twilio-sync
Advanced tools
Comparing version 0.0.1-security to 0.2.6
{ | ||
"name": "twilio-sync", | ||
"version": "0.0.1-security", | ||
"description": "", | ||
"main": "index.js", | ||
"version": "0.2.6", | ||
"description": "Twilio Sync client library", | ||
"main": "lib/index.js", | ||
"directories": { | ||
"test": "test" | ||
}, | ||
"scripts": { | ||
"test": "echo \"Error: no test specified\" && exit 1" | ||
"test": "gulp unit-test" | ||
}, | ||
"repository": { | ||
"type": "git", | ||
"url": "git+https://github.com/npm/security-holder.git" | ||
"author": "Twilio", | ||
"license": "MIT", | ||
"dependencies": { | ||
"event-to-promise": "^0.7.0", | ||
"loglevel": "^1.4.1", | ||
"platform": "^1.3.1", | ||
"twilio-notifications": "^0.1.6", | ||
"twilio-transport": "^0.0.2", | ||
"twilsock": "^0.1.11", | ||
"uuid": "^2.0.2" | ||
}, | ||
"keywords": [], | ||
"author": "", | ||
"license": "ISC", | ||
"bugs": { | ||
"url": "https://github.com/npm/security-holder/issues" | ||
}, | ||
"homepage": "https://github.com/npm/security-holder#readme" | ||
"devDependencies": { | ||
"babel-eslint": "^6.1.2", | ||
"babel-plugin-transform-object-assign": "^6.8.0", | ||
"babel-preset-es2015": "^6.9.0", | ||
"babelify": "^7.3.0", | ||
"backoff": "^2.5.0", | ||
"browserify": "^13.1.0", | ||
"chai": "^3.5.0", | ||
"chai-as-promised": "^5.3.0", | ||
"cheerio": "^0.20.0", | ||
"del": "^2.2.1", | ||
"gulp": "^3.9.1", | ||
"gulp-eslint": "^3.0.1", | ||
"gulp-exit": "0.0.2", | ||
"gulp-insert": "^0.5.0", | ||
"gulp-istanbul": "^1.0.0", | ||
"gulp-mocha": "^2.2.0", | ||
"gulp-rename": "^1.2.2", | ||
"gulp-replace": "^0.5.4", | ||
"gulp-tap": "^0.1.3", | ||
"gulp-uglify": "^1.5.4", | ||
"gulp-util": "^3.0.7", | ||
"ink-docstrap": "^1.2.1", | ||
"jsdoc": "^3.4.0", | ||
"jsdoc-babel": "^0.2.1", | ||
"jsonwebtoken": "^7.1.6", | ||
"mocha.parallel": "^0.12.0", | ||
"run-sequence": "^1.2.2", | ||
"sinon": "^1.17.5", | ||
"sinon-as-promised": "^4.0.2", | ||
"sinon-chai": "^2.8.0", | ||
"twilio": "^3.3.0-edge", | ||
"twilio-common": "^0.1.5", | ||
"underscore": "^1.8.3", | ||
"vinyl-buffer": "^1.0.0", | ||
"vinyl-source-stream": "^1.1.0" | ||
} | ||
} |
@@ -1,9 +0,26 @@ | ||
# Security holding package | ||
Twilio Sync JavaScript client library | ||
=============== | ||
Sync library provides a set of primitives for data synchronization | ||
This package name is not currently in use, but was formerly occupied | ||
by another package. To avoid malicious use, npm is hanging on to the | ||
package name, but loosely, and we'll probably give it to you if you | ||
want it. | ||
Using Sync Library | ||
============= | ||
You may adopt this package by contacting support@npmjs.com and | ||
requesting the name. | ||
## Include library ## | ||
To use this library you will need an AccessManager from Twilio Common library. | ||
You may include it from CDN: | ||
``` | ||
<script src="https://media.twiliocdn.com/sdk/js/common/v0.1/twilio-common.js"></script> | ||
``` | ||
Then include datasync lib on your page | ||
``` | ||
<script type="text/javascript" src="https://media.twiliocdn.com/sdk/js/sync/v0.2/twilio-sync.js"></script> | ||
``` | ||
## Instantiate library ## | ||
And now you can start using Sync library | ||
``` | ||
var accessManager = new Twilio.AccessManager(token); | ||
var client = new Twilio.Sync.Client(accessManager); | ||
``` | ||
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 2 instances in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 2 instances in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 4 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
High entropy strings
Supply chain riskContains high entropy strings. This could be a sign of encrypted data, leaked secrets or obfuscated code.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Minified code
QualityThis package contains minified code. This may be harmless in some cases where minified code is included in packaged libraries, however packages on npm should not minify code.
Found 1 instance in 1 package
Mixed license
License(Experimental) Package contains multiple licenses.
Found 1 instance in 1 package
No bug tracker
MaintenancePackage does not have a linked bug tracker in package.json.
Found 1 instance in 1 package
No repository
Supply chain riskPackage does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.
Found 1 instance in 1 package
No website
QualityPackage does not have a website.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Empty package
Supply chain riskPackage does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.
Found 1 instance in 1 package
No contributors or author data
MaintenancePackage does not specify a list of contributors or an author in package.json.
Found 1 instance in 1 package
No tests
QualityPackage does not have any tests. This is a strong signal of a poorly maintained or low quality package.
Found 1 instance in 1 package
3378319
68
53311
27
7
35
1
3
37
25
+ Addedevent-to-promise@^0.7.0
+ Addedloglevel@^1.4.1
+ Addedplatform@^1.3.1
+ Addedtwilio-notifications@^0.1.6
+ Addedtwilio-transport@^0.0.2
+ Addedtwilsock@^0.1.11
+ Addeduuid@^2.0.2
+ Addedbackoff@2.5.0(transitive)
+ Addedbottleneck@1.16.0(transitive)
+ Addedevent-to-promise@0.7.0(transitive)
+ Addediconv-lite@0.4.24(transitive)
+ Addedjavascript-state-machine@2.4.0(transitive)
+ Addedloglevel@1.9.2(transitive)
+ Addedoptions@0.0.6(transitive)
+ Addedplatform@1.3.6(transitive)
+ Addedprecond@0.2.3(transitive)
+ Addedsafer-buffer@2.1.2(transitive)
+ Addedtwilio-notifications@0.1.7(transitive)
+ Addedtwilio-transport@0.0.2(transitive)
+ Addedtwilsock@0.1.11(transitive)
+ Addedultron@1.0.2(transitive)
+ Addedurlencode@1.1.0(transitive)
+ Addeduuid@2.0.3(transitive)
+ Addedws@1.1.5(transitive)
+ Addedxmlhttprequest@1.8.0(transitive)