xlsx-parse-stream
Advanced tools
Comparing version 1.0.3 to 1.1.0
{ | ||
"name": "xlsx-parse-stream", | ||
"version": "1.0.3", | ||
"version": "1.1.0", | ||
"description": "Streaming XLSX parser for node ", | ||
@@ -23,3 +23,3 @@ "main": "index.js", | ||
"exceljs": "github:yocontra/exceljs#fix-streams", | ||
"unzipper": "github:kinolaev/node-unzipper#patch-1" | ||
"unzipper": "github:ZJONSSON/node-unzipper" | ||
}, | ||
@@ -29,7 +29,7 @@ "devDependencies": { | ||
"get-stream": "^6.0.0", | ||
"mocha": "^8.0.0", | ||
"mocha": "^10.0.0", | ||
"should": "^13.0.0" | ||
}, | ||
"resolutions": { | ||
"unzipper": "github:kinolaev/node-unzipper#patch-1" | ||
"unzipper": "github:ZJONSSON/node-unzipper" | ||
}, | ||
@@ -36,0 +36,0 @@ "engines": { |
GitHub dependency
Supply chain riskContains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
GitHub dependency
Supply chain riskContains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
0
4831195