base64-url @1.3.3
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
43
Risk Score
ISC
License
No
Install Scripts
0
Dependencies
5
Dev Dependencies
1.7 KB
Package Size
Published
Base64 encode, decode, escape and unescape for URL applications
Maintainers
quim
Keywords
base64base64url
Dev Dependencies (5)
| Package | Constraint | Registry Status |
|---|---|---|
| jscs | ^1.9.0 | auto_approved |
| tape | ^4.6.0 | auto_approved |
| jshint | ^2.5.11 | auto_approved |
| istanbul | ^0.3.5 | auto_approved |
| pre-commit | ^1.1.3 | auto_approved |
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
osv:GHSA-j4mr-9xw3-c9jx |
osv | reject | AI | AI (osv): HIGH severity out-of-bounds read affects all versions < 2.0.0; fix is available in 2.0.0. Verdict generalizes to all versions in the affected range. |
SAST Findings (2)
CRITICAL
GHSA-j4mr-9xw3-c9jx: Out-of-bounds Read in base64-url
osv
[Always reject] Versions of `base64-url` before 2.0.0 are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input. ## Recommendation Update to version 2.0.0 or later.
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
Review Summary
Risk score: 43. Findings: 1 critical (+40), 1 low (+3).
Commit: fb100b8397f2 Browse source
Published to npm: