@blueking/ai-blueking
AI 小鲸 V2 - 基于新架构的智能对话组件
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | encoded-string-file:dist/vue2/index.es.min.js | AI (source-diff): Base64 string decodes to a Unicode character lookup table (Uint16Array); benign pattern in this UI component's minified build. | ai | |
| dependencies | unvetted-dep:bkui-vue | AI (dependencies): bkui-vue is the official BlueKing UI library; expected dependency for this package. | ai | |
| dependencies | unvetted-dep:vue-tippy | AI (dependencies): vue-tippy is a well-known Vue tooltip wrapper; no malware indicators. | ai | |
| dependencies | unvetted-dep:@blueking/chat-helper | AI (dependencies): First-party BlueKing scoped package; expected dependency in this ecosystem. | ai |
Versions (showing 4 of 4)
| Version | Deps | Published |
|---|---|---|
| 2.1.3 | 6 / 15 | |
| 2.1.2 | 6 / 15 | |
| 2.1.1 | 5 / 15 | |
| 2.1.0 | 5 / 15 |
v2.1.3
3 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.1.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.