diff --git a/.github/dependency-review-config.yml b/.github/dependency-review-config.yml
index e39a95b..1877bc6 100644
--- a/.github/dependency-review-config.yml
+++ b/.github/dependency-review-config.yml
@@ -12,6 +12,8 @@ comment_summary_in_pr: always
 # Unfortunately, while there is a draft purl spec for specifying a range of package versions, it is not yet merged into the actual spec.
 # Until this happens, we will need to specify each version individually.
 deny_packages:
+  # particularly eggregious crypto module
+  - 'pkg:npm/crypto-js'
   # log4j vulnerable to log4shell
   - 'pkg:maven/org.apache.logging.log4j/log4j-core@2.17.0'
   - 'pkg:maven/org.apache.logging.log4j/log4j-core@2.16.0'
@@ -78,4 +80,4 @@ warn_only: true
 # We are not going to run license checks for now.
 # We will look into running them later.
 # This check doesn't run on GHES anyway due to limitations in the API, so enabling it would only change things in github.com
-license_check: false
\ No newline at end of file
+license_check: false