All @sanity/vision versions

@sanity/[email protected] rejected Risk: 25 MIT

@sanity/vision @5.24.0

rejected
This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.
npm Repository Homepage Tarball
25
Risk Score
MIT
License
No
Install Scripts
23
Dependencies
26
Dev Dependencies
86.6 KB
Package Size
Published

Sanity plugin for running/debugging GROQ-queries against Sanity datasets

Maintainers

sanity-svc.npmsanity-io

Keywords

admincmscontentguiheadlessrealtimesanitysanity-pluginvision

Dependencies (23)

PackageConstraintRegistry Status
rxjs ^7.8.2 auto_approved
json5 ^2.2.3 auto_approved
react-rx ^4.2.2 auto_approved
lodash-es ^4.18.1 auto_approved
quick-lru ^5.1.1 auto_approved
@sanity/ui ^3.1.14 auto_approved
json-2-csv ^5.5.9 auto_approved
@sanity/uuid ^3.0.2 auto_approved
@sanity/color ^3.0.6 auto_approved
@sanity/icons ^3.7.4 auto_approved
is-hotkey-esm ^1.0.0 auto_approved
@codemirror/view ^6.39.11 auto_approved
@lezer/highlight ^1.2.3 auto_approved
@codemirror/state ^6.5.4 auto_approved
@codemirror/search ^6.6.0 auto_approved
@sanity/lezer-groq ^1.0.3 auto_approved
@codemirror/commands ^6.10.1 auto_approved
@codemirror/language ^6.12.1 auto_approved
@uiw/react-codemirror ^4.25.4 auto_approved
@codemirror/autocomplete ^6.20.0 auto_approved
@rexxars/react-split-pane ^1.0.0 auto_approved
@codemirror/lang-javascript ^6.2.4 auto_approved
@rexxars/react-json-inspector ^9.0.1 auto_approved

Dev Dependencies (26)

PackageConstraintRegistry Status
vite ^7.3.1 auto_approved
jsdom ^26.1.0 auto_approved
react ^19.2.4 auto_approved
eslint ^9.39.2 auto_approved
rimraf ^6.1.3 auto_approved
sanity 5.24.0 auto_approved
vitest ^4.1.4 auto_approved
react-dom ^19.2.4 auto_approved
@types/react ^19.2.11 auto_approved
@repo/tsconfig 5.24.0 Not imported
@sanity/client ^7.21.0 auto_approved
@types/lodash-es ^4.17.12 auto_approved
@repo/test-config 5.24.0 Not imported
@sanity/pkg-utils ^10.4.15 auto_approved
styled-components npm:@sanity/styled-components@^6.1.24 auto_approved
@repo/eslint-config 5.24.0 Not imported
@repo/package.bundle 5.24.0 Not imported
@repo/package.config 5.24.0 Not imported
@vanilla-extract/css ^1.19.0 auto_approved
@vitejs/plugin-react ^5.1.2 auto_approved
@testing-library/react ^16.3.1 auto_approved
@sanity/eslint-config-i18n ^2.0.0 Not imported
@typescript/native-preview beta No greenflagged match
babel-plugin-react-compiler 1.0.0 No greenflagged match
@vanilla-extract/vite-plugin ^5.2.0 auto_approved
babel-plugin-styled-components ^2.1.4 auto_approved

Transitive Dependency Tree

76 transitive deps max depth 7
  ├─ @codemirror/autocomplete ^6.20.0 → 6.20.2
  ├─ @codemirror/commands ^6.10.1 → 6.10.3
  ├─ @codemirror/lang-javascript ^6.2.4 → 6.2.5
  ├─ @codemirror/language ^6.12.1 → 6.12.3
  ├─ @codemirror/search ^6.6.0 → 6.7.0
  ├─ @codemirror/state ^6.5.4 → 6.6.0
  ├─ @codemirror/view ^6.39.11 → 6.43.0
  ├─ @lezer/highlight ^1.2.3 → 1.2.3
  ├─ @rexxars/react-json-inspector ^9.0.1 → 9.0.1
  ├─ @rexxars/react-split-pane ^1.0.0 → 1.0.0
  ├─ @sanity/color ^3.0.6 → 3.0.6
  ├─ @sanity/icons ^3.7.4 → 3.7.4
  ├─ @sanity/lezer-groq ^1.0.3 → 1.0.4
  ├─ @sanity/ui ^3.1.14 → 3.2.0
  ├─ @sanity/uuid ^3.0.2 → 3.0.2
  ├─ @uiw/react-codemirror ^4.25.4 → 4.25.10
  ├─ is-hotkey-esm ^1.0.0 → 1.0.0
  ├─ json-2-csv ^5.5.9 → 5.5.11
  ├─ json5 ^2.2.3 → 2.2.3
  ├─ lodash-es ^4.18.1 → 4.18.1
  ├─ quick-lru ^5.1.1 → 5.1.1
  ├─ react-rx ^4.2.2 → 4.2.2
├─ rxjs ^7.8.2 → 7.8.2
  ├─ @babel/runtime ^7.18.6 → 7.29.7
  ├─ @codemirror/autocomplete ^6.0.0 → 6.20.1
  ├─ @codemirror/commands ^6.1.0 → 6.10.3
  ├─ @codemirror/language ^6.6.0 → 6.12.3
  ├─ @codemirror/language ^6.0.0 → 6.12.3
  ├─ @codemirror/lint ^6.0.0 → 6.9.5
  ├─ @codemirror/state ^6.0.0 → 6.6.0
  ├─ @codemirror/state ^6.1.1 → 6.6.0
  ├─ @codemirror/state ^6.6.0 → 6.6.0
  ├─ @codemirror/theme-one-dark ^6.0.0 → 6.1.3
  ├─ @codemirror/view ^6.27.0 → 6.42.0
  ├─ @codemirror/view ^6.23.0 → 6.42.0
  ├─ @codemirror/view ^6.37.0 → 6.42.0
  ├─ @codemirror/view ^6.17.0 → 6.42.0
  ├─ @floating-ui/react-dom ^2.1.6 → 2.1.8
  ├─ @juggle/resize-observer ^3.4.0 → 3.4.0
  ├─ @lezer/common ^1.0.0 → 1.5.2
  ├─ @lezer/common ^1.2.0 → 1.5.2
  ├─ @lezer/common ^1.1.0 → 1.5.2
  ├─ @lezer/common ^1.3.0 → 1.5.2
  ├─ @lezer/common ^1.5.0 → 1.5.2
  ├─ @lezer/highlight ^1.0.0 → 1.2.3
  ├─ @lezer/javascript ^1.0.0 → 1.5.4
  ├─ @lezer/lr ^1.0.0 → 1.4.10
  ├─ @marijn/find-cluster-break ^1.0.0 → 1.0.2
  ├─ @sanity/color ^3.0.6 → 3.0.6
  ├─ @sanity/icons ^3.7.4 → 3.7.4
  ├─ @types/uuid ^8.0.0
  ├─ @uiw/codemirror-extensions-basic-setup 4.25.10 → 4.25.10
  ├─ codemirror ^6.0.0 → 6.65.7
  ├─ crelt ^1.0.6 → 1.0.6
  ├─ crelt ^1.0.5 → 1.0.6
  ├─ csstype ^3.1.3 → 3.2.3
  ├─ debounce ^1.0.0 → 1.2.1
  ├─ deeks 3.2.1 → 3.2.1
  ├─ doc-path 4.1.4 → 4.1.4
  ├─ md5-o-matic ^0.1.1 → 0.1.1
  ├─ motion ^12.23.24 → 12.40.0
  ├─ observable-callback ^1.0.3 → 1.0.3
  ├─ react-compiler-runtime 1.0.0 → 1.0.0
  ├─ react-refractor ^4.0.0 → 4.0.0
  ├─ style-mod ^4.1.0 → 4.1.3
  ├─ style-mod ^4.0.0
  ├─ tslib ^2.1.0 → 2.8.1
  ├─ use-effect-event ^2.0.3 → 2.0.3
  ├─ uuid ^8.0.0 → 8.3.2
├─ w3c-keyname ^2.2.4 → 2.2.8
  ├─ @codemirror/autocomplete ^6.0.0 → 6.20.2
  ├─ @codemirror/commands ^6.0.0 → 6.10.3
  ├─ @codemirror/language ^6.0.0 → 6.12.3
  ├─ @codemirror/lint ^6.0.0 → 6.9.6
  ├─ @codemirror/search ^6.0.0 → 6.7.0
  ├─ @codemirror/state ^6.6.0 → 6.6.0
  ├─ @codemirror/state ^6.0.0 → 6.6.0
  ├─ @codemirror/view ^6.17.0 → 6.42.0
  ├─ @codemirror/view ^6.23.0 → 6.42.0
  ├─ @codemirror/view ^6.0.0 → 6.42.0
  ├─ @codemirror/view ^6.27.0 → 6.42.0
  ├─ @codemirror/view ^6.0.0 → 6.43.0
  ├─ @codemirror/view ^6.35.0 → 6.42.0
  ├─ @floating-ui/dom ^1.7.6 → 1.7.6
  ├─ @lezer/common ^1.1.0 → 1.5.2
  ├─ @lezer/common ^1.5.0 → 1.5.2
  ├─ @lezer/common ^1.3.0 → 1.5.2
  ├─ @lezer/common ^1.2.0 → 1.5.2
  ├─ @lezer/common ^1.0.0 → 1.5.2
  ├─ @lezer/highlight ^1.0.0 → 1.2.3
  ├─ @lezer/highlight ^1.1.3 → 1.2.3
  ├─ @lezer/lr ^1.3.0 → 1.4.10
  ├─ @lezer/lr ^1.0.0 → 1.4.10
  ├─ @marijn/find-cluster-break ^1.0.0 → 1.0.2
  ├─ crelt ^1.0.5 → 1.0.6
  ├─ crelt ^1.0.6 → 1.0.6
  ├─ framer-motion ^12.40.0 → 12.40.0
  ├─ refractor ^5.0.0 → 5.0.0
  ├─ style-mod ^4.1.0 → 4.1.3
  ├─ style-mod ^4.0.0
  ├─ tslib ^2.4.0 → 2.8.1
  ├─ unist-util-visit-parents ^6.0.1 → 6.0.2
├─ w3c-keyname ^2.2.4 → 2.2.8
  ├─ @codemirror/language ^6.0.0 → 6.12.3
  ├─ @codemirror/state ^6.6.0 → 6.6.0
  ├─ @codemirror/state ^6.0.0 → 6.6.0
  ├─ @codemirror/view ^6.17.0 → 6.42.0
  ├─ @codemirror/view ^6.42.0 → 6.42.0
  ├─ @codemirror/view ^6.27.0 → 6.42.0
  ├─ @codemirror/view ^6.37.0 → 6.42.0
  ├─ @codemirror/view ^6.23.0 → 6.42.0
  ├─ @floating-ui/core ^1.7.5 → 1.7.5
  ├─ @floating-ui/utils ^0.2.11 → 0.2.11
  ├─ @lezer/common ^1.1.0 → 1.5.2
  ├─ @lezer/common ^1.0.0 → 1.5.2
  ├─ @lezer/common ^1.3.0 → 1.5.2
  ├─ @lezer/common ^1.5.0 → 1.5.2
  ├─ @lezer/highlight ^1.0.0 → 1.2.3
  ├─ @lezer/lr ^1.0.0 → 1.4.10
  ├─ @marijn/find-cluster-break ^1.0.0 → 1.0.2
  ├─ @types/hast ^3.0.0 → 3.0.4
  ├─ @types/prismjs ^1.0.0 → 1.26.6
  ├─ @types/unist ^3.0.0 → 3.0.3
  ├─ crelt ^1.0.6 → 1.0.6
  ├─ crelt ^1.0.5 → 1.0.6
  ├─ hastscript ^9.0.0 → 9.0.1
  ├─ motion-dom ^12.40.0 → 12.40.0
  ├─ motion-utils ^12.39.0 → 12.39.0
  ├─ parse-entities ^4.0.0 → 4.0.2
  ├─ style-mod ^4.1.0 → 4.1.3
  ├─ style-mod ^4.0.0
  ├─ tslib ^2.4.0 → 2.8.1
  ├─ unist-util-is ^6.0.0 → 6.0.1
├─ w3c-keyname ^2.2.4 → 2.2.8
  ├─ @codemirror/state ^6.6.0 → 6.6.0
  ├─ @codemirror/state ^6.0.0 → 6.6.0
  ├─ @codemirror/view ^6.23.0 → 6.42.0
  ├─ @floating-ui/utils ^0.2.11 → 0.2.11
  ├─ @lezer/common ^1.0.0 → 1.5.2
  ├─ @lezer/common ^1.3.0 → 1.5.2
  ├─ @lezer/common ^1.5.0 → 1.5.2
  ├─ @lezer/highlight ^1.0.0 → 1.2.3
  ├─ @lezer/lr ^1.0.0 → 1.4.10
  ├─ @marijn/find-cluster-break ^1.0.0 → 1.0.2
  ├─ @types/hast ^3.0.0 → 3.0.4
  ├─ @types/unist ^2.0.0
  ├─ @types/unist ^3.0.0 → 3.0.3
  ├─ @types/unist *
  ├─ character-entities-legacy ^3.0.0
  ├─ character-reference-invalid ^2.0.0
  ├─ comma-separated-tokens ^2.0.0 → 2.0.3
  ├─ crelt ^1.0.6 → 1.0.6
  ├─ decode-named-character-reference ^1.0.0 → 1.3.0
  ├─ hast-util-parse-selector ^4.0.0 → 4.0.0
  ├─ is-alphanumerical ^2.0.0 → 2.0.1
  ├─ is-decimal ^2.0.0
  ├─ is-hexadecimal ^2.0.0
  ├─ motion-utils ^12.39.0 → 12.39.0
  ├─ property-information ^7.0.0 → 7.1.0
  ├─ space-separated-tokens ^2.0.0 → 2.0.2
  ├─ style-mod ^4.0.0
  ├─ style-mod ^4.1.0 → 4.1.3
├─ w3c-keyname ^2.2.4 → 2.2.8
  ├─ @codemirror/state ^6.6.0 → 6.6.0
  ├─ @lezer/common ^1.0.0 → 1.5.2
  ├─ @lezer/common ^1.3.0 → 1.5.2
  ├─ @marijn/find-cluster-break ^1.0.0 → 1.0.2
  ├─ @types/hast ^3.0.0 → 3.0.4
  ├─ @types/unist *
  ├─ character-entities ^2.0.0
  ├─ crelt ^1.0.6 → 1.0.6
  ├─ is-alphabetical ^2.0.0 → 2.0.1
  ├─ is-decimal ^2.0.0
  ├─ style-mod ^4.1.0 → 4.1.3
├─ w3c-keyname ^2.2.4 → 2.2.8
  ├─ @marijn/find-cluster-break ^1.0.0 → 1.0.2
  ├─ @types/unist *

Changes from v5.23.0

No metadata changes detected.

File Changes

0 added 0 removed 1 modified size delta: .0 KB

Risk Dispositions (1 applicable to this version, 0 other)

Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.

Rule Source Disposition Author Reason
regressed-provenance provenance reject AI AI (provenance): Provenance regression is a disqualifying signal for this package until attestation is restored.

SAST Findings (1)

HIGH Provenance attestation missing — previous versions had it provenance

This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.

Review Summary

Risk score: 25. Findings: 1 high (+25), 2 info (+0).

Published to npm: