@aws-amplify/ui-components
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | large-new-source-files | AI (source-diff): Stencil.js splits each web component into its own lazy-loaded chunk. Large number of new files is expected as the component library grows. | ai | |
| source-diff | net-exec-file:dist/esm-es5/index-82dae9d1.js | AI (source-diff): Standard Stencil.js runtime bundle with TypeScript helpers and web component lifecycle code. Network calls are browser fetch APIs for lazy loading; no malicious patterns. | ai | |
| source-diff | net-exec-file:dist/esm/index-82dae9d1.js | AI (source-diff): Standard Stencil.js runtime bundle. Network calls are browser APIs (requestAnimationFrame, addEventListener); dynamic code is standard web component patterns. | ai | |
| source-diff | net-exec-file:dist/cjs/index-b93ab635.js | AI (source-diff): Standard Stencil.js CJS runtime bundle. Same pattern as ESM counterpart — legitimate web component infrastructure code. | ai | |
| source-diff | obfuscated-file:dist/amplify-ui-components/p-0d0b67e5.entry.js | AI (source-diff): Stencil.js content-hashed component chunk. Minified CSS-in-JS for web components is expected output from Stencil build pipeline. | ai | |
| source-diff | obfuscated-file:dist/amplify-ui-components/p-0e679567.system.js | AI (source-diff): Stencil.js SystemJS format bundle with TypeScript helpers. Standard build output for this package. | ai | |
| source-diff | obfuscated-file:dist/amplify-ui-components/p-1980f38d.js | AI (source-diff): Minified Angular shadow CSS port, explicitly licensed under MIT by Google Inc. Standard Stencil.js dependency. | ai | |
| source-diff | obfuscated-file:dist/amplify-ui-components/p-66cb0d90.js | AI (source-diff): Stencil.js content-hashed chunk. Minification is standard for this package's build output. | ai | |
| source-diff | net-exec-file:dist/amplify-ui-components/p-66cb0d90.js | AI (source-diff): Stencil.js runtime chunk; network+exec pattern is browser API usage for lazy-loading web components, not malware. | ai | |
| source-diff | obfuscated-file:dist/cjs/css-shim-73a19dab.js | AI (source-diff): Standard Stencil.js build artifact; file self-identifies as 'Stencil Client Platform v1.14.0 | MIT Licensed'. Minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/esm/css-shim-8a9bfe22.js | AI (source-diff): Standard Stencil.js build artifact; file self-identifies as 'Stencil Client Platform v1.14.0 | MIT Licensed'. Minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/amplify-ui-components/p-08209eed.entry.js | AI (source-diff): Standard Stencil.js minified build output for AWS Amplify UI components. Long lines are minification artifacts, not obfuscation. Content clearly shows Amplify Auth/Hub imports with no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/amplify-ui-components/p-8038a7ba.system.entry.js | AI (source-diff): Standard Stencil.js SystemJS minified build output. Content shows async/await polyfills and Amplify imports — expected build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/amplify-ui-components/p-7a3ce8c4.entry.js | AI (source-diff): Minified Stencil.js entry for Amplify Authenticator component. Clearly legitimate AWS Amplify auth UI code using @aws-amplify/auth and @aws-amplify/core. | ai | |
| source-diff | obfuscated-file:dist/amplify-ui-components/p-883f28a7.system.entry.js | AI (source-diff): SystemJS format minified build output for Amplify auth fields component. Standard Stencil.js build artifact; no malicious patterns. | ai | |
| phantom-deps | phantom-dep:@aws-amplify/xr | AI (phantom-deps): Same-org AWS Amplify package; phantom dep is a stable false positive for this package's optional XR integration. | ai | |
| source-diff | obfuscated-file:dist/amplify-ui-components/p-24b4ead3.entry.js | AI (source-diff): Stencil.js minified build output for AWS Amplify UI components. Minification is expected for this web component library; content is clearly legitimate Amplify UI code. | ai | |
| source-diff | obfuscated-file:dist/amplify-ui-components/p-49f778d6.system.entry.js | AI (source-diff): SystemJS format minified build output for AWS Amplify UI components. Standard TypeScript helpers and Amplify auth component code; no malicious patterns. | ai | |
| bogus-package | bogus-package | AI (bogus-package): AWS Amplify monorepo sub-package; templated naming, empty loader entry point, and missing metadata are expected patterns for this SDK family, not spam indicators. | ai |
Versions (showing 30 of 30)
| Version | Deps | Published |
|---|---|---|
| 1.9.6 | 2 / 31 | |
| 1.9.5 | 2 / 31 | |
| 1.9.4 | 2 / 31 | |
| 1.9.3 | 2 / 31 | |
| 1.9.2 | 2 / 31 | |
| 1.9.1 | 2 / 31 | |
| 1.8.0 | 2 / 31 | |
| 1.7.5 | 2 / 32 | |
| 1.7.4 | 2 / 32 | |
| 1.6.2 | 2 / 32 | |
| 1.3.2 | 2 / 31 | |
| 1.2.0 | 2 / 31 | |
| 1.1.0 | 2 / 31 | |
| 1.0.4 | 2 / 31 | |
| 1.0.3 | 2 / 31 | |
| 1.0.2 | 2 / 31 | |
| 1.0.1 | 2 / 31 | |
| 0.10.4 | 7 / 31 | |
| 0.10.2 | 7 / 31 | |
| 0.9.6 | 7 / 31 | |
| 0.9.5 | 7 / 31 | |
| 0.9.4 | 7 / 31 | |
| 0.9.3 | 7 / 31 | |
| 0.8.6 | 7 / 31 | |
| 0.8.5 | 7 / 31 | |
| 0.8.4 | 2 / 33 | |
| 0.8.1 | 2 / 33 | |
| 0.7.0 | 2 / 31 | |
| 0.5.1 | 1 / 31 | |
| 0.3.0 | 1 / 29 |
v1.9.6
2 findingsMatched 5 signal(s), weighted score 8: • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'mlabieniec' owns 34 packages, ≥70% share a templated name shape. • [S_README_OFFTOPIC] README contains off-topic promotional content (shorteners, piracy keywords, or book/movie image links). • [S_NO_REPO_NO_HOME] No repository, homepage, or bugs URL — genuine packages almost always link somewhere. • [S_NO_KEYWORDS] No keywords declared. • [S_EMPTY_MAIN] Entry point (dist/index.js) is 48 bytes — effectively empty.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.5
2 findingsMatched 5 signal(s), weighted score 8: • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'mlabieniec' owns 34 packages, ≥70% share a templated name shape. • [S_README_OFFTOPIC] README contains off-topic promotional content (shorteners, piracy keywords, or book/movie image links). • [S_NO_REPO_NO_HOME] No repository, homepage, or bugs URL — genuine packages almost always link somewhere. • [S_NO_KEYWORDS] No keywords declared. • [S_EMPTY_MAIN] Entry point (dist/index.js) is 48 bytes — effectively empty.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.4
2 findingsMatched 5 signal(s), weighted score 8: • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'mlabieniec' owns 34 packages, ≥70% share a templated name shape. • [S_README_OFFTOPIC] README contains off-topic promotional content (shorteners, piracy keywords, or book/movie image links). • [S_NO_REPO_NO_HOME] No repository, homepage, or bugs URL — genuine packages almost always link somewhere. • [S_NO_KEYWORDS] No keywords declared. • [S_EMPTY_MAIN] Entry point (dist/index.js) is 48 bytes — effectively empty.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.3
27 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Matched 5 signal(s), weighted score 8: • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'mlabieniec' owns 34 packages, ≥70% share a templated name shape. • [S_README_OFFTOPIC] README contains off-topic promotional content (shorteners, piracy keywords, or book/movie image links). • [S_NO_REPO_NO_HOME] No repository, homepage, or bugs URL — genuine packages almost always link somewhere. • [S_NO_KEYWORDS] No keywords declared. • [S_EMPTY_MAIN] Entry point (dist/index.js) is 48 bytes — effectively empty.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.2
2 findingsMatched 5 signal(s), weighted score 8: • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'mlabieniec' owns 34 packages, ≥70% share a templated name shape. • [S_README_OFFTOPIC] README contains off-topic promotional content (shorteners, piracy keywords, or book/movie image links). • [S_NO_REPO_NO_HOME] No repository, homepage, or bugs URL — genuine packages almost always link somewhere. • [S_NO_KEYWORDS] No keywords declared. • [S_EMPTY_MAIN] Entry point (dist/index.js) is 48 bytes — effectively empty.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.1
2 findingsMatched 5 signal(s), weighted score 8: • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'mlabieniec' owns 34 packages, ≥70% share a templated name shape. • [S_README_OFFTOPIC] README contains off-topic promotional content (shorteners, piracy keywords, or book/movie image links). • [S_NO_REPO_NO_HOME] No repository, homepage, or bugs URL — genuine packages almost always link somewhere. • [S_NO_KEYWORDS] No keywords declared. • [S_EMPTY_MAIN] Entry point (dist/index.js) is 48 bytes — effectively empty.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.0
2 findingsMatched 5 signal(s), weighted score 8: • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'mlabieniec' owns 34 packages, ≥70% share a templated name shape. • [S_README_OFFTOPIC] README contains off-topic promotional content (shorteners, piracy keywords, or book/movie image links). • [S_NO_REPO_NO_HOME] No repository, homepage, or bugs URL — genuine packages almost always link somewhere. • [S_NO_KEYWORDS] No keywords declared. • [S_EMPTY_MAIN] Entry point (dist/index.js) is 48 bytes — effectively empty.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.5
25 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Matched 5 signal(s), weighted score 8: • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'mlabieniec' owns 34 packages, ≥70% share a templated name shape. • [S_README_OFFTOPIC] README contains off-topic promotional content (shorteners, piracy keywords, or book/movie image links). • [S_NO_REPO_NO_HOME] No repository, homepage, or bugs URL — genuine packages almost always link somewhere. • [S_NO_KEYWORDS] No keywords declared. • [S_EMPTY_MAIN] Entry point (dist/index.js) is 48 bytes — effectively empty.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.4
2 findingsMatched 5 signal(s), weighted score 8: • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'mlabieniec' owns 34 packages, ≥70% share a templated name shape. • [S_README_OFFTOPIC] README contains off-topic promotional content (shorteners, piracy keywords, or book/movie image links). • [S_NO_REPO_NO_HOME] No repository, homepage, or bugs URL — genuine packages almost always link somewhere. • [S_NO_KEYWORDS] No keywords declared. • [S_EMPTY_MAIN] Entry point (dist/index.js) is 48 bytes — effectively empty.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.2
2 findingsMatched 5 signal(s), weighted score 8: • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'mlabieniec' owns 34 packages, ≥70% share a templated name shape. • [S_README_OFFTOPIC] README contains off-topic promotional content (shorteners, piracy keywords, or book/movie image links). • [S_NO_REPO_NO_HOME] No repository, homepage, or bugs URL — genuine packages almost always link somewhere. • [S_NO_KEYWORDS] No keywords declared. • [S_EMPTY_MAIN] Entry point (dist/index.js) is 48 bytes — effectively empty.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.2
2 findingsMatched 5 signal(s), weighted score 8: • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'mlabieniec' owns 34 packages, ≥70% share a templated name shape. • [S_README_OFFTOPIC] README contains off-topic promotional content (shorteners, piracy keywords, or book/movie image links). • [S_NO_REPO_NO_HOME] No repository, homepage, or bugs URL — genuine packages almost always link somewhere. • [S_NO_KEYWORDS] No keywords declared. • [S_EMPTY_MAIN] Entry point (dist/index.js) is 48 bytes — effectively empty.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.0
16 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Matched 5 signal(s), weighted score 8: • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'mlabieniec' owns 34 packages, ≥70% share a templated name shape. • [S_README_OFFTOPIC] README contains off-topic promotional content (shorteners, piracy keywords, or book/movie image links). • [S_NO_REPO_NO_HOME] No repository, homepage, or bugs URL — genuine packages almost always link somewhere. • [S_NO_KEYWORDS] No keywords declared. • [S_EMPTY_MAIN] Entry point (dist/index.js) is 48 bytes — effectively empty.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Matched 5 signal(s), weighted score 8: • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'mlabieniec' owns 34 packages, ≥70% share a templated name shape. • [S_README_OFFTOPIC] README contains off-topic promotional content (shorteners, piracy keywords, or book/movie image links). • [S_NO_REPO_NO_HOME] No repository, homepage, or bugs URL — genuine packages almost always link somewhere. • [S_NO_KEYWORDS] No keywords declared. • [S_EMPTY_MAIN] Entry point (dist/index.js) is 48 bytes — effectively empty.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.4
2 findingsMatched 5 signal(s), weighted score 8: • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'mlabieniec' owns 34 packages, ≥70% share a templated name shape. • [S_README_OFFTOPIC] README contains off-topic promotional content (shorteners, piracy keywords, or book/movie image links). • [S_NO_REPO_NO_HOME] No repository, homepage, or bugs URL — genuine packages almost always link somewhere. • [S_NO_KEYWORDS] No keywords declared. • [S_EMPTY_MAIN] Entry point (dist/index.js) is 48 bytes — effectively empty.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.3
2 findingsMatched 5 signal(s), weighted score 8: • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'mlabieniec' owns 34 packages, ≥70% share a templated name shape. • [S_README_OFFTOPIC] README contains off-topic promotional content (shorteners, piracy keywords, or book/movie image links). • [S_NO_REPO_NO_HOME] No repository, homepage, or bugs URL — genuine packages almost always link somewhere. • [S_NO_KEYWORDS] No keywords declared. • [S_EMPTY_MAIN] Entry point (dist/index.js) is 48 bytes — effectively empty.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.2
2 findingsMatched 5 signal(s), weighted score 8: • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'mlabieniec' owns 34 packages, ≥70% share a templated name shape. • [S_README_OFFTOPIC] README contains off-topic promotional content (shorteners, piracy keywords, or book/movie image links). • [S_NO_REPO_NO_HOME] No repository, homepage, or bugs URL — genuine packages almost always link somewhere. • [S_NO_KEYWORDS] No keywords declared. • [S_EMPTY_MAIN] Entry point (dist/index.js) is 48 bytes — effectively empty.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.1
2 findingsMatched 5 signal(s), weighted score 8: • [S_PUBLISHER_MASS_PRODUCTION] Maintainer 'mlabieniec' owns 34 packages, ≥70% share a templated name shape. • [S_README_OFFTOPIC] README contains off-topic promotional content (shorteners, piracy keywords, or book/movie image links). • [S_NO_REPO_NO_HOME] No repository, homepage, or bugs URL — genuine packages almost always link somewhere. • [S_NO_KEYWORDS] No keywords declared. • [S_EMPTY_MAIN] Entry point (dist/index.js) is 48 bytes — effectively empty.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.2
25 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.5
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.4
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.0
25 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.1
22 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.