All @antv/g2-plugin-slider versions

@antv/g2-plugin-slider @2.2.1

rejected
This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.
100
Risk Score
License
Yes
Install Scripts
0
Dependencies
19
Dev Dependencies
194.1 KB
Package Size
Published

A datazoom slider plugin for G2.

Maintainers

lviseifreestyle21soundquietelaine.q.10sturubysakuya223serializedowenxdzhaoyangzhanmeiwjgogogoleungwensendoriiaaronyardsimaqdxq613intchoussusan_annjinke.lilzxuearmy8735atoolbaizndengfupingneoddishjeffy2012zqluafc163pomelo-nwukopiluwakyccnuzindexpanyuqibubkoozengyuekasmineboyu.zljl1ud0ngq1newbyvectorwinniexingchenlulikn9117xdddstsemious2020esoranadia_liubbsqqmxz96102openwaynepearminipddpdyiqianyaozhanbacxxxxxnlaixingui.lxgsusiwen8yanxiongzeyuwangrainy25ghzzhangjunjie-lokiflash1yisi.wangdreammy23biupiubiupiubasketduckxuying1027banxuanpearl_wangbqxbqxbqxalex_zjtduxinyue023wang1212leondt1gaofuhong

Keywords

g2sliderplugindatazoom

Dev Dependencies (19)

PackageConstraintRegistry Status
chai ~4.0.1 auto_approved
eslint ~3.19.0 auto_approved
jquery ~3.3.1 No greenflagged match
shelljs ~0.7.8 No greenflagged match
torchjs ~2.1.0 Not imported
webpack ~3.4.1 auto_approved
@antv/g2 ~3.2.8 auto_approved
electron ~1.8.2-beta5 auto_approved
uglify-js ~3.0.15 auto_approved
pre-commit ~1.2.2 auto_approved
@babel/core ~7.0.0 auto_approved
babel-eslint ~7.2.3 auto_approved
babel-loader ~8.0.0 No greenflagged match
@antv/data-set ~0.9.6 No greenflagged match
event-simulate ~1.0.0 Not imported
@babel/preset-env ~7.0.0 auto_approved
eslint-config-egg ~4.2.0 auto_approved
eslint-config-airbnb ~15.0.1 auto_approved
babel-plugin-transform-remove-strict-mode 0.0.2 Not imported

Changes from v2.1.1

Dependency Changes

Script Changes

+ preinstall

File Changes

0 added 0 removed 2 modified size delta: +486.8 KB

Risk Dispositions (0 applicable to this version, 8 other)

Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.

Show 8 disposition(s) that do not match any finding on this version
Rule Source Disposition Author Reason
install-script:preinstall install-scripts reject AI AI (install-scripts): Preinstall runs obfuscated index.js — malicious payload delivery mechanism.
encoded-string-file:index.js source-diff reject AI AI (source-diff): Heavily obfuscated index.js added in this version; not present in prior clean releases.
semgrep:obfuscation-while-true semgrep reject AI AI (semgrep): javascript-obfuscator signature in newly added index.js.
semgrep:obfuscation-hex-functions semgrep reject AI AI (semgrep): javascript-obfuscator hex-prefixed names in newly added index.js.
semgrep:env-spread semgrep reject AI AI (semgrep): process.env spread in obfuscated code — credential exfiltration indicator.
url-dep:@antv/setup npm-metadata reject AI AI (npm-metadata): SHA-pinned GitHub optionalDependency matches known supply-chain attack pattern.
publisher-changed provenance reject AI AI (provenance): Publisher change combined with dormancy and malicious payload is account takeover.
dormant-publish publish-pattern reject AI AI (publish-pattern): 3106-day dormancy followed by malicious publish confirms account takeover scenario.

Review Summary

Risk score: 100 (capped from 293). Findings: 10 high (+250), 4 medium (+40), 1 low (+3).

Published to npm: