d3-color @2.0.0
Color spaces! RGB, HSL, Cubehelix, Lab and HCL (Lch).
Maintainers
Keywords
Dev Dependencies (4)
| Package | Constraint | Registry Status |
|---|---|---|
| tape | 4 | auto_approved |
| eslint | 6 | auto_approved |
| rollup | 1 | auto_approved |
| rollup-plugin-terser | 5 | auto_approved |
Changes from v1.4.1
No metadata changes detected.
File Changes
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
osv:GHSA-36jr-mh4h-2g58 |
osv | reject | AI | AI (osv): HIGH ReDoS advisory affects all versions < 3.1.0; this verdict generalizes to every affected version of d3-color. |
SAST Findings (4)
[Always reject] The d3-color module provides representations for various color spaces in the browser. Versions prior to 3.1.0 are vulnerable to a Regular expression Denial of Service. This issue has been patched in version 3.1.0. There are no known workarounds.
This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: recifs.
This version was published by a different npm account than previous versions on 2020-08-19. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
Review Summary
Risk score: 100 (capped from 103). Findings: 1 critical (+40), 2 high (+50), 1 medium (+10), 1 low (+3).
Published to npm: