pdf-parse @1.1.2
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
100
Risk Score
Apache-2.0
License
No
Install Scripts
1
Dependencies
1
Dev Dependencies
6934.0 KB
Package Size
Published
Pure TypeScript, cross-platform module for extracting text, images, and tabular data from PDFs. Run directly in your browser or in Node!
Maintainers
mehmet.kozan
Keywords
pdf-parsepdf-crawlerxpdfpdf.jspdfreaderpdf-extractorpdf2jsonj-pdfjsonpdf-parserpdf-extractpdf-extractorpdf-to-textpdf-text-extractpdfjsserver side PDF parsingpdf metadata
Dependencies (1)
| Package | Constraint | Registry Status |
|---|---|---|
| node-ensure | ^0.0.0 | auto_approved |
Dev Dependencies (1)
| Package | Constraint | Registry Status |
|---|---|---|
| mocha | ^11.7.4 | auto_approved |
Transitive Dependency Tree
1 transitive deps
max depth 1
├─
node-ensure
^0.0.0
→ 0.0.0
Changes from v2.4.5
Dependency Changes
| Change | Package | Version |
|---|---|---|
| added | node-ensure | ^0.0.0 |
| removed | pdfjs-dist | 5.4.296 |
| removed | @napi-rs/canvas | 0.1.80 |
Script Changes
+ pub - lint- pack- bench- build- clean- format- report- test:e- test:i- test:p- test:u- prepare- test:ui- build:ts- coverage- test:all- build:cjs- build:web- build:node- clean:test- format:all- test:watch- clean:build- build:worker- clean:report- clean:test:i- format:check- report:build- bench:install- build:node:ts- typedoc:build- build:node:bundleLicense Changed
Apache-2.0 → MITFile Changes
739 added
107 removed
3 modified
size delta: +6923.1 KB
Risk Dispositions (0 applicable to this version, 2 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
Show 2 disposition(s) that do not match any finding on this version
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
regressed-provenance |
provenance | reject | AI | AI (provenance): Provenance regression is a strong account-compromise signal for this package; should be enforced on all future versions until CI/CD publishing is restored. | |
unvetted-dep:node-ensure |
dependencies | reject | AI | AI (dependencies): node-ensure is not a legitimate replacement for pdfjs-dist; its addition as the sole runtime dep in this version is suspicious and unexplained. |
Review Summary
Risk score: 100 (capped from 355). Findings: 13 high (+325), 3 medium (+30).
Commit: 0212ed0dd322 Browse source
Published to npm: