All @douyinfe/semi-animation versions
@douyinfe/semi-animation @2.89.1
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
41
Risk Score
—
License
No
Install Scripts
1
Dependencies
8
Dev Dependencies
28.4 KB
Package Size
Published
Maintainers
yumeizhangwuhwbytednpmshijiatongxuedaiqiangrealpoint.haloyannlynnanjiazhuyouxingzhangweicheng.1semi-bot
Keywords
animationsemi
Dependencies (1)
| Package | Constraint | Registry Status |
|---|---|---|
| bezier-easing | ^2.1.0 | No greenflagged match |
Dev Dependencies (8)
| Package | Constraint | Registry Status |
|---|---|---|
| del | ^6.0.0 | auto_approved |
| gulp | ^4.0.2 | No greenflagged match |
| merge2 | ^1.4.1 | auto_approved |
| gulp-babel | ^8.0.0 | No greenflagged match |
| gulp-typescript | ^6.0.0-alpha.1 | auto_approved |
| @babel/preset-env | ^7.15.8 | auto_approved |
| @babel/plugin-transform-runtime | ^7.15.8 | auto_approved |
| react-storybook-addon-props-combinations | ^1.1.0 | Not imported |
Transitive Dependency Tree
1 transitive deps
max depth 1
├─
bezier-easing
^2.1.0
Changes from v2.85.0
No metadata changes detected.
File Changes
0 added
0 removed
1 modified
size delta: .0 KB
Risk Dispositions (2 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
bogus-package |
bogus-package | reject | AI | AI (bogus-package): Publisher semi-bot is SPAM-FLAGGED; this generalizes across all versions published by this account. | |
publisher-changed |
provenance | reject | AI | AI (provenance): Publisher changed to a SPAM-FLAGGED account after long dormancy; strong takeover signal. |
SAST Findings (2)
HIGH
Publisher changed: point.halo → semi-bot (on 2025-12-18)
provenance
This version was published by a different npm account than previous versions on 2025-12-18. This could indicate a legitimate maintainer transition or an account compromise.
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
Review Summary
Risk score: 41. Findings: 1 high (+25), 1 medium (+10), 2 low (+6).
Commit: ed7050362399 Browse source
Published to npm: