@bigbinary/neeto-team-members-frontend

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

neerajdotnamebigbinarybotneetohq

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/Permissions-DivtWVTW.js	AI (source-diff): Standard Rollup minified build output for this frontend component library; consistent pattern across all versions.	ai	2026/06/05
source-diff	obfuscated-file:dist/Permissions-DznO_Jeu.js	AI (source-diff): Standard Rollup minified build output for this frontend component library; consistent pattern across all versions.	ai	2026/06/05
source-diff	obfuscated-file:dist/ProfileImage-NrUFZWFQ.js	AI (source-diff): Standard Rollup minified build output for this BigBinary frontend package.	ai	2026/06/05
source-diff	obfuscated-file:dist/index-Dpeqvj1R.js	AI (source-diff): Standard Rollup minified build output for this BigBinary frontend package.	ai	2026/06/05
source-diff	obfuscated-file:dist/index-Cvu3ClJc.js	AI (source-diff): Standard Rollup minified bundle from BigBinary's own build pipeline; no malicious patterns.	ai	2026/06/05
source-diff	obfuscated-file:dist/ProfileImage-Cc4DLFVl.js	AI (source-diff): Standard Rollup minified bundle from BigBinary's own build pipeline; no malicious patterns.	ai	2026/06/05
source-diff	obfuscated-file:dist/ProfileImage-mFiFnQz4.js	AI (source-diff): Standard Rollup minified bundle from BigBinary's own build pipeline; no malicious patterns.	ai	2026/06/05
source-diff	obfuscated-file:dist/index-DirSeP4O.js	AI (source-diff): Standard Rollup minified bundle from BigBinary's own build pipeline; no malicious patterns.	ai	2026/06/05
source-diff	obfuscated-file:dist/Permissions-DdyDvnxq.js	AI (source-diff): Standard Rollup minified bundle with readable imports; consistent with this package's build pattern.	ai	2026/06/05
source-diff	obfuscated-file:dist/Permissions-C3RrDseL.js	AI (source-diff): Standard Rollup minified bundle with readable imports; consistent with this package's build pattern.	ai	2026/06/05
source-diff	obfuscated-file:dist/timezone-selector-ojZT6BkF.js	AI (source-diff): Standard Rollup minified output; timezone selector ESM variant.	ai	2026/06/05
source-diff	obfuscated-file:dist/timezone-selector-BGpvIcKU.js	AI (source-diff): Standard Rollup minified output; timezone selector React component.	ai	2026/06/05
source-diff	obfuscated-file:dist/Permissions-jUdzUmmp.js	AI (source-diff): Standard Rollup minified build output for this BigBinary nano package; consistent pattern across all versions.	ai	2026/06/04
source-diff	obfuscated-file:dist/Permissions-CPrVjnMt.js	AI (source-diff): Standard Rollup minified build output for this BigBinary nano package; consistent pattern across all versions.	ai	2026/06/04
source-diff	obfuscated-file:dist/ProfileImage-OoIOAGCe.js	AI (source-diff): Standard Rollup/Babel minified output; long line is a Unicode character class regex in yup validation.	ai	2026/06/03
source-diff	obfuscated-file:dist/ProfileImage-DN5IzFz7.js	AI (source-diff): Standard Rollup/Babel minified output; readable React component code.	ai	2026/06/03
source-diff	obfuscated-file:dist/index-B8hYdTxl.js	AI (source-diff): Standard Rollup minified bundle output; consistent with this package's build pattern across all versions.	ai	2026/06/03
source-diff	obfuscated-file:dist/index-B0D2Aum3.js	AI (source-diff): Standard Rollup minified bundle output; consistent with this package's build pattern across all versions.	ai	2026/06/03
source-diff	obfuscated-file:dist/index-C26Vdbk5.js	AI (source-diff): Standard Rollup minified build output for this package; consistent with prior versions.	ai	2026/06/03
source-diff	obfuscated-file:dist/ProfileImage-Cpprgo-V.js	AI (source-diff): Standard Rollup minified build output for this package; consistent with prior versions.	ai	2026/06/03
source-diff	obfuscated-file:dist/ProfileImage-B_gfcE6b.js	AI (source-diff): Standard Rollup minified build output for this package; consistent with prior versions.	ai	2026/06/03
source-diff	obfuscated-file:dist/Permissions-BUZjTpRA.js	AI (source-diff): Standard Rollup minified build output for this package; consistent with prior versions.	ai	2026/06/03
source-diff	obfuscated-file:dist/Permissions-BCkBjBNL.js	AI (source-diff): Standard Rollup minified build output for this package; consistent with prior versions.	ai	2026/06/03
source-diff	obfuscated-file:dist/index-CeAVMlhg.js	AI (source-diff): Standard Rollup minified build output for this package; consistent with prior versions.	ai	2026/06/03
source-diff	obfuscated-file:dist/ProfileImage-D0i5-rrS.js	AI (source-diff): CJS build of ProfileImage; same benign bundled pattern.	ai	2026/06/02
source-diff	obfuscated-file:dist/ProfileImage-CMHNIokr.js	AI (source-diff): Long lines from Unicode regex in yup validation schema; readable and benign.	ai	2026/06/02
source-diff	obfuscated-file:dist/index-CjWGCASA.js	AI (source-diff): Standard minified Rollup bundle output; imports match declared deps, no malicious patterns.	ai	2026/06/02
source-diff	obfuscated-file:dist/index-CMDSDN1S.js	AI (source-diff): Standard minified Rollup bundle output; imports match declared deps, no malicious patterns.	ai	2026/06/02
source-diff	obfuscated-file:dist/Permissions-B_03wP2E.js	AI (source-diff): Standard Rollup minified bundle output for this BigBinary frontend package; not malicious obfuscation.	ai	2026/06/01
source-diff	obfuscated-file:dist/index-Bypsb7E3.js	AI (source-diff): Standard Rollup minified bundle output for this BigBinary frontend package; not malicious obfuscation.	ai	2026/06/01
source-diff	obfuscated-file:dist/index-wgft0T5n.js	AI (source-diff): Standard Rollup minified bundle output for this BigBinary frontend package; not malicious obfuscation.	ai	2026/06/01
source-diff	obfuscated-file:dist/timezone-selector-BMtLnRmu.js	AI (source-diff): Standard Rollup minified output for timezone selector; not obfuscated malware.	ai	2026/06/01
source-diff	obfuscated-file:dist/timezone-selector-B331adFN.js	AI (source-diff): Standard Rollup minified output for timezone selector; not obfuscated malware.	ai	2026/06/01
source-diff	obfuscated-file:dist/Permissions-DzZb1CP-.js	AI (source-diff): Standard Rollup minified output for a React Permissions component; not obfuscated malware.	ai	2026/06/01
source-diff	obfuscated-file:dist/ProfileImage-Ddqkbj2f.js	AI (source-diff): Standard CJS bundle with readable React component code.	ai	2026/05/31
source-diff	obfuscated-file:dist/ProfileImage-EB117DPX.js	AI (source-diff): Long lines are Unicode character class regex in yup validation schema, not obfuscation.	ai	2026/05/31
source-diff	obfuscated-file:dist/ProfileImage-V240yfTY.js	AI (source-diff): Inlined CSS string from rollup-plugin-styles; standard build artifact.	ai	2026/05/31
source-diff	obfuscated-file:dist/Permissions-Bz0SmJzH.js	AI (source-diff): Long lines are inlined CSS strings from rollup-plugin-styles, not obfuscation.	ai	2026/05/31
source-diff	obfuscated-file:dist/InviteLinkError-Chs1iVCJ.js	AI (source-diff): Standard Rollup CJS bundle; same pattern as ESM counterpart.	ai	2026/05/31
source-diff	obfuscated-file:dist/InviteLinkError-5auG6HEb.js	AI (source-diff): Standard Rollup bundle output for this React library; long lines are CSS/regex, not obfuscation.	ai	2026/05/31
source-diff	obfuscated-file:dist/Permissions-LWRAefeb.js	AI (source-diff): CJS counterpart of Permissions ESM bundle; same benign pattern.	ai	2026/05/31
source-diff	obfuscated-file:dist/ProfileImage-BLnx0E90.js	AI (source-diff): Inlined CSS and standard Rollup output; no malicious content.	ai	2026/05/31
source-diff	obfuscated-file:dist/Permissions-CE-8cBOC.js	AI (source-diff): Standard Rollup minified bundle output for this BigBinary frontend package; not malicious obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/index-CFoRG9Vv.js	AI (source-diff): Standard Rollup minified bundle output for this BigBinary frontend package; not malicious obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/index-C0KE_pv7.js	AI (source-diff): Standard Rollup minified bundle output for this BigBinary frontend package; not malicious obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/ProfileImage-DLfKHCcF.js	AI (source-diff): Standard Rollup minified bundle output for this BigBinary frontend package; not malicious obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/ProfileImage-B1HLSck6.js	AI (source-diff): Standard Rollup minified bundle output for this BigBinary frontend package; not malicious obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/Permissions-Ceuhkolc.js	AI (source-diff): Standard Rollup minified bundle output for this BigBinary frontend package; not malicious obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/Permissions-rFYQmsMn.js	AI (source-diff): Standard Rollup CJS bundle; readable React component code with named imports.	ai	2026/05/28
source-diff	obfuscated-file:dist/timezone-selector-DjLjMes0.js	AI (source-diff): Standard Rollup ESM bundle for timezone/profile UI component; not obfuscated.	ai	2026/05/28
source-diff	obfuscated-file:dist/timezone-selector-C8J9ifSA.js	AI (source-diff): Standard Rollup CJS bundle for timezone/profile UI component; not obfuscated.	ai	2026/05/28
source-diff	obfuscated-file:dist/Permissions-Ds61VDtG.js	AI (source-diff): Standard Rollup ESM bundle; readable React component code with named imports.	ai	2026/05/28
source-diff	obfuscated-file:dist/Permissions-Bn862irP.js	AI (source-diff): CJS Rollup bundle with readable imports; long lines from minification, not obfuscation.	ai	2026/05/28
source-diff	obfuscated-file:dist/Permissions-Bd6kLoPt.js	AI (source-diff): Readable Rollup bundle with @bigbinary imports; long lines from minification, not obfuscation.	ai	2026/05/28
source-diff	obfuscated-file:dist/Permissions-CpmpfRk1.js	AI (source-diff): Standard Rollup CJS minified output; not obfuscated.	ai	2026/05/28
source-diff	obfuscated-file:dist/Permissions-3L2jJkiY.js	AI (source-diff): Standard Rollup minified output with readable business logic; not obfuscated.	ai	2026/05/28
source-diff	obfuscated-file:dist/cjs/v2/Profile.js	AI (source-diff): Standard Rollup CJS minified output; not obfuscated.	ai	2026/05/28
source-diff	obfuscated-file:dist/InviteLinkError-C6OLGrD0.js	AI (source-diff): Standard Rollup ESM build output for an SVG React component; long lines from minification, not obfuscation.	ai	2026/05/28
source-diff	obfuscated-file:dist/v2/Roles.js	AI (source-diff): Readable Roles page component in Rollup ESM bundle; long lines from minification.	ai	2026/05/28
source-diff	obfuscated-file:dist/v2/Profile.js	AI (source-diff): Readable Profile page component in Rollup ESM bundle; long lines from minification.	ai	2026/05/28
source-diff	obfuscated-file:dist/timezone-selector-DzjWIcWK.js	AI (source-diff): Readable timezone selector component in Rollup CJS bundle; long lines from minification.	ai	2026/05/28
source-diff	obfuscated-file:dist/timezone-selector-CKRmWIBV.js	AI (source-diff): Readable timezone selector component in Rollup ESM bundle; long lines from minification.	ai	2026/05/28
source-diff	obfuscated-file:dist/Permissions-DoGY84sh.js	AI (source-diff): Readable Permissions UI component in Rollup CJS bundle; long lines from minification.	ai	2026/05/28
source-diff	obfuscated-file:dist/Permissions-C5poOq-v.js	AI (source-diff): Readable Permissions UI component in Rollup ESM bundle; long lines from minification.	ai	2026/05/28
source-diff	obfuscated-file:dist/InviteLinkError-AphtWLhe.js	AI (source-diff): Standard Rollup CJS build output for an SVG React component; long lines from minification, not obfuscation.	ai	2026/05/28
provenance	no-provenance	AI (provenance): BigBinary org consistently publishes without Sigstore provenance; stable false positive for this package family.	ai	2026/05/16
phantom-deps	phantom-dep:react-router-nav-prompt	AI (phantom-deps): Declared runtime dep used via config/indirect import; phantom-dep heuristic false positive for this package.	ai	2026/05/16
phantom-deps	phantom-dep:@bigbinary/react-scroll-sync	AI (phantom-deps): Same-org internal dep; phantom-dep heuristic false positive for this package.	ai	2026/05/16

Versions (showing 51 of 56)

View all versions

Version	Deps	Published
5.0.56	2 / 124	2026-06-05
5.0.55	2 / 124	2026-06-02
5.0.54	2 / 124	2026-05-29
5.0.53	2 / 124	2026-05-29
5.0.52	2 / 124	2026-05-29
5.0.51	2 / 124	2026-05-27
5.0.50	2 / 124	2026-05-26
5.0.49	2 / 124	2026-05-25
5.0.48	2 / 124	2026-05-22
5.0.47	2 / 124	2026-05-22
5.0.46	2 / 124	2026-05-19
5.0.45	2 / 124	2026-05-16
5.0.44	2 / 124	2026-05-16
5.0.43	2 / 124	2026-05-05
5.0.42	2 / 124	2026-04-30
5.0.41	2 / 124	2026-04-24
5.0.40	2 / 124	2026-04-23
5.0.39	2 / 124	2026-04-23
5.0.38	2 / 124	2026-04-23
5.0.37	2 / 124	2026-04-22
5.0.36	2 / 124	2026-04-22
5.0.35	2 / 124	2026-04-20
5.0.34	2 / 124	2026-04-19
5.0.33	2 / 124	2026-04-19
5.0.32	2 / 124	2026-04-16
5.0.31	2 / 124	2026-04-15
5.0.30	2 / 124	2026-04-15
5.0.29	2 / 122	2026-04-07
5.0.28	2 / 122	2026-03-31
5.0.27	2 / 122	2026-03-20
5.0.26	2 / 122	2026-03-10
5.0.25	2 / 122	2026-03-10
5.0.24	2 / 122	2026-03-10
5.0.23	2 / 122	2026-03-07
5.0.22	2 / 122	2026-03-06
5.0.21	2 / 122	2026-03-06
5.0.20	2 / 123	2026-02-27
5.0.19	2 / 123	2026-02-25
5.0.18	2 / 123	2026-02-23
5.0.17	2 / 124	2026-02-08
5.0.16	2 / 124	2026-02-08
5.0.15	2 / 124	2026-02-04
5.0.14	2 / 124	2026-01-12
5.0.13	2 / 124	2025-12-30
5.0.11	2 / 124	2025-12-22
5.0.10	2 / 124	2025-12-18
5.0.9	2 / 124	2025-12-17
5.0.8	2 / 124	2025-12-12
5.0.7	2 / 124	2025-12-11
5.0.5	2 / 124	2025-12-09
5.0.4	2 / 124	2025-11-24

v5.0.56

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.55

3 findings

HIGH New obfuscated file: dist/ProfileImage-DN5IzFz7.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/ProfileImage-OoIOAGCe.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.54

9 findings

HIGH New obfuscated file: dist/InviteLinkError-5auG6HEb.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/InviteLinkError-Chs1iVCJ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/Permissions-Bz0SmJzH.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/Permissions-LWRAefeb.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/ProfileImage-BLnx0E90.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/ProfileImage-DN5IzFz7.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/ProfileImage-OoIOAGCe.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/ProfileImage-V240yfTY.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v5.0.53