All @datadog/datadog-ci versions

@datadog/[email protected] rejected Risk: 25 Apache-2.0

@datadog/datadog-ci @4.1.3

rejected
This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.
npm Repository Homepage Tarball
25
Risk Score
Apache-2.0
License
No
Install Scripts
18
Dependencies
5
Dev Dependencies
177.6 KB
Package Size
Published

Use Datadog from your CI.

Maintainers

datadog

Keywords

datadogdatadog-ci

Dependencies (18)

PackageConstraintRegistry Status
uuid ^9.0.0 auto_approved
axios ^1.12.1 auto_approved
chalk 3.0.0 auto_approved
upath ^2.0.1 auto_approved
semver ^7.5.3 auto_approved
js-yaml 3.13.1 No greenflagged match
typanion ^3.14.0 auto_approved
clipanion ^3.2.1 auto_approved
form-data ^4.0.4 auto_approved
simple-git 3.16.0 No greenflagged match
fast-xml-parser ^4.4.1 auto_approved
@datadog/datadog-ci-base 4.1.3 No greenflagged match
@datadog/datadog-ci-plugin-dora 4.1.3 No greenflagged match
@datadog/datadog-ci-plugin-gate 4.1.3 No greenflagged match
@datadog/datadog-ci-plugin-sbom 4.1.3 No greenflagged match
@datadog/datadog-ci-plugin-sarif 4.1.3 No greenflagged match
@datadog/datadog-ci-plugin-deployment 4.1.3 No greenflagged match
@datadog/datadog-ci-plugin-synthetics 4.1.3 auto_approved

Dev Dependencies (5)

PackageConstraintRegistry Status
esbuild ^0.25.9 auto_approved
@types/jest 29.5.3 No greenflagged match
@types/uuid ^9.0.2 No greenflagged match
@types/semver ^7.7.1 auto_approved
@types/js-yaml ^4.0.5 auto_approved

Transitive Dependency Tree

88 transitive deps max depth 7
  ├─ @datadog/datadog-ci-base 4.1.3
  ├─ @datadog/datadog-ci-plugin-deployment 4.1.3
  ├─ @datadog/datadog-ci-plugin-dora 4.1.3
  ├─ @datadog/datadog-ci-plugin-gate 4.1.3
  ├─ @datadog/datadog-ci-plugin-sarif 4.1.3
  ├─ @datadog/datadog-ci-plugin-sbom 4.1.3
  ├─ @datadog/datadog-ci-plugin-synthetics 4.1.3 → 4.1.3
  ├─ axios ^1.12.1 → 1.16.1
  ├─ chalk 3.0.0 → 3.0.0
  ├─ clipanion ^3.2.1 → 3.2.1
  ├─ fast-xml-parser ^4.4.1 → 4.5.6
  ├─ form-data ^4.0.4 → 4.0.5
  ├─ js-yaml 3.13.1
  ├─ semver ^7.5.3 → 7.8.1
  ├─ simple-git 3.16.0
  ├─ typanion ^3.14.0 → 3.14.0
  ├─ upath ^2.0.1 → 2.0.1
├─ uuid ^9.0.0 → 9.0.1
  ├─ ansi-styles ^4.1.0 → 4.3.0
  ├─ asynckit ^0.4.0
  ├─ axios ^1.12.1 → 1.16.0
  ├─ chalk 3.0.0 → 3.0.0
  ├─ combined-stream ^1.0.8 → 1.0.8
  ├─ debug ^4.4.1 → 4.4.3
  ├─ deep-extend 0.6.0 → 0.6.0
  ├─ es-set-tostringtag ^2.1.0 → 2.1.0
  ├─ fast-levenshtein ^3.0.0
  ├─ follow-redirects ^1.16.0 → 1.16.0
  ├─ form-data ^4.0.5 → 4.0.5
  ├─ get-value ^4.0.1 → 4.0.1
  ├─ hasown ^2.0.2 → 2.0.4
  ├─ https-proxy-agent ^5.0.1 → 5.0.1
  ├─ mime-types ^2.1.12 → 2.1.35
  ├─ ora 5.4.1 → 5.4.1
  ├─ proxy-from-env ^2.1.0 → 2.1.0
  ├─ set-value ^4.1.0 → 4.1.0
  ├─ ssh2 ^1.16.0 → 1.17.0
  ├─ sshpk 1.16.1
  ├─ strnum ^1.0.5
  ├─ supports-color ^7.1.0 → 7.2.0
  ├─ typanion ^3.8.0 → 3.14.0
  ├─ upath ^2.0.1 → 2.0.1
  ├─ ws ^7.5.10 → 7.5.11
  ├─ xml2js 0.5.0 → 0.5.0
├─ yamux-js 0.1.2
  ├─ agent-base 6 → 6.0.2
  ├─ ansi-styles ^4.1.0 → 4.3.0
  ├─ asn1 ^0.2.6 → 0.2.6
  ├─ asynckit ^0.4.0
  ├─ bcrypt-pbkdf ^1.0.2 → 1.0.2
  ├─ bl ^4.1.0 → 4.1.0
  ├─ chalk ^4.1.0 → 4.1.2
  ├─ cli-cursor ^3.1.0
  ├─ cli-spinners ^2.5.0 → 2.9.2
  ├─ color-convert ^2.0.1
  ├─ combined-stream ^1.0.8 → 1.0.8
  ├─ debug 4 → 4.4.3
  ├─ delayed-stream ~1.0.0 → 1.0.0
  ├─ es-errors ^1.3.0 → 1.3.0
  ├─ es-set-tostringtag ^2.1.0 → 2.1.0
  ├─ follow-redirects ^1.16.0 → 1.16.0
  ├─ form-data ^4.0.5 → 4.0.5
  ├─ function-bind ^1.1.2 → 1.1.2
  ├─ get-intrinsic ^1.2.6 → 1.3.1
  ├─ has-flag ^4.0.0 → 4.0.0
  ├─ has-tostringtag ^1.0.2 → 1.0.2
  ├─ hasown ^2.0.2 → 2.0.4
  ├─ is-interactive ^1.0.0
  ├─ is-plain-object ^2.0.4 → 2.0.4
  ├─ is-primitive ^3.0.1 → 3.0.1
  ├─ is-unicode-supported ^0.1.0 → 0.1.0
  ├─ log-symbols ^4.1.0 → 4.1.0
  ├─ mime-db 1.52.0
  ├─ mime-types ^2.1.12 → 2.1.35
  ├─ ms ^2.1.3 → 2.1.3
  ├─ proxy-from-env ^2.1.0 → 2.1.0
  ├─ sax >=0.6.0 → 1.6.0
  ├─ strip-ansi ^6.0.0 → 6.0.1
  ├─ supports-color ^7.1.0 → 7.2.0
  ├─ wcwidth ^1.0.1 → 1.0.1
├─ xmlbuilder ~11.0.0 → 11.0.1
  ├─ ansi-regex ^5.0.1 → 5.0.1
  ├─ ansi-styles ^4.1.0 → 4.3.0
  ├─ async-function ^1.0.0
  ├─ async-generator-function ^1.0.0 → 1.0.0
  ├─ asynckit ^0.4.0
  ├─ buffer ^5.5.0 → 5.7.1
  ├─ call-bind-apply-helpers ^1.0.2 → 1.0.2
  ├─ chalk ^4.1.0 → 4.1.2
  ├─ color-convert ^2.0.1
  ├─ combined-stream ^1.0.8 → 1.0.8
  ├─ debug 4 → 4.4.3
  ├─ defaults ^1.0.3 → 1.0.4
  ├─ delayed-stream ~1.0.0 → 1.0.0
  ├─ es-define-property ^1.0.1 → 1.0.1
  ├─ es-errors ^1.3.0 → 1.3.0
  ├─ es-object-atoms ^1.1.1 → 1.1.2
  ├─ es-set-tostringtag ^2.1.0 → 2.1.0
  ├─ function-bind ^1.1.2 → 1.1.2
  ├─ generator-function ^2.0.0 → 2.0.1
  ├─ get-intrinsic ^1.2.6 → 1.3.1
  ├─ get-proto ^1.0.1
  ├─ gopd ^1.2.0 → 1.2.0
  ├─ has-flag ^4.0.0 → 4.0.0
  ├─ has-symbols ^1.1.0 → 1.1.0
  ├─ has-symbols ^1.0.3 → 1.1.0
  ├─ has-tostringtag ^1.0.2 → 1.0.2
  ├─ hasown ^2.0.2 → 2.0.4
  ├─ inherits ^2.0.4 → 2.0.4
  ├─ is-unicode-supported ^0.1.0 → 0.1.0
  ├─ isobject ^3.0.1 → 3.0.1
  ├─ math-intrinsics ^1.1.0 → 1.1.0
  ├─ mime-db 1.52.0
  ├─ mime-types ^2.1.12 → 2.1.35
  ├─ ms ^2.1.3 → 2.1.3
  ├─ readable-stream ^3.4.0 → 3.6.2
  ├─ safer-buffer ~2.1.0 → 2.1.2
  ├─ supports-color ^7.1.0 → 7.2.0
├─ tweetnacl ^0.14.3
  ├─ ansi-styles ^4.1.0 → 4.3.0
  ├─ async-function ^1.0.0
  ├─ async-generator-function ^1.0.0 → 1.0.0
  ├─ base64-js ^1.3.1 → 1.5.1
  ├─ call-bind-apply-helpers ^1.0.2 → 1.0.2
  ├─ clone ^1.0.2 → 1.0.4
  ├─ color-convert ^2.0.1
  ├─ delayed-stream ~1.0.0 → 1.0.0
  ├─ es-define-property ^1.0.1 → 1.0.1
  ├─ es-errors ^1.3.0 → 1.3.0
  ├─ es-object-atoms ^1.1.1 → 1.1.2
  ├─ function-bind ^1.1.2 → 1.1.2
  ├─ generator-function ^2.0.0 → 2.0.1
  ├─ get-intrinsic ^1.2.6 → 1.3.1
  ├─ get-proto ^1.0.1
  ├─ gopd ^1.2.0 → 1.2.0
  ├─ has-flag ^4.0.0 → 4.0.0
  ├─ has-symbols ^1.1.0 → 1.1.0
  ├─ has-symbols ^1.0.3 → 1.1.0
  ├─ has-tostringtag ^1.0.2 → 1.0.2
  ├─ hasown ^2.0.2 → 2.0.4
  ├─ ieee754 ^1.1.13 → 1.2.1
  ├─ inherits ^2.0.3 → 2.0.4
  ├─ math-intrinsics ^1.1.0 → 1.1.0
  ├─ mime-db 1.52.0
  ├─ ms ^2.1.3 → 2.1.3
  ├─ string_decoder ^1.1.1 → 1.3.0
  ├─ supports-color ^7.1.0 → 7.2.0
├─ util-deprecate ^1.0.1 → 1.0.2
  ├─ async-function ^1.0.0
  ├─ async-generator-function ^1.0.0 → 1.0.0
  ├─ call-bind-apply-helpers ^1.0.2 → 1.0.2
  ├─ color-convert ^2.0.1
  ├─ es-define-property ^1.0.1 → 1.0.1
  ├─ es-errors ^1.3.0 → 1.3.0
  ├─ es-object-atoms ^1.1.1 → 1.1.2
  ├─ function-bind ^1.1.2 → 1.1.2
  ├─ generator-function ^2.0.0 → 2.0.1
  ├─ get-proto ^1.0.1
  ├─ gopd ^1.2.0 → 1.2.0
  ├─ has-flag ^4.0.0 → 4.0.0
  ├─ has-symbols ^1.0.3 → 1.1.0
  ├─ has-symbols ^1.1.0 → 1.1.0
  ├─ hasown ^2.0.2 → 2.0.4
  ├─ math-intrinsics ^1.1.0 → 1.1.0
├─ safe-buffer ~5.2.0 → 5.2.1
  ├─ es-errors ^1.3.0 → 1.3.0
  ├─ function-bind ^1.1.2 → 1.1.2

Changes from v4.1.2

Dependency Changes

ChangePackageVersion
changed @datadog/datadog-ci-base 4.1.2 → 4.1.3
changed @datadog/datadog-ci-plugin-dora 4.1.2 → 4.1.3
changed @datadog/datadog-ci-plugin-gate 4.1.2 → 4.1.3
changed @datadog/datadog-ci-plugin-sbom 4.1.2 → 4.1.3
changed @datadog/datadog-ci-plugin-sarif 4.1.2 → 4.1.3
changed @datadog/datadog-ci-plugin-deployment 4.1.2 → 4.1.3
changed @datadog/datadog-ci-plugin-synthetics 4.1.2 → 4.1.3

File Changes

0 added 0 removed 5 modified size delta: +.0 KB

Risk Dispositions (1 applicable to this version, 0 other)

Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.

Rule Source Disposition Author Reason
regressed-provenance provenance reject AI AI (provenance): Provenance regression is a disqualifying signal for this package; all versions should have CI/CD attestation.

SAST Findings (1)

HIGH Provenance attestation missing — previous versions had it provenance

This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.

Review Summary

Risk score: 25. Findings: 1 high (+25), 7 info (+0).

Commit: 7dbfee4bc691 Browse source

Published to npm: