All expect-webdriverio versions
expect-webdriverio @3.7.0
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
25
Risk Score
MIT
License
No
Install Scripts
2
Dependencies
16
Dev Dependencies
16.1 KB
Package Size
Published
WebdriverIO Assertion Library
Maintainers
christian-bromannwdio-userwswebcreation-nlwillbrockmgrybykklampingabjerstedterwinheitzman
Keywords
expect-webdriverioexpectwebdriveriowdio
Dependencies (2)
| Package | Constraint | Registry Status |
|---|---|---|
| expect | ^28.1.0 | auto_approved |
| jest-matcher-utils | ^28.1.0 | auto_approved |
Dev Dependencies (16)
| Package | Constraint | Registry Status |
|---|---|---|
| jest | ^28.1.0 | auto_approved |
| husky | ^8.0.1 | auto_approved |
| eslint | ^8.15.0 | auto_approved |
| rimraf | ^3.0.2 | auto_approved |
| shelljs | ^0.8.5 | auto_approved |
| ts-jest | ^28.0.2 | auto_approved |
| ts-node | ^10.7.0 | auto_approved |
| release-it | ^15.0.0 | auto_approved |
| typescript | ^4.6.4 | auto_approved |
| @types/jest | ^27.5.1 | auto_approved |
| @types/node | ^15.14.0 | auto_approved |
| npm-run-all | ^4.1.5 | auto_approved |
| webdriverio | ^7.19.7 | rejected |
| @types/jasmine | ^4.0.3 | auto_approved |
| @typescript-eslint/parser | ^5.23.0 | auto_approved |
| @typescript-eslint/eslint-plugin | ^5.23.0 | auto_approved |
Transitive Dependency Tree
42 transitive deps
max depth 7
├─
expect
^28.1.0
→ 28.1.3
├─
jest-matcher-utils
^28.1.0
→ 28.1.3
├─
@jest/expect-utils
^28.1.3
→ 28.1.3
├─
chalk
^4.0.0
→ 4.1.2
├─
jest-diff
^28.1.3
→ 28.1.3
├─
jest-get-type
^28.0.2
→ 28.0.2
├─
jest-matcher-utils
^28.1.3
→ 28.1.3
├─
jest-message-util
^28.1.3
→ 28.1.3
├─
jest-util
^28.1.3
→ 28.1.3
├─
pretty-format
^28.1.3
→ 28.1.3
├─
@babel/code-frame
^7.12.13
→ 7.29.0
├─
@jest/schemas
^28.1.3
→ 28.1.3
├─
@jest/types
^28.1.3
→ 28.1.3
├─
@types/node
*
→ 25.6.0
├─
@types/stack-utils
^2.0.0
→ 2.0.3
├─
ansi-regex
^5.0.1
→ 5.0.1
├─
ansi-styles
^5.0.0
→ 5.2.0
├─
ansi-styles
^4.1.0
→ 4.3.0
├─
chalk
^4.0.0
→ 4.1.2
├─
ci-info
^3.2.0
→ 3.9.0
├─
diff-sequences
^28.1.1
→ 28.1.1
├─
graceful-fs
^4.2.9
→ 4.2.11
├─
jest-diff
^28.1.3
→ 28.1.3
├─
jest-get-type
^28.0.2
→ 28.0.2
├─
micromatch
^4.0.4
→ 4.0.8
├─
picomatch
^2.2.3
→ 2.3.2
├─
pretty-format
^28.1.3
→ 28.1.3
├─
react-is
^18.0.0
→ 18.3.1
├─
slash
^3.0.0
→ 3.0.0
├─
stack-utils
^2.0.3
→ 2.0.6
├─
supports-color
^7.1.0
→ 7.2.0
├─
@babel/helper-validator-identifier
^7.28.5
→ 7.28.5
├─
@jest/schemas
^28.1.3
→ 28.1.3
├─
@sinclair/typebox
^0.24.1
├─
@types/istanbul-lib-coverage
^2.0.0
→ 2.0.6
├─
@types/istanbul-reports
^3.0.0
→ 3.0.4
├─
@types/node
*
→ 25.6.0
├─
@types/yargs
^17.0.8
→ 17.0.35
├─
ansi-regex
^5.0.1
→ 5.0.1
├─
ansi-styles
^4.1.0
→ 4.3.0
├─
ansi-styles
^5.0.0
→ 5.2.0
├─
braces
^3.0.3
→ 3.0.3
├─
chalk
^4.0.0
→ 4.1.2
├─
color-convert
^2.0.1
├─
diff-sequences
^28.1.1
→ 28.1.1
├─
escape-string-regexp
^2.0.0
→ 2.0.0
├─
has-flag
^4.0.0
→ 4.0.0
├─
jest-get-type
^28.0.2
→ 28.0.2
├─
js-tokens
^4.0.0
→ 4.0.0
├─
picocolors
^1.1.1
→ 1.1.1
├─
picomatch
^2.3.1
→ 2.3.2
├─
pretty-format
^28.1.3
→ 28.1.3
├─
react-is
^18.0.0
→ 18.3.1
├─
supports-color
^7.1.0
→ 7.2.0
├─
undici-types
~7.19.0
→ 7.19.2
├─
@jest/schemas
^28.1.3
→ 28.1.3
├─
@sinclair/typebox
^0.24.1
├─
@types/istanbul-lib-report
*
├─
@types/yargs-parser
*
→ 21.0.3
├─
ansi-regex
^5.0.1
→ 5.0.1
├─
ansi-styles
^5.0.0
→ 5.2.0
├─
ansi-styles
^4.1.0
→ 4.3.0
├─
color-convert
^2.0.1
├─
fill-range
^7.1.1
→ 7.1.1
├─
has-flag
^4.0.0
→ 4.0.0
├─
react-is
^18.0.0
→ 18.3.1
├─
supports-color
^7.1.0
→ 7.2.0
├─
undici-types
~7.19.0
→ 7.19.2
├─
@sinclair/typebox
^0.24.1
├─
color-convert
^2.0.1
├─
has-flag
^4.0.0
→ 4.0.0
├─
to-regex-range
^5.0.1
→ 5.0.1
├─
is-number
^7.0.0
→ 7.0.0
Changes from v5.3.4
Dependency Changes
| Change | Package | Version |
|---|---|---|
| removed | lodash.isequal | ^4.5.0 |
| removed | @vitest/snapshot | ^3.2.4 |
| changed | expect | ^30.0.0 → ^28.1.0 |
| changed | jest-matcher-utils | ^30.0.0 → ^28.1.0 |
Script Changes
+ release+ release:ci+ release:major+ release:minor+ release:patchFile Changes
13 added
16 removed
37 modified
size delta: -22.2 KB
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
regressed-provenance |
provenance | reject | AI | AI (provenance): Provenance regression is a strong supply chain attack signal for this package; prior versions had attestations and this pattern should always fail. |
SAST Findings (1)
HIGH
Provenance attestation missing — previous versions had it
provenance
This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.
Review Summary
Risk score: 25. Findings: 1 high (+25).
Commit: 5943f6e65f2f Browse source
Published to npm: