← Home

@dcl/asset-packs

npm Repository Homepage

Decentraland Asset Packs - curated collections of 3D assets for Decentraland scenes

7
Versions
ISC
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

decentralandbotimazzara

Keywords

3dassetsdecentralandsdk7smart-items

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/admin-toolkit-ui/admin-message-bus.js AI (source-diff): Minified/bundled SDK output from Decentraland build toolchain; not obfuscated malware. ai
source-diff obfuscated-file:dist/admin-toolkit-ui/Modal.js AI (source-diff): Readable TypeScript-compiled JSX output; long lines from bundler, not obfuscation. ai
source-diff obfuscated-file:dist/admin-toolkit-ui/VideoControl/DclCast/PresentationPanel.js AI (source-diff): Readable TypeScript-compiled JSX output; long lines from bundler, not obfuscation. ai
source-diff obfuscated-file:dist/admin-toolkit-ui/VideoControl/DclCast/SharePresentationModal.js AI (source-diff): Readable TypeScript-compiled JSX output; long lines from bundler, not obfuscation. ai
source-diff obfuscated-file:dist/admin-toolkit-ui/VideoControl/DclCast/CompactDclCast.js AI (source-diff): Readable TypeScript-compiled JSX output; long lines from bundler, not obfuscation. ai
phantom-deps phantom-dep:glob AI (phantom-deps): Used in build scripts/config, not directly imported in runtime code; stable false positive. ai
phantom-deps phantom-dep:@types/glob AI (phantom-deps): Type-only package loaded by convention; not a runtime import. ai
source-diff obfuscated-file:dist/admin-toolkit-ui/VideoControl/DclCast/SpeakerShowcase.js AI (source-diff): Readable TypeScript-compiled JSX output; long lines from bundler, not obfuscation. ai

Versions (showing 7 of 7)

Version Deps Published
2.15.3 3 / 21
2.15.2 3 / 21
2.15.1 3 / 21
2.15.0 3 / 21
2.14.3 3 / 21
2.14.2 3 / 21
2.14.1 3 / 21

v2.15.3

2 findings
HIGH New obfuscated file: dist/admin-toolkit-ui/admin-message-bus.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.15.1

6 findings
HIGH New obfuscated file: dist/admin-toolkit-ui/VideoControl/DclCast/CompactDclCast.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/admin-toolkit-ui/Modal.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/admin-toolkit-ui/VideoControl/DclCast/PresentationPanel.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/admin-toolkit-ui/VideoControl/DclCast/SharePresentationModal.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/admin-toolkit-ui/VideoControl/DclCast/SpeakerShowcase.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.15.0

6 findings
HIGH New obfuscated file: dist/admin-toolkit-ui/VideoControl/DclCast/CompactDclCast.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/admin-toolkit-ui/Modal.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/admin-toolkit-ui/VideoControl/DclCast/PresentationPanel.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/admin-toolkit-ui/VideoControl/DclCast/SharePresentationModal.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/admin-toolkit-ui/VideoControl/DclCast/SpeakerShowcase.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.14.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.14.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.14.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.