All @pisell/pisellos versions

@pisell/[email protected] rejected Risk: 100 MIT

@pisell/pisellos @2.2.172

rejected
This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.
npm Repository Homepage Tarball
100
Risk Score
MIT
License
No
Install Scripts
5
Dependencies
12
Dev Dependencies
1438.1 KB
Package Size
Published

一个可扩展的前端模块化SDK框架,支持插件系统

Maintainers

wang_hanzsj1037797769zhiwei.wangyaoxiaojialarry_ranhejunxiangfeng.xueah-scjinglin.tan

Keywords

frontendsdkframeworkmodularplugin-system

Dependencies (5)

PackageConstraintRegistry Status
dayjs ^1.11.13 auto_approved
lodash-es ^4.17.21 auto_approved
decimal.js ^10.5.0 auto_approved
@changesets/cli ^2.26.1 auto_approved
@types/lodash-es ^4.17.12 auto_approved

Dev Dependencies (12)

PackageConstraintRegistry Status
axios 1.7.2 No greenflagged match
eslint ^8.37.0 auto_approved
father ^4.1.0 auto_approved
vitest ^3.1.1 No greenflagged match
ts-node ^10.9.1 auto_approved
typedoc ^0.28.2 auto_approved
prettier ^3.5.3 auto_approved
typescript ^5.0.3 auto_approved
@types/node ^18.15.11 auto_approved
fake-indexeddb ^6.0.1 auto_approved
@typescript-eslint/parser ^5.57.1 auto_approved
@typescript-eslint/eslint-plugin ^5.57.1 auto_approved

Transitive Dependency Tree

101 transitive deps max depth 10
  ├─ @changesets/cli ^2.26.1 → 2.31.0
  ├─ @types/lodash-es ^4.17.12 → 4.17.12
  ├─ dayjs ^1.11.13 → 1.11.21
  ├─ decimal.js ^10.5.0 → 10.6.0
├─ lodash-es ^4.17.21 → 4.18.1
  ├─ @changesets/apply-release-plan ^7.1.1 → 7.1.1
  ├─ @changesets/assemble-release-plan ^6.0.10 → 6.0.10
  ├─ @changesets/changelog-git ^0.2.1 → 0.2.1
  ├─ @changesets/config ^3.1.4 → 3.1.4
  ├─ @changesets/errors ^0.2.0 → 0.2.0
  ├─ @changesets/get-dependents-graph ^2.1.4 → 2.1.4
  ├─ @changesets/get-release-plan ^4.0.16 → 4.0.16
  ├─ @changesets/git ^3.0.4 → 3.0.4
  ├─ @changesets/logger ^0.1.1 → 0.1.1
  ├─ @changesets/pre ^2.0.2 → 2.0.2
  ├─ @changesets/read ^0.6.7 → 0.6.7
  ├─ @changesets/should-skip-package ^0.1.2 → 0.1.2
  ├─ @changesets/types ^6.1.0 → 6.1.0
  ├─ @changesets/write ^0.4.0 → 0.4.0
  ├─ @inquirer/external-editor ^1.0.2 → 1.0.3
  ├─ @manypkg/get-packages ^1.1.3 → 1.1.3
  ├─ @types/lodash * → 4.17.24
  ├─ ansi-colors ^4.1.3 → 4.1.3
  ├─ enquirer ^2.4.1 → 2.4.1
  ├─ fs-extra ^7.0.1 → 7.0.1
  ├─ mri ^1.2.0 → 1.2.0
  ├─ package-manager-detector ^0.2.0 → 0.2.11
  ├─ picocolors ^1.1.0 → 1.1.1
  ├─ resolve-from ^5.0.0 → 5.0.0
  ├─ semver ^7.5.3 → 7.8.1
  ├─ spawndamnit ^3.0.1 → 3.0.1
├─ term-size ^2.1.0
  ├─ @babel/runtime ^7.5.5 → 7.29.7
  ├─ @changesets/assemble-release-plan ^6.0.10 → 6.0.10
  ├─ @changesets/config ^3.1.4 → 3.1.4
  ├─ @changesets/errors ^0.2.0 → 0.2.0
  ├─ @changesets/get-dependents-graph ^2.1.4 → 2.1.4
  ├─ @changesets/get-version-range-type ^0.4.0 → 0.4.0
  ├─ @changesets/git ^3.0.4 → 3.0.4
  ├─ @changesets/logger ^0.1.1 → 0.1.1
  ├─ @changesets/parse ^0.4.3 → 0.4.3
  ├─ @changesets/pre ^2.0.2 → 2.0.2
  ├─ @changesets/read ^0.6.7 → 0.6.7
  ├─ @changesets/should-skip-package ^0.1.2 → 0.1.2
  ├─ @changesets/types ^6.1.0 → 6.1.0
  ├─ @changesets/types ^4.0.1 → 4.1.0
  ├─ @manypkg/find-root ^1.1.0 → 1.1.0
  ├─ @manypkg/get-packages ^1.1.3 → 1.1.3
  ├─ ansi-colors ^4.1.1 → 4.1.3
  ├─ chardet ^2.1.1 → 2.1.1
  ├─ cross-spawn ^7.0.5 → 7.0.6
  ├─ detect-indent ^6.0.0 → 6.1.0
  ├─ extendable-error ^0.1.5 → 0.1.7
  ├─ fs-extra ^7.0.1 → 7.0.1
  ├─ fs-extra ^8.1.0 → 8.1.0
  ├─ globby ^11.0.0 → 11.1.0
  ├─ graceful-fs ^4.1.2 → 4.2.11
  ├─ human-id ^4.1.1 → 4.1.3
  ├─ iconv-lite ^0.7.0 → 0.7.2
  ├─ is-subdir ^1.1.1 → 1.2.0
  ├─ jsonfile ^4.0.0
  ├─ lodash.startcase ^4.4.0 → 4.4.0
  ├─ micromatch ^4.0.8 → 4.0.8
  ├─ outdent ^0.5.0 → 0.5.0
  ├─ p-filter ^2.1.0 → 2.1.0
  ├─ picocolors ^1.1.0 → 1.1.1
  ├─ prettier ^2.7.1 → 2.8.8
  ├─ quansync ^0.2.7
  ├─ read-yaml-file ^1.1.0 → 1.1.0
  ├─ resolve-from ^5.0.0 → 5.0.0
  ├─ semver ^7.5.3 → 7.8.1
  ├─ signal-exit ^4.0.1 → 4.1.0
  ├─ spawndamnit ^3.0.1 → 3.0.1
  ├─ strip-ansi ^6.0.1 → 6.0.1
├─ universalify ^0.1.0
  ├─ @babel/runtime ^7.5.5 → 7.29.7
  ├─ @changesets/errors ^0.2.0 → 0.2.0
  ├─ @changesets/get-dependents-graph ^2.1.4 → 2.1.4
  ├─ @changesets/git ^3.0.4 → 3.0.4
  ├─ @changesets/logger ^0.1.1 → 0.1.1
  ├─ @changesets/parse ^0.4.3 → 0.4.3
  ├─ @changesets/should-skip-package ^0.1.2 → 0.1.2
  ├─ @changesets/types ^6.1.0 → 6.1.0
  ├─ @changesets/types ^4.0.1 → 4.1.0
  ├─ @manypkg/find-root ^1.1.0 → 1.1.0
  ├─ @manypkg/get-packages ^1.1.3 → 1.1.3
  ├─ @types/node ^12.7.1 → 12.20.55
  ├─ ansi-regex ^5.0.1 → 5.0.1
  ├─ array-union ^2.1.0
  ├─ better-path-resolve 1.0.0 → 1.0.0
  ├─ braces ^3.0.3 → 3.0.3
  ├─ cross-spawn ^7.0.5 → 7.0.6
  ├─ dir-glob ^3.0.1 → 3.0.1
  ├─ extendable-error ^0.1.5 → 0.1.7
  ├─ fast-glob ^3.2.9 → 3.3.3
  ├─ find-up ^4.1.0 → 4.1.0
  ├─ fs-extra ^8.1.0 → 8.1.0
  ├─ fs-extra ^7.0.1 → 7.0.1
  ├─ globby ^11.0.0 → 11.1.0
  ├─ graceful-fs ^4.1.5 → 4.2.11
  ├─ graceful-fs ^4.2.0 → 4.2.11
  ├─ graceful-fs ^4.1.2 → 4.2.11
  ├─ ignore ^5.2.0 → 5.3.2
  ├─ is-subdir ^1.1.1 → 1.2.0
  ├─ js-yaml ^4.1.1 → 4.1.1
  ├─ js-yaml ^3.6.1 → 3.14.2
  ├─ jsonfile ^4.0.0
  ├─ merge2 ^1.4.1 → 1.4.1
  ├─ micromatch ^4.0.8 → 4.0.8
  ├─ p-filter ^2.1.0 → 2.1.0
  ├─ p-map ^2.0.0
  ├─ path-key ^3.1.0 → 3.1.1
  ├─ picocolors ^1.1.0 → 1.1.1
  ├─ picomatch ^2.3.1 → 2.3.2
  ├─ pify ^4.0.1 → 4.0.1
  ├─ read-yaml-file ^1.1.0 → 1.1.0
  ├─ safer-buffer >= 2.1.2 < 3.0.0 → 2.1.2
  ├─ semver ^7.5.3 → 7.8.1
  ├─ shebang-command ^2.0.0 → 2.0.0
  ├─ signal-exit ^4.0.1 → 4.1.0
  ├─ slash ^3.0.0 → 3.0.0
  ├─ spawndamnit ^3.0.1 → 3.0.1
  ├─ strip-bom ^3.0.0 → 3.0.0
  ├─ universalify ^0.1.0
├─ which ^2.0.1 → 2.0.2
  ├─ @babel/runtime ^7.5.5 → 7.29.7
  ├─ @changesets/errors ^0.2.0 → 0.2.0
  ├─ @changesets/types ^4.0.1 → 4.1.0
  ├─ @changesets/types ^6.1.0 → 6.1.0
  ├─ @manypkg/find-root ^1.1.0 → 1.1.0
  ├─ @manypkg/get-packages ^1.1.3 → 1.1.3
  ├─ @nodelib/fs.stat ^2.0.2 → 2.0.5
  ├─ @nodelib/fs.walk ^1.2.3 → 1.2.8
  ├─ @types/node ^12.7.1 → 12.20.55
  ├─ argparse ^1.0.7 → 1.0.10
  ├─ argparse ^2.0.1 → 2.0.1
  ├─ array-union ^2.1.0
  ├─ better-path-resolve 1.0.0 → 1.0.0
  ├─ braces ^3.0.3 → 3.0.3
  ├─ cross-spawn ^7.0.5 → 7.0.6
  ├─ dir-glob ^3.0.1 → 3.0.1
  ├─ esprima ^4.0.0 → 4.0.1
  ├─ extendable-error ^0.1.5 → 0.1.7
  ├─ fast-glob ^3.2.9 → 3.3.3
  ├─ fill-range ^7.1.1 → 7.1.1
  ├─ find-up ^4.1.0 → 4.1.0
  ├─ fs-extra ^8.1.0 → 8.1.0
  ├─ glob-parent ^5.1.2 → 5.1.2
  ├─ globby ^11.0.0 → 11.1.0
  ├─ graceful-fs ^4.1.2 → 4.2.11
  ├─ graceful-fs ^4.1.5 → 4.2.11
  ├─ graceful-fs ^4.2.0 → 4.2.11
  ├─ ignore ^5.2.0 → 5.3.2
  ├─ is-subdir ^1.1.1 → 1.2.0
  ├─ is-windows ^1.0.0 → 1.0.2
  ├─ isexe ^2.0.0 → 2.0.0
  ├─ js-yaml ^3.6.1 → 3.14.2
  ├─ js-yaml ^4.1.1 → 4.1.1
  ├─ jsonfile ^4.0.0
  ├─ locate-path ^5.0.0 → 5.0.0
  ├─ merge2 ^1.4.1 → 1.4.1
  ├─ merge2 ^1.3.0 → 1.4.1
  ├─ micromatch ^4.0.8 → 4.0.8
  ├─ p-map ^2.0.0
  ├─ path-exists ^4.0.0 → 4.0.0
  ├─ path-key ^3.1.0 → 3.1.1
  ├─ path-type ^4.0.0 → 4.0.0
  ├─ picocolors ^1.1.0 → 1.1.1
  ├─ picomatch ^2.3.1 → 2.3.2
  ├─ pify ^4.0.1 → 4.0.1
  ├─ read-yaml-file ^1.1.0 → 1.1.0
  ├─ semver ^7.5.3 → 7.8.1
  ├─ shebang-command ^2.0.0 → 2.0.0
  ├─ shebang-regex ^3.0.0
  ├─ signal-exit ^4.0.1 → 4.1.0
  ├─ slash ^3.0.0 → 3.0.0
  ├─ spawndamnit ^3.0.1 → 3.0.1
  ├─ strip-bom ^3.0.0 → 3.0.0
  ├─ universalify ^0.1.0
├─ which ^2.0.1 → 2.0.2
  ├─ @babel/runtime ^7.5.5 → 7.29.7
  ├─ @changesets/types ^4.0.1 → 4.1.0
  ├─ @manypkg/find-root ^1.1.0 → 1.1.0
  ├─ @nodelib/fs.scandir 2.1.5 → 2.1.5
  ├─ @nodelib/fs.stat ^2.0.2 → 2.0.5
  ├─ @nodelib/fs.walk ^1.2.3 → 1.2.8
  ├─ @types/node ^12.7.1 → 12.20.55
  ├─ argparse ^1.0.7 → 1.0.10
  ├─ argparse ^2.0.1 → 2.0.1
  ├─ array-union ^2.1.0
  ├─ better-path-resolve 1.0.0 → 1.0.0
  ├─ braces ^3.0.3 → 3.0.3
  ├─ cross-spawn ^7.0.5 → 7.0.6
  ├─ dir-glob ^3.0.1 → 3.0.1
  ├─ esprima ^4.0.0 → 4.0.1
  ├─ extendable-error ^0.1.5 → 0.1.7
  ├─ fast-glob ^3.2.9 → 3.3.3
  ├─ fastq ^1.6.0 → 1.20.1
  ├─ fill-range ^7.1.1 → 7.1.1
  ├─ find-up ^4.1.0 → 4.1.0
  ├─ fs-extra ^8.1.0 → 8.1.0
  ├─ glob-parent ^5.1.2 → 5.1.2
  ├─ globby ^11.0.0 → 11.1.0
  ├─ graceful-fs ^4.2.0 → 4.2.11
  ├─ graceful-fs ^4.1.5 → 4.2.11
  ├─ ignore ^5.2.0 → 5.3.2
  ├─ is-glob ^4.0.1 → 4.0.3
  ├─ is-windows ^1.0.0 → 1.0.2
  ├─ isexe ^2.0.0 → 2.0.0
  ├─ js-yaml ^3.6.1 → 3.14.2
  ├─ jsonfile ^4.0.0
  ├─ locate-path ^5.0.0 → 5.0.0
  ├─ merge2 ^1.4.1 → 1.4.1
  ├─ merge2 ^1.3.0 → 1.4.1
  ├─ micromatch ^4.0.8 → 4.0.8
  ├─ p-locate ^4.1.0 → 4.1.0
  ├─ path-exists ^4.0.0 → 4.0.0
  ├─ path-key ^3.1.0 → 3.1.1
  ├─ path-type ^4.0.0 → 4.0.0
  ├─ picomatch ^2.3.1 → 2.3.2
  ├─ pify ^4.0.1 → 4.0.1
  ├─ read-yaml-file ^1.1.0 → 1.1.0
  ├─ shebang-command ^2.0.0 → 2.0.0
  ├─ shebang-regex ^3.0.0
  ├─ signal-exit ^4.0.1 → 4.1.0
  ├─ slash ^3.0.0 → 3.0.0
  ├─ sprintf-js ~1.0.2 → 1.0.3
  ├─ strip-bom ^3.0.0 → 3.0.0
  ├─ to-regex-range ^5.0.1 → 5.0.1
  ├─ universalify ^0.1.0
├─ which ^2.0.1 → 2.0.2
  ├─ @babel/runtime ^7.5.5 → 7.29.7
  ├─ @nodelib/fs.scandir 2.1.5 → 2.1.5
  ├─ @nodelib/fs.stat 2.0.5 → 2.0.5
  ├─ @nodelib/fs.stat ^2.0.2 → 2.0.5
  ├─ @nodelib/fs.walk ^1.2.3 → 1.2.8
  ├─ @types/node ^12.7.1 → 12.20.55
  ├─ argparse ^1.0.7 → 1.0.10
  ├─ array-union ^2.1.0
  ├─ braces ^3.0.3 → 3.0.3
  ├─ dir-glob ^3.0.1 → 3.0.1
  ├─ esprima ^4.0.0 → 4.0.1
  ├─ fast-glob ^3.2.9 → 3.3.3
  ├─ fastq ^1.6.0 → 1.20.1
  ├─ fill-range ^7.1.1 → 7.1.1
  ├─ find-up ^4.1.0 → 4.1.0
  ├─ fs-extra ^8.1.0 → 8.1.0
  ├─ glob-parent ^5.1.2 → 5.1.2
  ├─ graceful-fs ^4.1.5 → 4.2.11
  ├─ graceful-fs ^4.2.0 → 4.2.11
  ├─ ignore ^5.2.0 → 5.3.2
  ├─ is-extglob ^2.1.1 → 2.1.1
  ├─ is-glob ^4.0.1 → 4.0.3
  ├─ is-number ^7.0.0 → 7.0.0
  ├─ is-windows ^1.0.0 → 1.0.2
  ├─ isexe ^2.0.0 → 2.0.0
  ├─ js-yaml ^3.6.1 → 3.14.2
  ├─ jsonfile ^4.0.0
  ├─ locate-path ^5.0.0 → 5.0.0
  ├─ merge2 ^1.3.0 → 1.4.1
  ├─ merge2 ^1.4.1 → 1.4.1
  ├─ micromatch ^4.0.8 → 4.0.8
  ├─ p-limit ^2.2.0 → 2.2.2
  ├─ p-locate ^4.1.0 → 4.1.0
  ├─ path-exists ^4.0.0 → 4.0.0
  ├─ path-key ^3.1.0 → 3.1.1
  ├─ path-type ^4.0.0 → 4.0.0
  ├─ picomatch ^2.3.1 → 2.3.2
  ├─ pify ^4.0.1 → 4.0.1
  ├─ reusify ^1.0.4 → 1.1.0
  ├─ run-parallel ^1.1.9 → 1.2.0
  ├─ shebang-command ^2.0.0 → 2.0.0
  ├─ shebang-regex ^3.0.0
  ├─ slash ^3.0.0 → 3.0.0
  ├─ sprintf-js ~1.0.2 → 1.0.3
  ├─ strip-bom ^3.0.0 → 3.0.0
  ├─ to-regex-range ^5.0.1 → 5.0.1
  ├─ universalify ^0.1.0
├─ which ^2.0.1 → 2.0.2
  ├─ @nodelib/fs.scandir 2.1.5 → 2.1.5
  ├─ @nodelib/fs.stat ^2.0.2 → 2.0.5
  ├─ @nodelib/fs.stat 2.0.5 → 2.0.5
  ├─ @nodelib/fs.walk ^1.2.3 → 1.2.8
  ├─ argparse ^1.0.7 → 1.0.10
  ├─ braces ^3.0.3 → 3.0.3
  ├─ esprima ^4.0.0 → 4.0.1
  ├─ fastq ^1.6.0 → 1.20.1
  ├─ fill-range ^7.1.1 → 7.1.1
  ├─ glob-parent ^5.1.2 → 5.1.2
  ├─ graceful-fs ^4.2.0 → 4.2.11
  ├─ is-extglob ^2.1.1 → 2.1.1
  ├─ is-glob ^4.0.1 → 4.0.3
  ├─ is-number ^7.0.0 → 7.0.0
  ├─ isexe ^2.0.0 → 2.0.0
  ├─ jsonfile ^4.0.0
  ├─ locate-path ^5.0.0 → 5.0.0
  ├─ merge2 ^1.3.0 → 1.4.1
  ├─ micromatch ^4.0.8 → 4.0.8
  ├─ p-limit ^2.2.0 → 2.2.2
  ├─ p-locate ^4.1.0 → 4.1.0
  ├─ p-try ^2.0.0 → 2.2.0
  ├─ path-exists ^4.0.0 → 4.0.0
  ├─ path-type ^4.0.0 → 4.0.0
  ├─ picomatch ^2.3.1 → 2.3.2
  ├─ queue-microtask ^1.2.2 → 1.2.3
  ├─ reusify ^1.0.4 → 1.1.0
  ├─ run-parallel ^1.1.9 → 1.2.0
  ├─ shebang-regex ^3.0.0
  ├─ sprintf-js ~1.0.2 → 1.0.3
  ├─ to-regex-range ^5.0.1 → 5.0.1
├─ universalify ^0.1.0
  ├─ @nodelib/fs.scandir 2.1.5 → 2.1.5
  ├─ @nodelib/fs.stat 2.0.5 → 2.0.5
  ├─ braces ^3.0.3 → 3.0.3
  ├─ fastq ^1.6.0 → 1.20.1
  ├─ fill-range ^7.1.1 → 7.1.1
  ├─ is-extglob ^2.1.1 → 2.1.1
  ├─ is-glob ^4.0.1 → 4.0.3
  ├─ is-number ^7.0.0 → 7.0.0
  ├─ p-limit ^2.2.0 → 2.2.2
  ├─ p-locate ^4.1.0 → 4.1.0
  ├─ p-try ^2.0.0 → 2.2.0
  ├─ picomatch ^2.3.1 → 2.3.2
  ├─ queue-microtask ^1.2.2 → 1.2.3
  ├─ reusify ^1.0.4 → 1.1.0
  ├─ run-parallel ^1.1.9 → 1.2.0
  ├─ sprintf-js ~1.0.2 → 1.0.3
├─ to-regex-range ^5.0.1 → 5.0.1
  ├─ @nodelib/fs.stat 2.0.5 → 2.0.5
  ├─ fill-range ^7.1.1 → 7.1.1
  ├─ is-extglob ^2.1.1 → 2.1.1
  ├─ is-number ^7.0.0 → 7.0.0
  ├─ p-limit ^2.2.0 → 2.2.2
  ├─ p-try ^2.0.0 → 2.2.0
  ├─ queue-microtask ^1.2.2 → 1.2.3
  ├─ reusify ^1.0.4 → 1.1.0
  ├─ run-parallel ^1.1.9 → 1.2.0
  ├─ to-regex-range ^5.0.1 → 5.0.1

Changes from v3.0.89

Dependency Changes

Script Changes

+ push

File Changes

610 added 0 removed 135 modified size delta: +5254.3 KB

Risk Dispositions (1 applicable to this version, 0 other)

Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.

Rule Source Disposition Author Reason
large-new-source-files source-diff reject AI AI (source-diff): Publisher has 364 rejections; mass file additions are a persistent risk pattern for this package.

SAST Findings (7)

CRITICAL Large number of new source files: 604 source-diff

[Always reject] This version adds 604 new source files. A suddenly much larger package could indicate bundled/injected code.

CRITICAL MAL-2026-4417: Malicious code in @pisell/pisellos (npm) osv

--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (92e6d35e4cff1457b43bc8b864e196a659fe12cf9028311e27bf2ceb9fcefe2f) The ScanOrder and VenueBooking solution modules (dist/solution/ScanOrder/index.js:545-546 and lib/solution/VenueBooking/index.js:381-382) hard-code default logger configurations pointing at four author-controlled Feishu bot webhooks under open.feishu.cn/open-apis/bot/v2/hook/. When a consuming application instantiates ScanOrderImpl or VenueBookingImpl without supplying an explicit scanOrderLoggerConfig/loggerConfig, every method-call payload — including cacheId, customer identifiers resolved from login payloads, order/product details, scan codes, and error objects with stack traces — is POSTed via fetch() to those Feishu endpoints. The README advertises a generic modular SDK and does not disclose this outbound telemetry; the destination is not configurable through normal use because the defaults are baked into the module. The presence of a 'REPLACE_ME' placeholder elsewhere in the same logger code suggests these defaults were left in unintentionally, but the effect on consumers is the same: any host app integrating these solutions silently leaks order-flow and customer data to the package author. The relay fires when the solution module is instantiated by a host application (not at import or install time), so the data flow occurs in production usage rather than at developer install.

HIGH New obfuscated file: dist/modules/Payment/cash.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/solution/BookingTicket/utils/scan/cloudSearch.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/modules/Payment/eftpos.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/modules/ScanOrderLogger/providers/feishu.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Review Summary

Risk score: 100 (capped from 223). Findings: 2 critical (+80), 4 high (+100), 4 medium (+40), 1 low (+3), 4 info (+0).

Commit: d17ff7602cc8 Browse source

Published to npm: