All vue-hot-reload-api versions
vue-hot-reload-api @2.3.4
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
51
Risk Score
MIT
License
No
Install Scripts
0
Dependencies
3
Dev Dependencies
4.1 KB
Package Size
Published
hot reload api for *.vue components
Maintainers
sodayyx990803
Keywords
vuehotreload
Dev Dependencies (3)
| Package | Constraint | Registry Status |
|---|---|---|
| vue | ^2.5.21 | auto_approved |
| jest | ^24.9.0 | auto_approved |
| buble | ^0.19.6 | auto_approved |
Changes from v2.3.3
No metadata changes detected.
File Changes
0 added
0 removed
2 modified
size delta: +.1 KB
Risk Dispositions (2 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
publisher-changed |
provenance | reject | AI | AI (provenance): Publisher changed from yyx990803 (Evan You/vuejs org) to soda, a SPAM-FLAGGED account. This is not a legitimate maintainer transition and generalizes to all versions published by soda. | |
bogus-package |
bogus-package | reject | AI | AI (bogus-package): Both maintainers flagged as spam; soda is SPAM-FLAGGED. This taint generalizes across all versions published under this account. |
SAST Findings (2)
HIGH
Publisher changed: yyx990803 → soda (on 2019-09-11)
provenance
This version was published by a different npm account than previous versions on 2019-09-11. This could indicate a legitimate maintainer transition or an account compromise.
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
Review Summary
Risk score: 51. Findings: 1 high (+25), 2 medium (+20), 2 low (+6).
Commit: 45936fbfcb1c Browse source
Published to npm: