ufo - npm Package Compare versions

Comparing version 0.1.5 to 0.5.2

package.json

 {
-    "name": "ufo",
-    "version": "0.1.5",
-    "description": "UFO is a develope environment for front-end developer",
-    "author": "UFO Team of Sogou-inc.",
-    "contributors": [
-        "Zheng Xin <zhengxin@sogou-inc.com>"
-    ],
-    "dependencies": {
-        "express": "2.5.9",
-        "request": "2.9.202",
-        "colors":"0.6.0",
-        "requirejs":"2.0.1"
+  "name": "ufo",
+  "version": "0.5.2",
+  "description": "URL utils for humans",
+  "repository": "nuxt-contrib/ufo",
+  "license": "MIT",
+  "sideEffects": false,
+  "exports": {
+    ".": {
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.js"
     },
-    "keywords": [
-        "framework",
-        "webapp"
-    ],
-    "main": "lib/index",
-    "bin": {
-        "ufo": "bin/ufo"
-    },
-    "engines": {
-        "node": ">= 0.4.0 < 0.7.0",
-        "npm": ">= 1.0.0"
-    },
-    "devDependencies": {},
-    "homepage": "",
-    "repository": {
-        "type": "git",
-        "url": "git://github.com/sogou-ufo/ufo.git"
-    },
-    "bugs": {
-        "url": "https://github.com/sogou-ufo/ufo/issues"
-    },
-    "scripts": {
-        "start": "ufo start",
-        "test": "ufo test"
-    }
+    "./": "./"
+  },
+  "main": "dist/index.js",
+  "module": "dist/index.mjs",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "siroc build",
+    "lint": "eslint --ext .ts .",
+    "release": "yarn test && yarn build && standard-version && git push --follow-tags && npm publish",
+    "test": "yarn lint && jest"
+  },
+  "dependencies": {},
+  "devDependencies": {
+    "@nuxtjs/eslint-config-typescript": "latest",
+    "@types/flat": "latest",
+    "@types/jest": "latest",
+    "@types/node": "latest",
+    "eslint": "latest",
+    "jest": "latest",
+    "siroc": "latest",
+    "standard-version": "latest",
+    "ts-jest": "latest",
+    "typescript": "latest"
+  }
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Deprecated

Maintenance

The maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

No contributors or author data

Maintenance

Package does not specify a list of contributors or an author in package.json.

Found 1 instance in 1 package

No bug tracker

Maintenance

Package does not have a linked bug tracker in package.json.

Found 1 instance in 1 package

No repository

Supply chain risk

Package does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.

Found 1 instance in 1 package

No website

Quality

Package does not have a website.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Deprecated

Maintenance

The maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.

Found 1 instance in 1 package

No README

Quality

Package does not have a README. This may indicate a failed publish or a low quality package.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 2 instances in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

No License Found

License

(Experimental) License information could not be found.

Found 1 instance in 1 package

Improved metrics

Dependency count

0

decreased by-100%

Number of low license alerts

0

decreased by-100%

Number of medium quality alerts

0

decreased by-100%

Number of lines in readme file

138

increased byInfinity%

Number of low supply chain risk alerts

1

decreased by-91.67%

Number of medium supply chain risk alerts

2

decreased by-75%

Worsened metrics

Total package byte prevSize

36149

decreased by-96.86%

Dev dependency count

10

increased byInfinity%

Number of package files

7

decreased by-78.12%

Lines of code

830

decreased by-80.29%

Number of low maintenance alerts

2

increased byInfinity%

Dependency changes

• - Removedcolors@0.6.0

• - Removedexpress@2.5.9

• - Removedrequest@2.9.202

• - Removedrequirejs@2.0.1

• - Removedcolors@0.6.0(transitive)

• - Removedconnect@1.9.2(transitive)

• - Removedexpress@2.5.9(transitive)

• - Removedformidable@1.0.17(transitive)

• - Removedmime@1.2.4(transitive)

• - Removedmkdirp@0.3.0(transitive)

• - Removedqs@0.4.2(transitive)

• - Removedrequest@2.9.202(transitive)

• - Removedrequirejs@2.0.1(transitive)