All babel-generator versions

[email protected] rejected Risk: 35 MIT

babel-generator @6.3.1

rejected
This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.
npm Repository Homepage Tarball
35
Risk Score
MIT
License
No
Install Scripts
9
Dependencies
2
Dev Dependencies
20.2 KB
Package Size
Published

Turns an AST into code.

Maintainers

amasadhzoojmmloganfsmythsebmckthejameskyle

Dependencies (9)

PackageConstraintRegistry Status
lodash ^3.10.1 auto_approved
repeating ^1.1.3 auto_approved
is-integer ^1.0.4 auto_approved
source-map ^0.5.0 auto_approved
trim-right ^1.0.1 auto_approved
babel-types ^6.3.0 auto_approved
babel-runtime ^5.0.0 auto_approved
detect-indent ^3.0.1 auto_approved
babel-messages ^6.2.0 auto_approved

Dev Dependencies (2)

PackageConstraintRegistry Status
babylon ^6.3.0 auto_approved
babel-helper-fixtures ^6.1.18 Not imported

Transitive Dependency Tree

15 transitive deps max depth 3
  ├─ babel-messages ^6.2.0 → 6.23.0
  ├─ babel-runtime ^5.0.0 → 5.8.25
  ├─ babel-types ^6.3.0 → 6.26.0
  ├─ detect-indent ^3.0.1 → 3.0.1
  ├─ is-integer ^1.0.4 → 1.0.7
  ├─ lodash ^3.10.1
  ├─ repeating ^1.1.3 → 1.1.3
  ├─ source-map ^0.5.0 → 0.5.7
├─ trim-right ^1.0.1 → 1.0.1
  ├─ babel-runtime ^6.22.0
  ├─ babel-runtime ^6.26.0
  ├─ core-js ^1.0.0 → 1.2.7
  ├─ esutils ^2.0.2 → 2.0.3
  ├─ get-stdin ^4.0.1 → 4.0.1
  ├─ is-finite ^1.0.0 → 1.1.0
  ├─ lodash ^4.17.4 → 4.18.1
  ├─ minimist ^1.1.0 → 1.2.8
  ├─ repeating ^1.1.0 → 1.1.3
├─ to-fast-properties ^1.0.3
  ├─ is-finite ^1.0.0 → 1.1.0

Changes from v6.2.4

Dependency Changes

ChangePackageVersion
changed babel-types ^6.2.4 → ^6.3.0
changed babel-messages ^6.2.4 → ^6.2.0

File Changes

1 added 0 removed 2 modified size delta: +7.3 KB

Risk Dispositions (1 applicable to this version, 0 other)

Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.

Rule Source Disposition Author Reason
publisher-changed provenance reject AI AI (provenance): Publisher changed to a SPAM-FLAGGED account (amasad); this is a hard reject signal that generalizes across versions published by this account.

SAST Findings (3)

HIGH Publisher changed: sebmck → amasad (on 2015-12-01) provenance

This version was published by a different npm account than previous versions on 2015-12-01. This could indicate a legitimate maintainer transition or an account compromise.

HIGH Low-value / spam package indicators (3 signals, score 7) bogus-package

Matched 3 signal(s), weighted score 7: • [S_KNOWN_SPAM_PUBLISHER] Maintainer(s) previously flagged as spam: amasad, loganfsmyth, hzoo, jmm, sebmck, thejameskyle. • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'loganfsmyth' owns 167 packages, ≥70% share a templated name shape. • [S_NO_KEYWORDS] No keywords declared.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Review Summary

Risk score: 35. Findings: 1 high (+25), 1 medium (+10), 2 info (+0).

Published to npm: