All @effectstream/grafana-loki versions
@effectstream/grafana-loki @0.100.18
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
43
Risk Score
—
License
No
Install Scripts
1
Dependencies
0
Dev Dependencies
2.7 KB
Package Size
Published
Grafana Loki binary wrapper for EffectStream
Maintainers
edwarddc
Dependencies (1)
| Package | Constraint | Registry Status |
|---|---|---|
| @xhmikosr/bin-wrapper | ^13.2.0 | auto_approved |
Transitive Dependency Tree
64 transitive deps
max depth 10
├─
@xhmikosr/bin-wrapper
^13.2.0
→ 13.2.0
├─
@xhmikosr/bin-check
^7.1.0
→ 7.1.0
├─
@xhmikosr/downloader
^15.2.0
→ 15.2.0
├─
@xhmikosr/os-filter-obj
^3.0.0
→ 3.0.0
├─
bin-version-check
^5.1.0
├─
@xhmikosr/archive-type
^7.1.0
→ 7.1.0
├─
@xhmikosr/decompress
^10.2.0
→ 10.2.0
├─
arch
^3.0.0
→ 3.0.0
├─
content-disposition
^0.5.4
→ 0.5.4
├─
defaults
^2.0.2
→ 2.0.2
├─
execa
^5.1.1
├─
ext-name
^5.0.0
→ 5.0.0
├─
file-type
^20.5.0
├─
filenamify
^6.0.0
├─
get-stream
^6.0.1
→ 6.0.1
├─
got
^13.0.0
→ 13.0.0
├─
isexe
^2.0.0
→ 2.0.0
├─
@sindresorhus/is
^5.2.0
├─
@szmarczak/http-timer
^5.0.1
→ 5.0.1
├─
@xhmikosr/decompress-tar
^8.1.0
→ 8.1.0
├─
@xhmikosr/decompress-tarbz2
^8.1.0
→ 8.1.0
├─
@xhmikosr/decompress-targz
^8.1.0
→ 8.1.0
├─
@xhmikosr/decompress-unzip
^7.1.0
→ 7.1.0
├─
cacheable-lookup
^7.0.0
→ 7.0.0
├─
cacheable-request
^10.2.8
├─
decompress-response
^6.0.0
├─
ext-list
^2.0.0
├─
file-type
^20.5.0
├─
form-data-encoder
^2.1.2
→ 2.1.4
├─
get-stream
^6.0.1
→ 6.0.1
├─
graceful-fs
^4.2.11
→ 4.2.11
├─
http2-wrapper
^2.1.10
→ 2.2.1
├─
lowercase-keys
^3.0.0
├─
p-cancelable
^3.0.0
├─
responselike
^3.0.0
├─
safe-buffer
5.2.1
→ 5.2.1
├─
sort-keys-length
^1.0.0
├─
strip-dirs
^3.0.0
→ 3.0.0
├─
@xhmikosr/decompress-tar
^8.0.1
→ 8.1.0
├─
defer-to-connect
^2.0.1
├─
file-type
^20.5.0
├─
get-stream
^6.0.1
→ 6.0.1
├─
inspect-with-kind
^1.0.5
├─
is-plain-obj
^1.1.0
→ 1.1.0
├─
is-stream
^2.0.1
→ 2.0.1
├─
quick-lru
^5.1.1
→ 5.1.1
├─
resolve-alpn
^1.2.0
├─
seek-bzip
^2.0.0
→ 2.0.0
├─
tar-stream
^3.1.7
→ 3.2.0
├─
unbzip2-stream
^1.4.3
→ 1.4.3
├─
yauzl
^3.1.2
→ 3.4.0
├─
b4a
^1.6.4
→ 1.8.1
├─
bare-fs
^4.5.5
→ 4.7.2
├─
buffer
^5.2.1
→ 5.7.1
├─
commander
^6.0.0
→ 6.2.1
├─
fast-fifo
^1.2.0
→ 1.3.2
├─
file-type
^20.5.0
├─
is-stream
^2.0.1
→ 2.0.1
├─
pend
~1.2.0
→ 1.2.0
├─
streamx
^2.15.0
→ 2.27.0
├─
tar-stream
^3.1.7
→ 3.2.0
├─
through
^2.3.8
→ 2.3.8
├─
b4a
^1.6.4
→ 1.8.1
├─
bare-events
^2.5.4
→ 2.9.1
├─
bare-fs
^4.5.5
→ 4.7.2
├─
bare-path
^3.0.0
→ 3.0.1
├─
bare-stream
^2.6.4
→ 2.13.2
├─
bare-url
^2.2.2
→ 2.4.4
├─
base64-js
^1.3.1
→ 1.5.1
├─
events-universal
^1.0.0
→ 1.0.1
├─
fast-fifo
^1.2.0
→ 1.3.2
├─
fast-fifo
^1.3.2
→ 1.3.2
├─
ieee754
^1.1.13
→ 1.2.1
├─
streamx
^2.15.0
→ 2.27.0
├─
text-decoder
^1.1.0
→ 1.2.7
├─
b4a
^1.6.4
→ 1.8.1
├─
bare-events
^2.5.4
→ 2.9.1
├─
bare-events
^2.7.0
→ 2.9.1
├─
bare-os
^3.0.1
→ 3.9.1
├─
bare-path
^3.0.0
→ 3.0.1
├─
bare-stream
^2.6.4
→ 2.13.2
├─
bare-url
^2.2.2
→ 2.4.4
├─
events-universal
^1.0.0
→ 1.0.1
├─
fast-fifo
^1.3.2
→ 1.3.2
├─
streamx
^2.25.0
→ 2.27.0
├─
teex
^1.0.1
→ 1.0.1
├─
text-decoder
^1.1.0
→ 1.2.7
├─
b4a
^1.6.4
→ 1.8.1
├─
bare-events
^2.7.0
→ 2.9.1
├─
bare-os
^3.0.1
→ 3.9.1
├─
bare-path
^3.0.0
→ 3.0.1
├─
events-universal
^1.0.0
→ 1.0.1
├─
fast-fifo
^1.3.2
→ 1.3.2
├─
streamx
^2.25.0
→ 2.27.0
├─
streamx
^2.12.5
→ 2.27.0
├─
teex
^1.0.1
→ 1.0.1
├─
text-decoder
^1.1.0
→ 1.2.7
├─
b4a
^1.6.4
→ 1.8.1
├─
bare-events
^2.7.0
→ 2.9.1
├─
bare-os
^3.0.1
→ 3.9.1
├─
events-universal
^1.0.0
→ 1.0.1
├─
fast-fifo
^1.3.2
→ 1.3.2
├─
streamx
^2.12.5
→ 2.27.0
├─
text-decoder
^1.1.0
→ 1.2.7
Changes from v0.100.14
No metadata changes detected.
File Changes
1 added
0 removed
1 modified
size delta: +1.4 KB
Risk Dispositions (1 applicable to this version, 1 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
bogus-package |
bogus-package | reject | AI | AI (bogus-package): Both maintainers flagged as spam; stable signal for this package. |
Show 1 disposition(s) that do not match any finding on this version
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
publisher-changed |
provenance | reject | AI | AI (provenance): New publisher is SPAM-FLAGGED; generalizes to all versions published by eduardosoto. |
SAST Findings (1)
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
Review Summary
Risk score: 43. Findings: 1 critical (+40), 1 low (+3), 1 info (+0).
Published to npm: