codecov @3.7.1
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
48
Risk Score
MIT
License
No
Install Scripts
5
Dependencies
7
Dev Dependencies
20.4 KB
Package Size
Published
Uploading report to Codecov: https://codecov.io
Maintainers
drazisileddiemoorestevepeak
Keywords
coveragecode-coveragecodecov.iocodecov
Dependencies (5)
| Package | Constraint | Registry Status |
|---|---|---|
| argv | 0.0.2 | auto_approved |
| js-yaml | 3.13.1 | auto_approved |
| urlgrey | 0.4.4 | auto_approved |
| ignore-walk | 3.0.3 | auto_approved |
| teeny-request | 6.0.1 | auto_approved |
Dev Dependencies (7)
| Package | Constraint | Registry Status |
|---|---|---|
| jest | ^24.8.0 | auto_approved |
| husky | 4.2.1 | auto_approved |
| eslint | ^5.16.0 | auto_approved |
| mock-fs | 4.10.4 | auto_approved |
| prettier | 1.19.1 | auto_approved |
| lint-staged | 10.0.7 | auto_approved |
| eslint-config-prettier | ^4.1.0 | auto_approved |
Transitive Dependency Tree
22 transitive deps
max depth 5
├─
argv
0.0.2
→ 0.0.2
├─
ignore-walk
3.0.3
→ 3.0.3
├─
js-yaml
3.13.1
├─
teeny-request
6.0.1
→ 6.0.1
├─
urlgrey
0.4.4
→ 0.4.4
├─
http-proxy-agent
^4.0.0
→ 4.0.1
├─
https-proxy-agent
^4.0.0
→ 4.0.0
├─
minimatch
^3.0.4
→ 3.1.5
├─
node-fetch
^2.2.0
→ 2.6.13
├─
stream-events
^1.0.5
→ 1.0.5
├─
uuid
^3.3.2
→ 3.4.0
├─
@tootallnate/once
1
→ 1.1.2
├─
agent-base
6
→ 6.0.2
├─
agent-base
5
→ 5.1.1
├─
brace-expansion
^1.1.7
→ 1.1.14
├─
debug
4
→ 4.4.3
├─
stubs
^3.0.0
→ 3.0.0
├─
whatwg-url
^5.0.0
→ 5.0.0
├─
balanced-match
^1.0.0
→ 1.0.2
├─
concat-map
0.0.1
→ 0.0.1
├─
debug
4
→ 4.4.3
├─
ms
^2.1.3
→ 2.1.3
├─
tr46
~0.0.3
→ 0.0.3
├─
webidl-conversions
^3.0.0
→ 3.0.1
├─
ms
^2.1.3
→ 2.1.3
Changes from v1.0.1
Dependency Changes
| Change | Package | Version |
|---|---|---|
| added | js-yaml | 3.13.1 |
| added | ignore-walk | 3.0.3 |
| added | teeny-request | 6.0.1 |
| removed | request | >=2.42.0 |
| removed | execSync | 1.0.2 |
| changed | argv | >=0.0.2 → 0.0.2 |
| changed | urlgrey | >=0.4.0 → 0.4.4 |
Script Changes
+ lint+ pretestFile Changes
47 added
18 removed
21 modified
size delta: +36.2 KB
SAST Findings (2)
HIGH
Publisher changed: eddiemoore → drazisil (on 2020-07-17)
provenance
This version was published by a different npm account than previous versions on 2020-07-17. This could indicate a legitimate maintainer transition or an account compromise.
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
Review Summary
Risk score: 48. Findings: 1 high (+25), 2 medium (+20), 1 low (+3), 4 info (+0).
Commit: 29dd5b6b039c Browse source
Published to npm: