@bastani/atomic
Configuration management CLI and SDK for coding agents
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/modes/interactive/components/daxnuts.js | AI (source-diff): Hex-encoded RGB pixel data for an easter-egg image render, not executable steganography. | ai | |
| source-diff | obfuscated-file:dist/builtin/mcp/app-bridge.bundle.js | AI (source-diff): Standard minified bundle of MCP SDK and zod; not obfuscated malware. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): Windows toast notification helper in examples/; expected use of child_process. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): Used to load DOOM JS module in examples/; not in production code path. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): Localhost OAuth callback URI (127.0.0.1:8080) in example extension; benign. | ai | |
| semgrep | semgrep:steganography-image-eval | AI (semgrep): DOOM WAD file loader in examples/ directory; not production code path. | ai | |
| source-diff | obfuscated-file:dist/services/config/additional-instructions.d.ts | AI (source-diff): Long line is a readable Markdown string literal for AI agent instructions, not obfuscated code. | ai | |
| source-diff | source-size-dropped | AI (source-diff): Source shrinkage reflects intentional refactor to platform-specific binary packages, not malicious stubbing. | ai | |
| install-scripts | install-script:postinstall | AI (install-scripts): Postinstall selects platform-specific prebuilt binary from optional deps — standard native binary distribution pattern. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): Spreading process.env into child_process spawn options is standard CLI practice; not exfiltration. | ai | |
| phantom-deps | phantom-dep:commander | AI (phantom-deps): commander is a declared dependency; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:yaml | AI (phantom-deps): yaml is a declared dependency; phantom-dep heuristic false positive for this package. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Base64 decode in orchestrator-entry is a documented deserialization pattern, not payload hiding. | ai |
Versions (showing 51 of 83)
| Version | Deps | Published |
|---|---|---|
| 0.8.25 | 28 / 10 | |
| 0.8.23 | 26 / 10 | |
| 0.8.22 | 26 / 10 | |
| 0.8.21 | 26 / 10 | |
| 0.8.20 | 26 / 10 | |
| 0.8.19 | 26 / 10 | |
| 0.8.18 | 26 / 10 | |
| 0.8.17 | 26 / 10 | |
| 0.8.16 | 26 / 10 | |
| 0.8.15 | 26 / 10 | |
| 0.8.14 | 26 / 10 | |
| 0.8.13 | 26 / 10 | |
| 0.8.12 | 26 / 10 | |
| 0.8.11 | 25 / 9 | |
| 0.8.10 | 25 / 9 | |
| 0.8.9 | 25 / 9 | |
| 0.8.8 | 25 / 9 | |
| 0.8.7 | 25 / 9 | |
| 0.8.6 | 25 / 9 | |
| 0.8.5 | 25 / 9 | |
| 0.8.4 | 25 / 9 | |
| 0.8.3 | 25 / 9 | |
| 0.8.2 | 25 / 9 | |
| 0.8.1 | 25 / 9 | |
| 0.7.17 | 0 / 0 | |
| 0.7.16 | 0 / 0 | |
| 0.7.15 | 0 / 0 | |
| 0.7.14 | 0 / 0 | |
| 0.7.13 | 0 / 0 | |
| 0.7.12 | 0 / 0 | |
| 0.7.11 | 0 / 0 | |
| 0.7.10 | 0 / 0 | |
| 0.7.9 | 0 / 0 | |
| 0.7.8 | 0 / 0 | |
| 0.7.7 | 0 / 0 | |
| 0.7.6 | 0 / 0 | |
| 0.7.5 | 0 / 0 | |
| 0.7.4 | 0 / 0 | |
| 0.7.3 | 0 / 0 | |
| 0.7.2 | 0 / 0 | |
| 0.7.1 | 0 / 0 | |
| 0.7.0 | 0 / 0 | |
| 0.6.5 | 13 / 6 | |
| 0.6.4 | 13 / 6 | |
| 0.6.3 | 11 / 6 | |
| 0.6.2 | 11 / 6 | |
| 0.6.1 | 11 / 6 | |
| 0.6.0 | 11 / 6 | |
| 0.5.34 | 11 / 6 | |
| 0.5.33 | 11 / 6 | |
| 0.5.32 | 11 / 6 |
v0.8.25
4 findingsPackage contains compiled binaries that could be backdoors: • node_modules/@earendil-works/pi-tui/native/darwin/prebuilds/darwin-arm64/darwin-modifiers.node • node_modules/@earendil-works/pi-tui/native/darwin/prebuilds/darwin-x64/darwin-modifiers.node • node_modules/@earendil-works/pi-tui/native/win32/prebuilds/win32-arm64/win32-console-mode.node • node_modules/@earendil-works/pi-tui/native/win32/prebuilds/win32-x64/win32-console-mode.node
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/bastani-inc/atomic/blob/1a55d39b22391b4fca15312d268b3621297e9b8e/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.23
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/bastani-inc/atomic/blob/d662f984f2465015dd2493585354f49c94729ef2/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.22
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/bastani-inc/atomic/blob/1e72c727758473fdf7506644fd16f1d488cab1d7/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.21
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/flora131/atomic/blob/f81ab4c96792199b8c76f7baba639e7fb41533d0/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.20
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/flora131/atomic/blob/b0bdfe5843a1bb7322fad27562dd5fa3d4af040e/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.19
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/flora131/atomic/blob/4c6afa8d1f510764ba6827df5dffe2d1018437cd/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.18
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/flora131/atomic/blob/53cfe787c82ee932bb2d8227e3f9f5e4d61de2dd/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.17
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/flora131/atomic/blob/f235f8d4319d87ef0dcb9485066d3af8c6a5a013/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.16
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/flora131/atomic/blob/6dad1c42bf83036ae8c1986dae043f519b1eec4d/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.15
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/flora131/atomic/blob/c81ba2a2eec4b99a13dd3ef1fc50dd5e46688e6e/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.14
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/flora131/atomic/blob/167c67cac6cb1b1ed8b14d69f4ea2e781e950ef6/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.13
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/flora131/atomic/blob/0e0d1c9f67fab1001a0a5a4fdf48d9155fa7d288/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.12
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/flora131/atomic/blob/d3eed091944a36b57638da8d882b3fc2bc31ed05/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.11
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/flora131/atomic/blob/c156d53fcc87b68fab38cab2d594a755fe3e34cf/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.10
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/flora131/atomic/blob/ea3d7e62c838b804e5fb72a7a7ee703399ebcfd6/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.9
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/flora131/atomic/blob/f1c4c9860773c5df11e3f0af9b209a315636ab3a/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.8
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/flora131/atomic/blob/12316e0a1b610c0b9d86202f5f9f59df7731d8aa/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.7
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/flora131/atomic/blob/409ed5964c6464010e58ce8e72d23cbc2d4eee77/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.6
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/flora131/atomic/blob/8888ddc6c352c72dceafa1cfafd72ea09c08685b/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.5
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/flora131/atomic/blob/a378c715c42f8a1546da02703b3ad2670db815df/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.4
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/flora131/atomic/blob/881dc34eb85c3e67408f15ebf5f63018b8ae20ee/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.3
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/flora131/atomic/blob/d1348f3a11c28669cc9e2725277966c1bbb97e80/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.2
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/flora131/atomic/blob/edd37f985b7f1037b2053b919c0c302366aa3a3d/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.1
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Data read from image file then executed — steganography attack pattern Source: https://github.com/flora131/atomic/blob/ba54fb1697f25e63eee7477a1d73b55954c693ea/examples/extensions/doom-overlay/doom-engine.ts#L58 56 | 57 | // Read WAD file > 58 | const wadData = readFileSync(this.wadPath); 59 | const wadArray = Array.from(new Uint8Array(wadData)); 60 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.17
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.16
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.1
2 findingsScript: node ./postinstall.mjs
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.0
2 findingsScript: node ./postinstall.mjs
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.4
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.34
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.33
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.32
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.