← Home

@amodalai/runtime-app

npm
51
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

amodaldev

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/assets/index-Ddep5KVX.js AI (source-diff): Standard Vite/React production bundle; minification is expected for this UI asset package. ai
source-diff obfuscated-file:dist/assets/index-Cmws_EDX.js AI (source-diff): Standard Vite/React minified bundle; not obfuscated malware. Stable pattern for this frontend package. ai
source-diff obfuscated-file:dist/assets/index-1Sq41APO.js AI (source-diff): Standard Vite/React minified bundle; consistent with build tooling declared in package.json. ai
source-diff obfuscated-file:dist/assets/index-CFBCIBt8.js AI (source-diff): Standard Vite/React minified build output; React license header visible in sample confirms legitimate bundled code. ai
source-diff obfuscated-file:dist/assets/index-4-vNGOPa.js AI (source-diff): Standard Vite/React production bundle; minified output is expected for this frontend app package. ai
source-diff obfuscated-file:dist/assets/index-BgLJGZT2.js AI (source-diff): Standard Vite-minified React bundle; React license header visible in sample, no malicious indicators. ai
source-diff obfuscated-file:dist/assets/index-DNjWcVGY.js AI (source-diff): Standard Vite/React production bundle; minification is expected for this package type. ai
source-diff obfuscated-file:dist/assets/index-r1gGOn-S.js AI (source-diff): Standard Vite/React production bundle; minification is expected for this package's build output. ai
bogus-package bogus-package AI (bogus-package): Internal monorepo package; missing metadata is expected, not malicious. ai
phantom-deps phantom-dep:@amodalai/react AI (phantom-deps): React component library; dependencies declared and used in config/exports. ai
phantom-deps phantom-dep:cron-parser AI (phantom-deps): React component library; dependencies declared and used in config/exports. ai
phantom-deps phantom-dep:lucide-react AI (phantom-deps): React component library; dependencies declared and used in config/exports. ai
phantom-deps phantom-dep:tailwind-merge AI (phantom-deps): React component library; dependencies declared and used in config/exports. ai
phantom-deps phantom-dep:@codemirror/view AI (phantom-deps): React component library; dependencies declared and used in config/exports. ai
phantom-deps phantom-dep:react-router-dom AI (phantom-deps): React component library; dependencies declared and used in config/exports. ai
phantom-deps phantom-dep:@codemirror/state AI (phantom-deps): React component library; dependencies declared and used in config/exports. ai
phantom-deps phantom-dep:@codemirror/search AI (phantom-deps): React component library; dependencies declared and used in config/exports. ai
phantom-deps phantom-dep:@codemirror/commands AI (phantom-deps): React component library; dependencies declared and used in config/exports. ai
phantom-deps phantom-dep:@codemirror/language AI (phantom-deps): React component library; dependencies declared and used in config/exports. ai
phantom-deps phantom-dep:@codemirror/lang-json AI (phantom-deps): React component library; dependencies declared and used in config/exports. ai
phantom-deps phantom-dep:@tanstack/react-query AI (phantom-deps): React component library; dependencies declared and used in config/exports. ai
phantom-deps phantom-dep:@codemirror/autocomplete AI (phantom-deps): React component library; dependencies declared and used in config/exports. ai
phantom-deps phantom-dep:@codemirror/lang-markdown AI (phantom-deps): React component library; dependencies declared and used in config/exports. ai
phantom-deps phantom-dep:clsx AI (phantom-deps): React component library; dependencies declared and used in config/exports. ai
phantom-deps phantom-dep:react AI (phantom-deps): React component library; dependencies declared and used in config/exports. ai
phantom-deps phantom-dep:cronstrue AI (phantom-deps): React component library; dependencies declared and used in config/exports. ai
phantom-deps phantom-dep:react-dom AI (phantom-deps): React component library; dependencies declared and used in config/exports. ai
source-diff obfuscated-file:dist/assets/index-BoPrMuAN.js AI (source-diff): Standard Vite/React production bundle; minification is expected for this frontend app package. ai
source-diff obfuscated-file:dist/assets/index-CFMBq0OB.js AI (source-diff): Standard Vite-minified React bundle; React license header visible in sample, consistent with build tooling in package.json. ai
source-diff obfuscated-file:dist/assets/index-BdV4gm0x.js AI (source-diff): Standard Vite-minified React bundle; React license header visible in sample, consistent with package.json build config. ai
phantom-deps phantom-dep:recharts AI (phantom-deps): Directly imported in dependencies; UI library pattern. ai
phantom-deps phantom-dep:codemirror AI (phantom-deps): Directly imported in dependencies; UI library pattern. ai
source-diff obfuscated-file:dist/assets/index-B1QggBTl.js AI (source-diff): Standard Vite/React production bundle; minified output is expected for this frontend runtime app. ai
source-diff obfuscated-file:dist/assets/index-BWcr9167.js AI (source-diff): Standard Vite/React production bundle; minification is expected for this runtime app package. ai
source-diff obfuscated-file:dist/assets/index-ZmB4k_QN.js AI (source-diff): Standard Vite/React production bundle; minified not obfuscated. Stable pattern for this package. ai
phantom-deps phantom-dep:class-variance-authority AI (phantom-deps): UI utility likely used in component files; stable false positive for this scoped package. ai
phantom-deps phantom-dep:react-markdown AI (phantom-deps): Likely used in JSX/TSX files not caught by import scanner; stable false positive for this package. ai
phantom-deps phantom-dep:autoprefixer AI (phantom-deps): CSS build tooling referenced in tailwind/postcss config; not directly imported — expected. ai
phantom-deps phantom-dep:postcss AI (phantom-deps): Build tooling dep referenced in config files; not directly imported in source — expected pattern. ai
phantom-deps phantom-dep:typescript AI (phantom-deps): TypeScript is a build-time tool referenced in tsconfig; phantom-dep false positive for this package. ai

Versions (showing 51 of 126)

View all versions
Version Deps Published
0.3.96 18 / 6
0.3.95 18 / 6
0.3.94 18 / 6
0.3.93 18 / 6
0.3.92 18 / 6
0.3.91 18 / 6
0.3.90 18 / 6
0.3.89 18 / 6
0.3.88 18 / 6
0.3.87 18 / 6
0.3.86 18 / 6
0.3.85 18 / 6
0.3.84 18 / 6
0.3.83 18 / 6
0.3.82 18 / 6
0.3.81 18 / 6
0.3.80 18 / 6
0.3.79 18 / 6
0.3.78 18 / 6
0.3.77 18 / 6
0.3.76 18 / 6
0.3.75 18 / 6
0.3.74 18 / 6
0.3.73 18 / 6
0.3.72 18 / 6
0.3.71 18 / 6
0.3.70 18 / 6
0.3.69 18 / 6
0.3.68 18 / 6
0.3.67 18 / 6
0.3.66 18 / 6
0.3.65 18 / 6
0.3.64 18 / 6
0.3.63 18 / 6
0.3.62 18 / 6
0.3.61 18 / 6
0.3.60 18 / 6
0.3.59 18 / 6
0.3.58 18 / 6
0.3.57 18 / 6
0.3.56 18 / 6
0.3.55 18 / 6
0.3.54 18 / 6
0.3.53 18 / 6
0.3.52 18 / 6
0.3.51 18 / 6
0.3.50 18 / 6
0.3.49 18 / 6
0.3.48 18 / 6
0.3.47 18 / 6
0.3.46 18 / 6

v0.3.96

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.95

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.94

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.93

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.92

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.91

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.90

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.89

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.88

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.87

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.86

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.85

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.84

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.83

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.82

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.81

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.80

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.79

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.78

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.77

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.76

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.75

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.74

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.73

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.72

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.71

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.70

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.69

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.68

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.67

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.66

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.65

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.64

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.63

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.62

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.61

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.60

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.59

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.58

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.57

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.56

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.55

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.54

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.53

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.52

2 findings
HIGH New obfuscated file: dist/assets/index-B1QggBTl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.51

2 findings
HIGH New obfuscated file: dist/assets/index-BWcr9167.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.50

2 findings
HIGH New obfuscated file: dist/assets/index-BWcr9167.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.49

2 findings
HIGH New obfuscated file: dist/assets/index-Cmws_EDX.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.48

2 findings
HIGH New obfuscated file: dist/assets/index-Cmws_EDX.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.47

2 findings
HIGH New obfuscated file: dist/assets/index-1Sq41APO.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.3.46

2 findings
HIGH New obfuscated file: dist/assets/index-BgLJGZT2.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.