[email protected] rejected Risk: 53 (MIT OR GPL-2.0) 2014-03-16

node.extend @1.0.10

rejected

This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.

npm Repository Homepage Tarball

Risk Score

(MIT OR GPL-2.0)

License

Install Scripts

Dependencies

Dev Dependencies

2.5 KB

Package Size

2014-03-16

Published

A port of jQuery.extend that actually works on node.js

Maintainers

dreamerslabljharb

Keywords

extendjQueryjQuery extendclonecopyinherit

Dependencies (1)

Package	Constraint	Registry Status
is	~0.3.0	auto_approved

Dev Dependencies (1)

Package	Constraint	Registry Status
tape	~2.10.2	auto_approved

Transitive Dependency Tree

1 transitive deps max depth 1

├─ is ~0.3.0 → 0.3.0

Changes from v0.0.1

Dependency Changes

Change	Package	Version
added	is	~0.3.0

Script Changes

+ test

File Changes

2 added 1 removed 4 modified size delta: +2.2 KB

SAST Findings (2)

CRITICAL GHSA-r96c-57pf-9jjm: Prototype Pollution in node.extend osv

CVSS 9.8 (CRITICAL) — CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Versions of `node.extend` before 1.1.7 or 2.0.1 are vulnerable to prototype pollution. ## Recommendation Update to version 1.1.7, 2.0.1 or later.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Review Summary

Risk score: 53. Findings: 1 critical (+40), 1 medium (+10), 1 low (+3), 1 info (+0).

Published to npm: 2014-03-16