All memfs versions

[email protected] rejected Risk: 63 Apache-2.0

memfs @4.56.4

rejected
This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.
npm Repository Homepage Tarball
63
Risk Score
Apache-2.0
License
No
Install Scripts
14
Dependencies
27
Dev Dependencies
9.6 KB
Package Size
Published

In-memory file-system with Node's fs API.

Maintainers

streamich

Keywords

fsfilesystemfs.jsmemory-fsmemfsfilefile systemmountmemoryin-memoryvirtualtesttestingmockfsafile system accessnative file systemwebfscrudfsopfscasfscontent addressable storage

Dependencies (14)

PackageConstraintRegistry Status
tslib ^2.0.0 auto_approved
thingies ^2.5.0 auto_approved
tree-dump ^1.0.3 auto_approved
glob-to-regex.js ^1.0.1 auto_approved
@jsonjoy.com/util ^1.9.0 auto_approved
@jsonjoy.com/fs-fsa 4.56.4 auto_approved
@jsonjoy.com/fs-core 4.56.4 auto_approved
@jsonjoy.com/fs-node 4.56.4 auto_approved
@jsonjoy.com/fs-print 4.56.4 auto_approved
@jsonjoy.com/json-pack ^1.11.0 auto_approved
@jsonjoy.com/fs-snapshot ^4.56.4 auto_approved
@jsonjoy.com/fs-node-utils 4.56.4 auto_approved
@jsonjoy.com/fs-node-to-fsa 4.56.4 auto_approved
@jsonjoy.com/fs-node-builtins 4.56.4 auto_approved

Dev Dependencies (27)

PackageConstraintRegistry Status
url ^0.11.1 auto_approved
jest ^29.0.0 auto_approved
util ^0.12.5 auto_approved
husky ^8.0.1 auto_approved
assert ^2.0.0 auto_approved
buffer ^6.0.3 auto_approved
rimraf ^5.0.0 auto_approved
tslint ^6.1.3 auto_approved
process ^0.11.10 auto_approved
ts-jest ^29.4.2 auto_approved
ts-node ^10.9.2 auto_approved
webpack ^5.87.0 auto_approved
prettier ^3.0.0 auto_approved
ts-loader ^9.5.4 auto_approved
tar-stream ^3.1.2 auto_approved
typescript ^5.9.2 auto_approved
@types/jest ^29.0.0 auto_approved
@types/mime ^3.0.0 No greenflagged match
@types/node ^20.0.0 auto_approved
webpack-cli ^5.1.4 No greenflagged match
app-root-path ^3.1.0 auto_approved
isomorphic-git ^1.24.2 auto_approved
path-browserify ^1.0.1 auto_approved
readable-stream ^4.4.0 auto_approved
webpack-dev-server ^4.15.1 No greenflagged match
html-webpack-plugin ^5.5.3 auto_approved
tslint-config-common ^1.6.2 Not imported

Transitive Dependency Tree

19 transitive deps max depth 5
  ├─ @jsonjoy.com/fs-core 4.56.4 → 4.56.4
  ├─ @jsonjoy.com/fs-fsa 4.56.4 → 4.56.4
  ├─ @jsonjoy.com/fs-node 4.56.4 → 4.56.4
  ├─ @jsonjoy.com/fs-node-builtins 4.56.4 → 4.56.4
  ├─ @jsonjoy.com/fs-node-to-fsa 4.56.4 → 4.56.4
  ├─ @jsonjoy.com/fs-node-utils 4.56.4 → 4.56.4
  ├─ @jsonjoy.com/fs-print 4.56.4 → 4.56.4
  ├─ @jsonjoy.com/fs-snapshot ^4.56.4 → 4.57.3
  ├─ @jsonjoy.com/json-pack ^1.11.0 → 1.21.0
  ├─ @jsonjoy.com/util ^1.9.0 → 1.9.0
  ├─ glob-to-regex.js ^1.0.1 → 1.2.0
  ├─ thingies ^2.5.0 → 2.6.0
  ├─ tree-dump ^1.0.3 → 1.1.0
├─ tslib ^2.0.0 → 2.8.1
  ├─ @jsonjoy.com/base64 ^1.1.2 → 1.1.2
  ├─ @jsonjoy.com/buffers ^1.2.0 → 1.2.1
  ├─ @jsonjoy.com/buffers ^1.0.0 → 1.2.1
  ├─ @jsonjoy.com/buffers ^17.65.0 → 17.67.0
  ├─ @jsonjoy.com/codegen ^1.0.0 → 1.0.0
  ├─ @jsonjoy.com/fs-core 4.56.4 → 4.56.4
  ├─ @jsonjoy.com/fs-fsa 4.56.4 → 4.56.4
  ├─ @jsonjoy.com/fs-node-builtins 4.56.4 → 4.56.4
  ├─ @jsonjoy.com/fs-node-utils 4.57.3 → 4.57.3
  ├─ @jsonjoy.com/fs-node-utils 4.56.4 → 4.56.4
  ├─ @jsonjoy.com/fs-print 4.56.4 → 4.56.4
  ├─ @jsonjoy.com/json-pack ^17.65.0 → 17.67.0
  ├─ @jsonjoy.com/json-pointer ^1.0.2 → 1.0.2
  ├─ @jsonjoy.com/util ^17.65.0 → 17.67.0
  ├─ @jsonjoy.com/util ^1.9.0 → 1.9.0
  ├─ glob-to-regex.js ^1.0.0 → 1.2.0
  ├─ hyperdyperid ^1.2.0 → 1.2.0
  ├─ thingies ^2.5.0 → 2.6.0
├─ tree-dump ^1.1.0 → 1.1.0
  ├─ @jsonjoy.com/base64 17.67.0 → 17.67.0
  ├─ @jsonjoy.com/buffers ^1.0.0 → 1.2.1
  ├─ @jsonjoy.com/buffers 17.67.0 → 17.67.0
  ├─ @jsonjoy.com/codegen 17.67.0 → 17.67.0
  ├─ @jsonjoy.com/codegen ^1.0.0 → 1.0.0
  ├─ @jsonjoy.com/fs-core 4.56.4 → 4.56.4
  ├─ @jsonjoy.com/fs-node-builtins 4.57.3 → 4.57.3
  ├─ @jsonjoy.com/fs-node-builtins 4.56.4 → 4.56.4
  ├─ @jsonjoy.com/fs-node-utils 4.56.4 → 4.56.4
  ├─ @jsonjoy.com/json-pointer 17.67.0 → 17.67.0
  ├─ @jsonjoy.com/util 17.67.0 → 17.67.0
  ├─ @jsonjoy.com/util ^1.9.0 → 1.9.0
  ├─ hyperdyperid ^1.2.0 → 1.2.0
  ├─ thingies ^2.5.0 → 2.6.0
├─ tree-dump ^1.1.0 → 1.1.0
  ├─ @jsonjoy.com/buffers ^1.0.0 → 1.2.1
  ├─ @jsonjoy.com/buffers 17.67.0 → 17.67.0
  ├─ @jsonjoy.com/codegen 17.67.0 → 17.67.0
  ├─ @jsonjoy.com/codegen ^1.0.0 → 1.0.0
  ├─ @jsonjoy.com/fs-node-builtins 4.56.4 → 4.56.4
  ├─ @jsonjoy.com/fs-node-utils 4.56.4 → 4.56.4
  ├─ @jsonjoy.com/util 17.67.0 → 17.67.0
├─ thingies ^2.5.0 → 2.6.0
  ├─ @jsonjoy.com/buffers 17.67.0 → 17.67.0
  ├─ @jsonjoy.com/codegen 17.67.0 → 17.67.0
  ├─ @jsonjoy.com/fs-node-builtins 4.56.4 → 4.56.4

Changes from v4.54.0

Dependency Changes

ChangePackageVersion
added @jsonjoy.com/fs-fsa 4.56.4
added @jsonjoy.com/fs-core 4.56.4
added @jsonjoy.com/fs-node 4.56.4
added @jsonjoy.com/fs-print 4.56.4
added @jsonjoy.com/fs-snapshot ^4.56.4
added @jsonjoy.com/fs-node-utils 4.56.4
added @jsonjoy.com/fs-node-to-fsa 4.56.4
added @jsonjoy.com/fs-node-builtins 4.56.4

Script Changes

+ jest+ test:ci - prettier- prettier:check

File Changes

5 added 273 removed 15 modified size delta: -737.9 KB

SAST Findings (2)

HIGH Provenance attestation missing — previous versions had it provenance

This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.

HIGH Publisher changed: GitHub Actions → streamich (on 2026-01-20) provenance

This version was published by a different npm account than previous versions on 2026-01-20. This could indicate a legitimate maintainer transition or an account compromise.

Review Summary

Risk score: 63. Findings: 2 high (+50), 1 medium (+10), 1 low (+3), 8 info (+0).

Commit: 3843eddf95ca Browse source

Published to npm: