All rc-picker versions

[email protected] rejected Risk: 31 MIT

rc-picker @4.8.2

rejected
This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.
npm Repository Homepage Tarball
31
Risk Score
MIT
License
No
Install Scripts
6
Dependencies
32
Dev Dependencies
129.8 KB
Package Size
Published

React date & time picker

Maintainers

afc163zombiej07akionilixuanxrkffggmadccc

Keywords

reactreact-componentreact-picker

Dependencies (6)

PackageConstraintRegistry Status
rc-util ^5.43.0 auto_approved
classnames ^2.2.1 auto_approved
rc-overflow ^1.3.2 auto_approved
@babel/runtime ^7.24.7 auto_approved
rc-resize-observer ^1.4.0 auto_approved
@rc-component/trigger ^2.0.0 auto_approved

Dev Dependencies (32)

PackageConstraintRegistry Status
np ^10.0.2 auto_approved
dumi ^2.1.15 needs_review
glob ^10.4.1 auto_approved
less ^4.2.0 auto_approved
dayjs 1.x auto_approved
husky ^9.0.11 auto_approved
luxon 3.x auto_approved
react ^18.2.0 auto_approved
eslint ^8.56.0 auto_approved
father ^4.0.0 auto_approved
moment ^2.24.0 auto_approved
rc-test ^7.0.9 Not imported
date-fns 2.x auto_approved
mockdate ^3.0.2 pending
prettier ^3.1.0 auto_approved
coveralls ^3.0.6 auto_approved
cross-env ^7.0.2 auto_approved
react-dom ^18.2.0 auto_approved
typescript ^5.3.0 auto_approved
@types/jest ^29.4.0 auto_approved
lint-staged ^15.2.7 auto_approved
@types/luxon ^3.2.0 auto_approved
@types/react ^18.0.28 auto_approved
moment-timezone ^0.5.45 auto_approved
@types/react-dom ^18.0.8 auto_approved
@types/classnames ^2.2.9 pending
eslint-plugin-jest ^28.8.1 pending
eslint-plugin-unicorn ^55.0.0 auto_approved
@testing-library/react ^16.0.0 auto_approved
eslint-plugin-react-hooks ^4.6.0 auto_approved
@rc-component/father-plugin ^1.0.0 Not imported
eslint-plugin-eslint-comments ^3.2.0 auto_approved

Transitive Dependency Tree

8 transitive deps max depth 4
  ├─ @babel/runtime ^7.24.7 → 7.29.2
  ├─ @rc-component/trigger ^2.0.0
  ├─ classnames ^2.2.1 → 2.5.1
  ├─ rc-overflow ^1.3.2 → 1.5.0
  ├─ rc-resize-observer ^1.4.0 → 1.4.3
├─ rc-util ^5.43.0 → 5.44.4
  ├─ @babel/runtime ^7.20.7 → 7.29.2
  ├─ @babel/runtime ^7.11.1 → 7.29.2
  ├─ @babel/runtime ^7.18.3 → 7.29.2
  ├─ classnames ^2.2.1 → 2.5.1
  ├─ rc-resize-observer ^1.0.0 → 1.4.1
  ├─ rc-util ^5.44.1 → 5.44.4
  ├─ rc-util ^5.37.0 → 5.44.4
  ├─ react-is ^18.2.0 → 18.3.1
├─ resize-observer-polyfill ^1.5.1 → 1.5.1
  ├─ @babel/runtime ^7.20.7 → 7.29.2
  ├─ @babel/runtime ^7.18.3 → 7.29.2
  ├─ classnames ^2.2.1 → 2.5.1
  ├─ rc-util ^5.44.1 → 5.44.4
  ├─ react-is ^18.2.0 → 18.3.1
├─ resize-observer-polyfill ^1.5.1 → 1.5.1
  ├─ @babel/runtime ^7.18.3 → 7.29.2
  ├─ react-is ^18.2.0 → 18.3.1

Changes from v4.8.1

No metadata changes detected.

File Changes

0 added 0 removed 3 modified size delta: +.3 KB

Risk Dispositions (2 applicable to this version, 0 other)

Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.

Rule Source Disposition Author Reason
bogus-package bogus-package reject AI AI (bogus-package): Publisher zombiej is SPAM-FLAGGED with a link-dump README; this judgment generalizes across all versions published under this account.
publisher-changed provenance reject AI AI (provenance): Publisher changed to a SPAM-FLAGGED account (zombiej); this is a disqualifying signal that generalizes across versions published by this account.

SAST Findings (2)

HIGH Publisher changed: afc163 → zombiej (on 2024-11-25) provenance

This version was published by a different npm account than previous versions on 2024-11-25. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Review Summary

Risk score: 31. Findings: 1 high (+25), 2 low (+6).

Commit: 6bebb39784f5 Browse source

Published to npm: