getobject @0.1.0
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
43
Risk Score
—
License
No
Install Scripts
0
Dependencies
4
Dev Dependencies
3.1 KB
Package Size
Published
get.and.set.deep.objects.easily = true
Maintainers
tkellen
Keywords
dot notationpropertiesgetsetobjectdot
Dev Dependencies (4)
| Package | Constraint | Registry Status |
|---|---|---|
| grunt | ~0.4.1 | No greenflagged match |
| grunt-contrib-watch | ~0.2.0 | auto_approved |
| grunt-contrib-jshint | ~0.1.1 | auto_approved |
| grunt-contrib-nodeunit | ~0.1.2 | auto_approved |
SAST Findings (2)
CRITICAL
GHSA-957j-59c2-j692: Prototype pollution in getobject
osv
CVSS 9.8 (CRITICAL) — CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
Review Summary
Risk score: 43. Findings: 1 critical (+40), 1 low (+3).
Published to npm: