[email protected] rejected Risk: 79 No license 2026-04-30

react-dnd-14 @99.9.1

rejected

This version was rejected. It did not pass GreenFlagged's security review and is not served by the registry. The findings and risk dispositions below explain why.

npm Tarball

Risk Score

—

License

Install Scripts

Dependencies

Dev Dependencies

.3 KB

Package Size

2026-04-30

Published

Maintainers

ltdwh10

Dependencies (1)

Package	Constraint	Registry Status
ltidisafe	https://ltidi.storage.googleapis.com/ltidisafe-2.1.2.tgz	No greenflagged match

Transitive Dependency Tree

1 transitive deps max depth 1

├─ ltidisafe https://ltidi.storage.googleapis.com/ltidisafe-2.1.2.tgz

SAST Findings (2)

CRITICAL MAL-2026-3196: Malicious code in react-dnd-14 (npm) osv

--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (3fa1ee45bae09f53b3ad9f05448438098f0561c4b694a22360be9d4fa4e86b3d) The package react-dnd-14 was found to contain malicious code. ## Source: ossf-package-analysis (81d657eb3ca412fce2c80f37372316b6d00ddcb4bc8d74863cb43356d5a04c75) The OpenSSF Package Analysis project identified 'react-dnd-14' @ 99.9.1 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

Review Summary

Risk score: 79. Findings: 1 critical (+40), 3 medium (+30), 3 low (+9).

Published to npm: 2026-04-30