All @douyinfe/semi-animation-react versions
@douyinfe/semi-animation-react @2.96.0
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
43
Risk Score
—
License
No
Install Scripts
3
Dependencies
11
Dev Dependencies
10.9 KB
Package Size
Published
Maintainers
yumeizhangwuhwbytednpmshijiatongxuedaiqiangrealpoint.haloyannlynnanjiazhuyouxingzhangweicheng.1semi-bot
Keywords
motionreactsemi-ui
Dependencies (3)
| Package | Constraint | Registry Status |
|---|---|---|
| classnames | ^2.2.6 | auto_approved |
| @douyinfe/semi-animation | 2.96.0 | auto_approved |
| @douyinfe/semi-animation-styled | 2.96.0 | auto_approved |
Dev Dependencies (11)
| Package | Constraint | Registry Status |
|---|---|---|
| del | ^6.0.0 | auto_approved |
| gulp | ^4.0.2 | No greenflagged match |
| merge2 | ^1.4.1 | auto_approved |
| flubber | ^0.4.2 | auto_approved |
| gulp-babel | ^8.0.0 | No greenflagged match |
| prop-types | ^15.7.2 | auto_approved |
| @vx/gradient | 0.0.199 | Not imported |
| gulp-typescript | ^6.0.0-alpha.1 | auto_approved |
| @babel/preset-env | ^7.15.8 | auto_approved |
| @babel/preset-react | ^7.14.5 | auto_approved |
| react-storybook-addon-props-combinations | ^1.1.0 | Not imported |
Transitive Dependency Tree
3 transitive deps
max depth 1
├─
@douyinfe/semi-animation
2.96.0
→ 2.96.0
├─
@douyinfe/semi-animation-styled
2.96.0
→ 2.96.0
├─
classnames
^2.2.6
→ 2.5.1
Changes from v2.95.1
Dependency Changes
| Change | Package | Version |
|---|---|---|
| changed | @douyinfe/semi-animation | 2.95.1 → 2.96.0 |
| changed | @douyinfe/semi-animation-styled | 2.95.1 → 2.96.0 |
File Changes
0 added
0 removed
1 modified
size delta: .0 KB
Risk Dispositions (1 applicable to this version, 1 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
bogus-package |
bogus-package | reject | AI | AI (bogus-package): Publisher semi-bot is SPAM-FLAGGED; this generalizes to all versions published by this account. |
Show 1 disposition(s) that do not match any finding on this version
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
publisher-changed |
provenance | reject | AI | AI (provenance): Switch to a SPAM-FLAGGED publisher after long dormancy is a strong takeover indicator. |
SAST Findings (2)
CRITICAL
Low-value / spam package indicators (1 signals, score 3)
bogus-package
[Always reject] Matched 1 signal(s), weighted score 3: • [S_KNOWN_SPAM_PUBLISHER] Maintainer(s) previously flagged as spam: semi-bot.
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
Review Summary
Risk score: 43. Findings: 1 critical (+40), 1 low (+3).
Commit: 25977da675ce Browse source
Published to npm: