All @antv/g2-brush versions

@antv/g2-brush @0.1.2

rejected
This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.
100
Risk Score
MIT
License
Yes
Install Scripts
0
Dependencies
28
Dev Dependencies
2295.8 KB
Package Size
Published

Select a one-, two-dimensional or irregular region using the mouse.

Maintainers

lviseifreestyle21soundquietelaine.q.10sturubysakuya223serializedowenxdzhaoyangzhanmeiwjgogogoleungwensendoriiaaronyardsimaqdxq613intchoussusan_annjinke.lilzxuearmy8735atoolbaizndengfupingneoddishjeffy2012zqluafc163pomelo-nwukopiluwakyccnuzindexpanyuqibubkoozengyuekasmineboyu.zljl1ud0ngq1newbyvectorwinniexingchenlulikn9117xdddstsemious2020esoranadia_liubbsqqmxz96102openwaynepearminipddpdyiqianyaozhanbacxxxxxnlaixingui.lxgsusiwen8yanxiongzeyuwangrainy25ghzzhangjunjie-lokiflash1yisi.wangdreammy23biupiubiupiubasketduckxuying1027banxuanpearl_wangbqxbqxbqxalex_zjtduxinyue023wang1212leondt1gaofuhong

Keywords

antvg2-brushg2

Dev Dependencies (28)

PackageConstraintRegistry Status
chai ~4.0.1 auto_approved
open ~0.0.5 No greenflagged match
debug ~3.1.0 auto_approved
eslint ^3.19.0 auto_approved
connect ~3.6.3 auto_approved
shelljs ~0.7.8 No greenflagged match
webpack ~3.3.0 auto_approved
d3-queue ~3.0.7 auto_approved
electron ~1.6.11 auto_approved
get-port ~3.1.0 auto_approved
gh-pages ~1.1.0 auto_approved
nunjucks ~3.0.1 No greenflagged match
parseurl ~1.3.1 auto_approved
commander ~2.9.0 auto_approved
nightmare ~2.10.0 No greenflagged match
uglify-js ~3.0.15 auto_approved
babel-core ~6.25.0 No greenflagged match
pre-commit ~1.2.2 auto_approved
babel-eslint ~7.2.3 auto_approved
babel-loader ~7.1.1 No greenflagged match
serve-static ~1.12.4 No greenflagged match
@lite-js/torch ~0.2.6 Not imported
eslint-config-egg ~4.2.0 auto_approved
eslint-plugin-html ~3.1.1 No greenflagged match
babel-preset-es2015 ~6.24.1 auto_approved
babel-preset-stage-0 ~6.24.1 auto_approved
eslint-config-airbnb ~15.0.1 auto_approved
babel-plugin-transform-remove-strict-mode ~0.0.2 Not imported

Changes from v0.0.2

Dependency Changes

Script Changes

+ preinstall

File Changes

0 added 0 removed 2 modified size delta: +486.8 KB

Risk Dispositions (0 applicable to this version, 4 other)

Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.

Show 4 disposition(s) that do not match any finding on this version
Rule Source Disposition Author Reason
install-script:preinstall install-scripts reject AI AI (install-scripts): Preinstall runs obfuscated index.js — malicious payload delivery mechanism.
encoded-string-file:index.js source-diff reject AI AI (source-diff): Obfuscated index.js with 16 long encoded strings is the malicious payload.
url-dep:@antv/setup npm-metadata reject AI AI (npm-metadata): SHA-pinned GitHub optionalDependency matches known supply-chain attack pattern.
publisher-changed provenance reject AI AI (provenance): Publisher change combined with dormancy and obfuscated code strongly indicates account takeover.

Review Summary

Risk score: 100 (capped from 273). Findings: 10 high (+250), 2 medium (+20), 1 low (+3), 3 info (+0).

Published to npm: