ecstatic @3.3.2
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
53
Risk Score
MIT
License
No
Install Scripts
4
Dependencies
8
Dev Dependencies
249.8 KB
Package Size
Published
A simple static file server middleware
Maintainers
jesusabdullahjfhbrook
Keywords
staticwebserverfilesmimemiddleware
Dependencies (4)
| Package | Constraint | Registry Status |
|---|---|---|
| he | ^1.1.1 | auto_approved |
| mime | ^1.6.0 | auto_approved |
| minimist | ^1.1.0 | auto_approved |
| url-join | ^2.0.5 | auto_approved |
Dev Dependencies (8)
| Package | Constraint | Registry Status |
|---|---|---|
| eol | ^0.9.1 | auto_approved |
| tap | ^12.0.1 | auto_approved |
| eslint | ^3.19.0 | auto_approved |
| mkdirp | ^0.5.0 | auto_approved |
| express | ^4.16.3 | auto_approved |
| request | ^2.88.0 | No greenflagged match |
| eslint-plugin-import | ^2.14.0 | auto_approved |
| eslint-config-airbnb-base | ^11.3.2 | auto_approved |
Transitive Dependency Tree
4 transitive deps
max depth 1
├─
he
^1.1.1
→ 1.2.0
├─
mime
^1.6.0
→ 1.6.0
├─
minimist
^1.1.0
→ 1.2.8
├─
url-join
^2.0.5
→ 2.0.5
Changes from v2.2.2
Dependency Changes
| Change | Package | Version |
|---|---|---|
| changed | mime | ^1.2.11 → ^1.6.0 |
| changed | url-join | ^2.0.2 → ^2.0.5 |
Script Changes
+ fix+ pretestFile Changes
2 added
44 removed
18 modified
size delta: -3214.0 KB
Risk Dispositions (1 applicable to this version, 1 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
osv:GHSA-jc84-3g44-wf2q |
osv | reject | AI | AI (osv): DoS vulnerability affects all versions < 4.1.3; fixed in 4.1.3. Generalizes to any version in the affected range. |
Show 1 disposition(s) that do not match any finding on this version
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
osv:GHSA-9q64-mpxx-87fg |
osv | reject | AI | AI (osv): Open Redirect vulnerability affects all 4.x versions < 4.1.2; fixed in 4.1.2. Generalizes to any version in the affected range. |
SAST Findings (2)
CRITICAL
GHSA-jc84-3g44-wf2q: Denial of Service in ecstatic
osv
[Always reject] ecstatic have a denial of service vulnerability. Successful exploitation could lead to crash of an application.
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
Review Summary
Risk score: 53. Findings: 1 critical (+40), 1 medium (+10), 1 low (+3).
Commit: 07131c2c8e9f Browse source
Published to npm: