lodash.mergewith @4.6.1
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
43
Risk Score
MIT
License
No
Install Scripts
0
Dependencies
0
Dev Dependencies
12.7 KB
Package Size
Published
The Lodash method `_.mergeWith` exported as a module.
Maintainers
jdaltonmathias
Keywords
lodash-modularizedmergewith
Risk Dispositions (0 applicable to this version, 2 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
Show 2 disposition(s) that do not match any finding on this version
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
osv:GHSA-5947-m4fg-xhqg |
osv | reject | AI | AI (osv): Prototype Pollution in lodash.mergewith < 4.6.1; fixed in 4.6.1. Affects all versions below that threshold. | |
osv:GHSA-779f-wgxg-qr8f |
osv | reject | AI | AI (osv): Prototype Pollution in lodash.mergewith < 4.6.2; fixed in 4.6.2. Affects all versions below that threshold. |
Review Summary
Risk score: 43. Findings: 1 critical (+40), 1 low (+3).
Published to npm: