[email protected] rejected Risk: 68 MIT 2013-09-11

bignum @0.6.2

rejected

This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.

npm Repository Tarball

Risk Score

MIT

License

Yes

Install Scripts

Dependencies

Dev Dependencies

16.7 KB

Package Size

2013-09-11

Published

Arbitrary-precision integer arithmetic using OpenSSL

Maintainers

bitcoinjsjustmoon

Keywords

opensslbigbignumbigintintegerarithmeticprecision

Dev Dependencies (3)

Package	Constraint	Registry Status
put	>=0.0.5	auto_approved
binary	>=0.1.7	auto_approved
expresso	>=0.6.0	Not imported

Risk Dispositions (1 applicable to this version, 0 other)

Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.

Rule	Source	Disposition	Author	Reason
`osv:GHSA-6429-3g3w-6mw5`	osv	reject	AI	AI (osv): HIGH severity DoS vulnerability (CVE-2022-25324) affects all versions including this one, with no fix published. Verdict generalizes to every version in the affected range (<= 0.13.1).

SAST Findings (3)

CRITICAL GHSA-6429-3g3w-6mw5: Uncaught Exception in bignum osv

[Always reject] CVSS 7.5 (HIGH) — CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H All versions of the npm package bignum are vulnerable to Denial of Service (DoS) due to a type-check exception in V8. When verifying the type of the second argument to the .powm function, V8 will crash regardless of Node try/catch blocks.

HIGH Long encoded string in modified file: test/big.js source-diff

Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Review Summary

Risk score: 68. Findings: 1 critical (+40), 1 high (+25), 1 low (+3), 2 info (+0).

Published to npm: 2013-09-11