@chainstream-io/sdk
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/chainstream-BZJZ5g0N.d.ts | AI (source-diff): orval-generated TypeScript declaration file; long lines are concatenated type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-BZJZ5g0N.d.cts | AI (source-diff): orval-generated TypeScript declaration file; long lines are concatenated type unions, not obfuscation. | ai | |
| phantom-deps | phantom-dep:viem | AI (phantom-deps): Blockchain SDK; viem likely used in bundled output or re-exported for EVM support. | ai | |
| phantom-deps | phantom-dep:bs58 | AI (phantom-deps): Blockchain SDK; bs58 likely used in bundled output or re-exported for Solana address encoding. | ai | |
| source-diff | obfuscated-file:dist/chainstream-hlhxa482.d.ts | AI (source-diff): orval-generated TypeScript declaration file; long lines from generated type unions, not obfuscation. | ai | |
| phantom-deps | phantom-dep:@solana/web3.js | AI (phantom-deps): Blockchain SDK; @solana/web3.js likely used in bundled output or re-exported for Solana support. | ai | |
| source-diff | obfuscated-file:dist/chainstream-hlhxa482.d.cts | AI (source-diff): orval-generated TypeScript declaration file; long lines from generated type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-DxiUHZKv.d.ts | AI (source-diff): TypeScript declaration file; long lines are normal for bundled .d.ts rollups, no runtime code. | ai | |
| source-diff | obfuscated-file:dist/chainstream-DxiUHZKv.d.cts | AI (source-diff): TypeScript declaration file; long lines are normal for bundled .d.ts rollups, no runtime code. | ai | |
| source-diff | obfuscated-file:dist/chainstream-DQTvVaKN.d.ts | AI (source-diff): Same tsup-generated declaration bundle; stable false positive for this package. | ai | |
| source-diff | obfuscated-file:dist/chainstream-DQTvVaKN.d.cts | AI (source-diff): TypeScript declaration bundle from tsup; long lines are normal in bundled .d.ts/.d.cts files, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-B_9vecw6.d.ts | AI (source-diff): TypeScript declaration file with long type lines; not obfuscated code. Stable false positive for this package. | ai | |
| source-diff | obfuscated-file:dist/chainstream-B_9vecw6.d.cts | AI (source-diff): TypeScript declaration file with long type lines; not obfuscated code. Stable false positive for this package. | ai | |
| source-diff | obfuscated-file:dist/chainstream-KjjsTvPO.d.ts | AI (source-diff): orval-generated TypeScript declaration file; long lines are from generated type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-KjjsTvPO.d.cts | AI (source-diff): orval-generated TypeScript declaration file; long lines are from generated type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-kxqV2g1Q.d.cts | AI (source-diff): orval-generated TypeScript declaration file; long lines are normal for generated type bundles, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-kxqV2g1Q.d.ts | AI (source-diff): orval-generated TypeScript declaration file; long lines are normal for generated type bundles, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-C6c8CAD1.d.ts | AI (source-diff): TypeScript declaration file with long lines from bundled type output; not executable, not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/chainstream-C6c8CAD1.d.cts | AI (source-diff): TypeScript declaration file with long lines from bundled type output; not executable, not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/chainstream-DC9mfTAw.d.ts | AI (source-diff): TypeScript declaration file (.d.ts); type-only, not executed at runtime. Long lines are bundled type definitions. | ai | |
| source-diff | obfuscated-file:dist/chainstream-DC9mfTAw.d.cts | AI (source-diff): TypeScript declaration file (.d.cts); type-only, not executed at runtime. Long lines are bundled type definitions. | ai | |
| source-diff | obfuscated-file:dist/chainstream-Z6RPi494.d.ts | AI (source-diff): orval-generated TypeScript declaration file; long lines are from generated type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-Z6RPi494.d.cts | AI (source-diff): orval-generated TypeScript declaration file; long lines are from generated type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-0nNVSpyp.d.ts | AI (source-diff): TypeScript declaration file; long lines are normal for bundled .d.ts rollups, no executable code. | ai | |
| source-diff | obfuscated-file:dist/chainstream-0nNVSpyp.d.cts | AI (source-diff): TypeScript declaration file; long lines are normal for bundled .d.ts rollups, no executable code. | ai | |
| source-diff | obfuscated-file:dist/chainstream-CvAESqlr.d.cts | AI (source-diff): TypeScript declaration file; long lines are minified type unions, not executable obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/chainstream-CvAESqlr.d.ts | AI (source-diff): TypeScript declaration file; long lines are minified type unions, not executable obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/chainstream-DfTo0d8N.d.ts | AI (source-diff): TypeScript declaration file (.d.ts) with long lines from generated type unions; not executable code. | ai | |
| source-diff | obfuscated-file:dist/chainstream-DfTo0d8N.d.cts | AI (source-diff): TypeScript declaration file (.d.cts) with long lines from generated type unions; not executable code. | ai | |
| source-diff | obfuscated-file:dist/chainstream-B9uaC_fe.d.ts | AI (source-diff): orval-generated TypeScript declaration file; long lines are union types, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-B9uaC_fe.d.cts | AI (source-diff): orval-generated TypeScript declaration file; long lines are union types, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-BALtuN_v.d.ts | AI (source-diff): TypeScript declaration file with long lines from generated type unions; not executable obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/chainstream-BALtuN_v.d.cts | AI (source-diff): TypeScript declaration file with long lines from generated type unions; not executable obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/chainstream-Mli5jAYT.d.ts | AI (source-diff): TypeScript declaration file with long lines from bundled type rollup; not executable, not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/chainstream-Mli5jAYT.d.cts | AI (source-diff): TypeScript declaration file with long lines from bundled type rollup; not executable, not obfuscated. | ai | |
| phantom-deps | phantom-dep:@chainstream-io/centrifuge | AI (phantom-deps): Same-org scoped dep used as a runtime dependency; phantom-dep heuristic is a false positive here. | ai | |
| source-diff | obfuscated-file:dist/chainstream-D91nWwYF.d.ts | AI (source-diff): TypeScript declaration file; long lines are type definitions, not executable obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/chainstream-D91nWwYF.d.cts | AI (source-diff): TypeScript declaration file; long lines are type definitions, not executable obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/chainstream-CoMtjKRz.d.cts | AI (source-diff): orval-generated TypeScript declaration file; long lines are from generated type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-CoMtjKRz.d.ts | AI (source-diff): orval-generated TypeScript declaration file; long lines are from generated type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-B2HwOTs5.d.cts | AI (source-diff): Bundled TypeScript declaration rollup; long lines are normal for tsup-generated .d.cts files, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-B2HwOTs5.d.ts | AI (source-diff): Bundled TypeScript declaration rollup; long lines are normal for tsup-generated .d.ts files, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-BQsiLm9_.d.ts | AI (source-diff): Same as .d.cts — bundled TypeScript declarations with long lines are expected for this build toolchain. | ai | |
| source-diff | obfuscated-file:dist/chainstream-BQsiLm9_.d.cts | AI (source-diff): TypeScript declaration file generated by tsup bundler; long lines are normal for bundled .d.ts output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-D0e9CplQ.d.cts | AI (source-diff): orval-generated TypeScript declaration file; long lines are normal for large API type bundles, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-D0e9CplQ.d.ts | AI (source-diff): orval-generated TypeScript declaration file; long lines are normal for large API type bundles, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-wxRA8ApP.d.ts | AI (source-diff): Same orval-generated declaration file in ESM form; false positive for the same reason. | ai | |
| source-diff | obfuscated-file:dist/chainstream-wxRA8ApP.d.cts | AI (source-diff): orval-generated TypeScript declaration file; long lines are concatenated type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-DGPT9LgX.d.ts | AI (source-diff): TypeScript declaration file with long lines from bundled type unions; not executable, not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/chainstream-DGPT9LgX.d.cts | AI (source-diff): TypeScript declaration file with long lines from bundled type unions; not executable, not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/chainstream-nY8dGAGn.d.cts | AI (source-diff): TypeScript declaration file generated by tsup; long lines are type unions, not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/chainstream-nY8dGAGn.d.ts | AI (source-diff): TypeScript declaration file generated by tsup; long lines are type unions, not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/chainstream-SAa5A97Q.d.ts | AI (source-diff): TypeScript declaration file; long lines are bundled type defs, not obfuscated executable code. | ai | |
| source-diff | obfuscated-file:dist/chainstream-SAa5A97Q.d.cts | AI (source-diff): TypeScript declaration file; long lines are bundled type defs, not obfuscated executable code. | ai | |
| source-diff | obfuscated-file:dist/chainstream-Dwm2QHpn.d.ts | AI (source-diff): orval-generated TypeScript declaration file; long lines are type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-Dwm2QHpn.d.cts | AI (source-diff): orval-generated TypeScript declaration file; long lines are type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-BD-x5_ck.d.ts | AI (source-diff): orval-generated TypeScript declaration file; long lines are type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-BD-x5_ck.d.cts | AI (source-diff): orval-generated TypeScript declaration file; long lines are type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-CB6yyvSf.d.cts | AI (source-diff): orval-generated TypeScript declaration file; long lines are from generated type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-CB6yyvSf.d.ts | AI (source-diff): orval-generated TypeScript declaration file; long lines are from generated type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-CEzLVb40.d.ts | AI (source-diff): orval-generated TypeScript declaration file; long lines are normal for large API type definitions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-CEzLVb40.d.cts | AI (source-diff): orval-generated TypeScript declaration file; long lines are normal for large API type definitions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-Dr-P6Fcv.d.ts | AI (source-diff): orval-generated TypeScript declaration file; long lines are from generated type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-Dr-P6Fcv.d.cts | AI (source-diff): orval-generated TypeScript declaration file; long lines are from generated type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-D_kgiAfE.d.cts | AI (source-diff): orval-generated TypeScript declaration bundle; long lines are concatenated type definitions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-D_kgiAfE.d.ts | AI (source-diff): orval-generated TypeScript declaration bundle; long lines are concatenated type definitions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/WatchlistApi-Cxzs25LV.d.ts | AI (source-diff): Auto-generated OpenAPI TypeScript declaration file; long lines are type unions, not obfuscated executable code. | ai | |
| source-diff | obfuscated-file:dist/WatchlistApi-Cxzs25LV.d.cts | AI (source-diff): Auto-generated OpenAPI TypeScript declaration file; long lines are type unions, not obfuscated executable code. | ai | |
| source-diff | obfuscated-file:dist/chainstream-DLKhKJTp.d.ts | AI (source-diff): orval-generated TypeScript declaration file; long lines from generated type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-DLKhKJTp.d.cts | AI (source-diff): orval-generated TypeScript declaration file; long lines from generated type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-BYuhgvxX.d.cts | AI (source-diff): orval-generated TypeScript declaration file; long lines are bundled type defs, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-BYuhgvxX.d.ts | AI (source-diff): orval-generated TypeScript declaration file; long lines are bundled type defs, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/WatchlistApi-DnhIL4RN.d.cts | AI (source-diff): Auto-generated OpenAPI TypeScript declaration file; long lines are type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/WatchlistApi-DnhIL4RN.d.ts | AI (source-diff): Auto-generated OpenAPI TypeScript declaration file; long lines are type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-LmorAvq7.d.cts | AI (source-diff): orval-generated TypeScript declaration file; long lines are type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-LmorAvq7.d.ts | AI (source-diff): orval-generated TypeScript declaration file; long lines are type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-Df4gbvII.d.cts | AI (source-diff): TypeScript declaration file with long lines from bundled type generation (tsup); not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/chainstream-Df4gbvII.d.ts | AI (source-diff): TypeScript declaration file with long lines from bundled type generation (tsup); not obfuscated code. | ai | |
| source-diff | obfuscated-file:dist/chainstream-CU9_GrjX.d.cts | AI (source-diff): orval-generated TypeScript declaration file; long lines are concatenated type definitions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-CU9_GrjX.d.ts | AI (source-diff): orval-generated TypeScript declaration file; long lines are concatenated type definitions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-DeYuVTgJ.d.ts | AI (source-diff): orval-generated TypeScript declaration file; long lines are from generated type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-DeYuVTgJ.d.cts | AI (source-diff): orval-generated TypeScript declaration file; long lines are from generated type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/chainstream-BY9CsB3h.d.ts | AI (source-diff): orval-generated TypeScript declaration file; long lines are concatenated type defs, not obfuscated executable code. | ai | |
| source-diff | obfuscated-file:dist/chainstream-BY9CsB3h.d.cts | AI (source-diff): orval-generated TypeScript declaration file; long lines are concatenated type defs, not obfuscated executable code. | ai | |
| source-diff | obfuscated-file:dist/WatchlistApi-Bs1J8X9y.d.ts | AI (source-diff): Auto-generated OpenAPI TypeScript declaration file; long lines are type unions, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/WatchlistApi-Bs1J8X9y.d.cts | AI (source-diff): Auto-generated OpenAPI TypeScript declaration file; long lines are type unions, not obfuscation. | ai | |
| provenance | no-provenance | AI (provenance): Consistent across all 64 versions; org hasn't adopted Sigstore attestation. | ai |
Versions (showing 53 of 53)
| Version | Deps | Published |
|---|---|---|
| 2.1.17 | 7 / 28 | |
| 2.1.15 | 7 / 28 | |
| 2.1.14 | 4 / 29 | |
| 2.1.12 | 4 / 29 | |
| 2.1.11 | 4 / 29 | |
| 2.1.10 | 4 / 29 | |
| 2.1.8 | 4 / 29 | |
| 2.1.7 | 4 / 29 | |
| 2.1.6 | 4 / 29 | |
| 2.1.5 | 4 / 29 | |
| 2.1.4 | 4 / 29 | |
| 2.1.3 | 4 / 29 | |
| 2.1.2 | 4 / 29 | |
| 2.1.1 | 4 / 29 | |
| 2.1.0 | 4 / 29 | |
| 2.0.29 | 4 / 29 | |
| 2.0.28 | 4 / 29 | |
| 2.0.21 | 4 / 29 | |
| 2.0.19 | 4 / 29 | |
| 2.0.14 | 4 / 29 | |
| 2.0.13 | 4 / 29 | |
| 2.0.12 | 4 / 29 | |
| 2.0.11 | 4 / 29 | |
| 2.0.10 | 4 / 29 | |
| 2.0.9 | 4 / 29 | |
| 2.0.8 | 4 / 29 | |
| 2.0.7 | 4 / 29 | |
| 2.0.6 | 4 / 29 | |
| 2.0.5 | 4 / 29 | |
| 2.0.4 | 4 / 29 | |
| 2.0.3 | 4 / 29 | |
| 2.0.2 | 4 / 29 | |
| 2.0.1 | 4 / 29 | |
| 0.2.16 | 4 / 29 | |
| 0.2.15 | 4 / 29 | |
| 0.2.14 | 4 / 29 | |
| 0.2.13 | 4 / 29 | |
| 0.2.12 | 4 / 29 | |
| 0.2.11 | 4 / 29 | |
| 0.2.10 | 4 / 29 | |
| 0.2.9 | 4 / 29 | |
| 0.2.8 | 4 / 29 | |
| 0.2.7 | 4 / 29 | |
| 0.2.6 | 4 / 29 | |
| 0.2.5 | 4 / 29 | |
| 0.2.4 | 4 / 29 | |
| 0.2.3 | 4 / 29 | |
| 0.2.2 | 4 / 29 | |
| 0.2.1 | 4 / 29 | |
| 0.1.15 | 2 / 3 | |
| 0.1.14 | 2 / 3 | |
| 0.1.13 | 2 / 3 | |
| 0.1.12 | 2 / 3 |
v2.1.17
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.15
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.14
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.12
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.11
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.10
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.8
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.7
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.6
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.5
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.29
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.28
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.21
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.19
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.12
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.11
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.10
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.9
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.8
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.7
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.6
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.5
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.16
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.15
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.14
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.13
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.12
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.11
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.10
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.9
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.8
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.7
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.6
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.5
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.15
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.14
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.13
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.