@agentica/chat
Frontend Application of Agentica
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/assets/bbs/index-C42phwWA.js | AI (source-diff): Vite-minified frontend bundle; samples show standard React/MUI component code. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-DTt0wejK.js | AI (source-diff): Vite-minified frontend bundle; samples show MUI Alert/prop-types code. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-CL4jF-zS.js | AI (source-diff): Vite-minified frontend bundle; samples show MUI Link/theme code. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-CRmQ3pZr.js | AI (source-diff): Vite-minified vendor chunk; samples show MUI/React utility code. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-CRmQ3pZr.js | AI (source-diff): Network+exec pattern in a Vite vendor bundle is standard browser UI code, not dropper malware. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-BrdQr8x5.js | AI (source-diff): Standard Vite minified frontend bundle; MUI/React patterns visible in sample. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-DGYbrAHL.js | AI (source-diff): Network calls and dynamic code in MUI vendor bundle are standard React/MUI patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-DGYbrAHL.js | AI (source-diff): Vendor chunk from Vite build; MUI internals clearly identifiable in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-E_l0bEa0.js | AI (source-diff): Standard Vite minified frontend bundle; PropTypes/MUI patterns visible in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-LNBpZubV.js | AI (source-diff): Standard Vite minified frontend bundle; MUI/React patterns visible in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-1zW8eZhf.js | AI (source-diff): Standard Vite-minified frontend bundle; MUI/React patterns visible in sample. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-Be-18QBU.js | AI (source-diff): False positive on Vite vendor bundle; no actual network+exec dropper pattern, just bundled fetch/event APIs. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-Be-18QBU.js | AI (source-diff): Standard Vite-minified vendor bundle; MUI internals clearly visible in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-3iPazxVL.js | AI (source-diff): Standard Vite-minified frontend bundle; prop-types and MUI patterns visible in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-D2TiDtkT.js | AI (source-diff): Standard Vite-minified frontend bundle; MUI/React patterns visible in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-Bl4e8msv.js | AI (source-diff): Standard Vite-minified frontend bundle; MUI/React component code visible in sample. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-WI7fnslI.js | AI (source-diff): Network calls and dynamic code in a React/MUI vendor bundle are normal browser UI patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-WI7fnslI.js | AI (source-diff): Standard Vite-minified vendor bundle (MUI, React); no malicious patterns in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-DbuC1Jp4.js | AI (source-diff): Standard Vite-minified frontend bundle; MUI/React component code visible in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-CT-kKEy0.js | AI (source-diff): Standard Vite-minified frontend bundle; readable UI logic visible in sample, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-Dxxx7TxM.js | AI (source-diff): Vite-minified vendor bundle (MUI, React); standard pattern for this UI package. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-DVP_ca8K.js | AI (source-diff): Vite-minified frontend bundle; standard pattern for this UI package. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-CH9F8E01.js | AI (source-diff): Vite-minified frontend bundle; standard pattern for this UI package. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-DDvkKU33.js | AI (source-diff): Vite-minified frontend bundle; standard pattern for this UI package. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-Dxxx7TxM.js | AI (source-diff): Network calls and dynamic code in MUI/React vendor bundle are framework-level patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-BIlPGtIX.js | AI (source-diff): Vite build output for a frontend app; minified JS is expected in dist/assets. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-CSiPYSMU.js | AI (source-diff): MUI/React vendor bundle; network calls and dynamic code are standard framework patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-_P-LTLBe.js | AI (source-diff): Vite build output for a frontend app; minified JS is expected in dist/assets. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-B0WjRZp-.js | AI (source-diff): Vite build output for a frontend app; minified JS is expected in dist/assets. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-CSiPYSMU.js | AI (source-diff): Standard Vite-bundled vendor chunk (MUI/React); minification is expected for this frontend package. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-C-fuCqwj.js | AI (source-diff): Standard Vite minified bundle output; samples show normal React/MUI component code. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-B-SzI_xh.js | AI (source-diff): Standard Vite minified bundle output; samples show normal React/MUI component code. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-D6q2R7cz.js | AI (source-diff): Standard Vite minified bundle output; samples show normal React/prop-types component code. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-JTAUbOpa.js | AI (source-diff): Large vendor bundle (MUI, React, OpenAI) minified by Vite; no malicious patterns in samples. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-JTAUbOpa.js | AI (source-diff): Network calls and dynamic code in a browser UI vendor bundle are expected; samples show MUI/React internals. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-CCW9L_rG.js | AI (source-diff): Vite-bundled vendor chunk (MUI, React); minification is expected for this frontend package. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-CCW9L_rG.js | AI (source-diff): Network calls and dynamic code in a bundled MUI/React frontend asset are normal UI framework patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-Di10Jccu.js | AI (source-diff): Vite-bundled frontend asset; minified MUI/React code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-B15awAk8.js | AI (source-diff): Vite-bundled frontend asset; minified MUI/React code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-9IP3MuWu.js | AI (source-diff): Vite-bundled frontend asset; minified MUI/React code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-BDbNOmwI.js | AI (source-diff): Standard Vite minified build output for a React/MUI frontend; not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-C18MFAlu.js | AI (source-diff): False positive on Vite vendor bundle; network calls are React/MUI UI patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-N1i2VU41.js | AI (source-diff): Standard Vite minified build output for a React/MUI frontend; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-C18MFAlu.js | AI (source-diff): Standard Vite vendor bundle (MUI, React); minification is expected for this package type. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-BLYw0HXs.js | AI (source-diff): Standard Vite minified build output for a React/MUI frontend; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-OoTRvTvp.js | AI (source-diff): Vite-bundled frontend asset; minified React/prop-types code, not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-An_RHG2k.js | AI (source-diff): Network/exec pattern in MUI vendor bundle is React rendering + DOM access, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-An_RHG2k.js | AI (source-diff): Large vendor bundle (MUI, React internals); standard Vite build output, not malware. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-BzIZVzxX.js | AI (source-diff): Vite-bundled frontend asset; minified MUI/React code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-DMe3U6ec.js | AI (source-diff): Vite-bundled frontend asset; minified MUI/React code, not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-DXXxsaqZ.js | AI (source-diff): Network calls and dynamic code in a Vite-bundled MUI vendor chunk are normal React/MUI patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-BuMXyzAL.js | AI (source-diff): Vite-bundled frontend asset; minified MUI/React code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-BGj4gsfz.js | AI (source-diff): Vite-bundled frontend asset; minified MUI/React code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-DXXxsaqZ.js | AI (source-diff): Vite-bundled MUI/React vendor chunk; minification is expected for this frontend package. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-BiEjNsny.js | AI (source-diff): Network+exec pattern in a Vite vendor bundle is a false positive; code is MUI/React internals, not a dropper. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-BiEjNsny.js | AI (source-diff): Vite vendor chunk bundling MUI/React; samples show debounce, useId, theme utilities — standard library code. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-Co566quO.js | AI (source-diff): Standard Vite-minified frontend bundle; samples show React/MUI component code, not malware. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-BgZgAoQq.js | AI (source-diff): Standard Vite-minified frontend bundle; samples show MUI Link/theme code, not malware. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-BzQU9L9z.js | AI (source-diff): Standard Vite-minified frontend bundle; samples show prop-types/MUI Alert code, not malware. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-u9ds7Mmc.js | AI (source-diff): Network calls and dynamic code in a MUI/React vendor bundle are normal UI framework patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-u9ds7Mmc.js | AI (source-diff): Vite-minified vendor chunk (MUI, React); standard frontend build artifact. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-DS7-USk0.js | AI (source-diff): Vite-minified frontend bundle; MUI palette/theme patterns confirm legitimate build output. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-DGYfzaPf.js | AI (source-diff): Vite-minified frontend bundle; prop-types and MUI patterns confirm legitimate build output. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-C5IJO4Wm.js | AI (source-diff): Vite-minified frontend bundle; readable MUI/React imports confirm legitimate build output. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-CTi2jET7.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle; PropTypes and MUI patterns visible in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-ObEJbk8r.js | AI (source-diff): Large vendor bundle from Vite build; MUI/React internals visible in sample, consistent with declared deps. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-ObEJbk8r.js | AI (source-diff): Network calls and dynamic code in a frontend vendor bundle are expected React/MUI patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-CbolakQ8.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle; hashed filename pattern consistent with build tooling. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-Brkx4fS3.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle; MUI/React patterns visible in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-Ar2QHcqt.js | AI (source-diff): Vite-bundled vendor chunk (MUI/React); minified but clearly legitimate UI library code. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-Ar2QHcqt.js | AI (source-diff): Network calls and dynamic code in a Vite vendor bundle are standard React/MUI patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-Z6pRlQAI.js | AI (source-diff): Vite-bundled frontend asset; minified React/MUI code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-B3MKidSN.js | AI (source-diff): Vite-bundled frontend asset; minified React/MUI code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-Bnj6eUef.js | AI (source-diff): Vite-bundled frontend asset; minified React/MUI code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-CYIvUF8o.js | AI (source-diff): Vite-bundled frontend asset; minified MUI/React code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-B6tsapyw.js | AI (source-diff): Vite-bundled frontend asset; minified MUI/React code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-C7DOR9VK.js | AI (source-diff): Vite vendor bundle; contains MUI/React internals, standard minified output. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-C7DOR9VK.js | AI (source-diff): Network calls and dynamic code in a Vite vendor bundle are normal React/MUI patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-GIVw0sh8.js | AI (source-diff): Standard Vite minified vendor bundle (MUI/React); not obfuscation. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-GIVw0sh8.js | AI (source-diff): Network calls and dynamic code in MUI/React bundle are normal browser UI patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-DVAZxVLO.js | AI (source-diff): Standard Vite minified frontend bundle; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-CPb452ge.js | AI (source-diff): Standard Vite minified frontend bundle; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-fw9H439M.js | AI (source-diff): Standard Vite minified frontend bundle; not obfuscation. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-CQ7ydgl4.js | AI (source-diff): False positive on Vite vendor bundle; network/eval patterns are from bundled MUI/React internals, not malware. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-CQ7ydgl4.js | AI (source-diff): Vite vendor chunk containing MUI/React; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-JTKfNN7B.js | AI (source-diff): Vite-bundled MUI/React frontend asset; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-BqdMkikj.js | AI (source-diff): Vite-bundled MUI/React frontend asset; minification is expected for this package. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-BkTqlVMv.js | AI (source-diff): Network calls and dynamic patterns are standard React/MUI runtime behavior, not dropper malware. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-CDEI2iGY.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle; recognizable React/MUI patterns in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-DhgmA29-.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle; recognizable React/MUI patterns in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-VBfo3wi1.js | AI (source-diff): Standard Vite/Rollup minified frontend bundle; recognizable React/PropTypes patterns in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-BkTqlVMv.js | AI (source-diff): Large vendor bundle (MUI/React); minified but clearly legitimate library code. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-BruB7Zbj.js | AI (source-diff): Vite-bundled frontend asset; PropTypes/MUI patterns clearly visible. Expected minified output. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-B5-eEeX5.js | AI (source-diff): Vite-bundled frontend asset; MUI/React code clearly visible in sample. Minification is expected for this package. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-DCMeAPJp.js | AI (source-diff): Network calls and dynamic code in a Vite vendor bundle are standard React/MUI patterns (e.g. dynamic imports, fetch for API calls), not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-DCMeAPJp.js | AI (source-diff): Vite vendor chunk with MUI/React internals; standard bundler output for this frontend package. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-CzMUW2KV.js | AI (source-diff): Vite-built frontend asset; sample shows PropTypes/MUI code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-BwHDKHwh.js | AI (source-diff): Standard Vite-bundled MUI/React vendor chunk; minification is expected for this frontend package. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-BwHDKHwh.js | AI (source-diff): Network calls and dynamic code in a bundled MUI/React vendor chunk are normal browser UI patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-D6hDkQV3.js | AI (source-diff): Vite-built frontend asset; sample shows MUI Link/palette code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-CvD7zfzZ.js | AI (source-diff): Standard Vite-bundled React/MUI frontend asset; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-BelmjIv4.js | AI (source-diff): Standard Vite-bundled React/MUI frontend asset; minification is expected for this package. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-BF9-mkPN.js | AI (source-diff): False positive on MUI bundle; network calls are React/MUI internal patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-BF9-mkPN.js | AI (source-diff): Standard Vite vendor chunk bundling MUI; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-CEYnRiva.js | AI (source-diff): Vite-bundled frontend asset; sample shows prop-types and MUI Alert code. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-NTENJ5bP.js | AI (source-diff): Vite-bundled frontend asset; sample shows legitimate React/MUI component code. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-BBC-gZft.js | AI (source-diff): Vite-bundled frontend asset; sample shows legitimate MUI Link/theme code. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-DOZyQ9Pn.js | AI (source-diff): Network calls and dynamic patterns are from bundled MUI/React; no dropper behavior in samples. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-DOZyQ9Pn.js | AI (source-diff): Standard Vite-bundled MUI/React frontend asset; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-DoaYP4-g.js | AI (source-diff): Standard Vite vendor bundle; samples show MUI internals, not malicious code. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-B0WolqE-.js | AI (source-diff): Standard Vite-bundled frontend output; samples show MUI/React code, not malware. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-C050naRR.js | AI (source-diff): Standard Vite-bundled frontend output; samples show MUI/React component code. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-DmZGlyb3.js | AI (source-diff): Standard Vite-bundled frontend output; samples show MUI/React component code. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-DoaYP4-g.js | AI (source-diff): Network calls and dynamic code in MUI/React vendor bundle are framework patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-0Zd0tH5e.js | AI (source-diff): Vite build output for frontend app; minified JS is expected. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-B5l3CtB6.js | AI (source-diff): Standard Vite-bundled MUI/React vendor chunk; minification is expected for this frontend package. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-B5l3CtB6.js | AI (source-diff): Network calls and dynamic code in MUI/React vendor bundle are framework patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-DZ8UzzkG.js | AI (source-diff): Vite build output; sample shows MUI Link component code, not malware. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-DB0VbOyv.js | AI (source-diff): Vite build output; sample shows MUI/PropTypes code, not malware. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-JkA_jzDA.js | AI (source-diff): False positive on Vite bundle; network/exec patterns are React/MUI framework internals, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-CqrXaW6d.js | AI (source-diff): Vite-bundled frontend asset; sample shows agentica/core chat logic, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-JkA_jzDA.js | AI (source-diff): Standard Vite-minified MUI/React bundle; samples show recognizable MUI component code, not malware. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-yNThgj8o.js | AI (source-diff): Vite-bundled frontend asset; sample shows MUI Link/palette code, not malware. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-C88rtniz.js | AI (source-diff): Vite-bundled frontend asset; sample shows MUI/PropTypes code, not malware. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-BbaypJ97.js | AI (source-diff): Vite-bundled frontend asset importing from known client/vendor chunks; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-3NLHtfuL.js | AI (source-diff): Vite-bundled frontend asset; sample shows MUI Link/Alert components, standard minified output. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-BB_wng3o.js | AI (source-diff): Vite-bundled frontend asset; sample shows prop-types and MUI Box/Alert, standard minified output. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-gdBXeHGc.js | AI (source-diff): Standard Vite-minified MUI/React bundle; samples show recognizable MUI component code, not malware. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-gdBXeHGc.js | AI (source-diff): Network/exec pattern fires on bundled MUI/React code; no actual dropper behavior in samples. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-WBExbPS5.js | AI (source-diff): Vite build output for frontend app; minified bundle is expected. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-oVp5dJor.js | AI (source-diff): MUI/React vendor bundle; network calls and dynamic refs are standard React framework patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-CSHNX7fL.js | AI (source-diff): Vite build output for frontend app; minified bundle is expected. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-BqJMU3WW.js | AI (source-diff): Vite build output for frontend app; minified bundle is expected. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-oVp5dJor.js | AI (source-diff): Standard Vite-bundled MUI/React vendor chunk; minification is expected for this frontend package. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-DKMwMvQB.js | AI (source-diff): Network+exec pattern in MUI/React bundle is standard framework code, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-DhIewMX_.js | AI (source-diff): Vite-bundled frontend asset; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-DKMwMvQB.js | AI (source-diff): Standard Vite-minified frontend bundle (MUI/React); expected for this frontend chat app package. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-BayP1_T0.js | AI (source-diff): Vite-bundled frontend asset; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-BdHTvuEx.js | AI (source-diff): Vite-bundled frontend asset; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-1PU2MSAP.js | AI (source-diff): Vite-built frontend bundle; prop-types and MUI code visible in sample, not malware. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-4rQbC3QH.js | AI (source-diff): Network calls and dynamic refs in MUI vendor bundle are standard browser UI patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-4rQbC3QH.js | AI (source-diff): Standard Vite-bundled MUI/React vendor chunk; minification is expected for this frontend package. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-QqHA_W-6.js | AI (source-diff): Vite-built frontend bundle with recognizable React/MUI patterns; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-BBtHf7cu.js | AI (source-diff): Vite-built frontend bundle with recognizable MUI/React patterns; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-CxowcbGN.js | AI (source-diff): Standard Vite-bundled MUI/React vendor chunk; minification is expected for this frontend package. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-CxowcbGN.js | AI (source-diff): MUI/React vendor bundle; network calls and dynamic execution are normal React lifecycle patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-Dbmf77zk.js | AI (source-diff): Vite build output for a React frontend app; minified bundles are expected. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-BdJKQCuK.js | AI (source-diff): Vite build output for a React frontend app; minified bundles are expected. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-RafDCo1Q.js | AI (source-diff): Vite build output for a React frontend app; minified bundles are expected. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-BDHeLF81.js | AI (source-diff): Vite-bundled frontend asset; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-Cpx1jhtO.js | AI (source-diff): Standard Vite-minified vendor bundle (MUI/React); not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-Cpx1jhtO.js | AI (source-diff): Network+exec pattern is from React/MUI framework code in a Vite bundle, not a dropper. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-taNoaQTw.js | AI (source-diff): Standard Vite-minified React/MUI bundle; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-B8CDZvK4.js | AI (source-diff): Standard Vite-minified React/MUI bundle; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-DxVHwWX6.js | AI (source-diff): Standard Vite-minified React/MUI bundle; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-BlB8QnQT.js | AI (source-diff): Vite-bundled frontend asset; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-BTLQOiA2.js | AI (source-diff): Standard Vite-bundled MUI/React output; minification is expected for a frontend app package. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-CZ_ISwun.js | AI (source-diff): Vite-bundled frontend asset; minification is expected for this package. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-BTLQOiA2.js | AI (source-diff): Network calls and dynamic code in bundled MUI/React frontend code; no dropper pattern present in samples. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-EUGT-F1U.js | AI (source-diff): Vite-bundled frontend asset; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-DY9kRTrI.js | AI (source-diff): Vite-bundled app chunk; minified output is expected for this frontend app package. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-J0FMNcze.js | AI (source-diff): Vite-bundled MUI/React vendor chunk; minification is expected for this frontend app package. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-CgZ7_KKi.js | AI (source-diff): Vite-bundled app chunk; minified output is expected for this frontend app package. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-CsQ2xOcp.js | AI (source-diff): Vite-bundled app chunk; minified output is expected for this frontend app package. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-J0FMNcze.js | AI (source-diff): Network calls and dynamic code in MUI/React vendor bundle are standard framework patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-RyNqJgVh.js | AI (source-diff): Vite vendor bundle (MUI, React); minification is expected for this frontend package. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-RyNqJgVh.js | AI (source-diff): False positive on Vite vendor bundle; network calls are browser fetch APIs in MUI/React, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-Yr3xbsVI.js | AI (source-diff): Vite-bundled frontend asset; minified MUI/React/prop-types code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-CWl5SH2s.js | AI (source-diff): Vite-bundled frontend asset; minified MUI/React code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-Cm56m_DU.js | AI (source-diff): Vite-bundled frontend asset; minified MUI/React code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-WvkWndml.js | AI (source-diff): Vite-bundled frontend asset; minified JS is expected for this UI package. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-BlLNxcud.js | AI (source-diff): Vite-bundled frontend asset; minified JS is expected for this UI package. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-BDtwr651.js | AI (source-diff): Standard Vite-bundled MUI/React frontend assets; minification is expected for this UI package. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-DHVfGcGn.js | AI (source-diff): Vite-bundled frontend asset; minified JS is expected for this UI package. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-BDtwr651.js | AI (source-diff): MUI/React bundle; network calls and dynamic code are standard framework patterns, not dropper behavior. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-CF7u2rHL.js | AI (source-diff): Network calls and dynamic code in MUI bundle are React rendering patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-EDC-vKLx.js | AI (source-diff): Vite-minified frontend bundle; code is identifiable React/agentica UI logic. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-BNwUGI_c.js | AI (source-diff): Vite-minified frontend bundle with PropTypes and MUI components; clearly legitimate. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-CF_aOmZt.js | AI (source-diff): Vite-minified frontend bundle; MUI Link/palette code is identifiable legitimate UI code. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Dormancy consistent with project release cadence; no other malicious signals present. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-CF7u2rHL.js | AI (source-diff): Standard Vite-minified MUI/React bundle; content is clearly legitimate UI framework code. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-B5gwuaKc.js | AI (source-diff): Vite-bundled frontend asset; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-CimbPruT.js | AI (source-diff): Vite-bundled MUI/React frontend asset; minification is expected for this package. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-CimbPruT.js | AI (source-diff): MUI/React bundle; network calls and dynamic refs are standard React patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-BES0Rsj-.js | AI (source-diff): Vite-bundled frontend asset; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-BcqW8GAa.js | AI (source-diff): Vite-bundled frontend asset; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-BKPobbcu.js | AI (source-diff): Vite build output for frontend chat app; minified JS is expected. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-Cl0BFQC8.js | AI (source-diff): Vite build output for frontend chat app; minified JS is expected. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-OoUR6Yel.js | AI (source-diff): Vite build output for frontend chat app; minified JS is expected. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-B9msVFZE.js | AI (source-diff): MUI/React bundle; network calls are UI fetch patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-B9msVFZE.js | AI (source-diff): Standard Vite-bundled MUI/React frontend asset; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/uploader/index.html-qTzoYxoF.js | AI (source-diff): Standard Vite-minified frontend bundle; samples show MUI/React/PropTypes code, not malware. | ai | |
| source-diff | net-exec-file:dist/assets/VendorConfigurationMovie-A3EDRuuv.js | AI (source-diff): Network calls and dynamic code in MUI/React vendor bundle are normal UI framework patterns, not dropper behavior. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher changed to GitHub Actions CI with SLSA provenance attestation; this is the expected CI/CD publishing pattern for this org. | ai | |
| phantom-deps | phantom-dep:@samchon/openapi | AI (phantom-deps): Peer/type dependency used in config files; stable false positive for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/bbs/index-DJ2TSI_V.js | AI (source-diff): Standard Vite-minified frontend bundle; samples show MUI/React component code, not malware. | ai | |
| source-diff | obfuscated-file:dist/assets/shopping/index.html-DwrDQLUl.js | AI (source-diff): Standard Vite-minified frontend bundle; samples show MUI/React component code, not malware. | ai | |
| source-diff | obfuscated-file:dist/assets/VendorConfigurationMovie-A3EDRuuv.js | AI (source-diff): Vite vendor chunk bundling MUI/React; samples show standard UI library code. | ai | |
| typosquat | typosquat.levenshtein:chalk | AI (typosquat): @agentica/chat is a scoped package from Wrtn Technologies; Levenshtein match to 'chalk' is coincidental. | ai | |
| phantom-deps | phantom-dep:@typia/interface | AI (phantom-deps): Monorepo UI package; deps referenced in config/build files, not direct imports. | ai | |
| phantom-deps | phantom-dep:uuid | AI (phantom-deps): Monorepo UI package; deps referenced in config/build files, not direct imports. | ai | |
| phantom-deps | phantom-dep:typia | AI (phantom-deps): Monorepo UI package; deps referenced in config/build files, not direct imports. | ai | |
| phantom-deps | phantom-dep:openai | AI (phantom-deps): Monorepo UI package; deps referenced in config/build files, not direct imports. | ai | |
| phantom-deps | phantom-dep:@typia/utils | AI (phantom-deps): Monorepo UI package; deps referenced in config/build files, not direct imports. | ai |
Versions (showing 63 of 63)
| Version | Deps | Published |
|---|---|---|
| 0.45.0 | 13 / 24 | |
| 0.43.3 | 12 / 24 | |
| 0.43.2 | 12 / 24 | |
| 0.43.1 | 12 / 24 | |
| 0.43.0 | 12 / 24 | |
| 0.42.0 | 12 / 24 | |
| 0.41.4 | 12 / 24 | |
| 0.41.3 | 12 / 24 | |
| 0.41.2 | 12 / 24 | |
| 0.41.1 | 12 / 24 | |
| 0.41.0 | 12 / 24 | |
| 0.40.0 | 12 / 24 | |
| 0.39.0 | 12 / 24 | |
| 0.38.0 | 12 / 24 | |
| 0.37.0 | 12 / 24 | |
| 0.36.4 | 12 / 24 | |
| 0.36.3 | 12 / 24 | |
| 0.36.2 | 12 / 24 | |
| 0.36.1 | 12 / 24 | |
| 0.36.0 | 12 / 24 | |
| 0.35.0 | 12 / 24 | |
| 0.34.2 | 12 / 24 | |
| 0.34.1 | 12 / 24 | |
| 0.34.0 | 12 / 24 | |
| 0.33.2 | 12 / 24 | |
| 0.33.1 | 12 / 24 | |
| 0.33.0 | 12 / 24 | |
| 0.32.9 | 12 / 24 | |
| 0.32.8 | 12 / 24 | |
| 0.32.7 | 12 / 24 | |
| 0.32.6 | 12 / 24 | |
| 0.32.5 | 12 / 24 | |
| 0.32.4 | 12 / 24 | |
| 0.32.3 | 12 / 24 | |
| 0.32.2 | 12 / 24 | |
| 0.32.1 | 12 / 24 | |
| 0.32.0 | 12 / 24 | |
| 0.31.3 | 12 / 24 | |
| 0.31.2 | 12 / 24 | |
| 0.31.1 | 12 / 24 | |
| 0.31.0 | 12 / 24 | |
| 0.30.8 | 12 / 24 | |
| 0.30.7 | 12 / 24 | |
| 0.30.6 | 12 / 24 | |
| 0.30.5 | 12 / 24 | |
| 0.30.4 | 12 / 24 | |
| 0.30.3 | 12 / 24 | |
| 0.30.2 | 12 / 24 | |
| 0.30.1 | 12 / 24 | |
| 0.30.0 | 12 / 24 | |
| 0.29.6 | 12 / 24 | |
| 0.27.3 | 12 / 24 | |
| 0.27.2 | 12 / 24 | |
| 0.27.1 | 12 / 24 | |
| 0.27.0 | 12 / 24 | |
| 0.26.2 | 12 / 24 | |
| 0.26.1 | 12 / 24 | |
| 0.26.0 | 12 / 24 | |
| 0.25.0 | 12 / 24 | |
| 0.24.0 | 12 / 24 | |
| 0.23.0 | 12 / 24 | |
| 0.22.0 | 12 / 24 | |
| 0.21.0 | 12 / 24 |
v0.43.3
7 findingsThis version was published by a different npm account than previous versions on 2026-03-04. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.2
7 findingsThis version was published by a different npm account than previous versions on 2026-03-04. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.1
7 findingsThis version was published by a different npm account than previous versions on 2026-03-04. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.43.0
7 findingsThis version was published by a different npm account than previous versions on 2026-02-25. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.42.0
7 findingsThis version was published by a different npm account than previous versions on 2026-02-25. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.4
7 findingsThis version was published by a different npm account than previous versions on 2026-02-13. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.3
7 findingsThis version was published by a different npm account than previous versions on 2026-02-11. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.2
7 findingsThis version was published by a different npm account than previous versions on 2026-02-09. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.1
7 findingsThis version was published by a different npm account than previous versions on 2026-01-30. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.41.0
7 findingsThis version was published by a different npm account than previous versions on 2026-01-28. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.40.0
7 findingsThis version was published by a different npm account than previous versions on 2026-01-26. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.39.0
7 findingsThis version was published by a different npm account than previous versions on 2026-01-11. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.38.0
7 findingsThis version was published by a different npm account than previous versions on 2026-01-08. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.37.0
7 findingsThis version was published by a different npm account than previous versions on 2026-01-07. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.36.4
7 findingsThis version was published by a different npm account than previous versions on 2026-01-01. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.36.3
7 findingsThis version was published by a different npm account than previous versions on 2026-01-01. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.36.2
7 findingsThis version was published by a different npm account than previous versions on 2025-12-31. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.36.1
7 findingsThis version was published by a different npm account than previous versions on 2025-12-29. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.36.0
7 findingsThis version was published by a different npm account than previous versions on 2025-12-23. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.35.0
7 findingsThis version was published by a different npm account than previous versions on 2025-12-23. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.34.2
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.34.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.34.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.33.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.33.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.33.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.32.9
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.32.8
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.32.7
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.32.6
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.32.5
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.32.4
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.32.3
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.32.2
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.32.1
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.32.0
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.31.3
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.31.2
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.31.1
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.31.0
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.30.8
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.30.7
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.30.6
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.30.5
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.30.4
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.30.3
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.30.2
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.30.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.30.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.29.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.27.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.27.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.27.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.27.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.26.2
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.26.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.26.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.25.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.23.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.21.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.