All @mui/x-data-grid-premium versions

@mui/[email protected] rejected Risk: 100 No license

@mui/x-data-grid-premium @7.29.13

rejected
This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.
npm Repository Homepage Tarball
100
Risk Score
License
No
Install Scripts
11
Dependencies
0
Dev Dependencies
160.9 KB
Package Size
Published

Maintainers

cherniavskiilukastylaalexandrefauquettedanailhflaviendelangleoliviertassinarimbilalshafijcquintaskyusufmichelengelennoraleontearminmehromgrkbernardobelchiorrita-codesjanpotoms

Keywords

reactreact-componentmaterial-uimuimui-xreact-tabletabledatatabledata-tabledatagriddata-grid

Dependencies (11)

PackageConstraintRegistry Status
clsx ^2.1.1 auto_approved
exceljs ^4.4.0 auto_approved
reselect ^5.1.1 auto_approved
@mui/utils ^5.16.6 || ^6.0.0 || ^7.0.0 auto_approved
prop-types ^15.8.1 auto_approved
@babel/runtime ^7.25.7 auto_approved
@mui/x-license 7.29.1 auto_approved
@mui/x-data-grid 7.29.13 needs_review
@mui/x-internals 7.29.0 auto_approved
@types/format-util ^1.0.4 Not imported
@mui/x-data-grid-pro 7.29.13 auto_approved

Transitive Dependency Tree

88 transitive deps max depth 8
  ├─ @babel/runtime ^7.25.7 → 7.29.2
  ├─ @mui/utils ^5.16.6 || ^6.0.0 || ^7.0.0 → 7.3.10
  ├─ @mui/x-data-grid 7.29.13
  ├─ @mui/x-data-grid-pro 7.29.13
  ├─ @mui/x-internals 7.29.0
  ├─ @mui/x-license 7.29.1
  ├─ @types/format-util ^1.0.4
  ├─ clsx ^2.1.1 → 2.1.1
  ├─ exceljs ^4.4.0 → 4.4.0
  ├─ prop-types ^15.8.1 → 15.8.1
├─ reselect ^5.1.1 → 5.1.1
  ├─ @babel/runtime ^7.28.6 → 7.29.2
  ├─ @mui/types ^7.4.12 → 7.4.12
  ├─ @types/prop-types ^15.7.15 → 15.7.15
  ├─ archiver ^5.0.0 → 5.3.2
  ├─ clsx ^2.1.1 → 2.1.1
  ├─ dayjs ^1.8.34 → 1.11.20
  ├─ fast-csv ^4.3.1 → 4.3.6
  ├─ jszip ^3.10.1 → 3.10.1
  ├─ loose-envify ^1.4.0 → 1.4.0
  ├─ object-assign ^4.1.1 → 4.1.1
  ├─ prop-types ^15.8.1 → 15.8.1
  ├─ react-is ^19.2.3 → 19.2.5
  ├─ react-is ^16.13.1 → 16.13.1
  ├─ readable-stream ^3.6.0 → 3.6.2
  ├─ saxes ^5.0.1
  ├─ tmp ^0.2.0 → 0.2.5
  ├─ unzipper ^0.10.11 → 0.10.14
├─ uuid ^8.3.0 → 8.3.2
  ├─ @babel/runtime ^7.28.6 → 7.29.2
  ├─ @fast-csv/format 4.3.5 → 4.3.5
  ├─ @fast-csv/parse 4.3.6 → 4.3.6
  ├─ archiver-utils ^2.1.0 → 2.1.0
  ├─ async ^3.2.4 → 3.2.6
  ├─ big-integer ^1.6.17 → 1.6.52
  ├─ binary ~0.3.0 → 0.3.0
  ├─ bluebird ~3.4.1 → 3.4.7
  ├─ buffer-crc32 ^0.2.1 → 0.2.13
  ├─ buffer-indexof-polyfill ~1.0.0 → 1.0.2
  ├─ duplexer2 ~0.1.4 → 0.1.4
  ├─ fstream ^1.0.12
  ├─ graceful-fs ^4.2.2 → 4.2.11
  ├─ inherits ^2.0.3 → 2.0.4
  ├─ js-tokens ^3.0.0 || ^4.0.0 → 4.0.0
  ├─ lie ~3.3.0 → 3.3.0
  ├─ listenercount ~1.0.1 → 1.0.1
  ├─ loose-envify ^1.4.0 → 1.4.0
  ├─ object-assign ^4.1.1 → 4.1.1
  ├─ pako ~1.0.2 → 1.0.11
  ├─ react-is ^16.13.1 → 16.13.1
  ├─ readable-stream ^3.6.0 → 3.6.2
  ├─ readable-stream ~2.3.6 → 2.3.7
  ├─ readable-stream ~2.3.6 → 2.3.8
  ├─ readdir-glob ^1.1.2 → 1.1.3
  ├─ setimmediate ^1.0.5
  ├─ setimmediate ~1.0.4 → 1.0.4
  ├─ string_decoder ^1.1.1 → 1.3.0
  ├─ tar-stream ^2.2.0 → 2.2.0
  ├─ util-deprecate ^1.0.1 → 1.0.2
├─ zip-stream ^4.1.0 → 4.1.1
  ├─ @types/node ^14.0.1 → 14.18.63
  ├─ archiver-utils ^3.0.4 → 3.0.4
  ├─ bl ^4.0.3
  ├─ buffers ~0.1.1 → 0.1.1
  ├─ chainsaw ~0.1.0 → 0.1.0
  ├─ compress-commons ^4.1.2 → 4.1.2
  ├─ core-util-is ~1.0.0 → 1.0.3
  ├─ end-of-stream ^1.4.1 → 1.4.5
  ├─ fs-constants ^1.0.0 → 1.0.0
  ├─ glob ^7.1.4 → 7.1.7
  ├─ graceful-fs ^4.2.0 → 4.2.11
  ├─ immediate ~3.0.5
  ├─ inherits ~2.0.3 → 2.0.4
  ├─ inherits ^2.0.3 → 2.0.4
  ├─ isarray ~1.0.0 → 1.0.0
  ├─ js-tokens ^3.0.0 || ^4.0.0 → 4.0.0
  ├─ lazystream ^1.0.0 → 1.0.1
  ├─ lodash.defaults ^4.2.0 → 4.2.0
  ├─ lodash.difference ^4.5.0 → 4.5.0
  ├─ lodash.escaperegexp ^4.1.2 → 4.1.2
  ├─ lodash.flatten ^4.4.0 → 4.4.0
  ├─ lodash.groupby ^4.6.0 → 4.6.0
  ├─ lodash.isboolean ^3.0.3 → 3.0.3
  ├─ lodash.isequal ^4.5.0 → 4.5.0
  ├─ lodash.isfunction ^3.0.9 → 3.0.9
  ├─ lodash.isnil ^4.0.0 → 4.0.0
  ├─ lodash.isplainobject ^4.0.6 → 4.0.6
  ├─ lodash.isundefined ^3.0.1 → 3.0.1
  ├─ lodash.union ^4.6.0 → 4.6.0
  ├─ lodash.uniq ^4.5.0 → 4.5.0
  ├─ minimatch ^5.1.0 → 5.1.9
  ├─ normalize-path ^3.0.0 → 3.0.0
  ├─ process-nextick-args ~2.0.0 → 2.0.1
  ├─ readable-stream ^2.0.2 → 2.3.8
  ├─ readable-stream ^2.0.0 → 2.3.8
  ├─ readable-stream ^3.1.1 → 3.6.2
  ├─ readable-stream ^3.6.0 → 3.6.2
  ├─ safe-buffer ~5.1.1 → 5.1.2
  ├─ safe-buffer ~5.2.0 → 5.2.1
  ├─ string_decoder ^1.1.1 → 1.3.0
  ├─ string_decoder ~1.1.1 → 1.1.1
  ├─ util-deprecate ~1.0.1 → 1.0.2
├─ util-deprecate ^1.0.1 → 1.0.2
  ├─ brace-expansion ^2.0.1 → 2.1.0
  ├─ buffer-crc32 ^0.2.13 → 0.2.13
  ├─ core-util-is ~1.0.0 → 1.0.3
  ├─ crc32-stream ^4.0.2 → 4.0.3
  ├─ fs.realpath ^1.0.0
  ├─ glob ^7.2.3
  ├─ graceful-fs ^4.2.0 → 4.2.11
  ├─ inflight ^1.0.4
  ├─ inherits ^2.0.3 → 2.0.4
  ├─ inherits ~2.0.3 → 2.0.4
  ├─ inherits 2 → 2.0.4
  ├─ isarray ~1.0.0 → 1.0.0
  ├─ lazystream ^1.0.0 → 1.0.1
  ├─ lodash.defaults ^4.2.0 → 4.2.0
  ├─ lodash.difference ^4.5.0 → 4.5.0
  ├─ lodash.flatten ^4.4.0 → 4.4.0
  ├─ lodash.isplainobject ^4.0.6 → 4.0.6
  ├─ lodash.union ^4.6.0 → 4.6.0
  ├─ minimatch ^3.0.4 → 3.1.5
  ├─ normalize-path ^3.0.0 → 3.0.0
  ├─ once ^1.3.0 → 1.4.0
  ├─ once ^1.4.0 → 1.4.0
  ├─ path-is-absolute ^1.0.0 → 1.0.1
  ├─ process-nextick-args ~2.0.0 → 2.0.1
  ├─ readable-stream ^2.0.5 → 2.3.7
  ├─ readable-stream ^3.6.0 → 3.6.2
  ├─ safe-buffer ~5.1.1 → 5.1.2
  ├─ safe-buffer ~5.2.0 → 5.2.1
  ├─ safe-buffer ~5.1.0 → 5.1.2
  ├─ string_decoder ^1.1.1 → 1.3.0
  ├─ string_decoder ~1.1.1 → 1.1.1
  ├─ traverse >=0.3.0 <0.4 → 0.3.9
  ├─ util-deprecate ~1.0.1 → 1.0.2
├─ util-deprecate ^1.0.1 → 1.0.2
  ├─ balanced-match ^1.0.0 → 1.0.2
  ├─ brace-expansion ^1.1.7 → 1.1.14
  ├─ core-util-is ~1.0.0 → 1.0.3
  ├─ crc-32 ^1.2.0 → 1.2.2
  ├─ inherits ~2.0.3 → 2.0.4
  ├─ inherits ^2.0.3 → 2.0.4
  ├─ isarray ~1.0.0 → 1.0.0
  ├─ process-nextick-args ~2.0.0 → 2.0.1
  ├─ readable-stream ^2.0.5 → 2.3.7
  ├─ readable-stream ^3.4.0 → 3.6.2
  ├─ safe-buffer ~5.2.0 → 5.2.1
  ├─ safe-buffer ~5.1.1 → 5.1.2
  ├─ safe-buffer ~5.1.0 → 5.1.2
  ├─ string_decoder ~1.1.1 → 1.1.1
  ├─ string_decoder ^1.1.1 → 1.3.0
  ├─ util-deprecate ^1.0.1 → 1.0.2
  ├─ util-deprecate ~1.0.1 → 1.0.2
├─ wrappy 1 → 1.0.2
  ├─ balanced-match ^1.0.0 → 1.0.2
  ├─ concat-map 0.0.1 → 0.0.1
  ├─ core-util-is ~1.0.0 → 1.0.3
  ├─ inherits ~2.0.3 → 2.0.4
  ├─ inherits ^2.0.3 → 2.0.4
  ├─ isarray ~1.0.0 → 1.0.0
  ├─ process-nextick-args ~2.0.0 → 2.0.1
  ├─ safe-buffer ~5.1.1 → 5.1.2
  ├─ safe-buffer ~5.1.0 → 5.1.2
  ├─ safe-buffer ~5.2.0 → 5.2.1
  ├─ string_decoder ~1.1.1 → 1.1.1
  ├─ string_decoder ^1.1.1 → 1.3.0
  ├─ util-deprecate ^1.0.1 → 1.0.2
├─ util-deprecate ~1.0.1 → 1.0.2
  ├─ safe-buffer ~5.2.0 → 5.2.1
  ├─ safe-buffer ~5.1.0 → 5.1.2

Changes from v9.0.3

Dependency Changes

ChangePackageVersion
added exceljs ^4.4.0
added reselect ^5.1.1
added @types/format-util ^1.0.4
removed @mui/x-internal-exceljs-fork 4.4.5
changed @mui/utils 9.0.0 → ^5.16.6 || ^6.0.0 || ^7.0.0
changed @babel/runtime ^7.29.2 → ^7.25.7
changed @mui/x-license ^9.0.2 → 7.29.1
changed @mui/x-data-grid ^9.0.3 → 7.29.13
changed @mui/x-internals ^9.0.0 → 7.29.0
changed @mui/x-data-grid-pro ^9.0.3 → 7.29.13

File Changes

176 added 560 removed 118 modified size delta: -718.5 KB

Risk Dispositions (2 applicable to this version, 0 other)

Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.

Rule Source Disposition Author Reason
regressed-provenance provenance reject AI AI (provenance): Provenance regression on an established package is a strong account-compromise indicator; generalizes until CI publishing is restored.
publisher-changed provenance reject AI AI (provenance): Publisher switch from GitHub Actions to human account coincides with provenance loss and structural package changes — high-risk pattern.

SAST Findings (4)

HIGH Provenance attestation missing — previous versions had it provenance

This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.

HIGH Publisher changed: GitHub Actions → michelengelen (on 2026-04-28) provenance

This version was published by a different npm account than previous versions on 2026-04-28. This could indicate a legitimate maintainer transition or an account compromise.

HIGH New file with network + code execution: esm/DataGridPremium/DataGridPremium.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New file with network + code execution: modern/DataGridPremium/DataGridPremium.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

Review Summary

Risk score: 100 (capped from 149). Findings: 4 high (+100), 4 medium (+40), 3 low (+9), 1 info (+0).

Published to npm: