@umijs/[email protected] rejected Risk: 73 MIT 2023-06-01

@umijs/types @3.5.41

rejected

This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.

npm Repository Homepage Tarball

Risk Score

MIT

License

Install Scripts

Dependencies

Dev Dependencies

3.8 KB

Package Size

2023-06-01

Published

@umijs/types

Maintainers

stormslowlyxiefengniansorryccchenshuai2144kuitospeachscriptxiaohuoni

Keywords

umi

Dependencies (7)

Package	Constraint	Registry Status
@umijs/core	3.5.41	No greenflagged match
@umijs/deps	3.5.41	No greenflagged match
@umijs/utils	3.5.41	No greenflagged match
@umijs/server	3.5.41	No greenflagged match
webpack-chain	6.5.1	auto_approved
@umijs/renderer-react	3.5.41	No greenflagged match
@umijs/babel-preset-umi	3.5.41	No greenflagged match

Transitive Dependency Tree

9 transitive deps max depth 2

├─ @umijs/babel-preset-umi 3.5.41

├─ @umijs/core 3.5.41

├─ @umijs/deps 3.5.41

├─ @umijs/renderer-react 3.5.41

├─ @umijs/server 3.5.41

├─ @umijs/utils 3.5.41

├─ webpack-chain 6.5.1 → 6.5.1

├─ deepmerge ^1.5.2 → 1.5.2

├─ javascript-stringify ^2.0.1 → 2.1.0

SAST Findings (2)

CRITICAL Low-value / spam package indicators (2 signals, score 3) bogus-package

[Always reject] Matched 2 signal(s), weighted score 3: • [S_README_NO_CODE] Short README with no code block, no install instructions, and no usage/API section. • [S_DESC_MATCHES_NAME] Description is empty or just restates the package name.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

Review Summary

Risk score: 73. Findings: 1 critical (+40), 3 medium (+30), 1 low (+3).

Commit: 879d66cfd294 Browse source

Published to npm: 2023-06-01