@actuate-media/cms-admin
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/views/settings/SessionPolicyCard.js | AI (source-diff): Minified TypeScript/JSX build output; readable code with standard imports, not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/components/seo/SeoEditorDrawer.js | AI (source-diff): Readable compiled ESM; long lines from inlined Tailwind classNames, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/views/seo/RedirectsTab.js | AI (source-diff): Readable compiled ESM; long lines from inlined Tailwind classNames, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/components/seo/RedirectEditorDrawer.js | AI (source-diff): Readable compiled ESM; long lines from inlined Tailwind classNames, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/views/seo/OverviewTab.js | AI (source-diff): Readable compiled ESM; long lines from inlined Tailwind classNames, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/components/forms/EntryDetailDrawer.js | AI (source-diff): Readable compiled ESM; long lines from inlined Tailwind classNames, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/views/settings/BrandingCard.js | AI (source-diff): Readable compiled ESM; long lines from inlined Tailwind classNames, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/views/profile/AccountSecurity.js | AI (source-diff): Readable compiled ESM; long lines from inlined Tailwind classNames, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/views/Posts/NewPostTypeInstructions.js | AI (source-diff): File is readable TypeScript-compiled ESM with clear comments and logic; long lines from JSX, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/components/CoauthorResultPopover.js | AI (source-diff): Readable TypeScript-compiled React component; long lines are JSX output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/components/SEOConfigPanel.js | AI (source-diff): Readable TypeScript-compiled React component; long lines are JSX output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/components/SchedulePublishDialog.js | AI (source-diff): Normal TypeScript-compiled React component; long lines are bundler output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/views/ApiKeys.js | AI (source-diff): Standard tsc-compiled JSX output; long lines are from bundled imports, not obfuscation. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/views/page-builder/SavedSections.js | AI (source-diff): Standard TSC/JSX compiled output with long lines; readable React component code, not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/views/page-builder/PageSettings.js | AI (source-diff): Standard TSC/JSX compiled output with long lines; readable React component code, not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/views/page-builder/NodeSettings.js | AI (source-diff): Standard TSC/JSX compiled output with long lines; readable React component code, not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/views/page-builder/BuilderToolbar.js | AI (source-diff): Standard TSC/JSX compiled output with long lines; readable React component code, not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/views/page-builder/AIGenerateDialog.js | AI (source-diff): Standard TSC/JSX compiled output with long lines; readable React component code, not obfuscated. | ai | |
| phantom-deps | phantom-dep:@actuate-media/cms-core | AI (phantom-deps): Monorepo workspace dependency; expected pattern in multi-package repos. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-switch | AI (phantom-deps): React component library; config-based imports are normal for UI packages. | ai | |
| phantom-deps | phantom-dep:react-dom | AI (phantom-deps): Config-referenced peer; stable for this UI library package. | ai | |
| phantom-deps | phantom-dep:@radix-ui/react-accordion | AI (phantom-deps): Config-referenced UI component; stable for this package. | ai |
Versions (showing 43 of 43)
| Version | Deps | Published |
|---|---|---|
| 0.30.0 | 39 / 11 | |
| 0.29.0 | 39 / 11 | |
| 0.28.0 | 38 / 11 | |
| 0.27.0 | 38 / 11 | |
| 0.26.0 | 38 / 11 | |
| 0.25.0 | 38 / 11 | |
| 0.24.0 | 38 / 11 | |
| 0.23.0 | 38 / 11 | |
| 0.22.0 | 38 / 11 | |
| 0.21.1 | 38 / 11 | |
| 0.21.0 | 38 / 11 | |
| 0.20.0 | 38 / 11 | |
| 0.19.0 | 38 / 11 | |
| 0.18.0 | 38 / 11 | |
| 0.17.0 | 38 / 11 | |
| 0.16.1 | 38 / 11 | |
| 0.16.0 | 38 / 11 | |
| 0.15.0 | 38 / 11 | |
| 0.14.1 | 38 / 11 | |
| 0.14.0 | 38 / 11 | |
| 0.13.0 | 38 / 11 | |
| 0.12.1 | 38 / 11 | |
| 0.12.0 | 31 / 9 | |
| 0.11.0 | 31 / 8 | |
| 0.10.0 | 31 / 7 | |
| 0.9.0 | 31 / 7 | |
| 0.8.2 | 31 / 7 | |
| 0.8.1 | 31 / 7 | |
| 0.8.0 | 31 / 7 | |
| 0.7.3 | 31 / 7 | |
| 0.7.2 | 30 / 7 | |
| 0.7.1 | 30 / 7 | |
| 0.7.0 | 30 / 7 | |
| 0.6.0 | 30 / 6 | |
| 0.4.0 | 31 / 6 | |
| 0.3.0 | 31 / 6 | |
| 0.2.1 | 30 / 6 | |
| 0.2.0 | 30 / 6 | |
| 0.1.4 | 30 / 5 | |
| 0.1.3 | 30 / 5 | |
| 0.1.2 | 30 / 5 | |
| 0.1.1 | 30 / 5 | |
| 0.1.0 | 30 / 4 |
v0.30.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.29.0
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.28.0
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.27.0
7 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.26.0
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.25.0
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.24.0
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.23.0
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.22.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.21.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.20.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.19.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.18.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.1
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.1
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.