All @pisell/private-materials versions

@pisell/[email protected] rejected Risk: 100 No license

@pisell/private-materials @1.1.2111

rejected
This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.
npm Tarball
100
Risk Score
License
No
Install Scripts
20
Dependencies
37
Dev Dependencies
8051.2 KB
Package Size
Published

pisell前端使用的私有物料

Maintainers

wang_hanzsj1037797769zhiwei.wangyaoxiaojialarry_ranhejunxiangfeng.xueah-scjinglin.tan

Dependencies (20)

PackageConstraintRegistry Status
antd 5.10.1 No greenflagged match
dayjs ^1.11.9 auto_approved
ahooks ^3.7.6 auto_approved
classnames ^2.3.2 auto_approved
decimal.js ^10.4.3 auto_approved
@pisell/icon 0.0.10 No greenflagged match
@dnd-kit/core ^6.0.8 auto_approved
@pisell/utils 1.0.68 No greenflagged match
rc-virtual-list ^3.11.3 auto_approved
react-resizable ^3.0.5 auto_approved
@ant-design/icons ^5.6.1 auto_approved
@dnd-kit/sortable ^7.0.2 No greenflagged match
@pisell/materials 1.0.1064 No greenflagged match
@react-spring/web ^9.6.1 auto_approved
styled-components ^6.0.0-rc.3 auto_approved
@dnd-kit/modifiers ^6.0.1 No greenflagged match
@dnd-kit/utilities ^3.2.1 auto_approved
@use-gesture/react ^10.3.1 auto_approved
@pisell/date-picker 1.0.141 No greenflagged match
react-infinite-scroll-component ^6.1.0 No greenflagged match

Dev Dependencies (37)

PackageConstraintRegistry Status
jsdom 22.1.0 auto_approved
react ^18.0.0 auto_approved
father ^4.1.6 auto_approved
lodash ^4.17.21 auto_approved
vitest 1.6.0 No greenflagged match
webpack ^4.27.1 auto_approved
inquirer ^6.5.1 auto_approved
react-dom ^18.0.0 auto_approved
storybook ^7.6.19 auto_approved
@vitest/ui 1.6.0 auto_approved
css-loader ^6.0.0 auto_approved
url-loader ^4.1.1 auto_approved
less-loader ^11.0.0 auto_approved
sass-loader 7.3.1 No greenflagged match
@types/react ^18.0.38 auto_approved
style-loader 2.0.0 auto_approved
@svgr/webpack ^5.5.0 auto_approved
build-scripts 1.0.1 Not imported
postcss-loader ^4.3.0 auto_approved
@storybook/react ^7.6.19 auto_approved
@types/react-dom ^18.0.0 No greenflagged match
@storybook/blocks ^7.6.19 auto_approved
webpack-dev-server ^4.0.0 No greenflagged match
@alib/build-scripts ^0.1.32 Not imported
@alilc/lowcode-types 1.1.7 No greenflagged match
@alilc/lowcode-utils 1.1.6 No greenflagged match
@storybook/addon-links ^7.6.19 auto_approved
@testing-library/react 12.1.5 No greenflagged match
build-plugin-component ^1.6.5 Not imported
@alilc/build-plugin-alt ^1.3.3 Not imported
@storybook/react-webpack5 ^7.6.19 No greenflagged match
@testing-library/jest-dom 5.16.5 auto_approved
@storybook/addon-essentials ^7.6.19 No greenflagged match
@testing-library/user-event 14.6.1 auto_approved
@pisell/build-plugin-lowcode ^1.0.13 Not imported
@alilc/lowcode-react-renderer ^1.1.7 Not imported
@storybook/addon-interactions ^7.6.19 No greenflagged match

Transitive Dependency Tree

55 transitive deps max depth 5
  ├─ @ant-design/icons ^5.6.1 → 5.6.1
  ├─ @dnd-kit/core ^6.0.8 → 6.3.1
  ├─ @dnd-kit/modifiers ^6.0.1
  ├─ @dnd-kit/sortable ^7.0.2
  ├─ @dnd-kit/utilities ^3.2.1 → 3.2.2
  ├─ @pisell/date-picker 1.0.141
  ├─ @pisell/icon 0.0.10
  ├─ @pisell/materials 1.0.1064
  ├─ @pisell/utils 1.0.68
  ├─ @react-spring/web ^9.6.1 → 9.7.5
  ├─ @use-gesture/react ^10.3.1 → 10.3.1
  ├─ ahooks ^3.7.6 → 3.9.7
  ├─ antd 5.10.1
  ├─ classnames ^2.3.2 → 2.5.1
  ├─ dayjs ^1.11.9 → 1.11.21
  ├─ decimal.js ^10.4.3 → 10.6.0
  ├─ rc-virtual-list ^3.11.3 → 3.19.2
  ├─ react-infinite-scroll-component ^6.1.0
  ├─ react-resizable ^3.0.5 → 3.2.0
├─ styled-components ^6.0.0-rc.3 → 6.4.2
  ├─ @ant-design/colors ^7.0.0 → 7.2.1
  ├─ @ant-design/icons-svg ^4.4.0 → 4.4.2
  ├─ @babel/runtime ^7.20.0 → 7.29.7
  ├─ @babel/runtime ^7.24.8 → 7.29.7
  ├─ @babel/runtime ^7.21.0 → 7.29.7
  ├─ @dnd-kit/accessibility ^3.1.1
  ├─ @dnd-kit/utilities ^3.2.2
  ├─ @emotion/is-prop-valid 1.4.0 → 1.4.0
  ├─ @react-spring/animated ~9.7.5
  ├─ @react-spring/core ~9.7.5
  ├─ @react-spring/shared ~9.7.5
  ├─ @react-spring/types ~9.7.5
  ├─ @types/js-cookie ^3.0.6 → 3.0.6
  ├─ @use-gesture/core 10.3.1 → 10.3.1
  ├─ classnames ^2.2.6 → 2.5.1
  ├─ css-to-react-native 3.2.0 → 3.2.0
  ├─ csstype 3.2.3 → 3.2.3
  ├─ dayjs ^1.9.1 → 1.11.21
  ├─ intersection-observer ^0.12.0 → 0.12.2
  ├─ js-cookie ^3.0.5 → 3.0.8
  ├─ lodash ^4.17.21 → 4.18.1
  ├─ prop-types 15.x → 15.8.1
  ├─ rc-resize-observer ^1.0.0 → 1.4.3
  ├─ rc-util ^5.31.1 → 5.44.4
  ├─ rc-util ^5.36.0 → 5.44.4
  ├─ react-draggable ^4.5.0 → 4.6.0
  ├─ react-fast-compare ^3.2.2 → 3.2.2
  ├─ resize-observer-polyfill ^1.5.1 → 1.5.1
  ├─ screenfull ^5.0.0
  ├─ stylis 4.3.6 → 4.3.6
  ├─ tslib ^2.0.0 → 2.8.1
├─ tslib ^2.4.1 → 2.8.1
  ├─ @ant-design/fast-color ^2.0.6 → 2.0.6
  ├─ @babel/runtime ^7.18.3 → 7.29.7
  ├─ @babel/runtime ^7.20.7 → 7.29.7
  ├─ @emotion/memoize ^0.9.0 → 0.9.0
  ├─ camelize ^1.0.0 → 1.0.1
  ├─ classnames ^2.2.1 → 2.5.1
  ├─ clsx ^2.1.1 → 2.1.1
  ├─ css-color-keywords ^1.0.0 → 1.0.0
  ├─ loose-envify ^1.4.0 → 1.4.0
  ├─ object-assign ^4.1.1 → 4.1.1
  ├─ postcss-value-parser ^4.0.2 → 4.2.0
  ├─ prop-types ^15.8.1 → 15.8.1
  ├─ rc-util ^5.44.1 → 5.44.4
  ├─ react-is ^18.2.0 → 18.3.1
  ├─ react-is ^16.13.1 → 16.13.1
├─ resize-observer-polyfill ^1.5.1 → 1.5.1
  ├─ @babel/runtime ^7.18.3 → 7.29.7
  ├─ @babel/runtime ^7.24.7 → 7.29.7
  ├─ js-tokens ^3.0.0 || ^4.0.0 → 4.0.0
  ├─ loose-envify ^1.4.0 → 1.4.0
  ├─ object-assign ^4.1.1 → 4.1.1
  ├─ react-is ^18.2.0 → 18.3.1
├─ react-is ^16.13.1 → 16.13.1
  ├─ js-tokens ^3.0.0 || ^4.0.0 → 4.0.0

Changes from v6.3.111

Dependency Changes

ChangePackageVersion
changed @pisell/icon 0.0.11 → 0.0.10
changed @pisell/utils 3.0.5 → 1.0.68
changed @pisell/materials 6.3.27 → 1.0.1064
changed @pisell/date-picker 3.0.8 → 1.0.141

Script Changes

+ build:tsdown

File Changes

1384 added 5 removed 3270 modified size delta: +8918.8 KB

SAST Findings (6)

HIGH Phantom dependency: rc-virtual-list phantom-deps

Declared in package.json dependencies but never imported in source code. Phantom dependencies may exist solely to execute install scripts or inject transitive malicious code. This was the exact attack vector in the axios compromise (plain-crypto-js).

HIGH Phantom dependency: react-resizable phantom-deps

Declared in package.json dependencies but never imported in source code. Phantom dependencies may exist solely to execute install scripts or inject transitive malicious code. This was the exact attack vector in the axios compromise (plain-crypto-js).

HIGH Phantom dependency: styled-components phantom-deps

Declared in package.json dependencies but never imported in source code. Phantom dependencies may exist solely to execute install scripts or inject transitive malicious code. This was the exact attack vector in the axios compromise (plain-crypto-js).

HIGH Phantom dependency: @dnd-kit/modifiers phantom-deps

Declared in package.json dependencies but never imported in source code. Phantom dependencies may exist solely to execute install scripts or inject transitive malicious code. This was the exact attack vector in the axios compromise (plain-crypto-js).

HIGH Phantom dependency: react-infinite-scroll-component phantom-deps

Declared in package.json dependencies but never imported in source code. Phantom dependencies may exist solely to execute install scripts or inject transitive malicious code. This was the exact attack vector in the axios compromise (plain-crypto-js).

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

Review Summary

Risk score: 100 (capped from 181). Findings: 5 high (+125), 5 medium (+50), 2 low (+6).

Published to npm: