Read-pkg-up is a utility that simplifies the process of locating and reading the nearest package.json file in a directory hierarchy. Version 5.0.0, released on March 21, 2019, builds upon the functionality of the previous stable version, 4.0.0 (released June 18, 2018), with key dependency updates.
A primary difference lies in the read-pkg dependency. Version 5.0.0 utilizes read-pkg version 5.0.0, while version 4.0.0 relies on read-pkg version 3.0.0. This upgrade likely incorporates improvements and potentially breaking changes intrinsic to the read-pkg dependency itself, warranting developer awareness during migration. Moreover, the devDependencies also reflect an update, with version 5.0.0 using ava version 1.3.1 and xo version 0.24.0, compared to asterisks for both in 4.0.0, implying usage of the latest available at the time of installation.
Both versions share the same core function, license (MIT), author, and repository. They both also include find-up as a dependency for locating the package.json, though the version is the same, at ^3.0.0. While the unpacked size is similar (4320 bytes vs. 4188 bytes), the upgrade implies enhancements, bug fixes, or feature additions within the dependency chain. Upgrading is advisable to benefit from these behind-the-scenes improvements, while noting the changes in major version dependencies, particularly read-pkg as a potential source of breaking changes.
The are not vulnerabilities for the version 5.0.0 of the package read-pkg-up
