workerd - npm Package Compare versions

Comparing version 0.0.1 to 1.20220926.0

package.json

 {
   "name": "workerd",
-  "description": "",
-  "author": "",
-  "version": "0.0.1",
+  "description": "👷 workerd, Cloudflare's JavaScript/Wasm Runtime",
+  "repository": "https://github.com/cloudflare/workerd",
+  "scripts": {},
+  "main": "lib/main.js",
+  "engines": {
+    "node": ">=16"
+  },
+  "bin": {
+    "workerd": "bin/workerd"
+  },
+  "optionalDependencies": {
+    "@cloudflare/workerd-darwin-arm64": "1.20220926.0",
+    "@cloudflare/workerd-darwin-64": "1.20220926.0",
+    "@cloudflare/workerd-linux-arm64": "1.20220926.0",
+    "@cloudflare/workerd-linux-64": "1.20220926.0"
+  },
   "license": "Apache-2.0",
-  "main": "worker.js" 
+  "version": "1.20220926.0"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 2 instances in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

No contributors or author data

Maintenance

Package does not specify a list of contributors or an author in package.json.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Empty package

Supply chain risk

Package does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.

Found 1 instance in 1 package

No README

Quality

Package does not have a README. This may indicate a failed publish or a low quality package.

Found 1 instance in 1 package

No repository

Supply chain risk

Package does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

19317

increased by14315.67%

Number of package files

5

increased by400%

Lines of code

354

increased byInfinity%

Number of low quality alerts

1

decreased by-50%

Number of medium quality alerts

0

decreased by-100%

Number of lines in readme file

7

increased byInfinity%

Worsened metrics

Dependency count

4

increased byInfinity%

Number of low supply chain risk alerts

8

increased by700%

Number of medium supply chain risk alerts

6

increased by500%

No dependency changes