fraxken
commented
1 year ago Hello @ljharb
Major 2.x add support to resolve the repository directly from NPM registry (using packument).
const resultFromNpm = await scorecard.result("@nodesecure/scanner");
console.log(resultFromNpm);You can disable this behavior with the resolveOnNpmRegistry option
const data = await scorecard.result("NodeSecure/scanner", {
resolveOnNpmRegistry: false
});
console.log(data);Major 3 should work the same but it add support for new Scorecard platform like gitlab. We had to refactor quite a lot of codes so we released a major by safety.
ljharb
I'm looking at the comparison between v1 and v2 and v3, but I can't figure out what changes were breaking - they all look semver-minor at best. Can you help me understand what I'd need to check for when updating?