uglify-js - npm Package Compare versions

Comparing version 1.3.4 to 2.2.0

package.json

 {
-        "name"    : "uglify-js",
-
-        "description" : "JavaScript parser and compressor/beautifier toolkit",
-
-        "author"  : {
-                "name"  : "Mihai Bazon",
-                "email" : "mihai.bazon@gmail.com",
-                "url"   : "http://mihai.bazon.net/blog"
-        },
-
-        "version" : "1.3.4",
-
-        "main"    : "./uglify-js.js",
-
-        "bin"     : {
-                "uglifyjs" : "./bin/uglifyjs"
-        },
-
-        "repository": {
-                "type": "git",
-                "url": "git@github.com:mishoo/UglifyJS.git"
-        },
-
-        "devDependencies": {
-                "nodeunit": "0.7.x"
-        },
-
-        "scripts": {
-          "test": "$(which nodeunit || echo node_modules/nodeunit/bin/nodeunit) test/unit/scripts.js && test/testparser.js && test/testconsolidator.js"
-        }
+    "name": "uglify-js",
+    "description": "JavaScript parser, mangler/compressor and beautifier toolkit",
+    "homepage": "http://lisperator.net/uglifyjs",
+    "main": "tools/node.js",
+    "version": "2.2.0",
+    "engines": { "node" : ">=0.4.0" },
+    "maintainers": [{
+        "name": "Mihai Bazon",
+        "email": "mihai.bazon@gmail.com",
+        "web": "http://lisperator.net/"
+    }],
+    "repositories": [{
+        "type": "git",
+        "url": "https://github.com/mishoo/UglifyJS2.git"
+    }],
+    "dependencies": {
+        "source-map" : "~0.1.7",
+        "optimist"   : "~0.3.5"
+    },
+    "bin": {
+        "uglifyjs" : "bin/uglifyjs"
+    },
+    "scripts": {"test": "node test/run-tests.js"}
 }

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

No contributors or author data

Maintenance

Package does not specify a list of contributors or an author in package.json.

Found 1 instance in 1 package

No repository

Supply chain risk

Package does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.

Found 1 instance in 1 package

Fixed alerts

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

No website

Quality

Package does not have a website.

Found 1 instance in 1 package

Improved metrics

Dev dependency count

0

decreased by-100%

Lines of code

7693

increased by12.44%

Number of low quality alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

315095

decreased by-5.41%

Dependency count

2

increased byInfinity%

Number of package files

28

decreased by-75.86%

Number of low maintenance alerts

2

increased by100%

Number of lines in readme file

519

decreased by-12.63%

Number of medium supply chain risk alerts

2

increased byInfinity%

Dependency changes

• + Addedoptimist@~0.3.5

• + Addedsource-map@~0.1.7

• + Addedamdefine@1.0.1(transitive)

• + Addedoptimist@0.3.7(transitive)

• + Addedsource-map@0.1.43(transitive)

• + Addedwordwrap@0.0.3(transitive)