nwmatcher @1.3.9
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
43
Risk Score
MIT
License
No
Install Scripts
0
Dependencies
0
Dev Dependencies
31.4 KB
Package Size
Published
A CSS3-compliant JavaScript selector engine.
Maintainers
rvaggdiego
Keywords
cssmatcherselectorender
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
osv:GHSA-6394-6h9h-cfjg |
osv | reject | AI | AI (osv): ReDoS vulnerability affects all versions < 1.4.4; fix is available. Any version in the affected range should be rejected in favor of >= 1.4.4. |
SAST Findings (2)
CRITICAL
GHSA-6394-6h9h-cfjg: Regular Expression Denial of Service
osv
[Always reject] A Regular Expression vulnerability was found in nwmatcher before 1.4.4. The fix replacing multiple repeated instances of the "\s*" pattern.
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
Review Summary
Risk score: 43. Findings: 1 critical (+40), 1 low (+3).
Commit: a3ff759c4ea4 Browse source
Published to npm: