requirejs @2.1.9
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
100
Risk Score
MIT
License
No
Install Scripts
0
Dependencies
0
Dev Dependencies
214.5 KB
Package Size
Published
Node adapter for RequireJS, for loading AMD modules. Includes RequireJS optimizer
Maintainers
jrburke
Changes from v0.27.1
No metadata changes detected.
File Changes
1 added
1 removed
3 modified
size delta: +613.8 KB
SAST Findings (2)
CRITICAL
GHSA-x3m3-4wpv-5vgc: jrburke requirejs vulnerable to prototype pollution
osv
CVSS 10.0 (CRITICAL) — CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function `s.contexts._.configure`. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
Review Summary
Risk score: 100 (capped from 276). Findings: 1 critical (+40), 23 medium (+230), 2 low (+6), 1 info (+0).
Published to npm: