@dazhicheng/[email protected] rejected Risk: 46 ISC 2026-04-10

@dazhicheng/hooks @1.4.26

rejected

This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.

npm Tarball

Risk Score

ISC

License

Install Scripts

Dependencies

Dev Dependencies

6.3 KB

Package Size

2026-04-10

Published

Maintainers

caoshanbiaojojo_diozzy_t

Dependencies (2)

Package	Constraint	Registry Status
vue-types	^5.1.2	No greenflagged match
@dazhicheng/utils	1.3.26	auto_approved

Transitive Dependency Tree

107 transitive deps max depth 10

├─ @dazhicheng/utils 1.3.26 → 1.3.26

├─ vue-types ^5.1.2

├─ @dazhicheng/openapi 1.1.6 → 1.1.6

├─ clsx ^2.1.1 → 2.1.1

├─ crypto-js ^4.2.0 → 4.2.0

├─ dayjs ^1.11.19 → 1.11.21

├─ decimal.js ^10.4.3 → 10.6.0

├─ defu ^6.1.4 → 6.1.7

├─ klona ^2.0.6 → 2.0.6

├─ tailwind-merge ^3.5.0 → 3.5.0

├─ chalk ^4.1.2 → 4.1.2

├─ cosmiconfig ^9.0.0 → 9.0.2

├─ glob ^7.2.3

├─ lodash-es ^4.17.21 → 4.18.1

├─ memoizee ^0.4.17 → 0.4.17

├─ mockjs ^1.1.0

├─ node-fetch ^2.7.0

├─ number-to-words ^1.2.4 → 1.2.4

├─ nunjucks ^3.2.4 → 3.2.4

├─ openapi3-ts ^2.0.2

├─ prettier ^3.6.2 → 3.8.4

├─ reserved-words ^0.1.2 → 0.1.2

├─ rimraf ^3.0.2 → 3.0.2

├─ swagger2openapi ^7.0.8 → 7.0.8

├─ tiny-pinyin ^1.3.2

├─ tsx ^4.19.4 → 4.22.4

├─ a-sync-waterfall ^1.0.0 → 1.0.1

├─ ansi-styles ^4.1.0 → 4.3.0

├─ asap ^2.0.3 → 2.0.6

├─ call-me-maybe ^1.0.1 → 1.0.2

├─ commander ^5.1.0 → 5.1.0

├─ d ^1.0.2 → 1.0.2

├─ env-paths ^2.2.1 → 2.2.1

├─ es5-ext ^0.10.64 → 0.10.64

├─ es6-weak-map ^2.0.3 → 2.0.3

├─ esbuild ~0.28.0 → 0.28.0

├─ event-emitter ^0.3.5 → 0.3.5

├─ glob ^7.1.3 → 7.1.7

├─ import-fresh ^3.3.0 → 3.3.0

├─ is-promise ^2.2.2

├─ js-yaml ^4.1.0 → 4.2.0

├─ lru-queue ^0.1.0 → 0.1.0

├─ next-tick ^1.1.0 → 1.1.0

├─ node-fetch ^2.6.1 → 2.6.13

├─ node-fetch-h2 ^2.3.0

├─ node-readfiles ^0.2.0

├─ oas-kit-common ^1.0.8 → 1.0.8

├─ oas-resolver ^2.5.6 → 2.5.6

├─ oas-schema-walker ^1.1.5 → 1.1.5

├─ oas-validator ^5.0.8 → 5.0.8

├─ parse-json ^5.2.0 → 5.2.0

├─ reftools ^1.1.9 → 1.1.9

├─ supports-color ^7.1.0 → 7.2.0

├─ timers-ext ^0.1.7 → 0.1.8

├─ yaml ^1.10.0 → 1.10.3

├─ yargs ^17.0.1 → 17.7.2

├─ @babel/code-frame ^7.0.0 → 7.29.7

├─ argparse ^2.0.1 → 2.0.1

├─ call-me-maybe ^1.0.1 → 1.0.2

├─ cliui ^8.0.1 → 8.0.1

├─ color-convert ^2.0.1

├─ d 1 → 1.0.2

├─ error-ex ^1.3.1 → 1.3.4

├─ es5-ext ~0.10.2 → 0.10.64

├─ es5-ext ^0.10.64 → 0.10.64

├─ es5-ext ^0.10.46 → 0.10.64

├─ es5-ext ~0.10.14 → 0.10.64

├─ es6-iterator ^2.0.3 → 2.0.3

├─ es6-symbol ^3.1.1 → 3.1.4

├─ es6-symbol ^3.1.3 → 3.1.4

├─ escalade ^3.1.1 → 3.2.0

├─ esniff ^2.0.1 → 2.0.1

├─ fast-safe-stringify ^2.0.7 → 2.1.1

├─ fs.realpath ^1.0.0

├─ get-caller-file ^2.0.5 → 2.0.5

├─ has-flag ^4.0.0 → 4.0.0

├─ inflight ^1.0.4

├─ inherits 2 → 2.0.4

├─ json-parse-even-better-errors ^2.3.0 → 2.3.1

├─ lines-and-columns ^1.1.6 → 1.2.4

├─ minimatch ^3.0.4 → 3.1.5

├─ next-tick ^1.1.0 → 1.1.0

├─ node-fetch-h2 ^2.3.0

├─ oas-kit-common ^1.0.8 → 1.0.8

├─ oas-linter ^3.2.2 → 3.2.2

├─ oas-resolver ^2.5.6 → 2.5.6

├─ oas-schema-walker ^1.1.5 → 1.1.5

├─ once ^1.3.0 → 1.4.0

├─ parent-module ^1.0.0 → 1.0.1

├─ path-is-absolute ^1.0.0 → 1.0.1

├─ reftools ^1.1.9 → 1.1.9

├─ require-directory ^2.1.1 → 2.1.1

├─ resolve-from ^4.0.0 → 4.0.0

├─ should ^13.2.1 → 13.2.3

├─ string-width ^4.2.3 → 4.2.3

├─ type ^2.7.2 → 2.7.3

├─ whatwg-url ^5.0.0 → 5.0.0

├─ y18n ^5.0.5 → 5.0.8

├─ yaml ^1.10.0 → 1.10.3

├─ yargs ^17.0.1 → 17.7.2

├─ yargs-parser ^21.1.1 → 21.1.1

├─ @babel/helper-validator-identifier ^7.29.7 → 7.29.7

├─ @exodus/schemasafe ^1.0.0-rc.2 → 1.3.0

├─ brace-expansion ^1.1.7 → 1.1.15

├─ callsites ^3.0.0

├─ cliui ^8.0.1 → 8.0.1

├─ d ^1.0.2 → 1.0.2

├─ d ^1.0.1 → 1.0.2

├─ d 1 → 1.0.2

├─ emoji-regex ^8.0.0

├─ es5-ext ^0.10.35 → 0.10.64

├─ es5-ext ^0.10.64 → 0.10.64

├─ es6-iterator ^2.0.3 → 2.0.3

├─ es6-symbol ^3.1.1 → 3.1.4

├─ es6-symbol ^3.1.3 → 3.1.4

├─ escalade ^3.1.1 → 3.2.0

├─ esniff ^2.0.1 → 2.0.1

├─ event-emitter ^0.3.5 → 0.3.5

├─ ext ^1.7.0 → 1.7.0

├─ fast-safe-stringify ^2.0.7 → 2.1.1

├─ get-caller-file ^2.0.5 → 2.0.5

├─ is-arrayish ^0.2.1

├─ is-fullwidth-code-point ^3.0.0

├─ js-tokens ^4.0.0 → 4.0.0

├─ next-tick ^1.1.0 → 1.1.0

├─ node-fetch-h2 ^2.3.0

├─ oas-kit-common ^1.0.8 → 1.0.8

├─ picocolors ^1.1.1 → 1.1.1

├─ reftools ^1.1.9 → 1.1.9

├─ require-directory ^2.1.1 → 2.1.1

├─ should ^13.2.1 → 13.2.3

├─ should-equal ^2.0.0 → 2.0.0

├─ should-format ^3.0.3 → 3.0.3

├─ should-type ^1.4.0 → 1.4.0

├─ should-type-adaptors ^1.0.1 → 1.1.0

├─ should-util ^1.0.0 → 1.0.1

├─ string-width ^4.2.0 → 4.2.3

├─ string-width ^4.2.3 → 4.2.3

├─ strip-ansi ^6.0.1 → 6.0.1

├─ tr46 ~0.0.3 → 0.0.3

├─ type ^2.7.2 → 2.7.3

├─ webidl-conversions ^3.0.0 → 3.0.1

├─ wrap-ansi ^7.0.0 → 7.0.0

├─ wrappy 1 → 1.0.2

├─ y18n ^5.0.5 → 5.0.8

├─ yaml ^1.10.0 → 1.10.3

├─ yargs ^17.0.1 → 17.7.2

├─ yargs-parser ^21.1.1 → 21.1.1

├─ ansi-regex ^5.0.1 → 5.0.1

├─ ansi-styles ^4.0.0 → 4.3.0

├─ balanced-match ^1.0.0 → 1.0.2

├─ cliui ^8.0.1 → 8.0.1

├─ concat-map 0.0.1 → 0.0.1

├─ d ^1.0.1 → 1.0.2

├─ d ^1.0.2 → 1.0.2

├─ d 1 → 1.0.2

├─ emoji-regex ^8.0.0

├─ es5-ext ^0.10.64 → 0.10.64

├─ es6-iterator ^2.0.3 → 2.0.3

├─ es6-symbol ^3.1.3 → 3.1.4

├─ es6-symbol ^3.1.1 → 3.1.4

├─ escalade ^3.1.1 → 3.2.0

├─ esniff ^2.0.1 → 2.0.1

├─ event-emitter ^0.3.5 → 0.3.5

├─ ext ^1.7.0 → 1.7.0

├─ fast-safe-stringify ^2.0.7 → 2.1.1

├─ get-caller-file ^2.0.5 → 2.0.5

├─ is-fullwidth-code-point ^3.0.0

├─ next-tick ^1.1.0 → 1.1.0

├─ require-directory ^2.1.1 → 2.1.1

├─ should-equal ^2.0.0 → 2.0.0

├─ should-format ^3.0.3 → 3.0.3

├─ should-type ^1.3.0 → 1.4.0

├─ should-type ^1.4.0 → 1.4.0

├─ should-type-adaptors ^1.0.1 → 1.1.0

├─ should-util ^1.0.0 → 1.0.1

├─ string-width ^4.2.0 → 4.2.3

├─ string-width ^4.1.0 → 4.2.3

├─ string-width ^4.2.3 → 4.2.3

├─ strip-ansi ^6.0.0 → 6.0.1

├─ strip-ansi ^6.0.1 → 6.0.1

├─ type ^2.7.2 → 2.7.3

├─ wrap-ansi ^7.0.0 → 7.0.0

├─ y18n ^5.0.5 → 5.0.8

├─ yargs-parser ^21.1.1 → 21.1.1

├─ ansi-regex ^5.0.1 → 5.0.1

├─ ansi-styles ^4.0.0 → 4.3.0

├─ color-convert ^2.0.1

├─ d ^1.0.2 → 1.0.2

├─ d ^1.0.1 → 1.0.2

├─ d 1 → 1.0.2

├─ emoji-regex ^8.0.0

├─ es5-ext ^0.10.64 → 0.10.64

├─ es6-iterator ^2.0.3 → 2.0.3

├─ es6-symbol ^3.1.1 → 3.1.4

├─ es6-symbol ^3.1.3 → 3.1.4

├─ esniff ^2.0.1 → 2.0.1

├─ event-emitter ^0.3.5 → 0.3.5

├─ ext ^1.7.0 → 1.7.0

├─ is-fullwidth-code-point ^3.0.0

├─ next-tick ^1.1.0 → 1.1.0

├─ should-type ^1.4.0 → 1.4.0

├─ should-type ^1.3.0 → 1.4.0

├─ should-type-adaptors ^1.0.1 → 1.1.0

├─ should-util ^1.0.0 → 1.0.1

├─ string-width ^4.2.0 → 4.2.3

├─ string-width ^4.1.0 → 4.2.3

├─ strip-ansi ^6.0.1 → 6.0.1

├─ strip-ansi ^6.0.0 → 6.0.1

├─ type ^2.7.2 → 2.7.3

├─ wrap-ansi ^7.0.0 → 7.0.0

├─ ansi-regex ^5.0.1 → 5.0.1

├─ ansi-styles ^4.0.0 → 4.3.0

├─ color-convert ^2.0.1

├─ d 1 → 1.0.2

├─ emoji-regex ^8.0.0

├─ esniff ^2.0.1 → 2.0.1

├─ event-emitter ^0.3.5 → 0.3.5

├─ ext ^1.7.0 → 1.7.0

├─ is-fullwidth-code-point ^3.0.0

├─ next-tick ^1.1.0 → 1.1.0

├─ should-type ^1.3.0 → 1.4.0

├─ should-util ^1.0.0 → 1.0.1

├─ string-width ^4.1.0 → 4.2.3

├─ strip-ansi ^6.0.0 → 6.0.1

├─ strip-ansi ^6.0.1 → 6.0.1

├─ type ^2.7.2 → 2.7.3

├─ ansi-regex ^5.0.1 → 5.0.1

├─ color-convert ^2.0.1

├─ emoji-regex ^8.0.0

├─ event-emitter ^0.3.5 → 0.3.5

├─ is-fullwidth-code-point ^3.0.0

├─ strip-ansi ^6.0.1 → 6.0.1

├─ type ^2.7.2 → 2.7.3

Risk Dispositions (1 applicable to this version, 0 other)

Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.

Rule	Source	Disposition	Author	Reason
`bogus-package`	bogus-package	reject	AI	AI (bogus-package): Multiple structural indicators (no description, no repo/homepage, no keywords) are consistent spam signals for this package.

SAST Findings (1)

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

Review Summary

Risk score: 46. Findings: 1 critical (+40), 2 low (+6), 1 info (+0).

Published to npm: 2026-04-10