@0xmonaco/types @0.2.4
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
53
Risk Score
—
License
No
Install Scripts
1
Dependencies
1
Dev Dependencies
20.2 KB
Package Size
Published
Maintainers
carsonfalconbesated
Dependencies (1)
| Package | Constraint | Registry Status |
|---|---|---|
| viem | ^2.31.7 | auto_approved |
Dev Dependencies (1)
| Package | Constraint | Registry Status |
|---|---|---|
| typescript | 5.9.2 | auto_approved |
Transitive Dependency Tree
13 transitive deps
max depth 5
├─
viem
^2.31.7
→ 2.52.0
├─
@noble/curves
1.9.1
→ 1.9.1
├─
@noble/hashes
1.8.0
→ 1.8.0
├─
@scure/bip32
1.7.0
→ 1.7.0
├─
@scure/bip39
1.6.0
→ 1.6.0
├─
abitype
1.2.3
→ 1.2.3
├─
isows
1.0.7
→ 1.0.7
├─
ox
0.14.27
→ 0.14.27
├─
ws
8.20.1
→ 8.20.1
├─
@adraffy/ens-normalize
^1.11.0
→ 1.11.1
├─
@noble/ciphers
^1.3.0
→ 1.3.0
├─
@noble/curves
~1.9.0
→ 1.9.7
├─
@noble/curves
1.9.1
→ 1.9.1
├─
@noble/hashes
~1.8.0
→ 1.8.0
├─
@noble/hashes
1.8.0
→ 1.8.0
├─
@noble/hashes
^1.8.0
→ 1.8.0
├─
@scure/base
~1.2.5
→ 1.2.6
├─
@scure/bip32
^1.7.0
→ 1.7.0
├─
@scure/bip39
^1.6.0
→ 1.6.0
├─
abitype
^1.2.3
→ 1.2.4
├─
eventemitter3
5.0.1
→ 5.0.1
├─
@noble/curves
~1.9.0
→ 1.9.7
├─
@noble/hashes
1.8.0
→ 1.8.0
├─
@noble/hashes
~1.8.0
→ 1.8.0
├─
@scure/base
~1.2.5
→ 1.2.6
├─
@noble/hashes
1.8.0
→ 1.8.0
Changes from v0.1.5
Dependency Changes
| Change | Package | Version |
|---|---|---|
| changed | viem | ^2.30.6 → ^2.31.7 |
File Changes
44 added
0 removed
32 modified
size delta: +37.6 KB
Risk Dispositions (0 applicable to this version, 1 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
Show 1 disposition(s) that do not match any finding on this version
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
regressed-provenance |
provenance | reject | AI | AI (provenance): Provenance regression on a package that previously had attestations is a strong compromise indicator; generalizes until provenance is restored. |
SAST Findings (2)
HIGH
Publisher changed: besated → carsonfalcon (on 2025-10-16)
provenance
This version was published by a different npm account than previous versions on 2025-10-16. This could indicate a legitimate maintainer transition or an account compromise.
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
Review Summary
Risk score: 53. Findings: 1 critical (+40), 1 medium (+10), 1 low (+3).
Published to npm: