z-schema
Fast, lightweight JSON Schema validator for Node.js and browsers — full support for draft-04, draft-06, draft-07, draft-2019-09, and draft-2020-12 (latest)
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | net-exec-file:cjs/index.cjs | AI (source-diff): cjs/index.cjs is a Rollup-bundled CJS output explicitly referenced in package.json exports. The 'network+exec' pattern is from bundled validator/lodash deps, not malicious code. | ai | |
| source-diff | net-exec-file:cjs/ZSchema.cjs | AI (source-diff): CJS bundle generated by Rollup; 'network' and 'dynamic exec' patterns are lodash/validator boilerplate and cross-env global detection idioms, not malicious code. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Package restructured to multi-format distribution (ESM/CJS/UMD); large file count increase is expected and consistent with build tooling changes. | ai | |
| source-diff | net-exec-file:cjs/ZSchema.js | AI (source-diff): Rollup-bundled CJS build artifact containing lodash/validator dependencies. UMD boilerplate and lodash's Function('return this')() idiom trigger the rule; no actual network+exec malware pattern. | ai | |
| source-diff | net-exec-file:umd/ZSchema.min.js | AI (source-diff): Minified UMD build artifact from rollup+terser. Same false positive pattern as the unminified UMD file; no malicious network+exec behavior. | ai | |
| source-diff | net-exec-file:umd/ZSchema.js | AI (source-diff): Rollup-bundled UMD build artifact. Standard UMD factory pattern and lodash global detection trigger the rule; no actual dropper/loader behavior. | ai | |
| source-diff | net-exec-file:cjs/index.js | AI (source-diff): File is a standard CJS rollup bundle inlining lodash deps. 'Network+exec' trigger is UMD boilerplate and Function('return this')() global detection, not malware. | ai | |
| source-diff | net-exec-file:dist/ZSchema.cjs | AI (source-diff): Standard rollup CJS bundle artifact. 'Network' patterns are from bundled validator/lodash deps, not actual network calls. No malicious behavior present. | ai | |
| source-diff | net-exec-file:dist/ZSchema-umd-min.js | AI (source-diff): Standard rollup UMD minified bundle for browser distribution. Patterns are from bundled deps, not dropper behavior. | ai | |
| source-diff | net-exec-file:dist/ZSchema-umd.js | AI (source-diff): Standard rollup UMD bundle artifact. Same false-positive pattern as the other dist files. | ai | |
| source-diff | obfuscated-file:dist/ZSchema-umd-min.js | AI (source-diff): Minified by @rollup/plugin-terser as documented in devDependencies. Expected browser distribution artifact for this package. | ai | |
| source-diff | net-exec-file:dist/ZSchema-browser.js | AI (source-diff): UMD bundle with require/module patterns; expected in browserified output. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase due to addition of browser bundle artifacts (dist/); legitimate build output, not payload injection. | ai | |
| source-diff | net-exec-file:dist/ZSchema-browser-min.js | AI (source-diff): UMD bundle with require/module patterns; expected in browserified output, not a malware indicator. | ai | |
| source-diff | net-exec-file:dist/ZSchema-browser-test.js | AI (source-diff): UMD bundle with require/module patterns; expected in browserified test output. | ai | |
| source-diff | obfuscated-file:dist/ZSchema-browser-min.js | AI (source-diff): Minified browser bundle artifact; standard build output for packages shipping UMD/browserified distributions. | ai | |
| phantom-deps | phantom-dep:commander | AI (phantom-deps): Commander is optional dependency for CLI; referenced in build config but not directly imported in source—normal pattern. | ai | |
| source-diff | obfuscated-file:dist/ZSchema-browser-test.js | AI (source-diff): Minified test bundle artifact; standard build output for browser test distribution. | ai | |
| dependencies | unvetted-dep:request | AI (dependencies): Request is optional dependency for CLI; widely-used and established package, no security concern. | ai | |
| dependencies | unvetted-dep:bluebird | AI (dependencies): bluebird is a well-known, widely-used Promise library. Its inclusion here is consistent with the package's age and use case. No malicious history. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): New dependencies (validator, lodash.get, commander) are all established packages appropriate for schema validation and CLI support. | ai | |
| provenance | no-provenance | AI (provenance): Package predates Sigstore provenance by many years; no provenance is expected and not a risk signal for this established package. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): z-schema legitimately decodes base64 values as part of JSON schema validation (e.g., data URIs). The flagged code is standard Buffer.from(..., 'base64') with no obfuscation or network activity. | ai |
Versions (showing 51 of 119)
| Version | Deps | Published |
|---|---|---|
| 12.2.0 | 3 / 16 | |
| 12.1.1 | 3 / 16 | |
| 12.1.0 | 3 / 16 | |
| 12.0.5 | 3 / 30 | |
| 12.0.4 | 2 / 30 | |
| 12.0.3 | 2 / 30 | |
| 12.0.2 | 2 / 30 | |
| 12.0.1 | 2 / 30 | |
| 12.0.0 | 2 / 30 | |
| 11.0.1 | 2 / 30 | |
| 10.0.0 | 1 / 29 | |
| 9.0.1 | 1 / 29 | |
| 9.0.0 | 1 / 29 | |
| 8.5.0 | 2 / 27 | |
| 8.4.0 | 2 / 27 | |
| 8.3.0 | 2 / 27 | |
| 8.2.0 | 2 / 27 | |
| 8.1.0 | 2 / 27 | |
| 8.0.0 | 2 / 27 | |
| 7.2.0 | 2 / 29 | |
| 7.1.0 | 2 / 36 | |
| 7.0.9 | 2 / 36 | |
| 7.0.8 | 3 / 37 | |
| 7.0.7 | 3 / 37 | |
| 7.0.6 | 3 / 37 | |
| 7.0.5 | 3 / 35 | |
| 7.0.0 | 3 / 35 | |
| 6.0.2 | 3 / 14 | |
| 6.0.1 | 4 / 14 | |
| 6.0.0 | 4 / 14 | |
| 5.0.6 | 4 / 14 | |
| 5.0.5 | 4 / 13 | |
| 5.0.4 | 4 / 13 | |
| 5.0.3 | 4 / 13 | |
| 5.0.2 | 4 / 13 | |
| 5.0.1 | 4 / 13 | |
| 5.0.0 | 4 / 13 | |
| 4.2.4 | 4 / 13 | |
| 4.2.3 | 4 / 13 | |
| 4.2.2 | 4 / 13 | |
| 4.2.1 | 4 / 13 | |
| 4.2.0 | 4 / 13 | |
| 4.1.1 | 5 / 13 | |
| 4.1.0 | 5 / 13 | |
| 4.0.2 | 5 / 13 | |
| 4.0.1 | 5 / 13 | |
| 4.0.0 | 5 / 13 | |
| 3.25.1 | 5 / 13 | |
| 3.25.0 | 5 / 13 | |
| 3.24.3 | 5 / 13 | |
| 3.24.2 | 5 / 13 |
v12.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.6
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.5
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.4
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.3
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.2
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.2.4
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.2.3
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.2.2
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.2.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.2.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.1.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.1.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.2
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.25.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.25.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.24.3
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.24.2
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.