[email protected] rejected Risk: 81 No license 2026-04-26

frank-bot-gogle-cloning @1.1.0

rejected

This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.

npm Tarball

Risk Score

—

License

Yes

Install Scripts

Dependencies

Dev Dependencies

1.0 KB

Package Size

2026-04-26

Published

Security audit module

Maintainers

frengki0707

Risk Dispositions (3 applicable to this version, 0 other)

Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.

Rule	Source	Disposition	Author	Reason
`install-script:preinstall`	install-scripts	reject	AI	AI (install-scripts): Preinstall executes malicious exfiltration code; generalizes to all versions of this package.
`semgrep:child-process-import`	semgrep	reject	AI	AI (semgrep): child_process used in conjunction with external C2 URL; malicious pattern stable across versions.
`bogus-package`	bogus-package	reject	AI	AI (bogus-package): No repo, no deps, tiny payload — all consistent with a throwaway malware package.

SAST Findings (3)

CRITICAL MAL-2026-3080: Malicious code in frank-bot-gogle-cloning (npm) osv

--- _-= Per source details. Do not edit below this line.=-_ ## Source: ossf-package-analysis (49dddf11519659e89469fd400ecad5f7975ea44b898a3cdb5647d0042168e8b7) The OpenSSF Package Analysis project identified 'frank-bot-gogle-cloning' @ 1.1.0 (npm) as malicious. It is considered malicious because: - The package executes one or more commands associated with malicious behavior.

HIGH Package has 'preinstall' script install-scripts

Script: node index.js

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

Review Summary

Risk score: 81. Findings: 1 critical (+40), 1 high (+25), 1 medium (+10), 2 low (+6).

Published to npm: 2026-04-26