All @dicebear/big-ears-neutral versions
@dicebear/big-ears-neutral @5.4.4
Avatar style for DiceBear
Maintainers
Keywords
Dev Dependencies (5)
| Package | Constraint | Registry Status |
|---|---|---|
| uvu | ^0.5.3 | auto_approved |
| del-cli | ^5.0.0 | auto_approved |
| typescript | ^4.6.3 | auto_approved |
| @dicebear/core | 5.4.4 | auto_approved |
| @tsconfig/recommended | ^1.0.1 | auto_approved |
Changes from v9.4.0
Dependency Changes
License Changed
(MIT AND CC-BY-4.0) → MITFile Changes
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
regressed-provenance |
provenance | reject | AI | AI (provenance): Provenance regression on a package with established CI/CD attestations is a strong account-compromise signal. |
SAST Findings (2)
This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.
This version was published by a different npm account (floriankoerner) than the most recent previously approved version (GitHub Actions) on 2026-03-18, but floriankoerner is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
Review Summary
Risk score: 35. Findings: 1 high (+25), 1 medium (+10), 2 info (+0).
Commit: e94040c3ca14 Browse source
Published to npm: