utilities @0.0.40
rejected
This version was rejected.
It did not pass GreenFlagged's security review and is not served by the registry.
The findings and risk dispositions below explain why.
63
Risk Score
—
License
No
Install Scripts
0
Dependencies
1
Dev Dependencies
41.0 KB
Package Size
Published
A classic collection of JavaScript utilities
Maintainers
mde
Keywords
utilitiesutilsjakegeddy
Dev Dependencies (1)
| Package | Constraint | Registry Status |
|---|---|---|
| jake | latest | auto_approved |
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
osv:GHSA-wxfj-84xf-7gxv |
osv | reject | AI | AI (osv): Prototype Pollution (CVSS 7.5 HIGH) affects all versions <= 1.0.6 with no fix published. This advisory applies to every version in the affected range. |
SAST Findings (2)
CRITICAL
GHSA-wxfj-84xf-7gxv: mde utilities contains Prototype Pollution
osv
[Always reject] CVSS 7.5 (HIGH) — CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H All versions of the package utilities are vulnerable to Prototype Pollution via the _mix function.
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
Review Summary
Risk score: 63. Findings: 1 critical (+40), 2 medium (+20), 1 low (+3).
Published to npm: