All @devmoods/express-extras versions
@devmoods/express-extras @0.69.0
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
43
Risk Score
ISC
License
No
Install Scripts
32
Dependencies
6
Dev Dependencies
43.2 KB
Package Size
Published
Kubernetes-ready utilities for rapid Node.js application development
Maintainers
hkkoren
Dependencies (32)
| Package | Constraint | Registry Status |
|---|---|---|
| ajv | ^8.17.1 | auto_approved |
| jose | ^6.1.0 | auto_approved |
| uuid | ^13.0.0 | auto_approved |
| chalk | ^5.6.2 | auto_approved |
| redis | ^5.9.0 | auto_approved |
| sonda | ^0.9.0 | No greenflagged match |
| argon2 | ^0.44.0 | auto_approved |
| bcrypt | ^6.0.0 | auto_approved |
| dotenv | ^17.2.3 | auto_approved |
| helmet | ^8.1.0 | auto_approved |
| express | ^4.21.2 | auto_approved |
| @types/qs | ^6.14.0 | auto_approved |
| commander | ^14.0.2 | auto_approved |
| nodemailer | ^7.0.10 | No greenflagged match |
| @sentry/node | ^10.22.0 | auto_approved |
| tough-cookie | ^6.0.0 | auto_approved |
| @types/bcrypt | ^6.0.0 | auto_approved |
| cookie-parser | ^1.4.7 | auto_approved |
| @types/express | ^5.0.5 | auto_approved |
| @devmoods/fetch | ^4.2.0 | auto_approved |
| @devmoods/config | 0.2.0 | auto_approved |
| @types/nodemailer | ^7.0.3 | auto_approved |
| @devmoods/postgres | 0.2.2 | auto_approved |
| @types/koa-compose | ^3.2.9 | auto_approved |
| @hey-api/openapi-ts | ^0.86.11 | auto_approved |
| @sentry/node-native | ^10.22.0 | auto_approved |
| google-auth-library | ^10.5.0 | auto_approved |
| @types/cookie-parser | ^1.4.10 | auto_approved |
| @standard-schema/spec | ^1.0.0 | auto_approved |
| @sentry/profiling-node | ^10.22.0 | auto_approved |
| vitest-fail-on-console | ^0.10.1 | No greenflagged match |
| @devmoods/observability | 0.1.1 | auto_approved |
Dev Dependencies (6)
| Package | Constraint | Registry Status |
|---|---|---|
| vite | ^7.1.12 | auto_approved |
| react | ^19.2.0 | auto_approved |
| arktype | ^2.1.25 | auto_approved |
| react-dom | ^19.2.0 | auto_approved |
| faktory-worker | ^4.7.1 | No greenflagged match |
| @vitejs/plugin-react | ^5.1.0 | auto_approved |
Transitive Dependency Tree
247 transitive deps
max depth 10
├─
@devmoods/config
0.2.0
→ 0.2.0
├─
@devmoods/fetch
^4.2.0
→ 4.3.1
├─
@devmoods/observability
0.1.1
→ 0.1.1
├─
@devmoods/postgres
0.2.2
→ 0.2.2
├─
@hey-api/openapi-ts
^0.86.11
→ 0.86.12
├─
@sentry/node
^10.22.0
→ 10.56.0
├─
@sentry/node-native
^10.22.0
→ 10.56.0
├─
@sentry/profiling-node
^10.22.0
→ 10.56.0
├─
@standard-schema/spec
^1.0.0
→ 1.1.0
├─
@types/bcrypt
^6.0.0
→ 6.0.0
├─
@types/cookie-parser
^1.4.10
→ 1.4.10
├─
@types/express
^5.0.5
→ 5.0.6
├─
@types/koa-compose
^3.2.9
→ 3.2.9
├─
@types/nodemailer
^7.0.3
→ 7.0.11
├─
@types/qs
^6.14.0
→ 6.15.1
├─
ajv
^8.17.1
→ 8.20.0
├─
argon2
^0.44.0
→ 0.44.0
├─
bcrypt
^6.0.0
→ 6.0.0
├─
chalk
^5.6.2
→ 5.6.2
├─
commander
^14.0.2
→ 14.0.3
├─
cookie-parser
^1.4.7
→ 1.4.7
├─
dotenv
^17.2.3
→ 17.4.2
├─
express
^4.21.2
→ 4.22.2
├─
google-auth-library
^10.5.0
→ 10.7.0
├─
helmet
^8.1.0
→ 8.2.0
├─
jose
^6.1.0
→ 6.2.3
├─
nodemailer
^7.0.10
├─
redis
^5.9.0
→ 5.12.1
├─
sonda
^0.9.0
├─
tough-cookie
^6.0.0
→ 6.0.1
├─
uuid
^13.0.0
→ 13.0.2
├─
vitest-fail-on-console
^0.10.1
├─
@devmoods/config
0.2.0
→ 0.2.0
├─
@devmoods/observability
0.1.1
→ 0.1.1
├─
@hey-api/codegen-core
^0.3.3
→ 0.3.3
├─
@hey-api/json-schema-ref-parser
1.2.1
→ 1.2.1
├─
@opentelemetry/api
^1.9.1
→ 1.9.1
├─
@opentelemetry/core
^2.6.1
→ 2.7.1
├─
@opentelemetry/instrumentation
^0.214.0
→ 0.214.0
├─
@opentelemetry/sdk-trace-base
^2.6.1
→ 2.7.1
├─
@opentelemetry/semantic-conventions
^1.40.0
→ 1.41.1
├─
@phc/format
^1.0.0
→ 1.0.0
├─
@redis/bloom
5.12.1
→ 5.12.1
├─
@redis/client
5.12.1
→ 5.12.1
├─
@redis/json
5.12.1
→ 5.12.1
├─
@redis/search
5.12.1
→ 5.12.1
├─
@redis/time-series
5.12.1
→ 5.12.1
├─
@sentry-internal/node-cpu-profiler
^2.4.0
→ 2.4.1
├─
@sentry-internal/node-native-stacktrace
^0.5.0
→ 0.5.0
├─
@sentry/core
10.56.0
→ 10.56.0
├─
@sentry/node
10.56.0
→ 10.56.0
├─
@sentry/node-core
10.56.0
→ 10.56.0
├─
@sentry/opentelemetry
10.56.0
→ 10.56.0
├─
@standard-schema/spec
^1.1.0
→ 1.1.0
├─
@types/body-parser
*
→ 1.19.6
├─
@types/express-serve-static-core
^5.0.0
→ 5.1.1
├─
@types/koa
*
→ 3.0.3
├─
@types/node
*
→ 25.9.2
├─
@types/pg
^8.15.6
→ 8.20.0
├─
@types/serve-static
^2
→ 2.2.0
├─
accepts
~1.3.8
→ 1.3.8
├─
ansi-colors
4.1.3
→ 4.1.3
├─
array-flatten
1.1.1
→ 1.1.1
├─
base64-js
^1.3.0
→ 1.5.1
├─
body-parser
~1.20.5
→ 1.20.5
├─
c12
3.3.1
→ 3.3.1
├─
chalk
^5.6.2
→ 5.6.2
├─
color-support
1.1.3
→ 1.1.3
├─
commander
^14.0.2
→ 14.0.3
├─
commander
14.0.1
→ 14.0.1
├─
content-disposition
~0.5.4
→ 0.5.4
├─
content-type
~1.0.4
→ 1.0.5
├─
cookie
0.7.2
→ 0.7.2
├─
cookie
~0.7.1
→ 0.7.2
├─
cookie-signature
1.0.6
→ 1.0.6
├─
cookie-signature
~1.0.6
→ 1.0.7
├─
cross-env
^10.0.0
→ 10.1.0
├─
debug
2.6.9
├─
depd
2.0.0
→ 2.0.0
├─
ecdsa-sig-formatter
^1.0.11
→ 1.0.11
├─
encodeurl
~2.0.0
→ 2.0.0
├─
escape-html
~1.0.3
→ 1.0.3
├─
etag
~1.8.1
→ 1.8.1
├─
fast-deep-equal
^3.1.3
→ 3.1.3
├─
fast-uri
^3.0.1
→ 3.1.2
├─
finalhandler
~1.3.1
→ 1.3.2
├─
fresh
~0.5.2
→ 0.5.2
├─
gaxios
^7.1.4
→ 7.1.5
├─
gcp-metadata
8.1.2
→ 8.1.2
├─
google-logging-utils
1.1.3
→ 1.1.3
├─
handlebars
4.7.8
├─
http-errors
~2.0.0
→ 2.0.1
├─
import-in-the-middle
^3.0.0
→ 3.0.1
├─
json-schema-traverse
^1.0.0
→ 1.0.0
├─
jws
^4.0.0
→ 4.0.1
├─
merge-descriptors
1.0.3
→ 1.0.3
├─
methods
~1.1.2
→ 1.1.2
├─
node-addon-api
^8.5.0
→ 8.8.0
├─
node-addon-api
^8.3.0
→ 8.8.0
├─
node-gyp-build
^4.8.4
→ 4.8.4
├─
on-finished
~2.4.1
→ 2.4.1
├─
open
10.2.0
→ 10.2.0
├─
parseurl
~1.3.3
→ 1.3.3
├─
path-to-regexp
~0.1.12
→ 0.1.13
├─
pg
^8.16.3
→ 8.21.0
├─
pg-structure
^7.15.3
→ 7.15.3
├─
proxy-addr
~2.0.7
→ 2.0.7
├─
qs
~6.15.1
→ 6.15.2
├─
range-parser
~1.2.1
→ 1.2.1
├─
require-from-string
^2.0.2
→ 2.0.2
├─
safe-buffer
5.2.1
→ 5.2.1
├─
semver
7.7.2
→ 7.7.2
├─
send
~0.19.0
→ 0.19.2
├─
serve-static
~1.16.2
→ 1.16.3
├─
setprototypeof
1.2.0
→ 1.2.0
├─
sql-formatter
^15.6.10
→ 15.8.1
├─
statuses
~2.0.1
→ 2.0.2
├─
tldts
^7.0.5
→ 7.4.2
├─
type-is
~1.6.18
→ 1.6.18
├─
utils-merge
1.0.1
→ 1.0.1
├─
vary
~1.1.2
→ 1.1.2
├─
@epic-web/invariant
^1.0.0
├─
@jsdevtools/ono
^7.1.3
→ 7.1.3
├─
@opentelemetry/api
^1.9.1
→ 1.9.1
├─
@opentelemetry/api-logs
0.214.0
→ 0.214.0
├─
@opentelemetry/core
^2.6.1
→ 2.7.1
├─
@opentelemetry/core
2.7.1
→ 2.7.1
├─
@opentelemetry/instrumentation
^0.214.0
→ 0.214.0
├─
@opentelemetry/resources
2.7.1
→ 2.7.1
├─
@opentelemetry/sdk-trace-base
^2.6.1
→ 2.7.1
├─
@opentelemetry/semantic-conventions
^1.29.0
→ 1.40.0
├─
@opentelemetry/semantic-conventions
^1.40.0
→ 1.41.1
├─
@sentry/core
10.56.0
→ 10.56.0
├─
@sentry/node-core
10.56.0
→ 10.56.0
├─
@sentry/opentelemetry
10.56.0
→ 10.56.0
├─
@types/accepts
*
→ 1.3.7
├─
@types/connect
*
→ 3.4.38
├─
@types/content-disposition
*
→ 0.5.9
├─
@types/cookies
*
→ 0.9.2
├─
@types/http-assert
*
→ 1.5.6
├─
@types/http-errors
*
→ 2.0.5
├─
@types/http-errors
^2
→ 2.0.5
├─
@types/json-schema
^7.0.15
→ 7.0.15
├─
@types/keygrip
*
→ 1.0.6
├─
@types/node
*
→ 25.9.2
├─
@types/qs
*
→ 6.15.1
├─
@types/range-parser
*
→ 1.2.7
├─
@types/send
*
→ 1.2.1
├─
@typescript-plus/fast-memoize-decorator
^0.1.0
├─
acorn
^8.15.0
→ 8.16.0
├─
acorn-import-attributes
^1.9.5
→ 1.9.5
├─
argparse
^2.0.1
→ 2.0.1
├─
bytes
~3.1.2
→ 3.1.2
├─
chokidar
^4.0.3
→ 4.0.3
├─
cjs-module-lexer
^2.2.0
→ 2.2.0
├─
cluster-key-slot
1.1.2
→ 1.1.2
├─
confbox
^0.2.2
→ 0.2.4
├─
content-type
~1.0.5
→ 1.0.5
├─
cross-spawn
^7.0.6
→ 7.0.6
├─
debug
2.6.9
├─
default-browser
^5.2.1
→ 5.5.0
├─
define-lazy-prop
^3.0.0
→ 3.0.0
├─
defu
^6.1.4
→ 6.1.7
├─
depd
~2.0.0
→ 2.0.0
├─
depd
2.0.0
→ 2.0.0
├─
destroy
1.2.0
→ 1.2.0
├─
destroy
~1.2.0
→ 1.2.0
├─
detect-libc
^2.0.4
→ 2.1.2
├─
detect-libc
^2.0.3
→ 2.1.2
├─
dotenv
^8.2.0
→ 8.6.0
├─
dotenv
^17.2.3
→ 17.4.2
├─
ee-first
1.1.1
→ 1.1.1
├─
encodeurl
~2.0.0
→ 2.0.0
├─
escape-html
~1.0.3
→ 1.0.3
├─
etag
~1.8.1
→ 1.8.1
├─
exsolve
^1.0.7
→ 1.0.8
├─
extend
^3.0.2
→ 3.0.2
├─
fast-memoize
^2.5.2
→ 2.5.2
├─
forwarded
0.2.0
→ 0.2.0
├─
fresh
~0.5.2
→ 0.5.2
├─
gaxios
^7.0.0
→ 7.1.5
├─
giget
^2.0.0
→ 2.0.0
├─
google-logging-utils
^1.0.0
→ 1.1.4
├─
http-errors
~2.0.1
→ 2.0.1
├─
https-proxy-agent
^7.0.1
→ 7.0.6
├─
iconv-lite
~0.4.24
→ 0.4.24
├─
import-in-the-middle
^3.0.0
→ 3.0.1
├─
indexable-array
^0.7.4
→ 0.7.4
├─
inflection
^1.12.0
→ 1.13.4
├─
inherits
~2.0.4
→ 2.0.4
├─
ipaddr.js
1.9.1
→ 1.9.1
├─
is-inside-container
^1.0.0
→ 1.0.0
├─
jiti
^2.6.1
→ 2.6.1
├─
js-yaml
^4.1.0
→ 4.2.0
├─
json-bigint
^1.0.0
→ 1.0.0
├─
json5
^2.1.3
→ 2.2.3
├─
jwa
^2.0.1
→ 2.0.1
├─
lodash
^4.17.21
→ 4.18.1
├─
lodash.get
^4.4.2
→ 4.4.2
├─
media-typer
0.3.0
→ 0.3.0
├─
mime
1.6.0
→ 1.6.0
├─
mime-types
~2.1.24
→ 2.1.35
├─
mime-types
~2.1.34
→ 2.1.35
├─
module-details-from-path
^1.0.4
→ 1.0.4
├─
ms
2.1.3
→ 2.1.3
├─
nearley
^2.20.1
→ 2.20.1
├─
negotiator
0.6.3
→ 0.6.3
├─
node-abi
^3.73.0
→ 3.92.0
├─
node-abi
^3.89.0
→ 3.92.0
├─
node-fetch
^3.3.2
→ 3.3.2
├─
ohash
^2.0.11
→ 2.0.11
├─
on-finished
~2.4.1
→ 2.4.1
├─
parseurl
~1.3.3
→ 1.3.3
├─
pathe
^2.0.3
→ 2.0.3
├─
perfect-debounce
^2.0.0
→ 2.1.0
├─
pg
^8.0.3
→ 8.21.0
├─
pg-cloudflare
^1.4.0
→ 1.4.0
├─
pg-connection-string
^2.2.1
→ 2.13.0
├─
pg-connection-string
^2.13.0
→ 2.13.0
├─
pg-pool
^3.14.0
→ 3.14.0
├─
pg-protocol
*
→ 1.14.0
├─
pg-protocol
^1.14.0
→ 1.14.0
├─
pg-types
^2.2.0
→ 2.2.0
├─
pg-types
2.2.0
→ 2.2.0
├─
pgpass
1.0.5
→ 1.0.5
├─
pkg-types
^2.3.0
→ 2.3.1
├─
qs
~6.15.1
→ 6.15.2
├─
range-parser
~1.2.1
→ 1.2.1
├─
raw-body
~2.5.3
→ 2.5.3
├─
rc9
^2.1.2
├─
require-in-the-middle
^8.0.0
→ 8.0.1
├─
safe-buffer
5.2.1
→ 5.2.1
├─
safe-buffer
^5.0.1
→ 5.2.1
├─
send
~0.19.1
→ 0.19.2
├─
setprototypeof
~1.2.0
→ 1.2.0
├─
side-channel
^1.1.0
→ 1.1.0
├─
statuses
~2.0.2
→ 2.0.2
├─
tldts-core
^7.4.2
→ 7.4.2
├─
toidentifier
~1.0.1
→ 1.0.1
├─
type-is
~1.6.18
→ 1.6.18
├─
undici-types
>=7.24.0 <7.24.7
→ 7.24.6
├─
unpipe
~1.0.0
→ 1.0.0
├─
wsl-utils
^0.1.0
├─
@opentelemetry/api
^1.3.0
→ 1.9.1
├─
@opentelemetry/api-logs
0.214.0
→ 0.214.0
├─
@opentelemetry/core
2.7.1
→ 2.7.1
├─
@opentelemetry/resources
2.7.1
→ 2.7.1
├─
@opentelemetry/semantic-conventions
^1.29.0
→ 1.40.0
├─
@sentry/core
10.56.0
→ 10.56.0
├─
@sentry/opentelemetry
10.56.0
→ 10.56.0
├─
@types/connect
*
→ 3.4.38
├─
@types/express
*
→ 5.0.6
├─
@types/keygrip
*
→ 1.0.6
├─
@types/node
*
→ 25.9.2
├─
acorn
^8.15.0
→ 8.16.0
├─
acorn-import-attributes
^1.9.5
→ 1.9.5
├─
agent-base
^7.1.2
→ 7.1.4
├─
argparse
^2.0.1
→ 2.0.1
├─
bignumber.js
^9.0.0
→ 9.3.1
├─
buffer-equal-constant-time
^1.0.1
→ 1.0.1
├─
bundle-name
^4.1.0
→ 4.1.0
├─
bytes
~3.1.2
→ 3.1.2
├─
citty
^0.1.6
├─
cjs-module-lexer
^2.2.0
→ 2.2.0
├─
commander
^2.19.0
→ 2.20.3
├─
confbox
^0.2.4
→ 0.2.4
├─
consola
^3.4.0
→ 3.4.2
├─
data-uri-to-buffer
^4.0.0
→ 4.0.1
├─
debug
2.6.9
├─
debug
4
→ 4.4.3
├─
debug
^4.3.5
→ 4.4.3
├─
default-browser-id
^5.0.0
→ 5.0.1
├─
defu
^6.1.4
→ 6.1.7
├─
depd
~2.0.0
→ 2.0.0
├─
depd
2.0.0
→ 2.0.0
├─
destroy
1.2.0
→ 1.2.0
├─
dot-prop
^6.0.1
→ 6.0.1
├─
ecdsa-sig-formatter
1.0.11
→ 1.0.11
├─
ee-first
1.1.1
→ 1.1.1
├─
encodeurl
~2.0.0
→ 2.0.0
├─
es-errors
^1.3.0
→ 1.3.0
├─
escape-html
~1.0.3
→ 1.0.3
├─
etag
~1.8.1
→ 1.8.1
├─
exsolve
^1.0.8
→ 1.0.8
├─
extend
^3.0.2
→ 3.0.2
├─
fetch-blob
^3.1.4
→ 3.2.0
├─
formdata-polyfill
^4.0.10
→ 4.0.10
├─
fresh
~0.5.2
→ 0.5.2
├─
http-errors
~2.0.1
→ 2.0.1
├─
https-proxy-agent
^7.0.1
→ 7.0.6
├─
iconv-lite
~0.4.24
→ 0.4.24
├─
import-in-the-middle
^3.0.0
→ 3.0.1
├─
inherits
~2.0.4
→ 2.0.4
├─
is-docker
^3.0.0
→ 3.0.0
├─
media-typer
0.3.0
→ 0.3.0
├─
mime
1.6.0
→ 1.6.0
├─
mime-db
1.52.0
├─
mime-types
~2.1.24
→ 2.1.35
├─
module-details-from-path
^1.0.4
→ 1.0.4
├─
module-details-from-path
^1.0.3
→ 1.0.4
├─
moo
^0.5.0
→ 0.5.3
├─
ms
2.1.3
→ 2.1.3
├─
node-fetch
^3.3.2
→ 3.3.2
├─
node-fetch-native
^1.6.6
→ 1.6.7
├─
nypm
^0.6.0
→ 0.6.6
├─
object-inspect
^1.13.3
→ 1.13.4
├─
on-finished
~2.4.1
→ 2.4.1
├─
path-key
^3.1.0
→ 3.1.1
├─
pathe
^2.0.3
→ 2.0.3
├─
pg-cloudflare
^1.4.0
→ 1.4.0
├─
pg-connection-string
^2.13.0
→ 2.13.0
├─
pg-int8
1.0.1
├─
pg-pool
^3.14.0
→ 3.14.0
├─
pg-protocol
^1.14.0
→ 1.14.0
├─
pg-types
2.2.0
→ 2.2.0
├─
pgpass
1.0.5
→ 1.0.5
├─
postgres-array
~2.0.0
→ 2.0.0
├─
postgres-bytea
~1.0.0
→ 1.0.1
├─
postgres-date
~1.0.4
→ 1.0.4
├─
postgres-interval
^1.1.0
→ 1.1.0
├─
railroad-diagrams
^1.0.0
→ 1.0.0
├─
randexp
0.4.6
→ 0.4.6
├─
range-parser
~1.2.1
→ 1.2.1
├─
require-in-the-middle
^8.0.0
→ 8.0.1
├─
safe-buffer
^5.0.1
→ 5.2.1
├─
safer-buffer
>= 2.1.2 < 3
→ 2.1.2
├─
semver
^7.3.5
→ 7.8.2
├─
setprototypeof
~1.2.0
→ 1.2.0
├─
shebang-command
^2.0.0
→ 2.0.0
├─
side-channel
^1.1.0
→ 1.1.0
├─
side-channel-list
^1.0.0
→ 1.0.1
├─
side-channel-map
^1.0.1
→ 1.0.1
├─
side-channel-weakmap
^1.0.2
→ 1.0.2
├─
sorted-array-functions
^1.2.0
→ 1.3.0
├─
split2
^4.1.0
→ 4.2.0
├─
statuses
~2.0.2
→ 2.0.2
├─
toidentifier
~1.0.1
→ 1.0.1
├─
tslib
^2.1.0
→ 2.8.1
├─
undici-types
>=7.24.0 <7.24.7
→ 7.24.6
├─
unpipe
~1.0.0
→ 1.0.0
├─
which
^2.0.1
→ 2.0.2
├─
@opentelemetry/api
^1.3.0
→ 1.9.1
├─
@opentelemetry/core
2.7.1
→ 2.7.1
├─
@opentelemetry/semantic-conventions
^1.29.0
→ 1.40.0
├─
@sentry/core
10.56.0
→ 10.56.0
├─
@types/body-parser
*
→ 1.19.6
├─
@types/express-serve-static-core
^5.0.0
→ 5.1.1
├─
@types/node
*
→ 25.9.2
├─
@types/serve-static
^2
→ 2.2.0
├─
acorn
^8.15.0
→ 8.16.0
├─
acorn-import-attributes
^1.9.5
→ 1.9.5
├─
agent-base
^7.1.2
→ 7.1.4
├─
call-bound
^1.0.2
→ 1.0.4
├─
citty
^0.2.2
→ 0.2.2
├─
cjs-module-lexer
^2.2.0
→ 2.2.0
├─
data-uri-to-buffer
^4.0.0
→ 4.0.1
├─
debug
4
→ 4.4.3
├─
debug
^4.3.5
→ 4.4.3
├─
depd
~2.0.0
→ 2.0.0
├─
discontinuous-range
1.0.0
→ 1.0.0
├─
ee-first
1.1.1
→ 1.1.1
├─
es-errors
^1.3.0
→ 1.3.0
├─
fetch-blob
^3.1.2
→ 3.2.0
├─
fetch-blob
^3.1.4
→ 3.2.0
├─
formdata-polyfill
^4.0.10
→ 4.0.10
├─
get-intrinsic
^1.2.5
→ 1.3.1
├─
inherits
~2.0.4
→ 2.0.4
├─
is-obj
^2.0.0
├─
isexe
^2.0.0
→ 2.0.0
├─
mime-db
1.52.0
├─
module-details-from-path
^1.0.4
→ 1.0.4
├─
module-details-from-path
^1.0.3
→ 1.0.4
├─
ms
^2.1.3
→ 2.1.3
├─
node-domexception
^1.0.0
→ 1.0.0
├─
object-inspect
^1.13.3
→ 1.13.4
├─
object-inspect
^1.13.4
→ 1.13.4
├─
pathe
^2.0.3
→ 2.0.3
├─
pg-int8
1.0.1
├─
postgres-array
~2.0.0
→ 2.0.0
├─
postgres-bytea
~1.0.0
→ 1.0.1
├─
postgres-date
~1.0.4
→ 1.0.4
├─
postgres-interval
^1.1.0
→ 1.1.0
├─
ret
~0.1.10
→ 0.1.15
├─
run-applescript
^7.0.0
├─
safe-buffer
^5.0.1
→ 5.2.1
├─
safer-buffer
>= 2.1.2 < 3
→ 2.1.2
├─
setprototypeof
~1.2.0
→ 1.2.0
├─
shebang-regex
^3.0.0
├─
side-channel-list
^1.0.0
→ 1.0.1
├─
side-channel-map
^1.0.1
→ 1.0.1
├─
side-channel-weakmap
^1.0.2
→ 1.0.2
├─
split2
^4.1.0
→ 4.2.0
├─
statuses
~2.0.2
→ 2.0.2
├─
tinyexec
^1.1.1
→ 1.2.4
├─
toidentifier
~1.0.1
→ 1.0.1
├─
undici-types
>=7.24.0 <7.24.7
→ 7.24.6
├─
web-streams-polyfill
^3.0.3
→ 3.3.3
├─
xtend
^4.0.0
→ 4.0.2
├─
@opentelemetry/semantic-conventions
^1.29.0
→ 1.40.0
├─
@types/connect
*
→ 3.4.38
├─
@types/http-errors
*
→ 2.0.5
├─
@types/node
*
→ 25.9.2
├─
@types/qs
*
→ 6.15.1
├─
@types/range-parser
*
→ 1.2.7
├─
@types/send
*
→ 1.2.1
├─
async-function
^1.0.0
├─
async-generator-function
^1.0.0
→ 1.0.0
├─
call-bind-apply-helpers
^1.0.2
→ 1.0.2
├─
call-bound
^1.0.2
→ 1.0.4
├─
es-define-property
^1.0.1
→ 1.0.1
├─
es-errors
^1.3.0
→ 1.3.0
├─
es-object-atoms
^1.1.1
→ 1.1.2
├─
fetch-blob
^3.1.2
→ 3.2.0
├─
function-bind
^1.1.2
→ 1.1.2
├─
generator-function
^2.0.0
→ 2.0.1
├─
get-intrinsic
^1.3.0
→ 1.3.1
├─
get-intrinsic
^1.2.5
→ 1.3.1
├─
get-proto
^1.0.1
├─
gopd
^1.2.0
→ 1.2.0
├─
has-symbols
^1.1.0
→ 1.1.0
├─
hasown
^2.0.2
→ 2.0.4
├─
math-intrinsics
^1.1.0
→ 1.1.0
├─
ms
^2.1.3
→ 2.1.3
├─
node-domexception
^1.0.0
→ 1.0.0
├─
object-inspect
^1.13.3
→ 1.13.4
├─
object-inspect
^1.13.4
→ 1.13.4
├─
side-channel-map
^1.0.1
→ 1.0.1
├─
undici-types
>=7.24.0 <7.24.7
→ 7.24.6
├─
web-streams-polyfill
^3.0.3
→ 3.3.3
├─
xtend
^4.0.0
→ 4.0.2
├─
@types/node
*
→ 25.9.2
├─
async-function
^1.0.0
├─
async-generator-function
^1.0.0
→ 1.0.0
├─
call-bind-apply-helpers
^1.0.2
→ 1.0.2
├─
call-bound
^1.0.2
→ 1.0.4
├─
es-define-property
^1.0.1
→ 1.0.1
├─
es-errors
^1.3.0
→ 1.3.0
├─
es-object-atoms
^1.1.1
→ 1.1.2
├─
function-bind
^1.1.2
→ 1.1.2
├─
generator-function
^2.0.0
→ 2.0.1
├─
get-intrinsic
^1.2.5
→ 1.3.1
├─
get-intrinsic
^1.3.0
→ 1.3.1
├─
get-proto
^1.0.1
├─
gopd
^1.2.0
→ 1.2.0
├─
has-symbols
^1.1.0
→ 1.1.0
├─
hasown
^2.0.2
→ 2.0.4
├─
math-intrinsics
^1.1.0
→ 1.1.0
├─
node-domexception
^1.0.0
→ 1.0.0
├─
object-inspect
^1.13.3
→ 1.13.4
├─
undici-types
>=7.24.0 <7.24.7
→ 7.24.6
├─
web-streams-polyfill
^3.0.3
→ 3.3.3
├─
async-function
^1.0.0
├─
async-generator-function
^1.0.0
→ 1.0.0
├─
call-bind-apply-helpers
^1.0.2
→ 1.0.2
├─
es-define-property
^1.0.1
→ 1.0.1
├─
es-errors
^1.3.0
→ 1.3.0
├─
es-object-atoms
^1.1.1
→ 1.1.2
├─
function-bind
^1.1.2
→ 1.1.2
├─
generator-function
^2.0.0
→ 2.0.1
├─
get-intrinsic
^1.3.0
→ 1.3.1
├─
get-proto
^1.0.1
├─
gopd
^1.2.0
→ 1.2.0
├─
has-symbols
^1.1.0
→ 1.1.0
├─
hasown
^2.0.2
→ 2.0.4
├─
math-intrinsics
^1.1.0
→ 1.1.0
├─
undici-types
>=7.24.0 <7.24.7
→ 7.24.6
├─
async-function
^1.0.0
├─
async-generator-function
^1.0.0
→ 1.0.0
├─
call-bind-apply-helpers
^1.0.2
→ 1.0.2
├─
es-define-property
^1.0.1
→ 1.0.1
├─
es-errors
^1.3.0
→ 1.3.0
├─
es-object-atoms
^1.1.1
→ 1.1.2
├─
function-bind
^1.1.2
→ 1.1.2
├─
generator-function
^2.0.0
→ 2.0.1
├─
get-proto
^1.0.1
├─
gopd
^1.2.0
→ 1.2.0
├─
has-symbols
^1.1.0
→ 1.1.0
├─
hasown
^2.0.2
→ 2.0.4
├─
math-intrinsics
^1.1.0
→ 1.1.0
├─
es-errors
^1.3.0
→ 1.3.0
├─
function-bind
^1.1.2
→ 1.1.2
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
bogus-package |
bogus-package | reject | AI | AI (bogus-package): Link-dump README + no keywords; spam indicators generalize across versions. |
SAST Findings (1)
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
Review Summary
Risk score: 43. Findings: 1 critical (+40), 1 low (+3), 9 info (+0).
Commit: eb2f12e0a862 Browse source
Published to npm: