@arcgis/ai-components
**No Esri Technical Support included.**
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/cdn/4AKABWTH.js | AI (source-diff): Standard Esri minified CDN bundle; consistent with all prior releases of this package. | ai | |
| source-diff | obfuscated-file:dist/cdn/C7H45XOK.js | AI (source-diff): Standard Esri minified CDN bundle; consistent with all prior releases of this package. | ai | |
| source-diff | obfuscated-file:dist/cdn/JXINLIXP.js | AI (source-diff): Standard Esri minified CDN bundle; consistent with all prior releases of this package. | ai | |
| source-diff | obfuscated-file:dist/cdn/AED4DHAB.js | AI (source-diff): Standard Esri minified CDN bundle; consistent with all prior releases of this package. | ai | |
| source-diff | obfuscated-file:dist/cdn/MFR5PR4S.js | AI (source-diff): Standard Esri minified CDN bundle; consistent with all prior releases of this package. | ai | |
| source-diff | obfuscated-file:dist/cdn/T2NCPPDV.js | AI (source-diff): Standard Esri minified CDN bundle; consistent with all prior releases of this package. | ai | |
| source-diff | obfuscated-file:dist/cdn/HLRDAQ45.js | AI (source-diff): Standard Esri minified CDN bundle; consistent with all prior releases of this package. | ai | |
| source-diff | obfuscated-file:dist/cdn/3S32HPQS.js | AI (source-diff): Standard Esri-copyrighted minified CDN bundle; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/cdn/XK3FC73N.js | AI (source-diff): Standard Esri-copyrighted minified CDN bundle; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/cdn/WSOUMPK4.js | AI (source-diff): Standard Esri-copyrighted minified CDN bundle; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/cdn/IXRAFIJK.js | AI (source-diff): Standard Esri-copyrighted minified CDN bundle; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/cdn/DMTP6NBV.js | AI (source-diff): Standard Esri-copyrighted minified CDN bundle; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/cdn/7REHUKPX.js | AI (source-diff): Standard Esri-copyrighted minified CDN bundle; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/cdn/2QZT37AU.js | AI (source-diff): Standard Esri-copyrighted minified CDN bundle; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/cdn/3SIHFDVG.js | AI (source-diff): Esri-copyrighted minified bundle; standard ArcGIS SDK distribution pattern. | ai | |
| source-diff | obfuscated-file:dist/cdn/XG7NHSS7.js | AI (source-diff): Esri-copyrighted minified bundle; standard ArcGIS SDK distribution pattern. | ai | |
| source-diff | obfuscated-file:dist/cdn/R6KK4LQM.js | AI (source-diff): Esri-copyrighted minified bundle; standard ArcGIS SDK distribution pattern. | ai | |
| source-diff | obfuscated-file:dist/cdn/HC3YXKVE.js | AI (source-diff): Esri-copyrighted minified bundle; standard ArcGIS SDK distribution pattern. | ai | |
| source-diff | obfuscated-file:dist/cdn/DNRDUCZV.js | AI (source-diff): Esri-copyrighted minified bundle; standard ArcGIS SDK distribution pattern. | ai | |
| source-diff | obfuscated-file:dist/cdn/AS5CYI5K.js | AI (source-diff): Esri-copyrighted minified bundle; standard ArcGIS SDK distribution pattern. | ai | |
| source-diff | obfuscated-file:dist/cdn/2L2G6TTO.js | AI (source-diff): Esri-copyrighted minified bundle; standard ArcGIS SDK distribution pattern. | ai | |
| source-diff | obfuscated-file:dist/cdn/2XYABUZX.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard build output for @arcgis/ packages. | ai | |
| source-diff | obfuscated-file:dist/cdn/ZPA23JJS.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard build output for @arcgis/ packages. | ai | |
| source-diff | obfuscated-file:dist/cdn/NTL5JXVP.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard build output for @arcgis/ packages. | ai | |
| source-diff | obfuscated-file:dist/cdn/KPM7KS4K.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard build output for @arcgis/ packages. | ai | |
| source-diff | obfuscated-file:dist/cdn/JOL4ABJO.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard build output for @arcgis/ packages. | ai | |
| source-diff | obfuscated-file:dist/cdn/GQXDPYYB.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard build output for @arcgis/ packages. | ai | |
| source-diff | obfuscated-file:dist/cdn/AGXE55QM.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard build output for @arcgis/ packages. | ai | |
| source-diff | obfuscated-file:dist/cdn/54KWWZ6K.js | AI (source-diff): Standard Esri/ArcGIS minified CDN bundle with copyright header; expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/cdn/XYJ64VLP.js | AI (source-diff): Standard Esri/ArcGIS minified CDN bundle with copyright header; expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/cdn/WR6PMLTB.js | AI (source-diff): Standard Esri/ArcGIS minified CDN bundle with copyright header; expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/cdn/S2FPB7GS.js | AI (source-diff): Standard Esri/ArcGIS minified CDN bundle with copyright header; expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/cdn/JNKLL4SA.js | AI (source-diff): Standard Esri/ArcGIS minified CDN bundle with copyright header; expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/cdn/CIOZQQSY.js | AI (source-diff): Standard Esri/ArcGIS minified CDN bundle with copyright header; expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/cdn/AYP5O4F2.js | AI (source-diff): Standard Esri/ArcGIS minified CDN bundle with copyright header; expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/cdn/7TTAIEIK.js | AI (source-diff): Standard Esri CDN minified bundle with copyright header; consistent with ArcGIS SDK distribution pattern. | ai | |
| source-diff | obfuscated-file:dist/cdn/XTSGHZZB.js | AI (source-diff): Standard Esri CDN minified bundle with copyright header; consistent with ArcGIS SDK distribution pattern. | ai | |
| source-diff | obfuscated-file:dist/cdn/WOG2PLLN.js | AI (source-diff): Standard Esri CDN minified bundle with copyright header; consistent with ArcGIS SDK distribution pattern. | ai | |
| source-diff | obfuscated-file:dist/cdn/W2LL6T2X.js | AI (source-diff): Standard Esri CDN minified bundle with copyright header; consistent with ArcGIS SDK distribution pattern. | ai | |
| source-diff | obfuscated-file:dist/cdn/VFWNEH6A.js | AI (source-diff): Standard Esri CDN minified bundle with copyright header; consistent with ArcGIS SDK distribution pattern. | ai | |
| source-diff | obfuscated-file:dist/cdn/JYCXG6SS.js | AI (source-diff): Standard Esri CDN minified bundle with copyright header; consistent with ArcGIS SDK distribution pattern. | ai | |
| source-diff | obfuscated-file:dist/cdn/7R5L7WMI.js | AI (source-diff): Standard Esri CDN minified bundle with copyright header; consistent with ArcGIS SDK distribution pattern. | ai | |
| source-diff | obfuscated-file:dist/cdn/5BN5VVZI.js | AI (source-diff): Standard Esri-copyrighted minified CDN bundle; consistent with the @arcgis/* package family. | ai | |
| source-diff | obfuscated-file:dist/cdn/SSKF6L4M.js | AI (source-diff): Standard Esri-copyrighted minified CDN bundle; consistent with the @arcgis/* package family. | ai | |
| source-diff | obfuscated-file:dist/cdn/ILGKDAIE.js | AI (source-diff): Standard Esri-copyrighted minified CDN bundle; consistent with the @arcgis/* package family. | ai | |
| source-diff | obfuscated-file:dist/cdn/DMODI4OS.js | AI (source-diff): Standard Esri-copyrighted minified CDN bundle; consistent with the @arcgis/* package family. | ai | |
| source-diff | obfuscated-file:dist/cdn/CLLFUFFF.js | AI (source-diff): Standard Esri-copyrighted minified CDN bundle; consistent with the @arcgis/* package family. | ai | |
| source-diff | obfuscated-file:dist/cdn/5JC7SLAM.js | AI (source-diff): Standard Esri-copyrighted minified CDN bundle; consistent with the @arcgis/* package family. | ai | |
| source-diff | obfuscated-file:dist/cdn/27BM64HA.js | AI (source-diff): Standard Esri-copyrighted minified CDN bundle; consistent with the @arcgis/* package family. | ai | |
| source-diff | obfuscated-file:dist/cdn/5QOWLY4K.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard build output for this package. | ai | |
| source-diff | obfuscated-file:dist/cdn/ZMGGKF6I.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard build output for this package. | ai | |
| source-diff | obfuscated-file:dist/cdn/HLPUBPCI.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard build output for this package. | ai | |
| source-diff | obfuscated-file:dist/cdn/BPQHDASZ.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard build output for this package. | ai | |
| source-diff | obfuscated-file:dist/cdn/46V7X5JS.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard build output for this package. | ai | |
| source-diff | obfuscated-file:dist/cdn/36II53D3.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard build output for this package. | ai | |
| source-diff | obfuscated-file:dist/cdn/52GK3WHG.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard build output for this package. | ai | |
| source-diff | obfuscated-file:dist/cdn/VJ45TZTN.js | AI (source-diff): Esri-copyrighted minified CDN bundle; consistent with ArcGIS JS SDK build output. | ai | |
| source-diff | obfuscated-file:dist/cdn/AME4VW3J.js | AI (source-diff): Esri-copyrighted minified CDN bundle; consistent with ArcGIS JS SDK build output across all versions. | ai | |
| source-diff | obfuscated-file:dist/cdn/BONW2FOJ.js | AI (source-diff): Esri-copyrighted minified CDN bundle; consistent with ArcGIS JS SDK build output. | ai | |
| source-diff | obfuscated-file:dist/cdn/EBNP6MV3.js | AI (source-diff): Esri-copyrighted minified CDN bundle; consistent with ArcGIS JS SDK build output. | ai | |
| source-diff | obfuscated-file:dist/cdn/HCOGFBB3.js | AI (source-diff): Esri-copyrighted minified CDN bundle; consistent with ArcGIS JS SDK build output. | ai | |
| source-diff | obfuscated-file:dist/cdn/OYMPS3X6.js | AI (source-diff): Esri-copyrighted minified CDN bundle; consistent with ArcGIS JS SDK build output. | ai | |
| source-diff | obfuscated-file:dist/cdn/WKT4JFJA.js | AI (source-diff): Esri-copyrighted minified CDN bundle; consistent with ArcGIS JS SDK build output. | ai | |
| source-diff | obfuscated-file:dist/cdn/6WUTVPNH.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/cdn/QYVJZZWE.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/cdn/NFOYEEVJ.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/cdn/GJHS3ISH.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/cdn/EVN255PC.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/cdn/EMXQTQPY.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/cdn/ACLTNRNV.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/cdn/IGZNXSIL.js | AI (source-diff): Esri-copyrighted minified CDN bundle; consistent with legitimate ArcGIS component distribution. | ai | |
| source-diff | obfuscated-file:dist/cdn/V4EQCDNN.js | AI (source-diff): Esri-copyrighted minified CDN bundle; consistent with legitimate ArcGIS component distribution. | ai | |
| source-diff | obfuscated-file:dist/cdn/MO54HGXF.js | AI (source-diff): Esri-copyrighted minified CDN bundle; consistent with legitimate ArcGIS component distribution. | ai | |
| source-diff | obfuscated-file:dist/cdn/MCVZG2R3.js | AI (source-diff): Esri-copyrighted minified CDN bundle; consistent with legitimate ArcGIS component distribution. | ai | |
| source-diff | obfuscated-file:dist/cdn/KZZKYQUO.js | AI (source-diff): Esri-copyrighted minified CDN bundle; consistent with legitimate ArcGIS component distribution. | ai | |
| source-diff | obfuscated-file:dist/cdn/IQB4SDZ2.js | AI (source-diff): Esri-copyrighted minified CDN bundle; consistent with legitimate ArcGIS component distribution. | ai | |
| source-diff | obfuscated-file:dist/cdn/EE4TA6Y6.js | AI (source-diff): Esri-copyrighted minified CDN bundle; consistent with legitimate ArcGIS component distribution. | ai | |
| source-diff | obfuscated-file:dist/cdn/5WFHEB3U.js | AI (source-diff): Esri-copyrighted minified build output; consistent with ArcGIS SDK distribution pattern. | ai | |
| source-diff | obfuscated-file:dist/cdn/TS6FG3RQ.js | AI (source-diff): Esri-copyrighted minified build output; consistent with ArcGIS SDK distribution pattern. | ai | |
| source-diff | obfuscated-file:dist/cdn/PKJHA4MS.js | AI (source-diff): Esri-copyrighted minified build output; consistent with ArcGIS SDK distribution pattern. | ai | |
| source-diff | obfuscated-file:dist/cdn/IXWEGYBU.js | AI (source-diff): Esri-copyrighted minified build output; consistent with ArcGIS SDK distribution pattern. | ai | |
| source-diff | obfuscated-file:dist/cdn/AKTVVPGP.js | AI (source-diff): Esri-copyrighted minified build output; consistent with ArcGIS SDK distribution pattern. | ai | |
| source-diff | obfuscated-file:dist/cdn/73THFKRF.js | AI (source-diff): Esri-copyrighted minified build output; consistent with ArcGIS SDK distribution pattern. | ai | |
| source-diff | obfuscated-file:dist/cdn/XT6NJ7RH.js | AI (source-diff): Esri-copyrighted minified build output; consistent with ArcGIS SDK distribution pattern. | ai | |
| source-diff | obfuscated-file:dist/cdn/5EBJ77R2.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard ArcGIS SDK build output. | ai | |
| source-diff | obfuscated-file:dist/cdn/TFNJZW6H.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard ArcGIS SDK build output. | ai | |
| source-diff | obfuscated-file:dist/cdn/QSDEAP2N.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard ArcGIS SDK build output. | ai | |
| source-diff | obfuscated-file:dist/cdn/PHFNGGMI.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard ArcGIS SDK build output. | ai | |
| source-diff | obfuscated-file:dist/cdn/OR7LEYYH.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard ArcGIS SDK build output. | ai | |
| source-diff | obfuscated-file:dist/cdn/65G7ATPE.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard ArcGIS SDK build output. | ai | |
| source-diff | obfuscated-file:dist/cdn/3RHHBY5U.js | AI (source-diff): Esri-copyrighted minified CDN bundle; standard ArcGIS SDK build output. | ai | |
| source-diff | obfuscated-file:dist/cdn/4FHO7GBO.js | AI (source-diff): Esri-copyright minified ES module bundle; standard ArcGIS SDK build output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/cdn/WQ2G7SDP.js | AI (source-diff): Esri-copyright minified ES module bundle; standard ArcGIS SDK build output. | ai | |
| source-diff | obfuscated-file:dist/cdn/RB3POOUT.js | AI (source-diff): Esri-copyright minified ES module bundle; standard ArcGIS SDK build output. | ai | |
| source-diff | obfuscated-file:dist/cdn/OTX5HLUQ.js | AI (source-diff): Esri-copyright minified ES module bundle; standard ArcGIS SDK build output. | ai | |
| source-diff | obfuscated-file:dist/cdn/MXUZZMZ3.js | AI (source-diff): Esri-copyright minified ES module bundle; standard ArcGIS SDK build output. | ai | |
| source-diff | obfuscated-file:dist/cdn/MUPZUO2E.js | AI (source-diff): Esri-copyright minified ES module bundle; standard ArcGIS SDK build output. | ai | |
| source-diff | obfuscated-file:dist/cdn/7O3YKATP.js | AI (source-diff): Esri-copyright minified ES module bundle; standard ArcGIS SDK build output. | ai | |
| source-diff | obfuscated-file:dist/cdn/6VUSQXWD.js | AI (source-diff): Esri-copyright minified ES module bundle; standard ArcGIS SDK build output. | ai | |
| source-diff | obfuscated-file:dist/cdn/BALUGU2G.js | AI (source-diff): Standard Esri SDK minified build output with copyright header; not malicious. | ai | |
| source-diff | obfuscated-file:dist/cdn/ZX2ABASD.js | AI (source-diff): Standard Esri SDK minified build output with copyright header; not malicious. | ai | |
| source-diff | obfuscated-file:dist/cdn/VFJVQ7J2.js | AI (source-diff): Standard Esri SDK minified build output with copyright header; not malicious. | ai | |
| source-diff | obfuscated-file:dist/cdn/S2WU4C23.js | AI (source-diff): Standard Esri SDK minified build output with copyright header; not malicious. | ai | |
| source-diff | obfuscated-file:dist/cdn/RUOA23GV.js | AI (source-diff): Standard Esri SDK minified build output with copyright header; not malicious. | ai | |
| source-diff | obfuscated-file:dist/cdn/G2C4Q2YF.js | AI (source-diff): Standard Esri SDK minified build output with copyright header; not malicious. | ai | |
| source-diff | obfuscated-file:dist/cdn/CI6DYT47.js | AI (source-diff): Standard Esri SDK minified build output with copyright header; not malicious. | ai | |
| source-diff | obfuscated-file:dist/cdn/7QVSRAES.js | AI (source-diff): Standard Esri SDK minified build output with copyright header; not malicious. | ai | |
| source-diff | obfuscated-file:dist/cdn/5A6ZZJA3.js | AI (source-diff): Esri-copyrighted minified SDK bundle; consistent with ArcGIS JS build output across all versions. | ai | |
| source-diff | obfuscated-file:dist/cdn/TGZVGTZW.js | AI (source-diff): Esri-copyrighted minified SDK bundle; consistent with ArcGIS JS build output across all versions. | ai | |
| source-diff | obfuscated-file:dist/cdn/OPFMVFCQ.js | AI (source-diff): Esri-copyrighted minified SDK bundle; consistent with ArcGIS JS build output across all versions. | ai | |
| source-diff | obfuscated-file:dist/cdn/IVBZIY3C.js | AI (source-diff): Esri-copyrighted minified SDK bundle; consistent with ArcGIS JS build output across all versions. | ai | |
| source-diff | obfuscated-file:dist/cdn/HBKQLCUY.js | AI (source-diff): Esri-copyrighted minified SDK bundle; consistent with ArcGIS JS build output across all versions. | ai | |
| source-diff | obfuscated-file:dist/cdn/DFCYU2GR.js | AI (source-diff): Esri-copyrighted minified SDK bundle; consistent with ArcGIS JS build output across all versions. | ai | |
| source-diff | obfuscated-file:dist/cdn/4T4XEOX3.js | AI (source-diff): Esri-copyrighted minified SDK bundle; consistent with ArcGIS JS build output across all versions. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a known implicit TypeScript runtime dep; stable false positive for this package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Enterprise SDK package; no public repo URL is expected for Esri's closed-source distribution. | ai |
Versions (showing 20 of 20)
| Version | Deps | Published |
|---|---|---|
| 5.0.19 | 12 / 0 | |
| 5.0.18 | 12 / 0 | |
| 5.0.17 | 12 / 0 | |
| 5.0.16 | 12 / 0 | |
| 5.0.15 | 12 / 0 | |
| 5.0.14 | 12 / 0 | |
| 5.0.13 | 12 / 0 | |
| 5.0.12 | 12 / 0 | |
| 5.0.11 | 12 / 0 | |
| 5.0.10 | 12 / 0 | |
| 5.0.9 | 12 / 0 | |
| 5.0.8 | 12 / 0 | |
| 5.0.7 | 12 / 0 | |
| 5.0.6 | 12 / 0 | |
| 5.0.5 | 12 / 0 | |
| 5.0.4 | 12 / 0 | |
| 5.0.3 | 12 / 0 | |
| 5.0.2 | 12 / 0 | |
| 5.0.1 | 12 / 0 | |
| 5.0.0 | 12 / 0 |
v5.0.19
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.15
10 findingsThis version was published by a different npm account than previous versions on 2026-03-27. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.14
10 findingsThis version was published by a different npm account than previous versions on 2026-03-25. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.13
10 findingsThis version was published by a different npm account than previous versions on 2026-03-20. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.12
10 findingsThis version was published by a different npm account than previous versions on 2026-03-18. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.11
10 findingsThis version was published by a different npm account than previous versions on 2026-03-17. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.10
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.9
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.8
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.7
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.6
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.5
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.4
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.3
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.2
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.1
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.