All @everymatrix/player-active-bonuses versions

@everymatrix/[email protected] rejected Risk: 53 No license

@everymatrix/player-active-bonuses @1.86.25

rejected
This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.
npm Tarball
53
Risk Score
License
No
Install Scripts
0
Dependencies
0
Dev Dependencies
140.7 KB
Package Size
Published

Maintainers

clokzeoleksandr.v.stepanovtaras.maksymivnatalya.anisimovaemfe_releasemariana.gheorgheadrian.priponandriizadvirnyiraulvasileemstrulea.sebastianstefan.vladdragos.bodeamaria.bumbarstefanaocatalinpoclidliviuclement.everymatrixmihaibalanfrankie24

Risk Dispositions (1 applicable to this version, 0 other)

Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.

Rule Source Disposition Author Reason
publisher-changed provenance reject AI AI (provenance): Publisher swap to a zero-history account coinciding with maintainer removal is a strong takeover signal for this package.

SAST Findings (6)

HIGH Publisher changed: emfe_release → strulea.sebastian (on 2025-12-17) provenance

This version was published by a different npm account than previous versions on 2025-12-17. This could indicate a legitimate maintainer transition or an account compromise.

HIGH New obfuscated file: components/PlayerActiveBonuses-Dmi07owg.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: components/PlayerBonusCard-BCXw2v5o.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: components/PlayerActiveBonuses-BN4axLxM.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: components/PlayerActiveBonuses-MdaNzFqC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Review Summary

Risk score: 53. Findings: 1 critical (+40), 1 medium (+10), 1 low (+3), 6 info (+0).

Commit: 60c991e4d7e6

Published to npm: