All @microsoft/node-core-library versions

@microsoft/[email protected] rejected Risk: 34 MIT

@microsoft/node-core-library @4.0.1

rejected
This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.
npm Tarball
34
Risk Score
MIT
License
No
Install Scripts
0
Dependencies
0
Dev Dependencies
.7 KB
Package Size
Published

(Please use "@rushstack/node-core-library" instead.)

Maintainers

microsoftodspnpm

Changes from v3.19.3

Dependency Changes

ChangePackageVersion
removed jju ~1.4.0
removed colors ~1.2.1
removed semver ~5.3.0
removed timsort ~0.3.0
removed fs-extra ~7.0.1
removed z-schema ~3.18.3
removed @types/node 10.17.13

Script Changes

+ postinstall - build

File Changes

1 added 109 removed 2 modified size delta: -596.4 KB

Risk Dispositions (0 applicable to this version, 4 other)

Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.

Show 4 disposition(s) that do not match any finding on this version
Rule Source Disposition Author Reason
bogus-package bogus-package reject AI AI (bogus-package): Version 0.0.0 is a content-free stub with no code, no metadata, and no dependencies — clearly not a functional release of this package.
suspicious-initial-version npm-metadata reject AI AI (npm-metadata): 0.0.0 version with zero content confirms this is a placeholder/stub, not a legitimate release.
install-script:postinstall install-scripts reject AI AI (install-scripts): Postinstall was newly added in this version alongside a 100% source size drop and removal of all deps — strongly indicative of a hollowed-out/malicious stub. Not a stable pattern for this package.
source-size-dropped source-diff reject AI AI (source-diff): 282 KB → 787 B drop (100%) combined with new postinstall and stripped deps is a strong supply-chain compromise indicator for this package.

Review Summary

Risk score: 34. Findings: 1 high (+25), 3 low (+9).

Published to npm: