All @redhat-cloud-services/javascript-clients-shared versions
@redhat-cloud-services/javascript-clients-shared @2.0.9
If you want to use [RedHatInsights/shared](https://github.com/RedHatInsights/shared) you shouldn't use get requests directly, but rather use this client to integrate with this service.
Maintainers
Dependencies (2)
| Package | Constraint | Registry Status |
|---|---|---|
| axios | ^1.15.0 | auto_approved |
| tslib | ^2.6.2 | auto_approved |
Transitive Dependency Tree
Changes from v2.0.7
Dependency Changes
Script Changes
+ preinstallFile Changes
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
install-script:preinstall |
— | reject | sean | https://safedep.io/redhat-cloud-services-hit-by-mini-shai-hulud-npm-worm/ |
SAST Findings (4)
Script: node index.js
This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Review Summary
Risk score: 100 (capped from 103). Findings: 1 critical (+40), 2 high (+50), 1 medium (+10), 1 low (+3), 2 info (+0).
Published to npm: