All @blueprintjs/select versions
@blueprintjs/select @6.1.11
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
40
Risk Score
—
License
No
Install Scripts
5
Dependencies
12
Dev Dependencies
328.1 KB
Package Size
Published
Maintainers
blueprintjs
Keywords
palantirblueprintcomponentsselectselect2querymultiselectsuggesttypeaheadui
Dependencies (5)
| Package | Constraint | Registry Status |
|---|---|---|
| tslib | ~2.6.2 | auto_approved |
| classnames | ^2.3.1 | auto_approved |
| @blueprintjs/core | ^6.13.0 | rejected |
| @blueprintjs/icons | ^6.10.0 | needs_review |
| @blueprintjs/colors | ^5.1.16 | auto_approved |
Dev Dependencies (12)
| Package | Constraint | Registry Status |
|---|---|---|
| react | ^18.3.1 | auto_approved |
| enzyme | ^3.11.0 | auto_approved |
| vitest | 4.0.7 | pending |
| react-dom | ^18.3.1 | auto_approved |
| typescript | ~5.9.3 | auto_approved |
| npm-run-all | ^4.1.5 | auto_approved |
| webpack-cli | ^5.1.4 | pending |
| normalize.css | ^8.0.1 | auto_approved |
| @vitejs/plugin-react | ^5.1.0 | auto_approved |
| @blueprintjs/test-commons | ^4.0.4 | Not imported |
| @blueprintjs/stylelint-plugin | ^5.2.3 | Not imported |
| @blueprintjs/node-build-scripts | ^10.0.0 | Not imported |
Transitive Dependency Tree
5 transitive deps
max depth 2
├─
@blueprintjs/colors
^5.1.16
→ 5.1.16
├─
@blueprintjs/core
^6.13.0
├─
@blueprintjs/icons
^6.10.0
├─
classnames
^2.3.1
→ 2.5.1
├─
tslib
~2.6.2
→ 2.6.3
├─
tslib
~2.6.2
→ 2.6.3
Changes from v6.1.9
Dependency Changes
| Change | Package | Version |
|---|---|---|
| changed | @blueprintjs/core | ^6.12.0 → ^6.13.0 |
| changed | @blueprintjs/icons | ^6.9.0 → ^6.10.0 |
File Changes
0 added
0 removed
5 modified
size delta: +1.3 KB
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
publisher-changed |
provenance | reject | AI | AI (provenance): Publisher changed from blueprintjs to an unknown CircleCI account with no history, combined with 405-day dormancy — strong account-takeover signal that generalizes until publisher identity is verified. |
SAST Findings (2)
CRITICAL
Publisher changed: blueprintjs → CircleCI (on 2026-05-13)
provenance
[Always reject] This version was published by a different npm account than previous versions on 2026-05-13. This could indicate a legitimate maintainer transition or an account compromise.
INFO
No provenance attestation
provenance
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
Review Summary
Risk score: 40. Findings: 1 critical (+40), 2 info (+0).
Published to npm: