All @mediapipe/tasks-vision versions
@mediapipe/tasks-vision @0.10.32
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
48
Risk Score
—
License
No
Install Scripts
0
Dependencies
0
Dev Dependencies
6776.4 KB
Package Size
Published
Maintainers
mrschmidtdancingplatypusgoogle-wombotchuolingtmullendelhibabulinchanakashvverma1995
Keywords
ARMLAugmentedMediaPipeMediaPipe Tasks
Changes from v0.10.17
No metadata changes detected.
File Changes
0 added
0 removed
11 modified
size delta: +3113.9 KB
Risk Dispositions (2 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
publisher-changed |
provenance | reject | AI | AI (provenance): Publisher changed from known Google/MediaPipe engineer (mrschmidt) to unaffiliated account (delhibabu) with a poor track record; this is not a legitimate transition for an official Google package. | |
dormant-publish |
publish-pattern | reject | AI | AI (publish-pattern): 476-day dormancy followed by publish from a new, unaffiliated account strongly indicates account compromise for this official Google package. |
SAST Findings (2)
HIGH
Publisher changed: mrschmidt → delhibabu (on 2026-01-22)
provenance
This version was published by a different npm account than previous versions on 2026-01-22. This could indicate a legitimate maintainer transition or an account compromise.
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
Review Summary
Risk score: 48. Findings: 1 high (+25), 2 medium (+20), 1 low (+3).
Published to npm: