All allure-js-commons versions
allure-js-commons @3.8.0
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
25
Risk Score
—
License
No
Install Scripts
1
Dependencies
13
Dev Dependencies
218.7 KB
Package Size
Published
Maintainers
qameta-botbaeveroshenkoamjust-boris
Keywords
allurecodeceptjscypressjasminejestjunitmochanewmanplaywrightpostmanreportreportertesttestingtestopsvitest
Dependencies (1)
| Package | Constraint | Registry Status |
|---|---|---|
| md5 | ^2.3.0 | auto_approved |
Dev Dependencies (13)
| Package | Constraint | Registry Status |
|---|---|---|
| rimraf | ^6.0.0 | auto_approved |
| vitest | ^4.0.18 | auto_approved |
| @babel/cli | ^7.28.0 | auto_approved |
| @types/md5 | ^2 | auto_approved |
| typescript | ^5.2.2 | auto_approved |
| @babel/core | ^7.28.0 | auto_approved |
| @types/node | ^20.19.0 | auto_approved |
| npm-run-all2 | ^8.0.0 | auto_approved |
| @babel/preset-env | ^7.28.0 | auto_approved |
| @types/babel__core | ^7.20.5 | auto_approved |
| @babel/preset-typescript | ^7.27.1 | auto_approved |
| @types/babel__preset-env | ^7.10.0 | No greenflagged match |
| @babel/plugin-transform-modules-commonjs | ^7.27.1 | auto_approved |
Transitive Dependency Tree
4 transitive deps
max depth 2
├─
md5
^2.3.0
→ 2.3.0
├─
charenc
0.0.2
→ 0.0.2
├─
crypt
0.0.2
→ 0.0.2
├─
is-buffer
~1.1.6
→ 1.1.6
Changes from v3.7.1
No metadata changes detected.
File Changes
10 added
0 removed
47 modified
size delta: +121.3 KB
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
regressed-provenance |
provenance | reject | AI | AI (provenance): Provenance regression is a disqualifying signal for this package; all versions should have CI/CD attestations. |
SAST Findings (1)
HIGH
Provenance attestation missing — previous versions had it
provenance
This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.
Review Summary
Risk score: 25. Findings: 1 high (+25), 3 info (+0).
Commit: a1e3fbc54680 Browse source
Published to npm: