rc-switch @3.1.0
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
38
Risk Score
MIT
License
No
Install Scripts
2
Dependencies
13
Dev Dependencies
5.9 KB
Package Size
Published
switch ui component for react
Maintainers
afc163benjycuivalleykidyesmeckyiminghe
Keywords
reactreact-componentreact-switchswitch
Dependencies (2)
| Package | Constraint | Registry Status |
|---|---|---|
| rc-util | ^4.20.5 | auto_approved |
| classnames | ^2.2.1 | auto_approved |
Dev Dependencies (13)
| Package | Constraint | Registry Status |
|---|---|---|
| np | ^6.2.3 | auto_approved |
| less | ^3.11.1 | auto_approved |
| react | ^16.0.0 | auto_approved |
| enzyme | ^3.0.0 | auto_approved |
| eslint | ^7.0.0 | auto_approved |
| father | ^2.13.4 | rejected |
| coveralls | ^3.0.6 | auto_approved |
| react-dom | ^16.0.0 | auto_approved |
| @types/jest | ^25.2.2 | auto_approved |
| enzyme-to-json | ^3.0.0 | auto_approved |
| @types/classnames | ^2.2.10 | pending |
| react-test-renderer | ^16.0.0 | auto_approved |
| enzyme-adapter-react-16 | ^1.0.1 | auto_approved |
Transitive Dependency Tree
10 transitive deps
max depth 4
├─
classnames
^2.2.1
→ 2.5.1
├─
rc-util
^4.20.5
→ 4.21.1
├─
add-dom-event-listener
^1.1.0
→ 1.1.0
├─
prop-types
^15.5.10
→ 15.8.1
├─
react-is
^16.12.0
→ 16.13.1
├─
react-lifecycles-compat
^3.0.4
→ 3.0.4
├─
shallowequal
^1.1.0
→ 1.1.0
├─
loose-envify
^1.4.0
→ 1.4.0
├─
object-assign
^4.1.1
→ 4.1.1
├─
object-assign
4.x
→ 4.1.1
├─
react-is
^16.13.1
→ 16.13.1
├─
js-tokens
^3.0.0 || ^4.0.0
→ 4.0.0
Changes from v3.0.1
Dependency Changes
| Change | Package | Version |
|---|---|---|
| added | rc-util | ^4.20.5 |
File Changes
0 added
0 removed
5 modified
size delta: -.6 KB
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
publisher-changed |
provenance | reject | AI | AI (provenance): Publisher changed to a SPAM-FLAGGED account (zombiej); this is a disqualifying signal that generalizes to any version published by this account. |
SAST Findings (2)
HIGH
Publisher changed: afc163 → zombiej (on 2020-05-18)
provenance
This version was published by a different npm account than previous versions on 2020-05-18. This could indicate a legitimate maintainer transition or an account compromise.
INFO
No provenance attestation
provenance
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
Review Summary
Risk score: 38. Findings: 1 high (+25), 1 medium (+10), 1 low (+3), 1 info (+0).
Commit: 6828e236e2a2 Browse source
Published to npm: