twilio-sync - npm Package Compare versions

Comparing version 0.0.1-security to 0.2.6

package.json

 {
   "name": "twilio-sync",
-  "version": "0.0.1-security",
-  "description": "",
-  "main": "index.js",
+  "version": "0.2.6",
+  "description": "Twilio Sync client library",
+  "main": "lib/index.js",
+  "directories": {
+    "test": "test"
+  },
   "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "test": "gulp unit-test"
   },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/npm/security-holder.git"
+  "author": "Twilio",
+  "license": "MIT",
+  "dependencies": {
+    "event-to-promise": "^0.7.0",
+    "loglevel": "^1.4.1",
+    "platform": "^1.3.1",
+    "twilio-notifications": "^0.1.6",
+    "twilio-transport": "^0.0.2",
+    "twilsock": "^0.1.11",
+    "uuid": "^2.0.2"
   },
-  "keywords": [],
-  "author": "",
-  "license": "ISC",
-  "bugs": {
-    "url": "https://github.com/npm/security-holder/issues"
-  },
-  "homepage": "https://github.com/npm/security-holder#readme"
+  "devDependencies": {
+    "babel-eslint": "^6.1.2",
+    "babel-plugin-transform-object-assign": "^6.8.0",
+    "babel-preset-es2015": "^6.9.0",
+    "babelify": "^7.3.0",
+    "backoff": "^2.5.0",
+    "browserify": "^13.1.0",
+    "chai": "^3.5.0",
+    "chai-as-promised": "^5.3.0",
+    "cheerio": "^0.20.0",
+    "del": "^2.2.1",
+    "gulp": "^3.9.1",
+    "gulp-eslint": "^3.0.1",
+    "gulp-exit": "0.0.2",
+    "gulp-insert": "^0.5.0",
+    "gulp-istanbul": "^1.0.0",
+    "gulp-mocha": "^2.2.0",
+    "gulp-rename": "^1.2.2",
+    "gulp-replace": "^0.5.4",
+    "gulp-tap": "^0.1.3",
+    "gulp-uglify": "^1.5.4",
+    "gulp-util": "^3.0.7",
+    "ink-docstrap": "^1.2.1",
+    "jsdoc": "^3.4.0",
+    "jsdoc-babel": "^0.2.1",
+    "jsonwebtoken": "^7.1.6",
+    "mocha.parallel": "^0.12.0",
+    "run-sequence": "^1.2.2",
+    "sinon": "^1.17.5",
+    "sinon-as-promised": "^4.0.2",
+    "sinon-chai": "^2.8.0",
+    "twilio": "^3.3.0-edge",
+    "twilio-common": "^0.1.5",
+    "underscore": "^1.8.3",
+    "vinyl-buffer": "^1.0.0",
+    "vinyl-source-stream": "^1.1.0"
+  }
 }

README.md

@@ -1,9 +0,26 @@
-# Security holding package
+Twilio Sync JavaScript client library
+===============
+Sync library provides a set of primitives for data synchronization
 
-This package name is not currently in use, but was formerly occupied
-by another package. To avoid malicious use, npm is hanging on to the
-package name, but loosely, and we'll probably give it to you if you
-want it.
+Using Sync Library
+=============
 
-You may adopt this package by contacting support@npmjs.com and
-requesting the name.
+## Include library ##
+To use this library you will need an AccessManager from Twilio Common library.
+You may include it from CDN:
+```
+<script src="https://media.twiliocdn.com/sdk/js/common/v0.1/twilio-common.js"></script>
+```
+
+Then include datasync lib on your page
+```
+<script type="text/javascript" src="https://media.twiliocdn.com/sdk/js/sync/v0.2/twilio-sync.js"></script>
+```
+
+## Instantiate library ##
+And now you can start using Sync library
+```
+var accessManager = new Twilio.AccessManager(token);
+var client = new Twilio.Sync.Client(accessManager);
+```
+

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 2 instances in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 2 instances in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 4 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

High entropy strings

Supply chain risk

Contains high entropy strings. This could be a sign of encrypted data, leaked secrets or obfuscated code.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Minified code

Quality

This package contains minified code. This may be harmless in some cases where minified code is included in packaged libraries, however packages on npm should not minify code.

Found 1 instance in 1 package

Mixed license

License

(Experimental) Package contains multiple licenses.

Found 1 instance in 1 package

No bug tracker

Maintenance

Package does not have a linked bug tracker in package.json.

Found 1 instance in 1 package

No repository

Supply chain risk

Package does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.

Found 1 instance in 1 package

No website

Quality

Package does not have a website.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Empty package

Supply chain risk

Package does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.

Found 1 instance in 1 package

No contributors or author data

Maintenance

Package does not specify a list of contributors or an author in package.json.

Found 1 instance in 1 package

No tests

Quality

Package does not have any tests. This is a strong signal of a poorly maintained or low quality package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

3378319

increased by420612.2%

Number of package files

68

increased by3300%

Lines of code

53311

increased byInfinity%

Number of lines in readme file

27

increased by170%

Worsened metrics

Dependency count

7

increased byInfinity%

Dev dependency count

35

increased byInfinity%

Number of low license alerts

1

increased byInfinity%

Number of low quality alerts

3

increased by50%

Number of low supply chain risk alerts

37

increased byInfinity%

Number of medium supply chain risk alerts

25

increased by2400%

Dependency changes

• + Addedevent-to-promise@^0.7.0

• + Addedloglevel@^1.4.1

• + Addedplatform@^1.3.1

• + Addedtwilio-notifications@^0.1.6

• + Addedtwilio-transport@^0.0.2

• + Addedtwilsock@^0.1.11

• + Addeduuid@^2.0.2

• + Addedbackoff@2.5.0(transitive)

• + Addedbottleneck@1.16.0(transitive)

• + Addedevent-to-promise@0.7.0(transitive)

• + Addediconv-lite@0.4.24(transitive)

• + Addedjavascript-state-machine@2.4.0(transitive)

• + Addedloglevel@1.9.2(transitive)

• + Addedoptions@0.0.6(transitive)

• + Addedplatform@1.3.6(transitive)

• + Addedprecond@0.2.3(transitive)

• + Addedsafer-buffer@2.1.2(transitive)

• + Addedtwilio-notifications@0.1.7(transitive)

• + Addedtwilio-transport@0.0.2(transitive)

• + Addedtwilsock@0.1.11(transitive)

• + Addedultron@1.0.2(transitive)

• + Addedurlencode@1.1.0(transitive)

• + Addeduuid@2.0.3(transitive)

• + Addedws@1.1.5(transitive)

• + Addedxmlhttprequest@1.8.0(transitive)