# jest-snapshot@30.2.0 — Threat Briefing

High risk — threat briefing for npm package jest-snapshot@30.2.0. Capabilities, risk paths, and what to check.

- **Ecosystem:** npm
- **Latest version:** 30.2.0
- **License:** MIT

## Risk

- **Level:** high
- **Summary:** Dependency semver has active HIGH alert

## Capability Summary

| Capability | Level |
|---|---|
| install scripts | none |
| network access | none |
| filesystem | both |
| shell execution | none |

## Capabilities

### Other

- No dependency lockfile (unpinned installs) [common]
- Filesystem read from package directory (info-only) [common]
- package.json uses conditional exports (runtime entry point varies) [common]

### Filesystem

- Filesystem read [common]
- Filesystem write [common]

## Maintainer


## Recommended Action

Review before installing in sensitive environments.