All @zenithbuild/compiler versions
@zenithbuild/compiler @0.7.5
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
40
Risk Score
—
License
No
Install Scripts
0
Dependencies
2
Dev Dependencies
2.4 KB
Package Size
Published
Internal meta package for the Zenith compiler.
Maintainers
judahsullivan
Dev Dependencies (2)
| Package | Constraint | Registry Status |
|---|---|---|
| typescript | ^5 | auto_approved |
| @types/node | latest | auto_approved |
Risk Dispositions (1 applicable to this version, 1 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
bogus-package |
bogus-package | reject | AI | AI (bogus-package): No repo, no homepage, no deps — sparse metadata pattern consistent with a throwaway/malicious package; stable signal for this package. |
Show 1 disposition(s) that do not match any finding on this version
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
bundled-binaries |
npm-metadata | reject | AI | AI (npm-metadata): Package's core artifact is a precompiled native binary with no verifiable source repo; risk generalizes across versions. |
SAST Findings (1)
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Review Summary
Risk score: 40. Findings: 1 critical (+40), 1 info (+0).
Commit: a770c7f4cd14 Browse source
Published to npm: