@aurodesignsystem/auro-hyperlink Apache-2.0 4 versions

@aurodesignsystem/auro-hyperlink

npm Repository Homepage

auro-hyperlink HTML custom element

Versions

Apache-2.0

License

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

capsule42dale.sandeblackfalconbraven112jordanjones243alaskaairlinesits-admindougalaskarmenner-aa

alaska airlinesaurodesign systemweb components

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/auro-hyperlink-DwdlLg-h.js	AI (source-diff): Minified Vite/Rollup bundle of LitElement component; standard build artifact for this design system package.	ai	2026/05/30
phantom-deps	phantom-dep:lit	AI (phantom-deps): lit is a declared runtime dependency used in the bundled output; phantom-dep heuristic false positive for bundled packages.	ai	2026/05/30

2 findings

HIGH New obfuscated file: dist/auro-hyperlink-DwdlLg-h.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.