Gathering detailed insights and metrics for lock-diff
Gathering detailed insights and metrics for lock-diff
Installations
npm install lock-diffDeveloper
mayavera
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
No
Node Version
12.13.1
NPM Version
6.13.1
Statistics
4 Stars
74 Commits
6 Forks
1 Watching
2 Branches
2 Contributors
Updated on 02 Jul 2024
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
32,886
Last day
-38.5%
16
Compared to previous day
Last week
-27.9%
101
Compared to previous week
Last month
27%
456
Compared to previous month
Last year
-52%
6,941
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
4
Versions
lock-diff
Example
1mv package-lock.json package-lock.old.json 2npm install 3lock-diff package-lock.old.json package-lock.json
Usage
Usage: lock-diff [options] <oldPath> <newPath>
Options:
-V, --version output the version number
-f, --format <format> changes the output format (default: "text")
-p, --pretty improves readability of certain output formats (default: false)
-c, --color colorizes certain output formats (default: false)
-h, --help output usage information
--format=text (default)
> lock-diff data/lodash.4-17-11.package-lock.json data/lodash.4-17-15.package-lock.json
ajv 5.5.2 -> 6.10.2
async 2.6.0 -> 2.6.3
chokidar 1.6.1 -> 1.7.0
co added
dojo 1.13.0 -> 1.15.0
ecstatic 2.2.1 -> 2.2.2
fast-deep-equal 1.1.0 -> 2.0.1
fill-range 2.2.3 -> 2.2.4
glob 7.1.2 -> 7.1.4
handlebars 4.0.11 -> 4.1.2
he 1.1.1 -> 1.2.0
jquery 3.3.1 -> 3.4.1
js-yaml 3.6.1 -> 3.13.1
json-schema-traverse 0.3.1 -> 0.4.1
lodash 4.17.3 -> 4.17.14
lodash.merge 4.6.1 -> 4.6.2
mime 1.2.11 -> 1.6.0
randomatic 1.1.7 -> 3.1.1
request 2.85.0 -> 2.88.0
requirejs 2.3.5 -> 2.3.6
stringstream added
chownr removed
deep-extend removed
fs-minipass removed
math-random removed
minipass removed
minizlib removed
neo-async removed
psl removed
rc removed
tar removed
uri-js removed
--format=json
> lock-diff data/lodash.4-17-11.package-lock.json data/lodash.4-17-15.package-lock.json --format=json
{"ajv":["5.5.2","6.10.2"],"async":["2.6.0","2.6.3"],"chokidar":["1.6.1","1.7.0"],"co":["4.6.0",null],"dojo":["1.13.0","1.15.0"],"ecstatic":["2.2.1","2.2.2"],"fast-deep-equal":["1.1.0","2.0.1"],"fill-range":["2.2.3","2.2.4"],"glob":["7.1.2","7.1.4"],"handlebars":["4.0.11","4.1.2"],"he":["1.1.1","1.2.0"],"jquery":["3.3.1","3.4.1"],"js-yaml":["3.6.1","3.13.1"],"json-schema-traverse":["0.3.1","0.4.1"],"lodash":["4.17.3","4.17.14"],"lodash.merge":["4.6.1","4.6.2"],"mime":["1.2.11","1.6.0"],"randomatic":["1.1.7","3.1.1"],"request":["2.85.0","2.88.0"],"requirejs":["2.3.5","2.3.6"],"stringstream":["0.0.5",null],"chownr":[null,"1.1.2"],"deep-extend":[null,"0.6.0"],"fs-minipass":[null,"1.2.6"],"math-random":[null,"1.0.4"],"minipass":[null,"2.3.5"],"minizlib":[null,"1.2.1"],"neo-async":[null,"2.6.1"],"psl":[null,"1.2.0"],"rc":[null,"1.2.8"],"tar":[null,"4.4.10"],"uri-js":[null,"4.2.2"]}
--format=json --pretty
> lock-diff data/lodash.4-17-11.package-lock.json data/lodash.4-17-15.package-lock.json --format=json --pretty
{
"ajv": [
"5.5.2",
"6.10.2"
],
"async": [
"2.6.0",
"2.6.3"
],
"chokidar": [
"1.6.1",
"1.7.0"
],
"co": [
"4.6.0",
null
],
"dojo": [
"1.13.0",
"1.15.0"
],
"ecstatic": [
"2.2.1",
"2.2.2"
],
"fast-deep-equal": [
"1.1.0",
"2.0.1"
],
"fill-range": [
"2.2.3",
"2.2.4"
],
"glob": [
"7.1.2",
"7.1.4"
],
"handlebars": [
"4.0.11",
"4.1.2"
],
"he": [
"1.1.1",
"1.2.0"
],
"jquery": [
"3.3.1",
"3.4.1"
],
"js-yaml": [
"3.6.1",
"3.13.1"
],
"json-schema-traverse": [
"0.3.1",
"0.4.1"
],
"lodash": [
"4.17.3",
"4.17.14"
],
"lodash.merge": [
"4.6.1",
"4.6.2"
],
"mime": [
"1.2.11",
"1.6.0"
],
"randomatic": [
"1.1.7",
"3.1.1"
],
"request": [
"2.85.0",
"2.88.0"
],
"requirejs": [
"2.3.5",
"2.3.6"
],
"stringstream": [
"0.0.5",
null
],
"chownr": [
null,
"1.1.2"
],
"deep-extend": [
null,
"0.6.0"
],
"fs-minipass": [
null,
"1.2.6"
],
"math-random": [
null,
"1.0.4"
],
"minipass": [
null,
"2.3.5"
],
"minizlib": [
null,
"1.2.1"
],
"neo-async": [
null,
"2.6.1"
],
"psl": [
null,
"1.2.0"
],
"rc": [
null,
"1.2.8"
],
"tar": [
null,
"4.4.10"
],
"uri-js": [
null,
"4.2.2"
]
}
--format=table
> lock-diff data/lodash.4-17-11.package-lock.json data/lodash.4-17-15.package-lock.json --format=json
╔══════════════════════╤═════════════╤═════════════╗
║ package │ old version │ new version ║
╟──────────────────────┼─────────────┼─────────────╢
║ ajv │ 5.5.2 │ 6.10.2 ║
╟──────────────────────┼─────────────┼─────────────╢
║ async │ 2.6.0 │ 2.6.3 ║
╟──────────────────────┼─────────────┼─────────────╢
║ chokidar │ 1.6.1 │ 1.7.0 ║
╟──────────────────────┼─────────────┼─────────────╢
║ co │ 4.6.0 │ ║
╟──────────────────────┼─────────────┼─────────────╢
║ dojo │ 1.13.0 │ 1.15.0 ║
╟──────────────────────┼─────────────┼─────────────╢
║ ecstatic │ 2.2.1 │ 2.2.2 ║
╟──────────────────────┼─────────────┼─────────────╢
║ fast-deep-equal │ 1.1.0 │ 2.0.1 ║
╟──────────────────────┼─────────────┼─────────────╢
║ fill-range │ 2.2.3 │ 2.2.4 ║
╟──────────────────────┼─────────────┼─────────────╢
║ glob │ 7.1.2 │ 7.1.4 ║
╟──────────────────────┼─────────────┼─────────────╢
║ handlebars │ 4.0.11 │ 4.1.2 ║
╟──────────────────────┼─────────────┼─────────────╢
║ he │ 1.1.1 │ 1.2.0 ║
╟──────────────────────┼─────────────┼─────────────╢
║ jquery │ 3.3.1 │ 3.4.1 ║
╟──────────────────────┼─────────────┼─────────────╢
║ js-yaml │ 3.6.1 │ 3.13.1 ║
╟──────────────────────┼─────────────┼─────────────╢
║ json-schema-traverse │ 0.3.1 │ 0.4.1 ║
╟──────────────────────┼─────────────┼─────────────╢
║ lodash │ 4.17.3 │ 4.17.14 ║
╟──────────────────────┼─────────────┼─────────────╢
║ lodash.merge │ 4.6.1 │ 4.6.2 ║
╟──────────────────────┼─────────────┼─────────────╢
║ mime │ 1.2.11 │ 1.6.0 ║
╟──────────────────────┼─────────────┼─────────────╢
║ randomatic │ 1.1.7 │ 3.1.1 ║
╟──────────────────────┼─────────────┼─────────────╢
║ request │ 2.85.0 │ 2.88.0 ║
╟──────────────────────┼─────────────┼─────────────╢
║ requirejs │ 2.3.5 │ 2.3.6 ║
╟──────────────────────┼─────────────┼─────────────╢
║ stringstream │ 0.0.5 │ ║
╟──────────────────────┼─────────────┼─────────────╢
║ chownr │ │ 1.1.2 ║
╟──────────────────────┼─────────────┼─────────────╢
║ deep-extend │ │ 0.6.0 ║
╟──────────────────────┼─────────────┼─────────────╢
║ fs-minipass │ │ 1.2.6 ║
╟──────────────────────┼─────────────┼─────────────╢
║ math-random │ │ 1.0.4 ║
╟──────────────────────┼─────────────┼─────────────╢
║ minipass │ │ 2.3.5 ║
╟──────────────────────┼─────────────┼─────────────╢
║ minizlib │ │ 1.2.1 ║
╟──────────────────────┼─────────────┼─────────────╢
║ neo-async │ │ 2.6.1 ║
╟──────────────────────┼─────────────┼─────────────╢
║ psl │ │ 1.2.0 ║
╟──────────────────────┼─────────────┼─────────────╢
║ rc │ │ 1.2.8 ║
╟──────────────────────┼─────────────┼─────────────╢
║ tar │ │ 4.4.10 ║
╟──────────────────────┼─────────────┼─────────────╢
║ uri-js │ │ 4.2.2 ║
╚══════════════════════╧═════════════╧═════════════╝
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
5 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npmpublish.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/mxweaver/lock-diff/npmpublish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npmpublish.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/mxweaver/lock-diff/npmpublish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npmpublish.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/mxweaver/lock-diff/npmpublish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npmpublish.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/mxweaver/lock-diff/npmpublish.yml/master?enable=pin
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 2 out of 2 npmCommand dependencies pinned
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 1/25 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/npmpublish.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 9 are checked with a SAST tool
Score
3.1
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More