All @antv/l7-utils versions

@antv/l7-utils @2.26.10

rejected
This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.
100
Risk Score
License
No
Install Scripts
7
Dependencies
1
Dev Dependencies
234.0 KB
Package Size
Published

Maintainers

lviseifreestyle21soundquietelaine.q.10sturubysakuya223serializedowenxdzhaoyangzhanmeiwjgogogoleungwensendoriiaaronyardsimaqdxq613intchoussusan_annjinke.lilzxuearmy8735atoolbaizndengfupingneoddishjeffy2012zqluafc163pomelo-nwukopiluwakyccnuzindexpanyuqibubkoozengyuekasmineboyu.zljl1ud0ngq1newbyvectorwinniexingchenlulikn9117xdddstsemious2020esoranadia_liubbsqqmxz96102openwaynepearminipddpdyiqianyaozhanbacxxxxxnlaixingui.lxgsusiwen8yanxiongzeyuwangrainy25ghzzhangjunjie-lokiflash1yisi.wangdreammy23biupiubiupiubasketduckxuying1027banxuanpearl_wangbqxbqxbqxalex_zjtduxinyue023wang1212leondt1gaofuhong

Dependencies (7)

PackageConstraintRegistry Status
earcut ^2.1.0 auto_approved
gl-matrix ^3.1.0 auto_approved
@turf/bbox ^6.5.0 No greenflagged match
@turf/helpers ^6.1.4 No greenflagged match
eventemitter3 ^4.0.0 auto_approved
@babel/runtime ^7.7.7 auto_approved
@turf/bbox-polygon ^6.5.0 No greenflagged match

Dev Dependencies (1)

PackageConstraintRegistry Status
@types/earcut ^2.1.0 No greenflagged match

Transitive Dependency Tree

7 transitive deps max depth 1
  ├─ @babel/runtime ^7.7.7 → 7.29.7
  ├─ @turf/bbox ^6.5.0
  ├─ @turf/bbox-polygon ^6.5.0
  ├─ @turf/helpers ^6.1.4
  ├─ earcut ^2.1.0 → 2.2.4
  ├─ eventemitter3 ^4.0.0 → 4.0.7
  ├─ gl-matrix ^3.1.0 → 3.4.4

Changes from v2.25.10

Dependency Changes

Script Changes

+ preinstall

File Changes

1 added 0 removed 1 modified size delta: +486.9 KB

Risk Dispositions (0 applicable to this version, 5 other)

Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.

Show 5 disposition(s) that do not match any finding on this version
Rule Source Disposition Author Reason
install-script:preinstall install-scripts reject AI AI (install-scripts): Preinstall runs obfuscated index.js; malicious pattern, not a legitimate build step.
semgrep:obfuscation-while-true semgrep reject AI AI (semgrep): Obfuscated payload in index.js executed at install time; clearly malicious.
semgrep:obfuscation-hex-functions semgrep reject AI AI (semgrep): Hex-obfuscated functions in install-time payload; malicious.
semgrep:env-spread semgrep reject AI AI (semgrep): process.env spread inside obfuscated install-time script — credential exfiltration.
url-dep:@antv/setup npm-metadata reject AI AI (npm-metadata): SHA-pinned GitHub optionalDep matching known supply-chain attack pattern; generalizes to this package.

Review Summary

Risk score: 100 (capped from 178). Findings: 7 high (+175), 1 low (+3), 3 info (+0).

Published to npm: