@commercetools-frontend/application-shell
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/oidc-callback-5d86e853.cjs.dev.js | AI (source-diff): OIDC callback bundle with readable imports from known commercetools and uikit packages; normal build artifact. | ai | |
| source-diff | obfuscated-file:dist/index-f37c3dd4.cjs.dev.js | AI (source-diff): Standard minified CJS dev bundle; same pattern as prod bundle, all imports are known ecosystem packages. | ai | |
| source-diff | obfuscated-file:dist/index-42e8d0df.cjs.prod.js | AI (source-diff): Standard minified CJS prod bundle from commercetools build pipeline; imports are all known @commercetools-frontend/* deps. | ai | |
| source-diff | obfuscated-file:dist/index-6c32e6d7.cjs.prod.js | AI (source-diff): Standard minified CJS prod bundle from commercetools monorepo build pipeline; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/oidc-callback-bc80389e.cjs.dev.js | AI (source-diff): Standard minified CJS dev bundle from commercetools monorepo build pipeline; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/index-fb5f5a80.cjs.dev.js | AI (source-diff): Standard minified CJS dev bundle from commercetools monorepo build pipeline; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/index-af226c09.cjs.prod.js | AI (source-diff): Standard bundled CJS prod dist artifact; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/oidc-callback-59847173.cjs.dev.js | AI (source-diff): Standard bundled CJS dist artifact for OIDC callback; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/index-99b2cd1c.cjs.dev.js | AI (source-diff): Standard bundled CJS dist artifact with readable commercetools imports; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/index-991ab002.cjs.prod.js | AI (source-diff): Standard bundled CJS prod dist output; long lines from minification, not obfuscation. | ai | |
| publish-pattern | rapid-publish | AI (publish-pattern): Automated CI/CD pipeline with SLSA provenance; rapid publishes are expected for this package. | ai | |
| source-diff | obfuscated-file:dist/oidc-callback-c103feaa.cjs.dev.js | AI (source-diff): Standard bundled CJS dist output for OIDC callback; readable imports, not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/index-909defc1.cjs.dev.js | AI (source-diff): Standard bundled CJS dist output with readable commercetools imports; not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/index-dad45650.cjs.prod.js | AI (source-diff): Standard minified CJS prod build artifact; consistent with established build pipeline. | ai | |
| source-diff | obfuscated-file:dist/oidc-callback-373f608e.cjs.dev.js | AI (source-diff): Standard minified CJS build artifact for OIDC callback; consistent with established build pipeline. | ai | |
| source-diff | obfuscated-file:dist/index-a4d55a80.cjs.dev.js | AI (source-diff): Standard minified CJS build artifact for this commercetools frontend package; consistent with established build pipeline. | ai | |
| source-diff | obfuscated-file:dist/index-a93ddc7f.cjs.dev.js | AI (source-diff): Standard minified CJS dev bundle; imports are all known commercetools/uikit packages. Not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/oidc-callback-305d2be2.cjs.dev.js | AI (source-diff): Standard minified CJS dev bundle for OIDC callback; imports are all known packages. Not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/index-88d480f4.cjs.prod.js | AI (source-diff): Standard minified CJS prod bundle; imports are all known commercetools/uikit packages. Not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/index-6d97975c.cjs.prod.js | AI (source-diff): Standard minified CJS prod bundle for this package; imports are all known commercetools/babel/emotion deps. | ai | |
| source-diff | obfuscated-file:dist/oidc-callback-a39b9087.cjs.dev.js | AI (source-diff): OIDC callback bundle with known commercetools/uikit deps; consistent with package's auth flow. | ai | |
| source-diff | obfuscated-file:dist/index-8fef0878.cjs.dev.js | AI (source-diff): Standard minified CJS dev bundle; same pattern as prod bundle with known deps. | ai | |
| source-diff | obfuscated-file:dist/navbar-DQrQNRTd.cjs.dev.js | AI (source-diff): Standard bundled CJS dev build for navbar chunk; minified output, not obfuscated. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/index-TsSkBxMJ.cjs.prod.js | AI (source-diff): Standard bundled CJS prod build; long lines from minification, not obfuscation. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/index-B8BEzpzJ.cjs.dev.js | AI (source-diff): Standard bundled CJS dev build; long lines from minification, not obfuscation. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/oidc-callback-DF_a_cff.cjs.dev.js | AI (source-diff): Standard bundled CJS dev build for OIDC callback; minified output, not obfuscated. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/navbar-pofzN_Jd.cjs.prod.js | AI (source-diff): Standard bundled CJS prod build for navbar chunk; minified output, not obfuscated. Stable pattern for this package. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Large number of build artifacts is expected for this monorepo package with many split chunks. | ai | |
| source-diff | obfuscated-file:dist/index-749d1503.cjs.prod.js | AI (source-diff): Standard minified CJS prod bundle with readable commercetools imports; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/index-fa5b049a.cjs.dev.js | AI (source-diff): Standard minified CJS dev bundle with readable commercetools imports; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/oidc-callback-f30dedfa.cjs.dev.js | AI (source-diff): Standard minified CJS dev bundle; readable imports confirm legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/index-2b8a5370.cjs.dev.js | AI (source-diff): Standard Rollup/Babel bundle output for this package; long lines are minified but not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/oidc-callback-10369351.cjs.dev.js | AI (source-diff): Standard Rollup/Babel bundle output for OIDC callback component. | ai | |
| source-diff | obfuscated-file:dist/index-3ce8bcb0.cjs.prod.js | AI (source-diff): Standard Rollup/Babel bundle output; prod variant of the same pattern. | ai | |
| source-diff | obfuscated-file:dist/index-af2cc053.cjs.prod.js | AI (source-diff): Standard bundled CJS prod build artifact; consistent with package's established build pattern. | ai | |
| source-diff | obfuscated-file:dist/index-208c3cdd.cjs.dev.js | AI (source-diff): Standard bundled CJS dev build artifact with readable commercetools imports; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/oidc-callback-f2f37906.cjs.dev.js | AI (source-diff): Standard bundled CJS dev build artifact for OIDC callback; readable imports, not malicious. | ai | |
| source-diff | obfuscated-file:dist/navbar-7653417f.cjs.prod.js | AI (source-diff): Standard minified CJS prod bundle; normal build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/index-242af4d2.cjs.prod.js | AI (source-diff): Standard minified CJS prod bundle with readable commercetools-scoped imports; normal build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/oidc-callback-11dae6b7.cjs.dev.js | AI (source-diff): Standard CJS dev bundle; normal build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/navbar-d4189469.cjs.dev.js | AI (source-diff): Standard CJS dev bundle; normal build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/index-dcd3d8a3.cjs.dev.js | AI (source-diff): Standard CJS dev bundle; normal build artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/oidc-callback-6470a187.cjs.dev.js | AI (source-diff): Standard minified CJS dev bundle for OIDC callback; consistent with established build pattern. | ai | |
| source-diff | obfuscated-file:dist/index-a3d896f9.cjs.prod.js | AI (source-diff): Standard minified CJS prod bundle for this commercetools package; consistent with established build pattern. | ai | |
| source-diff | obfuscated-file:dist/index-fa827d3e.cjs.dev.js | AI (source-diff): Standard minified CJS dev bundle; consistent with established build pattern. | ai | |
| source-diff | obfuscated-file:dist/oidc-callback-63d9c5e4.cjs.dev.js | AI (source-diff): OIDC callback CJS dev bundle; imports jwt-decode, qss, react-router-dom — expected for auth flow. | ai | |
| source-diff | obfuscated-file:dist/index-1550733d.cjs.dev.js | AI (source-diff): Standard Rollup/Babel CJS bundle; long lines are minified but readable commercetools imports, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/index-748fa44e.cjs.prod.js | AI (source-diff): Standard Rollup/Babel CJS prod bundle; same pattern as dev bundle, legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/oidc-callback-59160485.cjs.dev.js | AI (source-diff): Standard rollup/Babel CJS bundle for OIDC callback; all imports are known deps. | ai | |
| source-diff | obfuscated-file:dist/index-aa7211d5.cjs.prod.js | AI (source-diff): Standard rollup/Babel CJS prod bundle; same pattern as dev bundle, all known deps. | ai | |
| source-diff | obfuscated-file:dist/index-1bdcc336.cjs.dev.js | AI (source-diff): Standard rollup/Babel CJS bundle with long lines; imports are all known @commercetools-frontend/* deps, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/oidc-callback-d7168a46.cjs.dev.js | AI (source-diff): Standard minified CJS build artifact; consistent with normal bundling. | ai | |
| source-diff | obfuscated-file:dist/index-61148c16.cjs.prod.js | AI (source-diff): Standard minified CJS prod build artifact; consistent with normal bundling. | ai | |
| source-diff | obfuscated-file:dist/index-5613ae5c.cjs.dev.js | AI (source-diff): Standard minified CJS build artifact for this commercetools frontend package; consistent with normal bundling. | ai | |
| source-diff | obfuscated-file:dist/index-c88995df.cjs.prod.js | AI (source-diff): Standard bundled CJS prod dist output; same pattern as dev build. | ai | |
| source-diff | obfuscated-file:dist/index-4ed2ec7c.cjs.dev.js | AI (source-diff): Standard bundled CJS dist output for this package; long lines are minified but readable imports from known deps. | ai | |
| source-diff | obfuscated-file:dist/oidc-callback-ef834cb0.cjs.dev.js | AI (source-diff): Standard bundled CJS dist output for OIDC callback component. | ai | |
| source-diff | obfuscated-file:dist/index-ab079b1c.cjs.dev.js | AI (source-diff): Standard minified CJS dev bundle; imports are all known commercetools/uikit packages. | ai | |
| source-diff | obfuscated-file:dist/user-settings-menu-dc598434.cjs.dev.js | AI (source-diff): Standard minified CJS dev bundle for user settings menu; no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/use-applications-menu-bd718ac8.cjs.dev.js | AI (source-diff): Standard minified CJS dev bundle; imports are all known commercetools/apollo packages. | ai | |
| source-diff | obfuscated-file:dist/use-applications-menu-8984efa1.cjs.prod.js | AI (source-diff): Standard minified CJS prod bundle; imports are all known commercetools/apollo packages. | ai | |
| source-diff | obfuscated-file:dist/oidc-callback-a9485d82.cjs.dev.js | AI (source-diff): Standard minified CJS dev bundle for OIDC callback; imports are all known packages. | ai | |
| source-diff | obfuscated-file:dist/navbar-e287ce25.cjs.prod.js | AI (source-diff): Standard minified CJS prod bundle for navbar component; no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/navbar-c51e0607.cjs.dev.js | AI (source-diff): Standard minified CJS dev bundle for navbar component; no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/index-133d39fd.cjs.prod.js | AI (source-diff): Standard minified CJS prod bundle for a commercetools frontend package; not obfuscated malware. | ai | |
| phantom-deps | phantom-dep:@commercetools-uikit/secondary-button | AI (phantom-deps): Referenced in config files only; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/react-router-dom | AI (phantom-deps): Type-only dev dependency; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/react-redux | AI (phantom-deps): Type-only dev dependency; stable false positive for this package. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher change to GitHub Actions is consistent with SLSA provenance attestation; legitimate CI/CD migration for this org. | ai | |
| source-diff | obfuscated-file:dist/oidc-callback-47743232.cjs.dev.js | AI (source-diff): Standard bundled CJS build artifact for OIDC callback; readable imports confirm legitimate commercetools code. | ai | |
| source-diff | obfuscated-file:dist/navbar-93183a2d.cjs.prod.js | AI (source-diff): Standard bundled CJS prod build artifact for navbar component. | ai | |
| source-diff | obfuscated-file:dist/navbar-586f7774.cjs.dev.js | AI (source-diff): Standard bundled CJS build artifact for navbar component. | ai | |
| source-diff | obfuscated-file:dist/index-3cfc1f1e.cjs.prod.js | AI (source-diff): Standard bundled CJS prod build artifact; same pattern as dev bundle. | ai | |
| source-diff | obfuscated-file:dist/index-1d1cc31f.cjs.dev.js | AI (source-diff): Standard bundled CJS build artifact with readable commercetools imports; long-line heuristic fires on minified bundles for this package. | ai | |
| phantom-deps | phantom-dep:graphql | AI (phantom-deps): Monorepo peer/config reference; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/redux-logger | AI (phantom-deps): Framework-scoped type dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/react-router | AI (phantom-deps): Framework-scoped type dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/common-tags | AI (phantom-deps): Framework-scoped type dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:react-required-if | AI (phantom-deps): Monorepo peer/config reference; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/prop-types | AI (phantom-deps): Framework-scoped type dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/react-dom | AI (phantom-deps): Framework-scoped type dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:moment-timezone | AI (phantom-deps): Monorepo peer/config reference; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:debounce-async | AI (phantom-deps): Monorepo peer/config reference; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/history | AI (phantom-deps): Framework-scoped type dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@babel/runtime | AI (phantom-deps): Framework-scoped runtime dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/lodash | AI (phantom-deps): Framework-scoped type dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:moment | AI (phantom-deps): Monorepo peer/config reference; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/react | AI (phantom-deps): Framework-scoped type dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:common-tags | AI (phantom-deps): Monorepo peer/config reference; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@types/uuid | AI (phantom-deps): Type-only convention dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:prop-types | AI (phantom-deps): Framework-scoped peer dep; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:is-retina | AI (phantom-deps): Monorepo peer/config reference; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:unfetch | AI (phantom-deps): Monorepo peer/config reference; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:fuse.js | AI (phantom-deps): Monorepo peer/config reference; stable false positive for this package. | ai |
Versions (showing 26 of 26)
| Version | Deps | Published |
|---|---|---|
| 27.6.2 | 73 / 13 | |
| 27.6.1 | 73 / 13 | |
| 27.6.0 | 74 / 13 | |
| 27.5.4 | 74 / 13 | |
| 27.5.3 | 74 / 13 | |
| 27.5.2 | 74 / 13 | |
| 27.5.1 | 74 / 13 | |
| 27.5.0 | 74 / 13 | |
| 27.4.2 | 74 / 13 | |
| 27.4.1 | 74 / 13 | |
| 27.4.0 | 74 / 13 | |
| 27.3.0 | 74 / 13 | |
| 27.2.0 | 74 / 13 | |
| 27.1.0 | 74 / 13 | |
| 27.0.0 | 74 / 13 | |
| 26.1.0 | 74 / 13 | |
| 26.0.2 | 74 / 13 | |
| 26.0.1 | 74 / 13 | |
| 26.0.0 | 74 / 13 | |
| 25.2.0 | 74 / 13 | |
| 25.1.0 | 74 / 13 | |
| 25.0.0 | 74 / 13 | |
| 24.13.0 | 75 / 13 | |
| 24.12.0 | 75 / 13 | |
| 24.11.0 | 75 / 13 | |
| 24.10.0 | 75 / 13 |
v27.6.2
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.6.1
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.6.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.5.4
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.5.3
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.5.2
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.5.1
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.5.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.4.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.4.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.1.0
10 findingsThis version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v27.0.0
10 findingsThis version was published by a different npm account than previous versions on 2026-03-11. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v26.1.0
10 findingsThis version was published by a different npm account than previous versions on 2026-02-25. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v26.0.2
10 findingsThis version was published by a different npm account than previous versions on 2026-02-23. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v26.0.1
10 findingsThis version was published by a different npm account than previous versions on 2026-02-19. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v26.0.0
10 findingsThis version was published by a different npm account than previous versions on 2026-02-11. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v25.2.0
10 findingsThis version was published by a different npm account than previous versions on 2026-02-04. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v25.1.0
10 findingsThis version was published by a different npm account than previous versions on 2026-01-13. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v25.0.0
7 findingsThis version was published by a different npm account than previous versions on 2026-01-08. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v24.13.0
7 findingsThis version was published by a different npm account than previous versions on 2025-12-15. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v24.12.0
7 findingsThis version was published by a different npm account than previous versions on 2025-12-09. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v24.11.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v24.10.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.