All @parcel/reporter-dev-server versions
@parcel/reporter-dev-server @2.15.2
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
43
Risk Score
MIT
License
No
Install Scripts
4
Dependencies
12
Dev Dependencies
566.7 KB
Package Size
Published
Blazing fast, zero configuration web application bundler
Maintainers
devongovett
Dependencies (4)
| Package | Constraint | Registry Status |
|---|---|---|
| @parcel/utils | 2.15.2 | auto_approved |
| @parcel/plugin | 2.15.2 | auto_approved |
| @parcel/codeframe | 2.15.2 | auto_approved |
| @parcel/source-map | ^2.1.1 | No greenflagged match |
Dev Dependencies (12)
| Package | Constraint | Registry Status |
|---|---|---|
| ws | ^8.18.2 | auto_approved |
| ejs | ^3.1.10 | auto_approved |
| fresh | ^0.5.2 | auto_approved |
| connect | ^3.7.0 | auto_approved |
| mime-types | 2.1.18 | auto_approved |
| nullthrows | ^1.1.1 | auto_approved |
| @parcel/types | 2.15.2 | auto_approved |
| launch-editor | ^2.10.0 | auto_approved |
| serve-handler | ^6.1.6 | auto_approved |
| @parcel/diagnostic | 2.15.2 | auto_approved |
| @parcel/babel-preset | 2.15.2 | Not imported |
| http-proxy-middleware | ^2.0.9 | auto_approved |
Transitive Dependency Tree
34 transitive deps
max depth 9
├─
@parcel/codeframe
2.15.2
→ 2.15.2
├─
@parcel/plugin
2.15.2
→ 2.15.2
├─
@parcel/source-map
^2.1.1
├─
@parcel/utils
2.15.2
→ 2.15.2
├─
@parcel/codeframe
2.15.2
→ 2.15.2
├─
@parcel/diagnostic
2.15.2
→ 2.15.2
├─
@parcel/logger
2.15.2
→ 2.15.2
├─
@parcel/markdown-ansi
2.15.2
→ 2.15.2
├─
@parcel/rust
2.15.2
→ 2.15.2
├─
@parcel/source-map
^2.1.1
├─
@parcel/types
2.15.2
→ 2.15.2
├─
chalk
^4.1.2
→ 4.1.2
├─
nullthrows
^1.1.1
→ 1.1.1
├─
@mischnic/json-sourcemap
^0.1.1
→ 0.1.1
├─
@parcel/diagnostic
2.15.2
→ 2.15.2
├─
@parcel/events
2.15.2
→ 2.15.2
├─
@parcel/rust-darwin-arm64
2.15.2
→ 2.15.2
├─
@parcel/rust-darwin-x64
2.15.2
→ 2.15.2
├─
@parcel/rust-linux-arm-gnueabihf
2.15.2
→ 2.15.2
├─
@parcel/rust-linux-arm64-gnu
2.15.2
→ 2.15.2
├─
@parcel/rust-linux-arm64-musl
2.15.2
→ 2.15.2
├─
@parcel/rust-linux-x64-gnu
2.15.2
→ 2.15.2
├─
@parcel/rust-linux-x64-musl
2.15.2
→ 2.15.2
├─
@parcel/rust-win32-x64-msvc
2.15.2
→ 2.15.2
├─
@parcel/types-internal
2.15.2
→ 2.15.2
├─
@parcel/workers
2.15.2
→ 2.15.2
├─
ansi-styles
^4.1.0
→ 4.3.0
├─
chalk
^4.1.2
→ 4.1.2
├─
nullthrows
^1.1.1
→ 1.1.1
├─
supports-color
^7.1.0
→ 7.2.0
├─
@lezer/common
^1.0.0
→ 1.5.2
├─
@lezer/lr
^1.0.0
→ 1.4.10
├─
@mischnic/json-sourcemap
^0.1.1
→ 0.1.1
├─
@parcel/diagnostic
2.15.2
→ 2.15.2
├─
@parcel/feature-flags
2.15.2
→ 2.15.2
├─
@parcel/logger
2.15.2
→ 2.15.2
├─
@parcel/profiler
2.15.2
→ 2.15.2
├─
@parcel/source-map
^2.1.1
├─
@parcel/types-internal
2.15.2
→ 2.15.2
├─
@parcel/utils
2.15.2
→ 2.15.2
├─
ansi-styles
^4.1.0
→ 4.3.0
├─
color-convert
^2.0.1
├─
has-flag
^4.0.0
→ 4.0.0
├─
json5
^2.2.1
→ 2.2.3
├─
nullthrows
^1.1.1
→ 1.1.1
├─
supports-color
^7.1.0
→ 7.2.0
├─
utility-types
^3.11.0
→ 3.11.0
├─
@lezer/common
^1.0.0
→ 1.5.2
├─
@lezer/lr
^1.0.0
→ 1.4.10
├─
@mischnic/json-sourcemap
^0.1.1
→ 0.1.1
├─
@parcel/codeframe
2.15.2
→ 2.15.2
├─
@parcel/diagnostic
2.15.2
→ 2.15.2
├─
@parcel/events
2.15.2
→ 2.15.2
├─
@parcel/feature-flags
2.15.2
→ 2.15.2
├─
@parcel/logger
2.15.2
→ 2.15.2
├─
@parcel/markdown-ansi
2.15.2
→ 2.15.2
├─
@parcel/rust
2.15.2
→ 2.15.2
├─
@parcel/source-map
^2.1.1
├─
@parcel/types-internal
2.15.2
→ 2.15.2
├─
chalk
^4.1.2
→ 4.1.2
├─
chrome-trace-event
^1.0.2
→ 1.0.4
├─
color-convert
^2.0.1
├─
has-flag
^4.0.0
→ 4.0.0
├─
json5
^2.2.1
→ 2.2.3
├─
nullthrows
^1.1.1
→ 1.1.1
├─
utility-types
^3.11.0
→ 3.11.0
├─
@lezer/common
^1.0.0
→ 1.5.2
├─
@lezer/lr
^1.0.0
→ 1.4.10
├─
@mischnic/json-sourcemap
^0.1.1
→ 0.1.1
├─
@parcel/diagnostic
2.15.2
→ 2.15.2
├─
@parcel/events
2.15.2
→ 2.15.2
├─
@parcel/feature-flags
2.15.2
→ 2.15.2
├─
@parcel/rust-darwin-arm64
2.15.2
→ 2.15.2
├─
@parcel/rust-darwin-x64
2.15.2
→ 2.15.2
├─
@parcel/rust-linux-arm-gnueabihf
2.15.2
→ 2.15.2
├─
@parcel/rust-linux-arm64-gnu
2.15.2
→ 2.15.2
├─
@parcel/rust-linux-arm64-musl
2.15.2
→ 2.15.2
├─
@parcel/rust-linux-x64-gnu
2.15.2
→ 2.15.2
├─
@parcel/rust-linux-x64-musl
2.15.2
→ 2.15.2
├─
@parcel/rust-win32-x64-msvc
2.15.2
→ 2.15.2
├─
@parcel/source-map
^2.1.1
├─
ansi-styles
^4.1.0
→ 4.3.0
├─
chalk
^4.1.2
→ 4.1.2
├─
json5
^2.2.1
→ 2.2.3
├─
nullthrows
^1.1.1
→ 1.1.1
├─
supports-color
^7.1.0
→ 7.2.0
├─
utility-types
^3.11.0
→ 3.11.0
├─
@lezer/common
^1.0.0
→ 1.5.2
├─
@lezer/lr
^1.0.0
→ 1.4.10
├─
@mischnic/json-sourcemap
^0.1.1
→ 0.1.1
├─
ansi-styles
^4.1.0
→ 4.3.0
├─
color-convert
^2.0.1
├─
has-flag
^4.0.0
→ 4.0.0
├─
json5
^2.2.1
→ 2.2.3
├─
nullthrows
^1.1.1
→ 1.1.1
├─
supports-color
^7.1.0
→ 7.2.0
├─
@lezer/common
^1.0.0
→ 1.5.2
├─
@lezer/lr
^1.0.0
→ 1.4.10
├─
color-convert
^2.0.1
├─
has-flag
^4.0.0
→ 4.0.0
├─
json5
^2.2.1
→ 2.2.3
├─
@lezer/common
^1.0.0
→ 1.5.2
Changes from v2.0.0-canary.1842
Dependency Changes
| Change | Package | Version |
|---|---|---|
| changed | @parcel/utils | 2.0.0-canary.1842+79843ee6a → 2.15.2 |
| changed | @parcel/plugin | 2.0.0-canary.1842+79843ee6a → 2.15.2 |
| changed | @parcel/codeframe | 2.0.0-canary.1842+79843ee6a → 2.15.2 |
File Changes
0 added
0 removed
2 modified
size delta: -.1 KB
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
osv:GHSA-qm9p-f9j5-w83w |
osv | reject | AI | AI (osv): Origin validation error in Parcel dev server; affects all versions < 2.16.4. Fix is available. Verdict generalizes to all versions in the affected range. |
SAST Findings (2)
CRITICAL
GHSA-qm9p-f9j5-w83w: Parcel has an Origin Validation Error vulnerability
osv
[Always reject] CVSS 6.5 (MEDIUM) — CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N parcel versions 1.6.1 and above have an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them. Version 2.16.4 supports a `--no-cors` option which disables CORS headers in the dev server.
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
Review Summary
Risk score: 43. Findings: 1 critical (+40), 1 low (+3).
Commit: b66f37168d0e Browse source
Published to npm: