All @douyinfe/semi-animation-react versions
@douyinfe/semi-animation-react @2.89.1
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
41
Risk Score
—
License
No
Install Scripts
3
Dependencies
11
Dev Dependencies
10.9 KB
Package Size
Published
Maintainers
yumeizhangwuhwbytednpmshijiatongxuedaiqiangrealpoint.haloyannlynnanjiazhuyouxingzhangweicheng.1semi-bot
Keywords
motionreactsemi-ui
Dependencies (3)
| Package | Constraint | Registry Status |
|---|---|---|
| classnames | ^2.2.6 | auto_approved |
| @douyinfe/semi-animation | 2.89.1 | No greenflagged match |
| @douyinfe/semi-animation-styled | 2.89.1 | No greenflagged match |
Dev Dependencies (11)
| Package | Constraint | Registry Status |
|---|---|---|
| del | ^6.0.0 | auto_approved |
| gulp | ^4.0.2 | No greenflagged match |
| merge2 | ^1.4.1 | auto_approved |
| flubber | ^0.4.2 | auto_approved |
| gulp-babel | ^8.0.0 | No greenflagged match |
| prop-types | ^15.7.2 | auto_approved |
| @vx/gradient | 0.0.199 | Not imported |
| gulp-typescript | ^6.0.0-alpha.1 | auto_approved |
| @babel/preset-env | ^7.15.8 | auto_approved |
| @babel/preset-react | ^7.14.5 | auto_approved |
| react-storybook-addon-props-combinations | ^1.1.0 | Not imported |
Transitive Dependency Tree
3 transitive deps
max depth 1
├─
@douyinfe/semi-animation
2.89.1
├─
@douyinfe/semi-animation-styled
2.89.1
├─
classnames
^2.2.6
→ 2.5.1
Changes from v2.85.0
Dependency Changes
| Change | Package | Version |
|---|---|---|
| changed | @douyinfe/semi-animation | 2.85.0 → 2.89.1 |
| changed | @douyinfe/semi-animation-styled | 2.85.0 → 2.89.1 |
File Changes
0 added
0 removed
1 modified
size delta: .0 KB
Risk Dispositions (2 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
bogus-package |
bogus-package | reject | AI | AI (bogus-package): Publisher semi-bot is SPAM-FLAGGED; this generalizes to all versions published by this account. | |
publisher-changed |
provenance | reject | AI | AI (provenance): Switch to a SPAM-FLAGGED publisher after long dormancy is a strong takeover indicator. |
SAST Findings (2)
HIGH
Publisher changed: point.halo → semi-bot (on 2025-12-18)
provenance
This version was published by a different npm account than previous versions on 2025-12-18. This could indicate a legitimate maintainer transition or an account compromise.
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
Review Summary
Risk score: 41. Findings: 1 high (+25), 1 medium (+10), 2 low (+6).
Commit: ed7050362399 Browse source
Published to npm: