlamsl@gmail.com>",
+    "Mihai Bazon <mihai.bazon@gmail.com> (http://lisperator.net/)"
+  ],
+  "repository": "https://github.com/fabiosantoscode/uglify-es.git",
+  "main": "tools/node.js",
+  "bin": {
+    "uglifyjs": "bin/uglifyjs"
+  },
+  "files": [
+    "bin",
+    "lib",
+    "tools",
+    "LICENSE"
+  ],
+  "dependencies": {
+    "commander": "~2.14.1",
+    "source-map": "~0.6.1"
+  },
+  "devDependencies": {
+    "acorn": "~5.4.1",
+    "escodegen": "^1.9.1",
+    "mocha": "~3.5.1",
+    "semver": "~5.5.0"
+  },
   "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "test": "node test/run-tests.js"
   },
-  "author": "",
-  "license": "ISC"
+  "keywords": [
+    "uglify",
+    "uglify-es",
+    "uglify-js",
+    "minify",
+    "minifier",
+    "javascript",
+    "ecmascript",
+    "es5",
+    "es6",
+    "es7",
+    "es8",
+    "es2015",
+    "es2016",
+    "es2017",
+    "async",
+    "await"
+  ]
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Empty package

Supply chain risk

Package does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.

Found 1 instance in 1 package

No README

Quality

Package does not have a README. This may indicate a failed publish or a low quality package.

Found 1 instance in 1 package

No contributors or author data

Maintenance

Package does not specify a list of contributors or an author in package.json.

Found 1 instance in 1 package

No repository

Supply chain risk

Package does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.

Found 1 instance in 1 package

No tests

Quality

Package does not have any tests. This is a strong signal of a poorly maintained or low quality package.

Found 1 instance in 1 package

No website

Quality

Package does not have a website.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

804549

increased by398191.58%

Number of package files

21

increased by2000%

Lines of code

20516

increased byInfinity%

Number of low maintenance alerts

1

decreased by-50%

Number of low quality alerts

0

decreased by-100%

Number of medium quality alerts

0

decreased by-100%

Number of lines in readme file

1220

increased byInfinity%

Worsened metrics

Dependency count

2

increased byInfinity%

Dev dependency count

4

increased byInfinity%

Number of low supply chain risk alerts

3

increased by200%

Number of medium supply chain risk alerts

3

increased by200%

Dependency changes

• + Addedcommander@~2.14.1

• + Addedsource-map@~0.6.1

• + Addedcommander@2.14.1(transitive)

• + Addedsource-map@0.6.1(transitive)