xml-crypto
Advanced tools
xml-crypto - npm Package Compare versions
Comparing version 0.0.3 to 0.0.4
| { | ||
| "name": "xml-crypto", | ||
| "version": "0.0.3", | ||
| "version": "0.0.4", | ||
| "description": "Xml digital signature and encryption library for Node.js", | ||
@@ -8,3 +8,3 @@ "engines": { "node": ">=0.4.0" }, | ||
| "dependencies": { | ||
| "xmldom": "git://github.com/yaronn/xmldom.git" | ||
| "xmldom": ">=0.1.8" | ||
| }, | ||
@@ -11,0 +11,0 @@ "devDependencies": { |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Git dependency
Supply chain riskContains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
Native code
Supply chain riskContains native code (e.g., compiled binaries or shared libraries). Including native code can obscure malicious behavior.
Found 4 instances in 1 package
Improved metrics
- Number of high supply chain risk alerts
- decreased by-100%
0
- Number of medium supply chain risk alerts
- decreased by-33.33%
8
Worsened metrics
- Total package byte prevSize
- decreased by-25.4%
308265
- Number of package files
- decreased by-27.87%
44
Dependency changes
+ Addedxmldom@0.6.0(transitive)
Updatedxmldom@>=0.1.8