jpeg-js @0.4.3
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
43
Risk Score
BSD-3-Clause
License
No
Install Scripts
0
Dependencies
1
Dev Dependencies
20.1 KB
Package Size
Published
A pure javascript JPEG encoder and decoder
Maintainers
eugenewarepetlimrkellyxadillaxpatrickhulcebenwiley4000strandedcity
Keywords
jpegjpgencoderdecodercodecimagejavascriptjs
Dev Dependencies (1)
| Package | Constraint | Registry Status |
|---|---|---|
| jest | ^25.4.0 | auto_approved |
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
osv:GHSA-xvf7-4v9q-58w6 |
osv | reject | AI | AI (osv): DoS vulnerability (infinite loop) affects all versions < 0.4.4; fixed in 0.4.4. Verdict generalizes to all versions in the affected range. |
SAST Findings (2)
CRITICAL
GHSA-xvf7-4v9q-58w6: Infinite loop in jpeg-js
osv
[Always reject] CVSS 7.5 (HIGH) — CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H The package jpeg-js before 0.4.4 is vulnerable to Denial of Service (DoS) where a particular piece of input will cause the program to enter an infinite loop and never return.
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
Review Summary
Risk score: 43. Findings: 1 critical (+40), 1 low (+3).
Commit: a2d7ed93e532 Browse source
Published to npm: