@axlsdk/studio
Local development UI for debugging, testing, and iterating on Axl agents and workflows
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/client/assets/index-B90nxXYQ.js | AI (source-diff): Vite-bundled React client asset; minification is expected for this UI package across all versions. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-CyKf66AB.js | AI (source-diff): Standard Vite/React minified client bundle; expected artifact for this UI tool package. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-DG2zy3iH.js | AI (source-diff): Vite-built React frontend bundle; minification is expected for this local dev UI package. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-NlCaqWar.js | AI (source-diff): Standard Vite/React minified bundle for a local dev UI; not obfuscated, just minified frontend code. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-BrlZeXxk.js | AI (source-diff): Standard Vite/React minified client bundle; recognizable React runtime code in sample, consistent with package purpose. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-jeUeToM_.js | AI (source-diff): Standard Vite-minified React bundle; React JSX runtime license header confirms legitimate build output. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-CO-ZIHXe.js | AI (source-diff): Standard Vite-minified React client bundle; readable code visible in sample, consistent with package's dev-UI purpose. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-C_uwupnn.js | AI (source-diff): Vite-bundled React frontend; minified client bundle is expected for this dev UI package. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-ClajLxib.js | AI (source-diff): Vite-bundled client assets; minification is standard for this UI package across all versions. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase matches addition of new Vite client bundle assets; expected for a UI package. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-Cskx93hn.js | AI (source-diff): Standard Vite-minified React client bundle; expected output for a UI dev tool package. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-Bzr3vDPz.js | AI (source-diff): Standard Vite-minified React client bundle; expected artifact for this UI package. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-rvds50cZ.js | AI (source-diff): Vite-bundled React frontend; minified output is expected for this UI package. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-ByMCmhZs.js | AI (source-diff): Standard Vite-minified React bundle for a local dev UI; not obfuscated, just minified build output. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-CwdbiyOq.js | AI (source-diff): Standard Vite-minified React bundle for a local dev UI; minification is expected for this package type. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-gjca8nbH.js | AI (source-diff): Standard Vite-minified React client bundle for a dev-tools UI; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-C3yGF34O.js | AI (source-diff): Vite-bundled React client app; minified client assets are expected for this UI tool package. | ai | |
| phantom-deps | phantom-dep:tsx | AI (phantom-deps): tsx is a declared runtime dependency used in CLI scripts; phantom-dep heuristic is a false positive here. | ai | |
| source-diff | obfuscated-file:dist/client/assets/index-BQ1ke8OZ.js | AI (source-diff): Vite-minified React client bundle; expected output for this UI dev tool package. | ai | |
| provenance | no-provenance | AI (provenance): Young SDK package; lack of provenance is common and no other risk signals present. | ai |
Versions (showing 54 of 54)
| Version | Deps | Published |
|---|---|---|
| 0.18.2 | 6 / 23 | |
| 0.18.1 | 6 / 23 | |
| 0.18.0 | 6 / 23 | |
| 0.17.9 | 6 / 23 | |
| 0.17.8 | 6 / 23 | |
| 0.17.7 | 6 / 23 | |
| 0.17.6 | 6 / 23 | |
| 0.17.5 | 6 / 23 | |
| 0.17.4 | 6 / 23 | |
| 0.17.3 | 6 / 23 | |
| 0.17.2 | 6 / 23 | |
| 0.17.1 | 6 / 23 | |
| 0.17.0 | 6 / 23 | |
| 0.16.1 | 6 / 23 | |
| 0.16.0 | 6 / 23 | |
| 0.15.0 | 6 / 23 | |
| 0.14.0 | 6 / 19 | |
| 0.13.8 | 6 / 19 | |
| 0.13.7 | 6 / 19 | |
| 0.13.6 | 6 / 19 | |
| 0.13.5 | 6 / 19 | |
| 0.13.4 | 6 / 19 | |
| 0.13.3 | 6 / 19 | |
| 0.13.2 | 6 / 19 | |
| 0.13.1 | 6 / 19 | |
| 0.13.0 | 6 / 19 | |
| 0.12.0 | 6 / 19 | |
| 0.11.6 | 6 / 19 | |
| 0.11.5 | 6 / 19 | |
| 0.11.4 | 6 / 19 | |
| 0.11.3 | 6 / 19 | |
| 0.11.2 | 6 / 19 | |
| 0.11.1 | 6 / 19 | |
| 0.11.0 | 6 / 19 | |
| 0.10.4 | 6 / 19 | |
| 0.10.3 | 6 / 19 | |
| 0.10.2 | 6 / 19 | |
| 0.10.1 | 6 / 19 | |
| 0.10.0 | 6 / 19 | |
| 0.9.1 | 5 / 18 | |
| 0.9.0 | 5 / 18 | |
| 0.8.0 | 5 / 18 | |
| 0.7.6 | 5 / 18 | |
| 0.7.5 | 5 / 18 | |
| 0.7.4 | 5 / 18 | |
| 0.7.3 | 5 / 18 | |
| 0.7.2 | 5 / 18 | |
| 0.7.1 | 5 / 18 | |
| 0.7.0 | 5 / 18 | |
| 0.6.0 | 5 / 18 | |
| 0.5.0 | 5 / 18 | |
| 0.4.0 | 5 / 18 | |
| 0.3.0 | 5 / 18 | |
| 0.2.0 | 5 / 18 |
v0.18.2
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.18.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.18.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.9
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.8
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.7
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.6
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.5
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.4
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.3
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.2
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.16.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.8
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.7
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.6
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.5
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.4
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.3
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.2
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.6
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.5
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.10.4
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.3
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.2
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.2.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.