hoek @5.0.4
General purpose node utilities
Maintainers
Keywords
Dev Dependencies (2)
| Package | Constraint | Registry Status |
|---|---|---|
| lab | 15.x.x | auto_approved |
| code | 5.x.x | auto_approved |
Changes from v4.2.1
No metadata changes detected.
File Changes
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
osv:GHSA-c429-5p7v-vgjp |
osv | reject | AI | AI (osv): Prototype pollution vulnerability affects all hoek versions <= 6.1.3; the entire 6.x line is within the affected range and no fix exists for this branch. Verdict generalizes to all 6.x versions. |
SAST Findings (3)
[Always reject] CVSS 8.1 (HIGH) — CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the __proto__ key is passed to clone() the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1.
This version was published by a different npm account than previous versions on 2018-08-10. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
Review Summary
Risk score: 78. Findings: 1 critical (+40), 1 high (+25), 1 medium (+10), 1 low (+3).
Commit: d7db88b18d4c Browse source
Published to npm: