All @mapbox/geojsonhint versions
@mapbox/geojsonhint @1.2.1
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
85
Risk Score
ISC
License
No
Install Scripts
5
Dependencies
6
Dev Dependencies
17.0 KB
Package Size
Published
validate and sanity-check geojson files
Maintainers
aaronlidmanaarthykcajashtonajithrankaaliceykuoalinapazalulshamishas157amyleewandreasviglakisansisapendletonarunasankbatpadbenjamintdbhouselbkowshikbrendanmcfarlandbsudekumcamillacaroscamilleannechaupowcolleenmcginnisdanieljhdanpatdanswickdavidtheclarkdnomadbdthompsonemilymcafeeemilymduboisenffreenerdgeohackerghoshkajgretacbian29ianshwardingallsisiyujacquestardiejfirebaughjothirnadhjrpruit1kaibot3000kaidalgleishkarenzsheakaritotpkatydecorahkkaeferk-mahoneylaurierlbudlily-chail-rlucaswojlxbarthlyzidiamondmapbox-adminmapsammateovmattfickemayaqgaomcwhittemoremiccolismiles-devmokobmollymerpmorganherlockermournermsirenkonatslaughternickcordellanickidlugashoinioxidasepdgoodmanperrygeoplanemadpratikyadavrclarkrodowirub21rumcryan-baumannsaikia.abhisheksamanbbsbma44scothisspringmeyersrividyacbtcqlthemarextmcwtony-cjtristenuvollmervincentsvirginiayungwho8mycakeswillwhitexrwangyhahnzmully
Keywords
geojsonhint
Dependencies (5)
| Package | Constraint | Registry Status |
|---|---|---|
| chalk | ^1.1.0 | auto_approved |
| minimist | 1.1.1 | auto_approved |
| text-table | ^0.2.0 | auto_approved |
| concat-stream | ~1.4.4 | auto_approved |
| jsonlint-lines | 1.7.1 | auto_approved |
Dev Dependencies (6)
| Package | Constraint | Registry Status |
|---|---|---|
| tap | ~1.3.1 | auto_approved |
| glob | ~3.2.6 | auto_approved |
| eslint | ^1.10.3 | auto_approved |
| fuzzer | ~0.1.0 | Not imported |
| benchmark | ^1.0.0 | auto_approved |
| eslint-config-unstyled | ^1.1.0 | Not imported |
Transitive Dependency Tree
20 transitive deps
max depth 4
├─
chalk
^1.1.0
→ 1.1.3
├─
concat-stream
~1.4.4
→ 1.4.11
├─
jsonlint-lines
1.7.1
→ 1.7.1
├─
minimist
1.1.1
├─
text-table
^0.2.0
→ 0.2.0
├─
ansi-styles
^2.2.1
→ 2.2.1
├─
escape-string-regexp
^1.0.2
→ 1.0.5
├─
has-ansi
^2.0.0
→ 2.0.0
├─
inherits
~2.0.1
→ 2.0.4
├─
nomnom
>= 1.5.x
→ 1.8.1
├─
readable-stream
~1.1.9
→ 1.1.14
├─
strip-ansi
^3.0.0
→ 3.0.1
├─
supports-color
^2.0.0
→ 2.0.0
├─
typedarray
~0.0.5
→ 0.0.7
├─
ansi-regex
^2.0.0
→ 2.1.1
├─
chalk
~0.4.0
→ 0.4.0
├─
core-util-is
~1.0.0
→ 1.0.3
├─
inherits
~2.0.1
→ 2.0.4
├─
isarray
0.0.1
├─
string_decoder
~0.10.x
→ 0.10.31
├─
underscore
~1.6.0
├─
ansi-styles
~1.0.0
→ 1.0.0
├─
has-color
~0.1.0
→ 0.1.7
├─
strip-ansi
~0.1.0
Changes from v2.0.0
Dependency Changes
| Change | Package | Version |
|---|---|---|
| added | chalk | ^1.1.0 |
| added | text-table | ^0.2.0 |
| removed | vfile | 2.0.0 |
| removed | vfile-reporter | 3.0.0 |
| changed | minimist | 1.2.0 → 1.1.1 |
| changed | concat-stream | ~1.5.1 → ~1.4.4 |
Script Changes
- prepublishFile Changes
7 added
3 removed
5 modified
size delta: -16.8 KB
Risk Dispositions (2 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
unclaimed-email:gmail.colm |
email-domain | reject | AI | AI (email-domain): Typo domain gmail.colm is unregistered and could be claimed by an attacker to hijack maintainer identity. This risk persists across all versions until the email is corrected. | |
unclaimed-email:wilhel.me |
email-domain | reject | AI | AI (email-domain): Domain wilhel.me has no DNS records and could be registered by an attacker to hijack maintainer identity. Risk persists until email is corrected. |
SAST Findings (3)
HIGH
Unclaimed maintainer email domain: gmail.colm
email-domain
Maintainer email '[email protected]' uses domain 'gmail.colm' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
HIGH
Unclaimed maintainer email domain: wilhel.me
email-domain
Maintainer email '[email protected]' uses domain 'wilhel.me' which has no DNS records. An attacker could register this domain to hijack the maintainer identity.
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
Review Summary
Risk score: 85. Findings: 2 high (+50), 2 medium (+20), 5 low (+15).
Commit: d4d01037ef8f Browse source
Published to npm: