All @antv/x6-react-components versions
@antv/x6-react-components @2.1.9
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
100
Risk Score
—
License
Yes
Install Scripts
7
Dependencies
8
Dev Dependencies
388.7 KB
Package Size
Published
Maintainers
lviseifreestyle21soundquietelaine.q.10sturubysakuya223serializedowenxdzhaoyangzhanmeiwjgogogoleungwensendoriiaaronyardsimaqdxq613intchoussusan_annjinke.lilzxuearmy8735atoolbaizndengfupingneoddishjeffy2012zqluafc163pomelo-nwukopiluwakyccnuzindexpanyuqibubkoozengyuekasmineboyu.zljl1ud0ngq1newbyvectorwinniexingchenlulikn9117xdddstsemious2020esoranadia_liubbsqqmxz96102openwaynepearminipddpdyiqianyaozhanbacxxxxxnlaixingui.lxgsusiwen8yanxiongzeyuwangrainy25ghzzhangjunjie-lokiflash1yisi.wangdreammy23biupiubiupiubasketduckxuying1027banxuanpearl_wangbqxbqxbqxalex_zjtduxinyue023wang1212leondt1gaofuhong
Keywords
componentcomponentsreact-componentsx6x6-editoreditoruiantv
Dependencies (7)
| Package | Constraint | Registry Status |
|---|---|---|
| clamp | ^1.0.1 | auto_approved |
| rc-util | ^4.15.7 | auto_approved |
| classnames | ^2.2.6 | auto_approved |
| rc-dropdown | ^3.0.0-alpha.0 | auto_approved |
| react-color | 2.19.3 | auto_approved |
| ua-parser-js | ^0.7.20 | auto_approved |
| react-resize-detector | ^7.0.0 | auto_approved |
Dev Dependencies (8)
| Package | Constraint | Registry Status |
|---|---|---|
| antd | ^5.0.3 | No greenflagged match |
| react | ^18.0.0 | auto_approved |
| react-dom | ^18.0.0 | auto_approved |
| @types/react | ^18.0.0 | auto_approved |
| @types/react-dom | ^18.0.9 | auto_approved |
| @types/react-color | ^3.0.1 | auto_approved |
| @types/ua-parser-js | ^0.7.33 | auto_approved |
| @types/react-resize-detector | ^6.1.0 | Not imported |
Transitive Dependency Tree
27 transitive deps
max depth 4
├─
clamp
^1.0.1
→ 1.0.1
├─
classnames
^2.2.6
→ 2.5.1
├─
rc-dropdown
^3.0.0-alpha.0
→ 3.6.2
├─
rc-util
^4.15.7
→ 4.21.1
├─
react-color
2.19.3
→ 2.19.3
├─
react-resize-detector
^7.0.0
→ 7.1.2
├─
ua-parser-js
^0.7.20
→ 0.7.39
├─
@babel/runtime
^7.10.1
→ 7.29.7
├─
@icons/material
^0.2.4
→ 0.2.4
├─
add-dom-event-listener
^1.1.0
→ 1.1.0
├─
lodash
^4.17.15
→ 4.18.1
├─
lodash-es
^4.17.15
→ 4.18.1
├─
material-colors
^1.2.1
→ 1.2.6
├─
prop-types
^15.5.10
→ 15.8.1
├─
rc-trigger
^5.0.4
→ 5.3.4
├─
react-is
^16.12.0
→ 16.13.1
├─
react-lifecycles-compat
^3.0.4
→ 3.0.4
├─
reactcss
^1.2.0
→ 1.2.3
├─
shallowequal
^1.1.0
→ 1.1.0
├─
tinycolor2
^1.4.1
→ 1.6.0
├─
loose-envify
^1.4.0
→ 1.4.0
├─
object-assign
^4.1.1
→ 4.1.1
├─
rc-align
^4.0.0
→ 4.0.15
├─
rc-motion
^2.0.0
→ 2.9.5
├─
dom-align
^1.7.0
├─
js-tokens
^3.0.0 || ^4.0.0
→ 4.0.0
├─
resize-observer-polyfill
^1.5.1
Changes from v2.0.9
Dependency Changes
Script Changes
+ preinstallFile Changes
1 added
0 removed
1 modified
size delta: +486.9 KB
Risk Dispositions (0 applicable to this version, 4 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
Show 4 disposition(s) that do not match any finding on this version
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
install-script:preinstall |
install-scripts | reject | AI | AI (install-scripts): Preinstall executes obfuscated index.js; malicious payload delivery mechanism. | |
obfuscated-file:index.js |
source-diff | reject | AI | AI (source-diff): Newly added heavily obfuscated file is the malicious payload. | |
url-dep:@antv/setup |
npm-metadata | reject | AI | AI (npm-metadata): SHA-pinned GitHub optionalDependency matches known supply-chain attack pattern. | |
publisher-changed |
provenance | reject | AI | AI (provenance): Publisher change after years of dormancy strongly indicates account takeover. |
Review Summary
Risk score: 100 (capped from 248). Findings: 9 high (+225), 2 medium (+20), 1 low (+3).
Published to npm: