xml-crypto - npm Package Compare versions

Comparing version 0.0.2 to 0.0.3

package.json

 {
     "name": "xml-crypto",
-    "version": "0.0.2",
+    "version": "0.0.3",
     "description": "Xml digital signature and encryption library for Node.js",
@@ -8,3 +8,3 @@ "engines": { "node": ">=0.4.0" },
     "dependencies": {
-        "xmldom": ">=0.1.1"        
+        "xmldom": "git://github.com/yaronn/xmldom.git"        
      },
@@ -11,0 +11,0 @@ "devDependencies": {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Git dependency

Supply chain risk

Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 1 instance in 1 package

Native code

Supply chain risk

Contains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.

Found 4 instances in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Native code

Supply chain risk

Contains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.

Found 3 instances in 1 package

Improved metrics

Total package byte prevSize

413199

increased by36.18%

Number of package files

61

increased by41.86%

Worsened metrics

Number of high supply chain risk alerts

1

increased byInfinity%

Number of medium supply chain risk alerts

8

increased by14.29%

Dependency changes

• - Removedxmldom@0.6.0(transitive)

• Updatedxmldom@git://github.com/yaronn/xmldom.git