New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
victory-candlestick
Advanced tools
victory-candlestick - npm Package Compare versions
Comparing version 34.2.1 to 34.2.2
| { | ||
| "name": "victory-candlestick", | ||
| "version": "34.2.1", | ||
| "version": "34.2.2", | ||
| "description": "Candlestick Component for Victory", | ||
@@ -24,3 +24,3 @@ "keywords": [ | ||
| "prop-types": "^15.5.8", | ||
| "victory-core": "^34.2.1" | ||
| "victory-core": "^34.2.2" | ||
| }, | ||
@@ -27,0 +27,0 @@ "scripts": { |
Sorry, the diff of this file is too big to display
Fixed alerts
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.35%
1314425
- Lines of code
- increased by0.25%
9159
- Number of low supply chain risk alerts
- decreased by-97.75%
4
- Number of medium supply chain risk alerts
- decreased by-99.44%
2
Dependency changes
Updatedvictory-core@^34.2.2