← Home

@basis-theory/react-agentic

npm
16
Versions
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

lcschybriangonzalezatbtdhudecdavi.basistheoryarmsteadj1matthew_basistheorybt-platformjleon15kevinperaza-btgreathouse-bt

Keywords

reactpaymentlibrarybasistheorypcicompliance

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/InstructionVerificationModal-CNoOUoD9.js AI (source-diff): Standard Vite minified bundle output; readable React component logic visible in sample. ai
source-diff obfuscated-file:dist/EnrollmentVerificationModal-DtQK2o_m.js AI (source-diff): Standard Vite minified bundle output; readable React component logic visible in sample. ai
source-diff obfuscated-file:dist/index-rC7V-IQa.js AI (source-diff): Standard Vite minified bundle output; source maps included; no malicious patterns. ai
source-diff obfuscated-file:dist/EnrollmentVerificationModal-DqVzURof.js AI (source-diff): Standard Vite minified bundle output; readable React component logic, no malicious patterns. ai
source-diff obfuscated-file:dist/InstructionVerificationModal-BlqftaLv.js AI (source-diff): Standard Vite minified bundle output; readable React modal component logic, no malicious patterns. ai
source-diff obfuscated-file:dist/index-DdFZFJTC.js AI (source-diff): Standard Vite minified bundle; contains Visa passkey iframe integration consistent with payment library purpose. ai
source-diff obfuscated-file:dist/InstructionVerificationModal-CbXwWobl.js AI (source-diff): Standard Vite minified React modal component; no malicious patterns. ai
source-diff obfuscated-file:dist/EnrollmentVerificationModal-DYeHwPe6.js AI (source-diff): Standard Vite minified React output; readable logic, no malicious patterns. ai
source-diff obfuscated-file:dist/index-DdHc7gGZ.js AI (source-diff): Vite bundle with Visa passkey SDK integration; hardcoded API keys are vendor credentials, not exfiltration. ai
source-diff obfuscated-file:dist/EnrollmentVerificationModal-yTeZZfQ9.js AI (source-diff): Standard Vite minified build output; readable React UI code for payment verification flows. ai
source-diff obfuscated-file:dist/index-mqdkV64H.js AI (source-diff): Standard Vite minified bundle; contains Visa passkey iframe integration consistent with package purpose. ai
source-diff obfuscated-file:dist/InstructionVerificationModal-DePhTOPC.js AI (source-diff): Standard Vite minified build output; readable React modal component for instruction verification. ai
source-diff obfuscated-file:dist/EnrollmentVerificationModal-B17x5lVJ.js AI (source-diff): Standard Vite minified React component; readable logic, no malicious payload. ai
source-diff obfuscated-file:dist/index-BoGJabiM.js AI (source-diff): Minified bundle with Visa SDK iframe integration; consistent with payment library purpose. ai
source-diff obfuscated-file:dist/InstructionVerificationModal-7lpWhePk.js AI (source-diff): Standard Vite minified React modal component; no obfuscation or malicious patterns. ai
source-diff obfuscated-file:dist/InstructionVerificationModal-jX4IQ9Pc.js AI (source-diff): Standard Vite minified React modal component; code logic is transparent and benign. ai
source-diff obfuscated-file:dist/index-DvgPb9ix.js AI (source-diff): Vite bundle with Visa SDK integration; hardcoded API keys are Visa SDK credentials, not malicious. ai
source-diff obfuscated-file:dist/EnrollmentVerificationModal-C72AlMXN.js AI (source-diff): Standard Vite minified React component output; code is readable and benign. ai
source-diff obfuscated-file:dist/EnrollmentVerificationModal-BW4cyA40.js AI (source-diff): Standard Vite minified bundle output; code is readable React JSX with no malicious patterns. ai
source-diff obfuscated-file:dist/index-BsKyAAxb.js AI (source-diff): Standard Vite minified bundle; contains Visa/Mastercard iframe integration consistent with package purpose. ai
source-diff obfuscated-file:dist/InstructionVerificationModal-BsOIsvcy.js AI (source-diff): Standard Vite minified bundle output; code is readable React JSX with no malicious patterns. ai
source-diff obfuscated-file:dist/InstructionVerificationModal-tMWFXHR3.js AI (source-diff): Standard Vite minified React bundle; readable modal step logic, no malicious patterns. ai
source-diff obfuscated-file:dist/index-DXckebn8.js AI (source-diff): Standard Vite minified bundle; contains Visa/Mastercard passkey SDK integration, readable and expected for this package. ai
source-diff obfuscated-file:dist/EnrollmentVerificationModal-CqOT1ZZ_.js AI (source-diff): Standard Vite minified React bundle; readable JSX logic, no malicious patterns. ai
source-diff obfuscated-file:dist/InstructionVerificationModal-BtaK7Me-.js AI (source-diff): Standard Vite minified build output; readable React modal component logic in sample. ai
source-diff obfuscated-file:dist/index-DqgDcS2O.js AI (source-diff): Standard Vite minified bundle; Visa passkey SDK integration consistent with package purpose. ai
source-diff obfuscated-file:dist/EnrollmentVerificationModal-C3fVSSoq.js AI (source-diff): Standard Vite minified build output; readable React component logic visible in sample, no obfuscation. ai

Versions (showing 16 of 16)

Version Deps Published
2.0.1 0 / 28
2.0.0 0 / 28
1.8.0 0 / 28
1.7.0 0 / 28
1.6.0 0 / 28
1.5.0 0 / 28
1.4.0 0 / 28
1.3.1 0 / 28
1.3.0 0 / 28
1.2.0 0 / 28
1.1.0 0 / 28
1.0.3 0 / 28
1.0.2 0 / 28
1.0.1 0 / 28
1.0.0 0 / 28
0.1.0 0 / 28

v2.0.1

4 findings
HIGH New obfuscated file: dist/EnrollmentVerificationModal-DqVzURof.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-DdFZFJTC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/InstructionVerificationModal-BlqftaLv.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.0.0

4 findings
HIGH New obfuscated file: dist/EnrollmentVerificationModal-DtQK2o_m.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-rC7V-IQa.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/InstructionVerificationModal-CNoOUoD9.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.8.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.7.0

4 findings
HIGH New obfuscated file: dist/EnrollmentVerificationModal-DYeHwPe6.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-DdHc7gGZ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/InstructionVerificationModal-CbXwWobl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.6.0

4 findings
HIGH New obfuscated file: dist/EnrollmentVerificationModal-C72AlMXN.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-DvgPb9ix.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/InstructionVerificationModal-jX4IQ9Pc.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.0

4 findings
HIGH New obfuscated file: dist/EnrollmentVerificationModal-B17x5lVJ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-BoGJabiM.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/InstructionVerificationModal-7lpWhePk.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.0

4 findings
HIGH New obfuscated file: dist/EnrollmentVerificationModal-CqOT1ZZ_.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-DXckebn8.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/InstructionVerificationModal-tMWFXHR3.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.3.1

4 findings
HIGH New obfuscated file: dist/EnrollmentVerificationModal-C3fVSSoq.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-DqgDcS2O.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/InstructionVerificationModal-BtaK7Me-.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.3.0

4 findings
HIGH New obfuscated file: dist/EnrollmentVerificationModal-yTeZZfQ9.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-mqdkV64H.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/InstructionVerificationModal-DePhTOPC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.2.0

4 findings
HIGH New obfuscated file: dist/EnrollmentVerificationModal-BW4cyA40.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-BsKyAAxb.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/InstructionVerificationModal-BsOIsvcy.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.