[email protected] rejected Risk: 43 MIT 2018-07-20

property-expr @1.5.0

rejected

This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.

npm Repository Homepage Tarball

Risk Score

MIT

License

Install Scripts

Dependencies

Dev Dependencies

4.9 KB

Package Size

2018-07-20

Published

tiny util for getting and setting deep object props safely

Maintainers

monastic.panic

Keywords

exprexpressionsettergetterdeeppropertyJustin-Beiberaccessor

SAST Findings (2)

CRITICAL GHSA-6fw4-hr69-g3rv: Prototype Pollution in property-expr osv

CVSS 9.8 (CRITICAL) — CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

Review Summary

Risk score: 43. Findings: 1 critical (+40), 1 low (+3), 3 info (+0).

Commit: 6dee4cefb550 Browse source

Published to npm: 2018-07-20