@acorex/platform
This library was generated with [Nx](https://nx.dev).
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | net-exec-file:types/acorex-platform-workflow.d.ts | AI (source-diff): Pure .d.ts declaration file; no actual network calls or code execution present. | ai | |
| source-diff | obfuscated-file:fesm2022/acorex-platform-themes-default-entity-master-create-view.component-Cx1lLUaR.mjs | AI (source-diff): Angular FESM2022 bundle; long lines are normal compiled Angular output. | ai | |
| source-diff | obfuscated-file:fesm2022/acorex-platform-themes-default-entity-master-modify-view.component-AOrcgjDF.mjs | AI (source-diff): Angular FESM2022 bundle; long lines are normal compiled Angular output. | ai | |
| source-diff | obfuscated-file:fesm2022/acorex-platform-themes-default-entity-master-single-view.component-BfCeUU5F.mjs | AI (source-diff): Angular FESM2022 bundle; long lines are normal compiled Angular output. | ai | |
| source-diff | obfuscated-file:types/acorex-platform-common.d.ts | AI (source-diff): TypeScript declaration file with long import lines; not obfuscated. | ai | |
| source-diff | obfuscated-file:types/acorex-platform-layout-entity.d.ts | AI (source-diff): TypeScript declaration file with long import lines; not obfuscated. | ai | |
| source-diff | obfuscated-file:types/acorex-platform-layout-widgets.d.ts | AI (source-diff): TypeScript declaration file with long import lines; not obfuscated. | ai | |
| source-diff | obfuscated-file:fesm2022/acorex-platform-layout-widgets-repeater-widget-column.component-BGO75IMz.mjs | AI (source-diff): Angular FESM2022 bundle with long lines from inline templates; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:fesm2022/acorex-platform-themes-default-entity-master-list-view.component-DnFEQS-L.mjs | AI (source-diff): Standard Angular fesm2022 bundle with long lines from inline templates; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:fesm2022/acorex-platform-themes-default-entity-master-list-view.component-D2CtNrSn.mjs | AI (source-diff): Standard Angular fesm2022 minified bundle with accompanying source map; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/acorex-platform-themes-default-entity-master-list-view.component-DZeByyDy.mjs | AI (source-diff): Standard Angular fesm2022 bundle; long lines are minified Angular templates, not obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/acorex-platform-themes-default-entity-master-list-view.component-CLDoygoI.mjs | AI (source-diff): Standard Angular fesm2022 bundle with source map; long lines are normal compiler output, not obfuscation. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a known Angular/TypeScript implicit runtime dep; stable false positive for compiled Angular libraries. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): Used in a platform expression evaluator for user-defined scripts; expected pattern for this low-code platform package. | ai |
Versions (showing 13 of 13)
| Version | Deps | Published |
|---|---|---|
| 20.8.21 | 1 / 0 | |
| 20.8.19 | 1 / 0 | |
| 20.8.17 | 1 / 0 | |
| 20.8.14 | 1 / 0 | |
| 20.8.13 | 1 / 0 | |
| 20.8.9 | 1 / 0 | |
| 20.8.8 | 1 / 0 | |
| 20.8.7 | 1 / 0 | |
| 20.8.6 | 1 / 0 | |
| 20.8.5 | 1 / 0 | |
| 20.8.4 | 1 / 0 | |
| 20.8.3 | 1 / 0 | |
| 20.8.1 | 1 / 0 |
v20.8.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v20.8.19
3 findingsThis version was published by a different npm account than previous versions on 2026-05-26. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v20.8.17
3 findingsThis version was published by a different npm account than previous versions on 2026-05-25. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v20.8.14
3 findingsThis version was published by a different npm account than previous versions on 2026-05-24. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v20.8.13
10 findingsThis version was published by a different npm account than previous versions on 2026-05-23. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v20.8.9
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v20.8.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v20.8.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v20.8.6
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v20.8.5
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v20.8.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v20.8.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.