All bignum versions

[email protected] rejected Risk: 43 MIT

bignum @0.9.3

rejected
This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.
npm Repository Homepage Tarball
43
Risk Score
MIT
License
Yes
Install Scripts
1
Dependencies
3
Dev Dependencies
17.5 KB
Package Size
Published

Arbitrary-precision integer arithmetic using OpenSSL

Maintainers

bitcoinjsjustmoonrvagg

Keywords

opensslbigbignumbigintintegerarithmeticprecision

Dependencies (1)

PackageConstraintRegistry Status
nan ~1.8.4 auto_approved

Dev Dependencies (3)

PackageConstraintRegistry Status
put >=0.0.5 auto_approved
binary >=0.1.7 auto_approved
expresso >=0.6.0 Not imported

Transitive Dependency Tree

1 transitive deps max depth 1
  ├─ nan ~1.8.4 → 1.8.4

Risk Dispositions (1 applicable to this version, 0 other)

Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.

Rule Source Disposition Author Reason
osv:GHSA-6429-3g3w-6mw5 osv reject AI AI (osv): HIGH severity DoS vulnerability (CVE-2022-25324) affects all versions including this one, with no fix published. Verdict generalizes to every version in the affected range (<= 0.13.1).

SAST Findings (2)

CRITICAL GHSA-6429-3g3w-6mw5: Uncaught Exception in bignum osv

[Always reject] CVSS 7.5 (HIGH) — CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H All versions of the npm package bignum are vulnerable to Denial of Service (DoS) due to a type-check exception in V8. When verifying the type of the second argument to the .powm function, V8 will crash regardless of Node try/catch blocks.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

Review Summary

Risk score: 43. Findings: 1 critical (+40), 1 low (+3), 3 info (+0).

Commit: 290721dae953 Browse source

Published to npm: