All @orion-js/helpers versions

@orion-js/[email protected] rejected Risk: 59 No license

@orion-js/helpers @4.3.0

rejected
This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.
npm Tarball
59
Risk Score
License
No
Install Scripts
1
Dependencies
3
Dev Dependencies
17.6 KB
Package Size
Published

Maintainers

nicolaslopezj

Dependencies (1)

PackageConstraintRegistry Status
uuid ^11.1.0 auto_approved

Dev Dependencies (3)

PackageConstraintRegistry Status
tsup ^8.0.1 auto_approved
typescript ^5.4.5 auto_approved
@types/node ^18.0.0 auto_approved

Transitive Dependency Tree

1 transitive deps max depth 1
  ├─ uuid ^11.1.0 → 11.1.0

Changes from v4.0.1

Dependency Changes

Script Changes

+ prepare - upgrade-interactive

File Changes

0 added 1 removed 5 modified size delta: -1.0 KB

Risk Dispositions (1 applicable to this version, 2 other)

Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.

Rule Source Disposition Author Reason
dormant-publish publish-pattern reject AI AI (publish-pattern): 1756-day dormancy followed by publisher change is a canonical account-takeover pattern.
Show 2 disposition(s) that do not match any finding on this version
Rule Source Disposition Author Reason
publisher-changed provenance reject AI AI (provenance): New publisher with zero track record after years of dormancy; strong takeover indicator for this package.
new-deps-added publish-pattern reject AI AI (publish-pattern): kafkajs added to a helpers package with no direct imports matches supply-chain injection pattern.

SAST Findings (1)

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Review Summary

Risk score: 59. Findings: 1 critical (+40), 1 medium (+10), 3 low (+9), 1 info (+0).

Commit: a485b1fe6a18

Published to npm: