All @effectstream/near-sandbox versions
@effectstream/near-sandbox @0.100.17
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
43
Risk Score
—
License
No
Install Scripts
1
Dependencies
0
Dev Dependencies
2.5 KB
Package Size
Published
NEAR sandbox binary wrapper for EffectStream
Maintainers
edwarddc
Dependencies (1)
| Package | Constraint | Registry Status |
|---|---|---|
| @xhmikosr/bin-wrapper | ^5.0.0 | auto_approved |
Transitive Dependency Tree
101 transitive deps
max depth 10
├─
@xhmikosr/bin-wrapper
^5.0.0
→ 5.0.1
├─
@xhmikosr/downloader
^9.0.0
→ 9.0.0
├─
bin-check
^4.1.0
→ 4.1.0
├─
bin-version-check
^5.0.0
├─
os-filter-obj
^2.0.0
→ 2.0.0
├─
@xhmikosr/decompress
^5.0.0
→ 5.0.0
├─
arch
^2.1.0
├─
archive-type
^4.0.0
→ 4.0.0
├─
content-disposition
^0.5.4
→ 0.5.4
├─
execa
^0.7.0
→ 0.7.0
├─
executable
^4.1.0
→ 4.1.1
├─
ext-name
^5.0.0
→ 5.0.0
├─
file-type
^12.4.2
→ 12.4.2
├─
filenamify
^5.1.1
├─
get-stream
^6.0.1
→ 6.0.1
├─
got
^11.8.5
→ 11.8.6
├─
p-event
^5.0.1
├─
@sindresorhus/is
^4.0.0
├─
@szmarczak/http-timer
^4.0.5
├─
@types/cacheable-request
^6.0.1
→ 6.0.3
├─
@types/responselike
^1.0.0
→ 1.0.3
├─
cacheable-lookup
^5.0.3
├─
cacheable-request
^7.0.2
→ 7.0.2
├─
cross-spawn
^5.0.1
├─
decompress-response
^6.0.0
├─
decompress-tar
^4.1.1
→ 4.1.1
├─
decompress-tarbz2
^4.1.1
→ 4.1.1
├─
decompress-targz
^4.1.1
→ 4.1.1
├─
decompress-unzip
^4.0.1
→ 4.0.1
├─
ext-list
^2.0.0
├─
file-type
^4.2.0
→ 4.4.0
├─
get-stream
^3.0.0
→ 3.0.0
├─
graceful-fs
^4.2.10
→ 4.2.11
├─
http2-wrapper
^1.0.0-beta.5.2
├─
is-stream
^1.1.0
→ 1.1.0
├─
lowercase-keys
^2.0.0
├─
make-dir
^3.1.0
→ 3.1.0
├─
npm-run-path
^2.0.0
├─
p-cancelable
^2.0.0
├─
p-finally
^1.0.0
├─
pify
^5.0.0
→ 5.0.0
├─
pify
^2.2.0
→ 2.3.0
├─
responselike
^2.0.0
├─
safe-buffer
5.2.1
→ 5.2.1
├─
signal-exit
^3.0.0
→ 3.0.7
├─
sort-keys-length
^1.0.0
├─
strip-dirs
^3.0.0
→ 3.0.0
├─
strip-eof
^1.0.0
→ 1.0.0
├─
@types/http-cache-semantics
*
→ 4.2.0
├─
@types/node
*
→ 25.9.3
├─
@types/responselike
^1.0.0
→ 1.0.3
├─
clone-response
^1.0.2
├─
decompress-tar
^4.1.1
→ 4.1.1
├─
decompress-tar
^4.1.0
→ 4.1.1
├─
file-type
^5.2.0
→ 5.2.0
├─
file-type
^3.8.0
→ 3.9.0
├─
file-type
^6.1.0
→ 6.2.0
├─
get-stream
^5.1.0
→ 5.2.0
├─
get-stream
^2.2.0
→ 2.3.1
├─
http-cache-semantics
^4.0.0
→ 4.2.0
├─
inspect-with-kind
^1.0.5
├─
is-plain-obj
^1.1.0
→ 1.1.0
├─
is-stream
^1.1.0
→ 1.1.0
├─
keyv
^4.0.0
→ 4.5.4
├─
lowercase-keys
^2.0.0
├─
normalize-url
^6.0.1
→ 6.1.0
├─
pify
^2.3.0
→ 2.3.0
├─
responselike
^2.0.0
├─
seek-bzip
^1.0.5
├─
semver
^6.0.0
→ 6.3.1
├─
tar-stream
^1.5.2
→ 1.6.2
├─
unbzip2-stream
^1.0.9
├─
yauzl
^2.4.2
→ 2.10.0
├─
@types/node
*
→ 25.9.3
├─
bl
^1.0.0
├─
buffer-alloc
^1.2.0
→ 1.2.0
├─
buffer-crc32
~0.2.3
→ 0.2.13
├─
end-of-stream
^1.0.0
→ 1.4.5
├─
fd-slicer
~1.1.0
→ 1.1.0
├─
file-type
^5.2.0
→ 5.2.0
├─
fs-constants
^1.0.0
→ 1.0.0
├─
is-stream
^1.1.0
→ 1.1.0
├─
json-buffer
3.0.1
→ 3.0.1
├─
object-assign
^4.0.1
→ 4.1.1
├─
pinkie-promise
^2.0.0
→ 2.0.1
├─
pump
^3.0.0
→ 3.0.4
├─
readable-stream
^2.3.0
→ 2.3.8
├─
tar-stream
^1.5.2
→ 1.6.2
├─
to-buffer
^1.1.1
→ 1.2.2
├─
undici-types
>=7.24.0 <7.24.7
→ 7.24.6
├─
xtend
^4.0.0
→ 4.0.2
├─
bl
^1.0.0
├─
buffer-alloc
^1.2.0
→ 1.2.0
├─
buffer-alloc-unsafe
^1.1.0
→ 1.1.0
├─
buffer-fill
^1.0.0
→ 1.0.0
├─
core-util-is
~1.0.0
→ 1.0.3
├─
end-of-stream
^1.1.0
→ 1.4.5
├─
end-of-stream
^1.0.0
→ 1.4.5
├─
fs-constants
^1.0.0
→ 1.0.0
├─
inherits
~2.0.3
→ 2.0.4
├─
isarray
~1.0.0
→ 1.0.0
├─
isarray
^2.0.5
→ 2.0.5
├─
once
^1.3.1
→ 1.4.0
├─
once
^1.4.0
→ 1.4.0
├─
pend
~1.2.0
→ 1.2.0
├─
pinkie
^2.0.0
├─
process-nextick-args
~2.0.0
→ 2.0.1
├─
readable-stream
^2.3.0
→ 2.3.8
├─
safe-buffer
~5.1.1
→ 5.1.2
├─
safe-buffer
^5.2.1
→ 5.2.1
├─
string_decoder
~1.1.1
→ 1.1.1
├─
to-buffer
^1.1.1
→ 1.2.2
├─
typed-array-buffer
^1.0.3
→ 1.0.3
├─
undici-types
>=7.24.0 <7.24.7
→ 7.24.6
├─
util-deprecate
~1.0.1
→ 1.0.2
├─
xtend
^4.0.0
→ 4.0.2
├─
buffer-alloc-unsafe
^1.1.0
→ 1.1.0
├─
buffer-fill
^1.0.0
→ 1.0.0
├─
call-bound
^1.0.3
→ 1.0.4
├─
core-util-is
~1.0.0
→ 1.0.3
├─
es-errors
^1.3.0
→ 1.3.0
├─
inherits
~2.0.3
→ 2.0.4
├─
is-typed-array
^1.1.14
├─
isarray
~1.0.0
→ 1.0.0
├─
isarray
^2.0.5
→ 2.0.5
├─
once
^1.4.0
→ 1.4.0
├─
process-nextick-args
~2.0.0
→ 2.0.1
├─
safe-buffer
^5.2.1
→ 5.2.1
├─
safe-buffer
~5.1.1
→ 5.1.2
├─
safe-buffer
~5.1.0
→ 5.1.2
├─
string_decoder
~1.1.1
→ 1.1.1
├─
typed-array-buffer
^1.0.3
→ 1.0.3
├─
util-deprecate
~1.0.1
→ 1.0.2
├─
wrappy
1
→ 1.0.2
├─
call-bind-apply-helpers
^1.0.2
→ 1.0.2
├─
call-bound
^1.0.3
→ 1.0.4
├─
es-errors
^1.3.0
→ 1.3.0
├─
get-intrinsic
^1.3.0
→ 1.3.1
├─
is-typed-array
^1.1.14
├─
safe-buffer
~5.1.0
→ 5.1.2
├─
wrappy
1
→ 1.0.2
├─
async-function
^1.0.0
├─
async-generator-function
^1.0.0
→ 1.0.0
├─
call-bind-apply-helpers
^1.0.2
→ 1.0.2
├─
es-define-property
^1.0.1
→ 1.0.1
├─
es-errors
^1.3.0
→ 1.3.0
├─
es-object-atoms
^1.1.1
→ 1.1.2
├─
function-bind
^1.1.2
→ 1.1.2
├─
generator-function
^2.0.0
→ 2.0.1
├─
get-intrinsic
^1.3.0
→ 1.3.1
├─
get-proto
^1.0.1
├─
gopd
^1.2.0
→ 1.2.0
├─
has-symbols
^1.1.0
→ 1.1.0
├─
hasown
^2.0.2
→ 2.0.4
├─
math-intrinsics
^1.1.0
→ 1.1.0
Changes from v0.100.14
No metadata changes detected.
File Changes
1 added
0 removed
1 modified
size delta: +1.4 KB
Risk Dispositions (1 applicable to this version, 1 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
bogus-package |
bogus-package | reject | AI | AI (bogus-package): Both maintainers flagged as spam; generalizes across versions published by these accounts. |
Show 1 disposition(s) that do not match any finding on this version
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
publisher-changed |
provenance | reject | AI | AI (provenance): New publisher eduardosoto is SPAM-FLAGGED; publisher change is disqualifying for this package. |
SAST Findings (1)
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
Review Summary
Risk score: 43. Findings: 1 critical (+40), 1 low (+3), 2 info (+0).
Published to npm: