theme-bump - npm Package Compare versions

Comparing version 0.0.1 to 1.0.0

package.json

 {
   "name": "theme-bump",
-  "version": "0.0.1",
-  "description": "",
+  "version": "1.0.0",
+  "description": "Bump the version of Zen Garden themes in Creative Exchange",
+  "repository": "git://github.com/mateuszluczak/theme-bump.git",
   "main": "index.js",
@@ -9,5 +10,14 @@ "scripts": {
   },
+  "bin": {
+    "bump": "bin/theme-bump"
+  },
   "keywords": [],
   "author": "Mateusz Luczak <mateusz.luczak@outlook.com>",
-  "license": "MIT"
+  "license": "MIT",
+  "dependencies": {
+    "chalk": "^2.4.1",
+    "commander": "^2.15.1",
+    "lodash.difference": "^4.5.0",
+    "semver": "^5.5.0"
+  }
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Empty package

Supply chain risk

Package does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.

Found 1 instance in 1 package

No README

Quality

Package does not have a README. This may indicate a failed publish or a low quality package.

Found 1 instance in 1 package

No repository

Supply chain risk

Package does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

4807

increased by256.6%

Number of package files

5

increased by66.67%

Lines of code

82

increased byInfinity%

Number of low quality alerts

2

decreased by-33.33%

Number of medium quality alerts

1

decreased by-50%

Number of lines in readme file

3

increased byInfinity%

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Dependency count

4

increased byInfinity%

Number of low supply chain risk alerts

3

increased by200%

Dependency changes

• + Addedchalk@^2.4.1

• + Addedcommander@^2.15.1

• + Addedlodash.difference@^4.5.0

• + Addedsemver@^5.5.0

• + Addedansi-styles@3.2.1(transitive)

• + Addedchalk@2.4.2(transitive)

• + Addedcolor-convert@1.9.3(transitive)

• + Addedcolor-name@1.1.3(transitive)

• + Addedcommander@2.20.3(transitive)

• + Addedescape-string-regexp@1.0.5(transitive)

• + Addedhas-flag@3.0.0(transitive)

• + Addedlodash.difference@4.5.0(transitive)

• + Addedsemver@5.7.2(transitive)

• + Addedsupports-color@5.5.0(transitive)