xlsx-parse-stream
Advanced tools
Comparing version 1.0.3 to 1.1.0
| { | ||
| "name": "xlsx-parse-stream", | ||
| "version": "1.0.3", | ||
| "version": "1.1.0", | ||
| "description": "Streaming XLSX parser for node ", | ||
@@ -23,3 +23,3 @@ "main": "index.js", | ||
| "exceljs": "github:yocontra/exceljs#fix-streams", | ||
| "unzipper": "github:kinolaev/node-unzipper#patch-1" | ||
| "unzipper": "github:ZJONSSON/node-unzipper" | ||
| }, | ||
@@ -29,7 +29,7 @@ "devDependencies": { | ||
| "get-stream": "^6.0.0", | ||
| "mocha": "^8.0.0", | ||
| "mocha": "^10.0.0", | ||
| "should": "^13.0.0" | ||
| }, | ||
| "resolutions": { | ||
| "unzipper": "github:kinolaev/node-unzipper#patch-1" | ||
| "unzipper": "github:ZJONSSON/node-unzipper" | ||
| }, | ||
@@ -36,0 +36,0 @@ "engines": { |
New alerts
GitHub dependency
Supply chain riskContains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
Fixed alerts
GitHub dependency
Supply chain riskContains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Number of medium supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Total package byte prevSize
4831195