syntax-error @0.1.0
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
43
Risk Score
MIT
License
No
Install Scripts
1
Dependencies
1
Dev Dependencies
2.7 KB
Package Size
Published
detect and report syntax errors in source code strings
Maintainers
substack
Keywords
syntaxerroresprimastacklinecolumn
Dependencies (1)
| Package | Constraint | Registry Status |
|---|---|---|
| esprima-six | 0.0.3 | No greenflagged match |
Dev Dependencies (1)
| Package | Constraint | Registry Status |
|---|---|---|
| tape | ~2.4.1 | auto_approved |
Transitive Dependency Tree
1 transitive deps
max depth 1
├─
esprima-six
0.0.3
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
osv:GHSA-5726-g6r9-5f22 |
osv | reject | AI | AI (osv): HIGH severity script injection vulnerability affects all versions < 1.1.1; fix is available in 1.1.1. Verdict generalizes to all versions in the affected range. |
SAST Findings (2)
CRITICAL
GHSA-5726-g6r9-5f22: Potential for Script Injection in syntax-error
osv
[Always reject] Versions of `syntax-error` prior to 1.1.1 are affected by a cross-site scripting vulnerability which may allow a malicious file to execute code when browserified. ## Recommendation Update to version 1.1.1 or later.
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
Review Summary
Risk score: 43. Findings: 1 critical (+40), 1 low (+3).
Published to npm: