All fast-json-patch versions

[email protected] rejected Risk: 43 MIT

fast-json-patch @2.2.1

rejected
This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.
npm Repository Homepage Tarball
43
Risk Score
MIT
License
No
Install Scripts
1
Dependencies
17
Dev Dependencies
25.9 KB
Package Size
Published

Fast implementation of JSON-Patch (RFC-6902) with duplex (observe changes) capabilities

Maintainers

alshakerotomalecwarpech

Keywords

jsonpatchhttprest

Dependencies (1)

PackageConstraintRegistry Status
fast-deep-equal ^2.0.1 auto_approved

Dev Dependencies (17)

PackageConstraintRegistry Status
chalk ^2.4.2 auto_approved
jsdom ^15.1.1 auto_approved
jasmine ^3.4.0 auto_approved
request ^2.88.0 rejected
webpack ^4.35.0 auto_approved
bluebird ^3.5.5 auto_approved
jsonfile ^5.0.0 auto_approved
benchmark ^2.1.4 auto_approved
saucelabs ^2.1.9 auto_approved
typescript ~3.5.2 auto_approved
underscore ^1.9.1 auto_approved
http-server ^0.11.1 auto_approved
webpack-cli ^3.3.5 pending
bluebird-retry ^0.11.0 auto_approved
fast-deep-equal ^2.0.1 auto_approved
selenium-webdriver ^4.0.0-alpha.4 auto_approved
sauce-connect-launcher ^1.2.7 auto_approved

Transitive Dependency Tree

1 transitive deps max depth 1
  ├─ fast-deep-equal ^2.0.1 → 2.0.1

Changes from v1.2.2

Dependency Changes

ChangePackageVersion
added fast-deep-equal ^2.0.1

Script Changes

+ build+ serve+ version+ test-sauce+ test-typings+ test-commonjs+ test-webpack-import - uglify- bench-duplex-only

File Changes

9 added 8 removed 3 modified size delta: -3.1 KB

Risk Dispositions (1 applicable to this version, 0 other)

Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.

Rule Source Disposition Author Reason
osv:GHSA-8gh8-hqwg-xf34 osv reject AI AI (osv): Prototype pollution vulnerability affecting all versions < 3.1.1; fixed in 3.1.1. Verdict generalizes to every version in the affected range.

SAST Findings (2)

CRITICAL GHSA-8gh8-hqwg-xf34: Starcounter-Jack JSON-Patch Prototype Pollution vulnerability osv

[Always reject] CVSS 7.3 (HIGH) — CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L A vulnerability has been found in Starcounter-Jack JSON-Patch up to 3.1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.1 can address this issue. The name of the patch is 7ad6af41eabb2d799f698740a91284d762c955c9. It is recommended to upgrade the affected component. VDB-216778 is the identifier assigned to this vulnerability.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Review Summary

Risk score: 43. Findings: 1 critical (+40), 1 low (+3).

Commit: ab74905a0c8c Browse source

Published to npm: