@dcl/auth-site
Auth website
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:assets/browser-y8J7dBRB.js | AI (source-diff): Vite-bundled frontend asset; minified wallet/QR library code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:assets/index-C1FwPhIJ.js | AI (source-diff): Vite-bundled frontend asset; standard minified output. | ai | |
| source-diff | obfuscated-file:assets/index-BOkHtnP3.js | AI (source-diff): Vite-bundled frontend asset; standard minified output. | ai | |
| source-diff | obfuscated-file:assets/index-BN4jMXuj.js | AI (source-diff): Vite-bundled frontend asset; standard minified output. | ai | |
| source-diff | net-exec-file:assets/index-BI8XrQZN.js | AI (source-diff): RPC/network calls in wallet SDK bundle; expected pattern for auth site. | ai | |
| source-diff | obfuscated-file:assets/index-BI8XrQZN.js | AI (source-diff): Vite-bundled frontend asset; standard minified output. | ai | |
| source-diff | obfuscated-file:assets/index-BdFc2v0C.js | AI (source-diff): Vite-bundled frontend asset; standard minified output. | ai | |
| source-diff | obfuscated-file:assets/index-B8at32V7.js | AI (source-diff): Vite-bundled frontend asset; standard minified output. | ai | |
| source-diff | obfuscated-file:assets/index-B3FGdFKE.js | AI (source-diff): Vite-bundled frontend asset; standard minified output. | ai | |
| source-diff | obfuscated-file:assets/index-0Tul-ghr.js | AI (source-diff): Vite-bundled frontend asset; standard minified output. | ai | |
| source-diff | obfuscated-file:assets/getBalance-D1vHgg9C.js | AI (source-diff): Balance utility bundle; standard Vite minified output. | ai | |
| source-diff | net-exec-file:assets/fortmatic-Bbf9UQcv.js | AI (source-diff): Fortmatic iframe messaging pattern; expected wallet SDK behavior, not dropper malware. | ai | |
| source-diff | obfuscated-file:assets/fortmatic-Bbf9UQcv.js | AI (source-diff): Fortmatic wallet SDK bundle; standard minified output. | ai | |
| source-diff | obfuscated-file:assets/features-D7jmCs1O.js | AI (source-diff): Feature flags/SIWE bundle; standard Vite minified output. | ai | |
| source-diff | obfuscated-file:assets/extractIPFS-Bcc8vI9J.js | AI (source-diff): IPFS/CBOR utility bundle; standard Vite minified output. | ai | |
| source-diff | obfuscated-file:assets/ExchangeController-DTjg0VeN.js | AI (source-diff): Exchange controller bundle; standard Vite minified output. | ai | |
| source-diff | obfuscated-file:assets/controller-V1TfL7CV.js | AI (source-diff): WalletConnect controller bundle; standard Vite minified output. | ai | |
| source-diff | obfuscated-file:assets/chains-C2yiXxHS.js | AI (source-diff): Chain definitions bundle; minified but readable blockchain network config. | ai | |
| source-diff | obfuscated-file:assets/ccip-CuYgZCr1.js | AI (source-diff): Vite-bundled CCIP/thirdweb library asset; standard minified output. | ai | |
| source-diff | obfuscated-file:assets/index-b44z8oRz.js | AI (source-diff): Vite-bundled frontend asset; standard minified output. | ai | |
| provenance | publisher-changed | AI (provenance): Migration from decentralandbot to GitHub Actions CI with SLSA attestation; legitimate pipeline change. | ai | |
| source-diff | obfuscated-file:assets/getBalance-BzSbgJFu.js | AI (source-diff): Balance-fetching utility bundle; standard Web3 frontend code. | ai | |
| source-diff | net-exec-file:assets/fortmatic-eUqBxPXF.js | AI (source-diff): Fortmatic uses iframe postMessage for wallet ops; network+eval pattern is the wallet's documented architecture. | ai | |
| source-diff | obfuscated-file:assets/fortmatic-eUqBxPXF.js | AI (source-diff): Fortmatic wallet adapter; legacy wallet provider bundle, not malware. | ai | |
| source-diff | obfuscated-file:assets/features-CQCTsV26.js | AI (source-diff): SIWE (Sign-In with Ethereum) feature bundle; expected in auth site. | ai | |
| source-diff | obfuscated-file:assets/extractIPFS-CAGeBffp.js | AI (source-diff): IPFS/base58 utility bundle; standard for Decentraland content addressing. | ai | |
| source-diff | obfuscated-file:assets/ExchangeController-Bp6HhYxU.js | AI (source-diff): Exchange controller for pay-with-exchange feature; legitimate Web3 UI code. | ai | |
| source-diff | obfuscated-file:assets/controller-CUobcjQG.js | AI (source-diff): WalletConnect controller bundle; expected in Web3 auth frontend. | ai | |
| source-diff | obfuscated-file:assets/chains-DhSVLlBp.js | AI (source-diff): Chain definitions bundle (Arbitrum, Avalanche, etc.); standard thirdweb dependency. | ai | |
| source-diff | obfuscated-file:assets/ccip-jGA5QKzd.js | AI (source-diff): CCIP (Cross-Chain Interoperability Protocol) bundle; expected in a Web3 auth frontend. | ai | |
| source-diff | obfuscated-file:assets/browser-DJJQuKW9.js | AI (source-diff): Standard Vite-minified bundle for a frontend auth site; content is QR/wallet code, not malware. | ai | |
| source-diff | obfuscated-file:assets/index-C6d6Ipzn.js | AI (source-diff): Standard Vite minified bundle output for a frontend web app with SLSA provenance. | ai | |
| source-diff | obfuscated-file:assets/browser-BGw6Y0iI.js | AI (source-diff): Standard Vite minified bundle output for a frontend web app with SLSA provenance. | ai | |
| source-diff | obfuscated-file:assets/ccip-C4fr4g2S.js | AI (source-diff): Standard Vite minified bundle output for a frontend web app with SLSA provenance. | ai | |
| source-diff | obfuscated-file:assets/chains-DGbKGUKJ.js | AI (source-diff): Standard Vite minified bundle output for a frontend web app with SLSA provenance. | ai | |
| source-diff | obfuscated-file:assets/controller-DkoArd16.js | AI (source-diff): Standard Vite minified bundle output for a frontend web app with SLSA provenance. | ai | |
| source-diff | obfuscated-file:assets/ExchangeController-9TSDPifo.js | AI (source-diff): Standard Vite minified bundle output for a frontend web app with SLSA provenance. | ai | |
| source-diff | obfuscated-file:assets/extractIPFS-BhHrCXgd.js | AI (source-diff): Standard Vite minified bundle output for a frontend web app with SLSA provenance. | ai | |
| source-diff | obfuscated-file:assets/features-By0uZctK.js | AI (source-diff): Standard Vite minified bundle output for a frontend web app with SLSA provenance. | ai | |
| source-diff | obfuscated-file:assets/fortmatic-DbrIuXMM.js | AI (source-diff): Standard Vite minified bundle output for a frontend web app with SLSA provenance. | ai | |
| source-diff | net-exec-file:assets/fortmatic-DbrIuXMM.js | AI (source-diff): Fortmatic SDK iframe bridge pattern; not a dropper. Consistent with known wallet SDK behavior. | ai | |
| source-diff | obfuscated-file:assets/getBalance-DpUoTixq.js | AI (source-diff): Standard Vite minified bundle output for a frontend web app with SLSA provenance. | ai | |
| source-diff | obfuscated-file:assets/index-abNsOJIp.js | AI (source-diff): Standard Vite minified bundle output for a frontend web app with SLSA provenance. | ai | |
| source-diff | obfuscated-file:assets/index-BE7bi1_Q.js | AI (source-diff): Standard Vite minified bundle output for a frontend web app with SLSA provenance. | ai | |
| source-diff | obfuscated-file:assets/index-BExXMZXu.js | AI (source-diff): Standard Vite minified bundle output for a frontend web app with SLSA provenance. | ai | |
| source-diff | obfuscated-file:assets/index-BK9go90a.js | AI (source-diff): Standard Vite minified bundle output for a frontend web app with SLSA provenance. | ai | |
| source-diff | obfuscated-file:assets/index-BLEe3fSh.js | AI (source-diff): Standard Vite minified bundle output for a frontend web app with SLSA provenance. | ai | |
| source-diff | obfuscated-file:assets/index-BzLyOr9i.js | AI (source-diff): Standard Vite minified bundle output for a frontend web app with SLSA provenance. | ai | |
| source-diff | obfuscated-file:assets/index-CCpeCHPH.js | AI (source-diff): Standard Vite minified bundle output for a frontend web app with SLSA provenance. | ai | |
| source-diff | obfuscated-file:assets/index-CEavaRXP.js | AI (source-diff): Standard Vite minified bundle output for a frontend web app with SLSA provenance. | ai | |
| source-diff | obfuscated-file:assets/index-CjF1LJjl.js | AI (source-diff): Standard Vite minified bundle output for a frontend web app with SLSA provenance. | ai | |
| source-diff | obfuscated-file:assets/browser-Bno_FOM5.js | AI (source-diff): Vite-minified bundle chunk; readable logic in sample, no obfuscation indicators. | ai | |
| source-diff | obfuscated-file:assets/index-C9e50iMg.js | AI (source-diff): Vite-minified bundle chunk; standard build output. | ai | |
| source-diff | obfuscated-file:assets/index-C0-rt2dn.js | AI (source-diff): Vite-minified bundle chunk; standard build output. | ai | |
| source-diff | obfuscated-file:assets/index-1SGarbOB.js | AI (source-diff): Vite-minified bundle chunk; standard build output. | ai | |
| source-diff | obfuscated-file:assets/index-BG6GLZsY.js | AI (source-diff): Vite-minified bundle chunk; standard build output. | ai | |
| source-diff | obfuscated-file:assets/index-BH8IK9qG.js | AI (source-diff): Vite-minified bundle chunk; standard build output. | ai | |
| source-diff | obfuscated-file:assets/index-Biukm4aR.js | AI (source-diff): Vite-minified bundle chunk; standard build output. | ai | |
| source-diff | obfuscated-file:assets/index-BvDIh0L9.js | AI (source-diff): Vite-minified bundle chunk; standard build output. | ai | |
| source-diff | obfuscated-file:assets/index-BX8ba67Y.js | AI (source-diff): Vite-minified bundle chunk; standard build output. | ai | |
| source-diff | obfuscated-file:assets/index-C_clK5_s.js | AI (source-diff): Vite-minified bundle chunk; standard build output. | ai | |
| source-diff | obfuscated-file:assets/getBalance-B9RHELKb.js | AI (source-diff): Vite-minified balance utility; standard build output. | ai | |
| source-diff | net-exec-file:assets/fortmatic-BFoB9IoX.js | AI (source-diff): Fortmatic wallet SDK legitimately uses network calls; not a dropper. | ai | |
| source-diff | obfuscated-file:assets/fortmatic-BFoB9IoX.js | AI (source-diff): Vite-minified Fortmatic wallet SDK; standard build output. | ai | |
| source-diff | obfuscated-file:assets/features-ByPCiGMC.js | AI (source-diff): Vite-minified SIWE/auth features; readable logic in sample. | ai | |
| source-diff | obfuscated-file:assets/extractIPFS-zQ_TESN0.js | AI (source-diff): Vite-minified IPFS/CBOR utility; standard build output. | ai | |
| source-diff | obfuscated-file:assets/ExchangeController-DcPlPPOc.js | AI (source-diff): Vite-minified exchange controller; readable logic in sample. | ai | |
| source-diff | obfuscated-file:assets/controller-C6rWucQ6.js | AI (source-diff): Vite-minified WalletConnect controller; standard build output. | ai | |
| source-diff | obfuscated-file:assets/chains-DfJefTjW.js | AI (source-diff): Vite-minified chain config; readable blockchain network definitions in sample. | ai | |
| source-diff | obfuscated-file:assets/ccip-BSNJuvzy.js | AI (source-diff): Vite-minified CCIP wallet SDK chunk; standard build output. | ai | |
| source-diff | obfuscated-file:assets/features-Bk5cxLw-.js | AI (source-diff): Vite-minified frontend bundle; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:assets/ExchangeController-ClkiGSLd.js | AI (source-diff): Vite-minified frontend bundle; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:assets/controller-BW3XpwnG.js | AI (source-diff): Vite-minified frontend bundle; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:assets/chains-fCZgmJuo.js | AI (source-diff): Vite-minified chain definitions bundle; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:assets/Celebrate_Lottie-uOvkJlQu.js | AI (source-diff): Vite-minified frontend bundle with Lottie animation data; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:assets/ccip-m-XoVy8t.js | AI (source-diff): Vite-minified frontend bundle; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:assets/browser-DGA_ew_H.js | AI (source-diff): Vite-minified frontend bundle; not obfuscated malware. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Auth site ships full Vite build output; large file counts are expected for this package. | ai | |
| source-diff | obfuscated-file:assets/index-C7xdPwDo.js | AI (source-diff): Vite-minified frontend bundle; not obfuscated malware. | ai | |
| source-diff | net-exec-file:assets/fortmatic-D1dniSI_.js | AI (source-diff): Fortmatic SDK uses iframe postMessage + network; standard wallet SDK pattern, not dropper. | ai | |
| source-diff | obfuscated-file:assets/fortmatic-D1dniSI_.js | AI (source-diff): Vite-minified Fortmatic/Magic wallet SDK; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:assets/extractIPFS-Dhl1MlwS.js | AI (source-diff): Vite-minified frontend bundle; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:assets/index-C0U_nnOc.js | AI (source-diff): Vite-minified frontend bundle; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:assets/index-BPKtqvue.js | AI (source-diff): Vite-minified frontend bundle; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:assets/index-BI1KmXC1.js | AI (source-diff): Vite-minified frontend bundle; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:assets/index-7mpEjOv-.js | AI (source-diff): Vite-minified frontend bundle; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:assets/index--wZvuOTc.js | AI (source-diff): Vite-minified frontend bundle; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:assets/index--b9OEapF.js | AI (source-diff): Vite-minified frontend bundle; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:assets/getBalance-DrJ-Hxmy.js | AI (source-diff): Vite-minified frontend bundle; not obfuscated malware. | ai | |
| semgrep | semgrep:shady-links-tlds | AI (semgrep): Suspicious TLDs are blockchain chain/RPC endpoint configs in bundled thirdweb library, not C2 infrastructure. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get in minified WalletConnect bundle is standard JS pattern, not intentional obfuscation. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): Raw IPs appear in bundled WalletConnect/thirdweb network config, not malicious exfiltration code. | ai |
Versions (showing 6 of 6)
| Version | Deps | Published |
|---|---|---|
| 4.19.3 | 0 / 0 | |
| 4.19.1 | 0 / 0 | |
| 4.19.0 | 0 / 0 | |
| 4.18.1 | 0 / 0 | |
| 4.18.0 | 0 / 0 | |
| 4.16.0 | 0 / 0 |
v4.19.3
24 findingsThis version was published by a different npm account than previous versions on 2026-05-21. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.19.1
23 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.19.0
21 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.18.1
23 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.18.0
19 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.