All @bpmn-io/variable-resolver versions
@bpmn-io/variable-resolver @1.6.1
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
56
Risk Score
—
License
No
Install Scripts
4
Dependencies
27
Dev Dependencies
11.0 KB
Package Size
Published
Maintainers
bpmn-io-adminnikkubarmacphilippfrommemaxtruskaiir-camundavsgoulartbarinalijarekdanielakalekseymanetovsimon-steinruecken-camunda
Dependencies (4)
| Package | Constraint | Registry Status |
|---|---|---|
| min-dash | ^5.0.0 | auto_approved |
| @lezer/common | ^1.5.1 | auto_approved |
| @bpmn-io/lezer-feel | ^2.3.0 | No greenflagged match |
| @bpmn-io/extract-process-variables | ^2.1.0 | auto_approved |
Dev Dependencies (27)
| Package | Constraint | Registry Status |
|---|---|---|
| chai | ^6.2.2 | auto_approved |
| karma | ^6.4.4 | auto_approved |
| mocha | ^11.7.5 | auto_approved |
| eslint | ^9.39.2 | auto_approved |
| bpmn-js | ^18.12.0 | auto_approved |
| webpack | ^5.105.0 | auto_approved |
| cross-env | ^10.1.0 | auto_approved |
| puppeteer | ^24.36.1 | auto_approved |
| sinon-chai | ^4.0.1 | auto_approved |
| karma-mocha | ^2.0.1 | auto_approved |
| babel-loader | ^10.0.0 | No greenflagged match |
| npm-run-all2 | ^8.0.4 | auto_approved |
| karma-webpack | ^5.0.1 | auto_approved |
| karma-coverage | ^2.2.1 | auto_approved |
| zeebe-bpmn-moddle | ^1.12.0 | auto_approved |
| camunda-bpmn-moddle | ^7.0.1 | auto_approved |
| karma-debug-launcher | ^0.0.5 | Not imported |
| babel-plugin-istanbul | ^7.0.1 | auto_approved |
| eslint-plugin-bpmn-io | ^2.2.0 | Not imported |
| karma-env-preprocessor | ^0.1.1 | Not imported |
| karma-chrome-launcher-2 | ^3.3.0 | auto_approved |
| bpmn-js-properties-panel | ^5.50.1 | auto_approved |
| @bpmn-io/properties-panel | ^3.39.0 | No greenflagged match |
| bpmn-js-element-templates | ^2.20.0 | auto_approved |
| camunda-bpmn-js-behaviors | ^1.14.0 | auto_approved |
| mocha-test-container-support | ^0.2.0 | Not imported |
| @bpmn-io/element-template-chooser | ^2.1.0 | auto_approved |
Transitive Dependency Tree
4 transitive deps
max depth 2
├─
@bpmn-io/extract-process-variables
^2.1.0
→ 2.2.1
├─
@bpmn-io/lezer-feel
^2.3.0
├─
@lezer/common
^1.5.1
→ 1.5.2
├─
min-dash
^5.0.0
→ 5.0.0
├─
min-dash
^5.0.0
→ 5.0.0
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
bogus-package |
bogus-package | reject | AI | AI (bogus-package): Publisher simon-steinruecken-camunda is SPAM-FLAGGED; generalizes across versions published by this account. |
SAST Findings (1)
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
Review Summary
Risk score: 56. Findings: 1 critical (+40), 1 medium (+10), 2 low (+6).
Commit: d6e1494b1ecc
Published to npm: