@cordisjs/plugin-webui
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/client-DlZX3-GF.js | AI (source-diff): Standard Vite-minified Vue frontend bundle; not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/client-DlZX3-GF.js | AI (source-diff): Network calls are Vue/WebSocket client code; dynamic execution is Vue's render engine. | ai | |
| source-diff | obfuscated-file:dist/client-Dtmqj5mB.js | AI (source-diff): Standard Vite-minified frontend bundle for a WebUI plugin; minification is expected. | ai | |
| source-diff | obfuscated-file:dist/index-DdgkwjXY.js | AI (source-diff): Vite-bundled main entry for the WebUI plugin; minification is expected. | ai | |
| source-diff | net-exec-file:dist/client-Dtmqj5mB.js | AI (source-diff): Network calls and dynamic rendering are normal for a Vue-based WebUI client bundle. | ai | |
| source-diff | obfuscated-file:dist/vue-router-CBHOJdbh.js | AI (source-diff): vue-router minified bundle; standard vendored dependency in a WebUI dist. | ai | |
| source-diff | net-exec-file:dist/index-DdgkwjXY.js | AI (source-diff): WebUI client bundle; fetch/dynamic patterns are inherent to a browser UI plugin. | ai | |
| source-diff | net-exec-file:dist/client-BoqoeUPM.js | AI (source-diff): Network calls and dynamic code are Vue reactivity/rendering internals in a browser UI bundle. | ai | |
| source-diff | obfuscated-file:dist/client-BoqoeUPM.js | AI (source-diff): Standard Vite-minified Vue frontend bundle; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/index-CQhQ4Hu8.js | AI (source-diff): Vite-bundled WebUI entry point importing @cordisjs/client; standard minification. | ai | |
| source-diff | obfuscated-file:dist/client-Ctv4fA69.js | AI (source-diff): Standard Vite-minified Vue frontend bundle; not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/client-Ctv4fA69.js | AI (source-diff): Network calls and dynamic code are Vue reactivity/component patterns in a WebUI frontend bundle. | ai | |
| source-diff | obfuscated-file:dist/element-DId02cTi.js | AI (source-diff): Minified Element Plus component library bundle; expected for this WebUI package. | ai | |
| source-diff | net-exec-file:dist/element-DId02cTi.js | AI (source-diff): Element Plus bundle with Vue patterns; not malicious network+exec. | ai | |
| source-diff | net-exec-file:dist/index-CQhQ4Hu8.js | AI (source-diff): WebSocket client connection in a WebUI plugin is expected behavior, not dropper malware. | ai | |
| source-diff | obfuscated-file:dist/client-DOJjlkki.js | AI (source-diff): Standard Vite-minified Vue frontend bundle; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/vue-77ec438a.js | AI (source-diff): Bundled Vue 3.5.34 runtime with license header; standard minification. | ai | |
| source-diff | net-exec-file:dist/index-D0jh_9G7.js | AI (source-diff): Frontend plugin bundle using @cordisjs/client socket; expected behavior. | ai | |
| source-diff | obfuscated-file:dist/index-D0jh_9G7.js | AI (source-diff): Vite-bundled plugin entry point; standard minification. | ai | |
| source-diff | net-exec-file:dist/element-u1gOXjDL.js | AI (source-diff): Element Plus frontend bundle; no malicious network/exec patterns. | ai | |
| source-diff | obfuscated-file:dist/element-u1gOXjDL.js | AI (source-diff): Minified Element Plus UI library bundle; benign. | ai | |
| source-diff | net-exec-file:dist/client-DOJjlkki.js | AI (source-diff): Network calls and dynamic code are Vue reactivity/component patterns in a frontend bundle, not dropper behavior. | ai |
Versions (showing 17 of 17)
| Version | Deps | Published |
|---|---|---|
| 0.8.2 | 7 / 7 | |
| 0.8.1 | 7 / 7 | |
| 0.8.0 | 7 / 7 | |
| 0.7.0 | 6 / 7 | |
| 0.6.5 | 6 / 7 | |
| 0.6.4 | 6 / 7 | |
| 0.6.3 | 6 / 6 | |
| 0.6.2 | 6 / 6 | |
| 0.6.1 | 6 / 6 | |
| 0.6.0 | 6 / 6 | |
| 0.5.2 | 5 / 5 | |
| 0.5.1 | 5 / 5 | |
| 0.5.0 | 5 / 5 | |
| 0.4.3 | 5 / 5 | |
| 0.4.2 | 5 / 5 | |
| 0.4.1 | 5 / 5 | |
| 0.4.0 | 5 / 5 |
v0.8.2
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.1
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.0
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.0
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.5
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.