← Home

@babylonlabs-io/wallet-connector

npm Repository Homepage

<p align="center"> <img alt="Babylon Logo" src="https://github.com/user-attachments/assets/dc74271e-90f1-44bd-9122-2b7438ab375c" width="100" /> <h3 align="center">@babylonlabs-io/wallet-connector</h3> <p align="cent

10
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

filippos47vitsaliscoinspect-security-audits

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff net-exec-file:dist/index-D6jPMPYO.cjs AI (source-diff): Network calls and dynamic code are part of the wallet connector's legitimate functionality (wagmi, appkit, react). ai
source-diff obfuscated-file:dist/ccip-B7QqUTpV.cjs AI (source-diff): Minified CCIP (cross-chain interoperability) utility bundle using viem ABI helpers. ai
source-diff obfuscated-file:dist/secp256k1-CVorY38p.cjs AI (source-diff): Minified secp256k1 crypto utility bundle; no malicious indicators. ai
source-diff obfuscated-file:dist/index.es-B0NSBUaz.js AI (source-diff): Standard Vite minified ES bundle output. ai
source-diff obfuscated-file:dist/index.es-Cj5bKvuz.cjs AI (source-diff): Standard Vite minified ES/CJS bundle output. ai
source-diff obfuscated-file:dist/index-D6jPMPYO.cjs AI (source-diff): Standard Vite minified CJS bundle; legitimate imports visible in sample. ai
source-diff obfuscated-file:dist/index-4cPSN8p2.js AI (source-diff): Standard Vite minified bundle output for this UI library; consistent across versions. ai
source-diff net-exec-file:dist/index-4cPSN8p2.js AI (source-diff): Same as CJS counterpart; legitimate wallet UI bundle. ai
source-diff obfuscated-file:dist/index.es-C454a9ix.cjs AI (source-diff): Standard Vite minified bundle output. ai
source-diff obfuscated-file:dist/index.es-B8_HAHr3.js AI (source-diff): Standard Vite minified ES module bundle output. ai
source-diff net-exec-file:dist/index-8R0n76uT.js AI (source-diff): Network calls are wallet connector functionality; no dropper indicators in sample. ai
source-diff obfuscated-file:dist/index-8R0n76uT.js AI (source-diff): Standard Vite minified ESM bundle; sample shows legitimate imports. ai
source-diff obfuscated-file:dist/secp256k1-CXMvn1pK.cjs AI (source-diff): Standard minified secp256k1 crypto library bundle. ai
source-diff net-exec-file:dist/index-C4iw3aLI.cjs AI (source-diff): Network calls and dynamic code are part of wallet connector functionality, not dropper behavior. ai
source-diff obfuscated-file:dist/index-C4iw3aLI.cjs AI (source-diff): Standard Vite minified bundle; sample shows legitimate React/bitcoinjs-lib imports. ai
source-diff obfuscated-file:dist/ccip-CR8hTCY_.cjs AI (source-diff): Standard Vite minified bundle output; readable library code visible in sample. ai
source-diff net-exec-file:dist/index-CimUxTnr.cjs AI (source-diff): Network calls and dynamic code are part of wallet/web3 library functionality, not dropper behavior. ai
source-diff obfuscated-file:dist/index.es-DD3ceGQP.js AI (source-diff): Standard Vite/Rollup minified ESM bundle; readable imports confirm legitimate library code. ai
source-diff obfuscated-file:dist/secp256k1-B8leStnL.cjs AI (source-diff): secp256k1 crypto utility bundle; standard minified output, no obfuscation indicators. ai
source-diff obfuscated-file:dist/index.es-DfrThCn7.cjs AI (source-diff): Standard Vite/Rollup minified CJS bundle; readable imports confirm legitimate library code. ai
source-diff obfuscated-file:dist/ccip-DsbtSjwq.cjs AI (source-diff): CCIP (Cross-Chain Interoperability Protocol) helper bundle; standard minified output from viem. ai
source-diff net-exec-file:dist/index-BgODs1bn.js AI (source-diff): Network calls and dynamic code are part of wallet/web3 library functionality, not dropper behavior. ai
source-diff obfuscated-file:dist/index-BgODs1bn.js AI (source-diff): Standard Vite/Rollup minified ESM bundle; readable imports confirm legitimate library code. ai
source-diff obfuscated-file:dist/index-CimUxTnr.cjs AI (source-diff): Standard Vite/Rollup minified bundle; readable imports confirm legitimate library code. ai
source-diff obfuscated-file:dist/index-CZSOzuWw.cjs AI (source-diff): Standard Vite/Rollup minified bundle output; readable imports confirm legitimate library code. ai
source-diff net-exec-file:dist/index-CVx0YNJ7.js AI (source-diff): Network calls and dynamic code are part of bundled React/wagmi/viem wallet connector logic, not dropper behavior. ai
source-diff net-exec-file:dist/index-CZSOzuWw.cjs AI (source-diff): Network calls and dynamic code are part of bundled React/wagmi/viem wallet connector logic, not dropper behavior. ai
source-diff obfuscated-file:dist/index-CVx0YNJ7.js AI (source-diff): Standard Vite/Rollup minified bundle output; readable imports confirm legitimate library code. ai
source-diff obfuscated-file:dist/ccip-Krlf5iO0.cjs AI (source-diff): Standard Vite/Rollup minified bundle output for CCIP/viem utilities. ai
source-diff obfuscated-file:dist/secp256k1-D71pPY4M.cjs AI (source-diff): Standard Vite/Rollup minified bundle output for secp256k1 crypto library. ai
source-diff obfuscated-file:dist/index.es-D47Rgs6T.js AI (source-diff): Standard Vite/Rollup minified bundle output. ai
source-diff obfuscated-file:dist/index.es-9sjsiUiW.cjs AI (source-diff): Standard Vite/Rollup minified bundle output. ai
source-diff obfuscated-file:dist/secp256k1-CVHzVjhQ.cjs AI (source-diff): Minified secp256k1 crypto library bundle; standard cryptographic utility code. ai
source-diff obfuscated-file:dist/ccip-DWEKJHXV.cjs AI (source-diff): Standard Vite/Rollup minified bundle output; content is viem CCIP/ABI utilities. ai
source-diff obfuscated-file:dist/index-C1KVyqqg.cjs AI (source-diff): Standard Vite/Rollup minified bundle; imports React, bitcoinjs-lib, wagmi etc. ai
source-diff net-exec-file:dist/index-C1KVyqqg.cjs AI (source-diff): Network+exec pattern is wallet UI code (fetch + dynamic React rendering), not dropper. ai
source-diff obfuscated-file:dist/index.es-CPB2U0f3.cjs AI (source-diff): Minified Vite bundle; content is IndexedDB keyval store and browser detection utilities. ai
source-diff obfuscated-file:dist/index-BKaxs6_K.js AI (source-diff): Minified ESM bundle; imports are all declared dependencies (React, viem, wagmi, etc.). ai
source-diff net-exec-file:dist/index-BKaxs6_K.js AI (source-diff): Same bundle as above; network+exec is wallet UI functionality, not malware. ai
source-diff obfuscated-file:dist/index.es-chrz-G5z.js AI (source-diff): Minified ES module chunk; content is IndexedDB and wallet adapter code. ai
source-diff obfuscated-file:dist/index-xE5i5mBH.cjs AI (source-diff): Standard Vite/Rollup minified bundle; imports are all known legitimate packages. ai
source-diff net-exec-file:dist/index-DfZOjbuV.js AI (source-diff): Network calls are wallet/blockchain RPC; dynamic code execution is standard JS runtime patterns in bundled React app. ai
source-diff net-exec-file:dist/index-xE5i5mBH.cjs AI (source-diff): Network calls are wallet/blockchain RPC; dynamic code execution is standard JS runtime patterns in bundled React app. ai
source-diff obfuscated-file:dist/secp256k1-CZ7cTpkm.cjs AI (source-diff): Standard Vite/Rollup minified secp256k1 crypto bundle; no malicious patterns. ai
source-diff obfuscated-file:dist/ccip-BrLh-ChO.cjs AI (source-diff): Standard Vite/Rollup minified bundle for CCIP functionality; no malicious patterns. ai
source-diff obfuscated-file:dist/index.es-NV3wnnpb.js AI (source-diff): Standard Vite/Rollup minified bundle; imports are all known legitimate packages. ai
source-diff obfuscated-file:dist/index.es-D1LcBZeN.cjs AI (source-diff): Standard Vite/Rollup minified bundle; imports are all known legitimate packages. ai
source-diff obfuscated-file:dist/index-DfZOjbuV.js AI (source-diff): Standard Vite/Rollup minified bundle; imports are all known legitimate packages. ai
source-diff net-exec-file:dist/index-BUjsOmbp.cjs AI (source-diff): Network calls and dynamic code are from bundled React/viem/wagmi; no dropper pattern present. ai
source-diff obfuscated-file:dist/index.es-wq3LhVSW.js AI (source-diff): ESM secondary chunk; readable indexedDB/wallet code, standard build artifact. ai
source-diff obfuscated-file:dist/secp256k1-DCDtzPuN.cjs AI (source-diff): secp256k1 crypto chunk; readable hex/Uint8Array utilities, standard build artifact. ai
source-diff obfuscated-file:dist/index.es-T93b537C.cjs AI (source-diff): Secondary CJS chunk from Vite build; legitimate minified output. ai
source-diff obfuscated-file:dist/ccip-jaCYu6p4.cjs AI (source-diff): CCIP (viem cross-chain interop) chunk; readable ABI-decoding code, standard build artifact. ai
source-diff net-exec-file:dist/index-yDauTEPa.js AI (source-diff): Same bundle as CJS variant; no malicious pattern. ai
source-diff obfuscated-file:dist/index-yDauTEPa.js AI (source-diff): ESM variant of the same Vite bundle; same legitimate minified output. ai
source-diff obfuscated-file:dist/index-BUjsOmbp.cjs AI (source-diff): Standard Vite/Rollup minified bundle; readable named imports confirm legitimate build output. ai
phantom-deps phantom-dep:bip174 AI (phantom-deps): Wallet connector library; deps declared for consumer use, not direct import. ai
phantom-deps phantom-dep:@keplr-wallet/provider-extension AI (phantom-deps): Wallet connector library; deps declared for consumer use, not direct import. ai
phantom-deps phantom-dep:@bitcoin-js/tiny-secp256k1-asmjs AI (phantom-deps): Wallet connector library; deps declared for consumer use, not direct import. ai
phantom-deps phantom-dep:@ledgerhq/hw-transport-webusb AI (phantom-deps): Wallet connector library; deps declared for consumer use, not direct import. ai
phantom-deps phantom-dep:@ledgerhq/hw-transport-webhid AI (phantom-deps): Wallet connector library; deps declared for consumer use, not direct import. ai
phantom-deps phantom-dep:@tomo-inc/wallet-connect-sdk AI (phantom-deps): Wallet connector library; deps declared for consumer use, not direct import. ai
phantom-deps phantom-dep:@reown/appkit-adapter-wagmi AI (phantom-deps): Wallet connector library; deps declared for consumer use, not direct import. ai
phantom-deps phantom-dep:@keystonehq/keystone-sdk AI (phantom-deps): Wallet connector library; deps declared for consumer use, not direct import. ai
phantom-deps phantom-dep:@keystonehq/animated-qr AI (phantom-deps): Wallet connector library; deps declared for consumer use, not direct import. ai
phantom-deps phantom-dep:@scure/btc-signer AI (phantom-deps): Wallet connector library; deps declared for consumer use, not direct import. ai
phantom-deps phantom-dep:@keystonehq/sdk AI (phantom-deps): Wallet connector library; deps declared for consumer use, not direct import. ai
phantom-deps phantom-dep:@scure/bip32 AI (phantom-deps): Wallet connector library; deps declared for consumer use, not direct import. ai
phantom-deps phantom-dep:usehooks-ts AI (phantom-deps): Wallet connector library; deps declared for consumer use, not direct import. ai
phantom-deps phantom-dep:buffer AI (phantom-deps): Wallet connector library; deps declared for consumer use, not direct import. ai
phantom-deps phantom-dep:uuid AI (phantom-deps): Wallet connector library; deps declared for consumer use, not direct import. ai

Versions (showing 10 of 10)

Version Deps Published
1.50.2 26 / 47
1.50.1 26 / 47
1.49.3 26 / 47
1.49.2 26 / 47
1.49.1 26 / 47
1.48.0 26 / 47
1.47.11 26 / 47
1.47.4 26 / 47
1.47.2 26 / 47
1.46.0 26 / 47

v1.50.2

9 findings
HIGH New obfuscated file: dist/ccip-B7QqUTpV.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-D6jPMPYO.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-D6jPMPYO.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/index.es-Cj5bKvuz.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/secp256k1-CVorY38p.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-4cPSN8p2.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-4cPSN8p2.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/index.es-B0NSBUaz.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.50.1

9 findings
HIGH New obfuscated file: dist/ccip-B7QqUTpV.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-D6jPMPYO.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-D6jPMPYO.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/index.es-Cj5bKvuz.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/secp256k1-CVorY38p.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-4cPSN8p2.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-4cPSN8p2.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/index.es-B0NSBUaz.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.49.3

9 findings
HIGH New obfuscated file: dist/ccip-CR8hTCY_.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-C4iw3aLI.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-C4iw3aLI.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/index.es-C454a9ix.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/secp256k1-CXMvn1pK.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-8R0n76uT.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-8R0n76uT.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/index.es-B8_HAHr3.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.49.2

9 findings
HIGH New obfuscated file: dist/ccip-CR8hTCY_.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-C4iw3aLI.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-C4iw3aLI.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/index.es-C454a9ix.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/secp256k1-CXMvn1pK.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-8R0n76uT.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-8R0n76uT.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/index.es-B8_HAHr3.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.49.1

9 findings
HIGH New obfuscated file: dist/ccip-Krlf5iO0.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-CZSOzuWw.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-CZSOzuWw.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/index.es-9sjsiUiW.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/secp256k1-D71pPY4M.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-CVx0YNJ7.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-CVx0YNJ7.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/index.es-D47Rgs6T.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.48.0

9 findings
HIGH New obfuscated file: dist/ccip-DsbtSjwq.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-CimUxTnr.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-CimUxTnr.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/index.es-DfrThCn7.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/secp256k1-B8leStnL.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-BgODs1bn.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-BgODs1bn.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/index.es-DD3ceGQP.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.47.11

9 findings
HIGH New obfuscated file: dist/ccip-DWEKJHXV.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-C1KVyqqg.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-C1KVyqqg.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/index.es-CPB2U0f3.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/secp256k1-CVHzVjhQ.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-BKaxs6_K.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-BKaxs6_K.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/index.es-chrz-G5z.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.47.4

9 findings
HIGH New obfuscated file: dist/ccip-BrLh-ChO.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-xE5i5mBH.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-xE5i5mBH.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/index.es-D1LcBZeN.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/secp256k1-CZ7cTpkm.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-DfZOjbuV.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-DfZOjbuV.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/index.es-NV3wnnpb.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.47.2

9 findings
HIGH New obfuscated file: dist/ccip-jaCYu6p4.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-BUjsOmbp.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-BUjsOmbp.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/index.es-T93b537C.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/secp256k1-DCDtzPuN.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-yDauTEPa.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-yDauTEPa.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/index.es-wq3LhVSW.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.