All @mui/x-data-grid-pro versions

@mui/[email protected] rejected Risk: 95 No license

@mui/x-data-grid-pro @7.29.13

rejected
This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.
npm Repository Homepage Tarball
95
Risk Score
License
No
Install Scripts
9
Dependencies
0
Dev Dependencies
171.8 KB
Package Size
Published

Maintainers

cherniavskiilukastylaalexandrefauquettedanailhflaviendelangleoliviertassinarimbilalshafijcquintaskyusufmichelengelennoraleontearminmehromgrkbernardobelchiorrita-codesjanpotoms

Keywords

reactreact-componentmaterial-uimuimui-xreact-tabletabledatatabledata-tabledatagriddata-grid

Dependencies (9)

PackageConstraintRegistry Status
clsx ^2.1.1 auto_approved
reselect ^5.1.1 auto_approved
@mui/utils ^5.16.6 || ^6.0.0 || ^7.0.0 auto_approved
prop-types ^15.8.1 auto_approved
@babel/runtime ^7.25.7 auto_approved
@mui/x-license 7.29.1 No greenflagged match
@mui/x-data-grid 7.29.13 No greenflagged match
@mui/x-internals 7.29.0 No greenflagged match
@types/format-util ^1.0.4 auto_approved

Transitive Dependency Tree

15 transitive deps max depth 4
  ├─ @babel/runtime ^7.25.7 → 7.29.7
  ├─ @mui/utils ^5.16.6 || ^6.0.0 || ^7.0.0 → 7.3.11
  ├─ @mui/x-data-grid 7.29.13
  ├─ @mui/x-internals 7.29.0
  ├─ @mui/x-license 7.29.1
  ├─ @types/format-util ^1.0.4 → 1.0.4
  ├─ clsx ^2.1.1 → 2.1.1
  ├─ prop-types ^15.8.1 → 15.8.1
├─ reselect ^5.1.1 → 5.2.0
  ├─ @babel/runtime ^7.28.6 → 7.29.7
  ├─ @mui/types ^7.4.12 → 7.4.12
  ├─ @types/prop-types ^15.7.15 → 15.7.15
  ├─ clsx ^2.1.1 → 2.1.1
  ├─ loose-envify ^1.4.0 → 1.4.0
  ├─ object-assign ^4.1.1 → 4.1.1
  ├─ prop-types ^15.8.1 → 15.8.1
  ├─ react-is ^19.2.3 → 19.2.5
├─ react-is ^16.13.1 → 16.13.1
  ├─ @babel/runtime ^7.28.6 → 7.29.7
  ├─ js-tokens ^3.0.0 || ^4.0.0 → 4.0.0
  ├─ loose-envify ^1.4.0 → 1.4.0
  ├─ object-assign ^4.1.1 → 4.1.1
├─ react-is ^16.13.1 → 16.13.1
  ├─ js-tokens ^3.0.0 || ^4.0.0 → 4.0.0

Changes from v9.0.3

Dependency Changes

ChangePackageVersion
added reselect ^5.1.1
added @types/format-util ^1.0.4
changed @mui/utils 9.0.0 → ^5.16.6 || ^6.0.0 || ^7.0.0
changed @babel/runtime ^7.29.2 → ^7.25.7
changed @mui/x-license ^9.0.2 → 7.29.1
changed @mui/x-data-grid ^9.0.3 → 7.29.13
changed @mui/x-internals ^9.0.0 → 7.29.0

File Changes

230 added 272 removed 203 modified size delta: +129.8 KB

SAST Findings (4)

HIGH Provenance attestation missing — previous versions had it provenance

This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.

HIGH New file with network + code execution: modern/DataGridPro/DataGridPro.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New file with network + code execution: node/DataGridPro/DataGridPro.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Publisher changed: GitHub Actions → michelengelen (on 2026-04-28, known maintainer) provenance

This version was published by a different npm account (michelengelen) than the most recent previously approved version (GitHub Actions) on 2026-04-28, but michelengelen is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.

Review Summary

Risk score: 95. Findings: 3 high (+75), 2 medium (+20), 6 info (+0).

Published to npm: