@kubb/plugin-ts @4.37.7
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
25
Risk Score
—
License
No
Install Scripts
8
Dependencies
1
Dev Dependencies
85.4 KB
Package Size
Published
Maintainers
stijnvanhulle
Keywords
typescripttypestype-generationinterfacestype-definitionstype-safeopenapiswaggeroascode-generatorcodegenpluginskubb
Dependencies (8)
| Package | Constraint | Registry Status |
|---|---|---|
| remeda | ^2.33.6 | auto_approved |
| @kubb/ast | 4.37.7 | No greenflagged match |
| @kubb/oas | 4.37.7 | No greenflagged match |
| @kubb/core | 4.37.7 | No greenflagged match |
| typescript | 5.9.3 | auto_approved |
| @kubb/plugin-oas | 4.37.7 | No greenflagged match |
| @kubb/fabric-core | 0.14.0 | auto_approved |
| @kubb/react-fabric | 0.14.0 | auto_approved |
Dev Dependencies (1)
| Package | Constraint | Registry Status |
|---|---|---|
| @internals/utils | 0.0.0 | Not imported |
Transitive Dependency Tree
18 transitive deps
max depth 6
├─
@kubb/ast
4.37.7
├─
@kubb/core
4.37.7
├─
@kubb/fabric-core
0.14.0
→ 0.14.0
├─
@kubb/oas
4.37.7
├─
@kubb/plugin-oas
4.37.7
├─
@kubb/react-fabric
0.14.0
→ 0.14.0
├─
remeda
^2.33.6
→ 2.37.0
├─
typescript
5.9.3
→ 5.9.3
├─
@clack/prompts
^1.1.0
→ 1.3.0
├─
@kubb/fabric-core
0.14.0
→ 0.14.0
├─
p-limit
^7.3.0
→ 7.3.0
├─
react-devtools-core
6.1.5
→ 6.1.5
├─
remeda
^2.33.6
→ 2.37.0
├─
typescript
5.9.3
→ 5.9.3
├─
ws
8.18.0
→ 8.18.0
├─
@clack/core
1.3.0
→ 1.3.0
├─
@clack/prompts
^1.1.0
→ 1.3.0
├─
fast-string-width
^3.0.2
├─
fast-wrap-ansi
^0.2.0
→ 0.2.2
├─
p-limit
^7.3.0
→ 7.3.0
├─
remeda
^2.33.6
→ 2.37.0
├─
shell-quote
^1.6.1
→ 1.8.4
├─
sisteransi
^1.0.5
→ 1.0.5
├─
typescript
5.9.3
→ 5.9.3
├─
ws
^7
→ 7.5.11
├─
yocto-queue
^1.2.1
→ 1.2.1
├─
@clack/core
1.3.0
→ 1.3.0
├─
fast-string-width
^3.0.2
├─
fast-wrap-ansi
^0.2.0
→ 0.2.2
├─
sisteransi
^1.0.5
→ 1.0.5
├─
yocto-queue
^1.2.1
→ 1.2.1
├─
fast-string-width
^3.0.2
├─
fast-wrap-ansi
^0.2.0
→ 0.2.2
├─
sisteransi
^1.0.5
→ 1.0.5
├─
fast-string-width
^3.0.2
Changes from v4.37.5
Dependency Changes
| Change | Package | Version |
|---|---|---|
| changed | @kubb/ast | 4.37.5 → 4.37.7 |
| changed | @kubb/oas | 4.37.5 → 4.37.7 |
| changed | @kubb/core | 4.37.5 → 4.37.7 |
| changed | @kubb/plugin-oas | 4.37.5 → 4.37.7 |
File Changes
0 added
0 removed
1 modified
size delta: .0 KB
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
regressed-provenance |
provenance | reject | AI | AI (provenance): Provenance regression is a disqualifying signal for this package; all versions should have CI/CD attestations. |
SAST Findings (1)
HIGH
Provenance attestation missing — previous versions had it
provenance
This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.
Review Summary
Risk score: 25. Findings: 1 high (+25).
Published to npm: