@absolutejs/absolute
A fullstack meta-framework for building web applications with TypeScript
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:.test-builds/build-output-Nfn5ds/react/indexes/ReactExample.5sec6x31.js | AI (source-diff): Minified React scheduler code in test build output directory — legitimate React code, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:.test-builds/build-output-cZxFjO/angular/indexes/angular-example.xrhg6nz0.js | AI (source-diff): Minified Angular framework bundle in test build output directory — legitimate Angular v21 code, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:.test-builds/build-output-cZxFjO/react/indexes/ReactExample.5sec6x31.js | AI (source-diff): Minified React scheduler code in test build output directory — legitimate React code, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:.absolutejs/cache/angular-linker/40154141000203d655aadbd789faf88b.js | AI (source-diff): Angular compiler cache file containing legitimate Angular v21.2.1 minified code — not malicious, but should not be published. | ai | |
| source-diff | obfuscated-file:.absolutejs/cache/angular-linker/df86b7673871f02c13eba6bdc09b4006.js | AI (source-diff): Angular compiler cache file containing legitimate Angular v21.2.1 minified code — not malicious, but should not be published. | ai | |
| source-diff | obfuscated-file:.test-builds/build-output-H4DT7f/angular/indexes/angular-example.xrhg6nz0.js | AI (source-diff): Minified Angular framework bundle in test build output directory — legitimate Angular v21 code, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:.test-builds/build-output-H4DT7f/react/indexes/ReactExample.5sec6x31.js | AI (source-diff): Minified React scheduler code in test build output directory — legitimate React code, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:.test-builds/build-output-Nfn5ds/angular/indexes/angular-example.xrhg6nz0.js | AI (source-diff): Minified Angular framework bundle in test build output directory — legitimate Angular v21 code, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:.cache/angular-linker/637c0207c0a21fa6b137f78c917d79cb.js | AI (source-diff): Angular linker cache file with explicit Angular v21 license header — standard build artifact from Angular compiler, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:.cache/angular-linker/bb67444c64e8c9a604eb8f41bf98d960.js | AI (source-diff): Angular linker cache file with explicit Angular v21 license header — standard build artifact from Angular compiler, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/build.js | AI (source-diff): Bun-bundled output (// @bun marker) of the package's own build tooling source. Long lines are from bundler, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/build.js | AI (source-diff): Bun-bundled build tooling. Network calls and dynamic execution are part of legitimate build framework functionality, not dropper behavior. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get() usage is in Angular's NgTemplateOutlet implementation — standard Angular framework internals for template context proxying. | ai | |
| source-diff | obfuscated-file:dist/angular/index.js | AI (source-diff): dist/angular/index.js is a Bun-bundled build artifact (// @bun header) of the Angular SSR integration. Long lines are from bundling, not obfuscation. Source map ships alongside it. | ai | |
| source-diff | net-exec-file:dist/angular/index.js | AI (source-diff): A fullstack SSR framework bundle legitimately combines network handling and dynamic execution (Angular compiler pipeline). Not a dropper pattern. | ai | |
| phantom-deps | phantom-dep:@angular/compiler | AI (phantom-deps): @angular/compiler is loaded by convention in Angular's compilation pipeline, not via direct import. Expected for Angular integration packages. | ai |
Versions (showing 91 of 91)
| Version | Deps | Published |
|---|---|---|
| 0.17.0 | 1 / 24 | |
| 0.16.12 | 1 / 24 | |
| 0.16.11 | 1 / 24 | |
| 0.16.10 | 1 / 24 | |
| 0.16.9 | 1 / 24 | |
| 0.16.8 | 1 / 24 | |
| 0.16.7 | 1 / 24 | |
| 0.16.3 | 1 / 24 | |
| 0.16.2 | 1 / 24 | |
| 0.16.1 | 1 / 24 | |
| 0.15.27 | 1 / 24 | |
| 0.15.26 | 1 / 24 | |
| 0.15.24 | 1 / 24 | |
| 0.15.23 | 1 / 24 | |
| 0.15.22 | 1 / 24 | |
| 0.15.21 | 1 / 24 | |
| 0.15.20 | 1 / 24 | |
| 0.15.19 | 1 / 24 | |
| 0.15.18 | 1 / 24 | |
| 0.15.17 | 1 / 24 | |
| 0.15.16 | 1 / 24 | |
| 0.15.15 | 1 / 24 | |
| 0.15.14 | 1 / 24 | |
| 0.15.13 | 1 / 24 | |
| 0.15.12 | 1 / 24 | |
| 0.15.11 | 1 / 24 | |
| 0.15.10 | 1 / 24 | |
| 0.15.9 | 1 / 24 | |
| 0.15.8 | 1 / 24 | |
| 0.15.7 | 1 / 24 | |
| 0.15.6 | 1 / 24 | |
| 0.15.5 | 1 / 24 | |
| 0.15.4 | 1 / 24 | |
| 0.15.3 | 1 / 24 | |
| 0.15.2 | 0 / 25 | |
| 0.14.0 | 0 / 23 | |
| 0.13.11 | 0 / 23 | |
| 0.13.10 | 0 / 23 | |
| 0.13.9 | 0 / 23 | |
| 0.13.8 | 0 / 23 | |
| 0.13.7 | 0 / 23 | |
| 0.13.6 | 0 / 23 | |
| 0.13.5 | 0 / 23 | |
| 0.13.4 | 0 / 23 | |
| 0.13.3 | 0 / 23 | |
| 0.13.2 | 0 / 23 | |
| 0.13.1 | 0 / 23 | |
| 0.13.0 | 0 / 23 | |
| 0.12.6 | 0 / 23 | |
| 0.12.5 | 0 / 23 | |
| 0.12.4 | 1 / 29 | |
| 0.12.3 | 0 / 29 | |
| 0.12.2 | 0 / 29 | |
| 0.12.1 | 0 / 29 | |
| 0.12.0 | 0 / 29 | |
| 0.11.1 | 0 / 29 | |
| 0.11.0 | 0 / 29 | |
| 0.10.3 | 0 / 28 | |
| 0.10.2 | 0 / 28 | |
| 0.10.1 | 0 / 28 | |
| 0.10.0 | 1 / 27 | |
| 0.9.1 | 0 / 22 | |
| 0.9.0 | 0 / 22 | |
| 0.8.15 | 0 / 23 | |
| 0.8.14 | 0 / 23 | |
| 0.8.13 | 0 / 23 | |
| 0.8.12 | 0 / 23 | |
| 0.8.11 | 0 / 23 | |
| 0.8.10 | 0 / 23 | |
| 0.8.9 | 0 / 23 | |
| 0.8.8 | 0 / 23 | |
| 0.8.7 | 0 / 23 | |
| 0.8.6 | 0 / 23 | |
| 0.8.5 | 0 / 23 | |
| 0.8.4 | 0 / 23 | |
| 0.8.3 | 0 / 23 | |
| 0.8.2 | 0 / 23 | |
| 0.8.1 | 0 / 23 | |
| 0.8.0 | 0 / 23 | |
| 0.7.0 | 0 / 23 | |
| 0.6.2 | 0 / 22 | |
| 0.6.1 | 0 / 22 | |
| 0.6.0 | 0 / 22 | |
| 0.5.5 | 0 / 15 | |
| 0.5.4 | 0 / 13 | |
| 0.5.3 | 0 / 13 | |
| 0.5.2 | 0 / 13 | |
| 0.5.1 | 0 / 13 | |
| 0.5.0 | 0 / 13 | |
| 0.4.0 | 0 / 14 | |
| 0.3.2 | 0 / 13 |
v0.17.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.27
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.13.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.13.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.12.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.8.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.7.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.