@wdio/utils @7.40.0
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
50
Risk Score
MIT
License
No
Install Scripts
3
Dependencies
0
Dev Dependencies
24.6 KB
Package Size
Published
A WDIO helper utility to provide several utility functions used across the project.
Maintainers
christian-bromannwdio-userwswebcreation-nl
Keywords
webdriveriowebdriverwdioutils
Dependencies (3)
| Package | Constraint | Registry Status |
|---|---|---|
| @wdio/types | 7.40.0 | rejected |
| p-iteration | ^1.1.8 | auto_approved |
| @wdio/logger | 7.26.0 | auto_approved |
Transitive Dependency Tree
12 transitive deps
max depth 4
├─
@wdio/logger
7.26.0
→ 7.26.0
├─
@wdio/types
7.40.0
→ 7.40.0
├─
p-iteration
^1.1.8
→ 1.1.8
├─
chalk
^4.0.0
→ 4.1.2
├─
loglevel
^1.6.0
→ 1.9.2
├─
loglevel-plugin-prefix
^0.8.4
→ 0.8.4
├─
strip-ansi
^6.0.0
→ 6.0.1
├─
ansi-regex
^5.0.1
→ 5.0.1
├─
ansi-styles
^4.1.0
→ 4.3.0
├─
supports-color
^7.1.0
→ 7.2.0
├─
color-convert
^2.0.1
├─
has-flag
^4.0.0
→ 4.0.0
Changes from v8.41.0
Dependency Changes
| Change | Package | Version |
|---|---|---|
| added | p-iteration | ^1.1.8 |
| removed | split2 | ^4.2.0 |
| removed | get-port | ^7.0.0 |
| removed | wait-port | ^1.0.4 |
| removed | decamelize | ^6.0.0 |
| removed | edgedriver | ^5.5.0 |
| removed | locate-app | ^2.1.0 |
| removed | geckodriver | ~4.2.0 |
| removed | deepmerge-ts | ^5.1.0 |
| removed | safaridriver | ^0.1.0 |
| removed | @puppeteer/browsers | ^1.6.0 |
| removed | import-meta-resolve | ^4.0.0 |
| changed | @wdio/types | 8.41.0 → 7.40.0 |
| changed | @wdio/logger | 8.38.0 → 7.26.0 |
File Changes
6 added
25 removed
33 modified
size delta: -63.8 KB
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
regressed-provenance |
provenance | reject | AI | AI (provenance): This package has a consistent history of CI/CD provenance attestations; any version missing attestation should be rejected as a potential unauthorized publish. |
SAST Findings (1)
CRITICAL
Provenance attestation missing — previous versions had it
provenance
[Always reject] This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.
Review Summary
Risk score: 50. Findings: 1 critical (+40), 1 medium (+10).
Commit: 6d44a39b17ed Browse source
Published to npm: