← Home

@a-company/university

npm Repository Homepage

Interactive learning platform for the Paradigm framework — courses, quizzes, and the PLSAT certification exam

31
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

ascend42

Keywords

paradigmuniversitylearningcoursesplsatcertificationinteractive

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:js-yaml AI (phantom-deps): js-yaml is a declared runtime dep used in config parsing; phantom-dep heuristic false positive for this package. ai
source-diff obfuscated-file:ui/dist/assets/index-vQHaGBMf.js AI (source-diff): Standard Vite/React production bundle with source map; minified build output, not obfuscation. ai
source-diff obfuscated-file:ui/dist/assets/index-B8hm_MdR.js AI (source-diff): Vite/Rollup-minified React bundle; standard build output for this package's UI. ai
source-diff obfuscated-file:ui/dist/assets/index-DmiLQehB.js AI (source-diff): Standard Vite/React minified bundle with source map; not obfuscated, pattern is stable for this UI package. ai
source-diff obfuscated-file:ui/dist/assets/index-BLWmLEDq.js AI (source-diff): Standard Vite/React minified bundle output; not malicious obfuscation. ai
source-diff obfuscated-file:ui/dist/assets/index-DxZooszP.js AI (source-diff): Standard Vite/React minified bundle with source map; not obfuscated, consistent with build:ui script in package.json. ai
source-diff obfuscated-file:ui/dist/assets/index-BjewBB6s.js AI (source-diff): Standard Vite/React production bundle with source map; minification is expected for this UI package. ai
source-diff obfuscated-file:ui/dist/assets/index-2lGLOG8r.js AI (source-diff): Standard Vite/React minified UI bundle; not obfuscated. Source map included. Pattern stable for this package. ai
source-diff obfuscated-file:ui/dist/assets/index-BPzqnvrg.js AI (source-diff): Standard Vite/React production bundle with accompanying source map; minification is expected for this UI package. ai
source-diff obfuscated-file:ui/dist/assets/index-B9LrQbxw.js AI (source-diff): Standard Vite/React minified production bundle; not obfuscated. Stable pattern for this package's UI build. ai
source-diff obfuscated-file:ui/dist/assets/index-G7d-W-Dw.js AI (source-diff): Standard Vite/React minified bundle; obfuscation flag is a false positive for this UI build artifact pattern. ai
source-diff obfuscated-file:ui/dist/assets/index-CB2i_7JO.js AI (source-diff): Standard Vite/React production bundle; minified not obfuscated, accompanied by source map, consistent with build:ui script. ai
source-diff obfuscated-file:ui/dist/assets/index-DHzPOB4t.js AI (source-diff): Standard Vite/React minified bundle with accompanying source map; not obfuscated malware. ai
source-diff obfuscated-file:ui/dist/assets/index-CecQrfSn.js AI (source-diff): Standard Vite/React production bundle with accompanying source map; minification is expected for UI dist assets. ai
source-diff obfuscated-file:ui/dist/assets/index-C6bH_6xu.js AI (source-diff): Standard Vite/React production bundle with source map; minification is expected for this UI dist artifact. ai
source-diff obfuscated-file:ui/dist/assets/index-CA8uIXPh.js AI (source-diff): Standard Vite/React production bundle; minified not obfuscated. Consistent with build:ui script and UI dist in package files. ai
source-diff obfuscated-file:ui/dist/assets/index-TcsCEBMo.js AI (source-diff): Standard Vite/React minified bundle with source map; not obfuscated malware. ai
source-diff obfuscated-file:ui/dist/assets/index-Be-Ha-UM.js AI (source-diff): Standard Vite/React minified bundle with source map; not obfuscated, consistent with UI build output for this package. ai
source-diff obfuscated-file:ui/dist/assets/index-BV7lKIqO.js AI (source-diff): Standard Vite/React production bundle; minified not obfuscated, source map included, matches documented build:ui script. ai
source-diff obfuscated-file:ui/dist/assets/index-CA4vthdL.js AI (source-diff): Standard Vite/React minified bundle; consistent with package's UI build pipeline across versions. ai
phantom-deps phantom-dep:chalk AI (phantom-deps): chalk is a declared runtime dependency; phantom-dep heuristic false positive for this package. ai
source-diff obfuscated-file:ui/dist/assets/index-CGFJczb1.js AI (source-diff): Standard Vite/React production bundle; minified not obfuscated, includes React license headers and normal module patterns. ai
source-diff obfuscated-file:ui/dist/assets/index-CwM1Y0EJ.js AI (source-diff): Standard Vite/React production bundle; minified not obfuscated, React license header visible in sample. ai
source-diff obfuscated-file:ui/dist/assets/index-tfi5xN4Q.js AI (source-diff): Standard Vite/React production bundle with source map; minification is expected for UI dist assets in this package. ai

Versions (showing 31 of 31)

Version Deps Published
6.5.2 5 / 5
6.1.0 4 / 5
6.0.5 4 / 5
6.0.4 4 / 5
6.0.3 4 / 5
5.31.0 3 / 4
5.22.0 3 / 4
5.21.0 3 / 4
5.11.0 3 / 4
5.6.2 3 / 4
5.6.1 3 / 4
5.6.0 3 / 4
5.5.0 3 / 4
5.4.0 3 / 4
5.3.3 3 / 4
3.35.0 3 / 4
3.34.0 3 / 4
3.10.6 3 / 4
3.10.5 3 / 4
3.10.4 3 / 4
3.10.3 3 / 4
3.10.2 3 / 4
3.10.1 3 / 4
3.10.0 3 / 4
3.9.1 3 / 4
3.9.0 3 / 4
3.8.0 3 / 4
3.7.1 3 / 4
3.7.0 3 / 4
3.5.0 3 / 4
3.1.2 3 / 4

v6.5.2

2 findings
HIGH New obfuscated file: ui/dist/assets/index-B8hm_MdR.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.1.0

2 findings
HIGH New obfuscated file: ui/dist/assets/index-vQHaGBMf.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.0.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.0.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.0.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.31.0

2 findings
HIGH New obfuscated file: ui/dist/assets/index-CecQrfSn.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.22.0

2 findings
HIGH New obfuscated file: ui/dist/assets/index-DmiLQehB.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.21.0

2 findings
HIGH New obfuscated file: ui/dist/assets/index-CGFJczb1.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.11.0

2 findings
HIGH New obfuscated file: ui/dist/assets/index-CwM1Y0EJ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.6.2

2 findings
HIGH New obfuscated file: ui/dist/assets/index-BjewBB6s.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.6.1

2 findings
HIGH New obfuscated file: ui/dist/assets/index-BLWmLEDq.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.6.0

2 findings
HIGH New obfuscated file: ui/dist/assets/index-DxZooszP.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.5.0

2 findings
HIGH New obfuscated file: ui/dist/assets/index-2lGLOG8r.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.4.0

2 findings
HIGH New obfuscated file: ui/dist/assets/index-C6bH_6xu.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.3.3

2 findings
HIGH New obfuscated file: ui/dist/assets/index-CA8uIXPh.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.35.0

2 findings
HIGH New obfuscated file: ui/dist/assets/index-tfi5xN4Q.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.34.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v3.10.6

2 findings
HIGH New obfuscated file: ui/dist/assets/index-TcsCEBMo.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.10.5

2 findings
HIGH New obfuscated file: ui/dist/assets/index-BPzqnvrg.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.10.4

2 findings
HIGH New obfuscated file: ui/dist/assets/index-BV7lKIqO.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.10.3

2 findings
HIGH New obfuscated file: ui/dist/assets/index-CA4vthdL.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.10.2

2 findings
HIGH New obfuscated file: ui/dist/assets/index-Be-Ha-UM.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.10.1

2 findings
HIGH New obfuscated file: ui/dist/assets/index-CB2i_7JO.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.10.0

2 findings
HIGH New obfuscated file: ui/dist/assets/index-G7d-W-Dw.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.1

2 findings
HIGH New obfuscated file: ui/dist/assets/index-B9LrQbxw.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.9.0

2 findings
HIGH New obfuscated file: ui/dist/assets/index-DHzPOB4t.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.8.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.7.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.7.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.5.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v3.1.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.