@deephaven/code-studio
Deephaven Code Studio
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:build/assets/StyleGuideRoot-DIgphPUV.js | AI (source-diff): Standard Vite minified build output. | ai | |
| source-diff | obfuscated-file:build/assets/plotly-CBNHD7j_.js | AI (source-diff): Standard Vite minified build output (Plotly.js bundle). | ai | |
| source-diff | obfuscated-file:build/assets/MockChartModel-CUWOl-Mj.js | AI (source-diff): Standard Vite minified build output. | ai | |
| source-diff | obfuscated-file:build/assets/MarkdownNotebook-B31N5SS-.js | AI (source-diff): Standard Vite minified build output. | ai | |
| source-diff | obfuscated-file:build/assets/MissingPartitionError-BzBDLVOx.js | AI (source-diff): Standard Vite minified build output. | ai | |
| source-diff | obfuscated-file:build/assets/mathjax-C7PueJJ3.js | AI (source-diff): Standard Vite minified build output. | ai | |
| source-diff | net-exec-file:build/assets/vendor-CBHy4Bzd.js | AI (source-diff): Vendor bundle with fetch() calls; standard React/browser API usage, not dropper behavior. | ai | |
| source-diff | obfuscated-file:build/assets/AppRoot-CuDvgdxQ.js | AI (source-diff): Standard Vite minified build output; consistent pattern across all versions of this package. | ai | |
| source-diff | obfuscated-file:build/assets/Chart-CcVTHyi2.js | AI (source-diff): Standard Vite minified build output. | ai | |
| source-diff | obfuscated-file:build/assets/ControlType-DTtRJst-.js | AI (source-diff): Standard Vite minified build output. | ai | |
| source-diff | obfuscated-file:build/assets/Grid-BmlbSMcd.js | AI (source-diff): Standard Vite minified build output. | ai | |
| source-diff | obfuscated-file:build/assets/GridTokenMouseHandler-B0zEXiLQ.js | AI (source-diff): Standard Vite minified build output. | ai | |
| source-diff | obfuscated-file:build/assets/index-C6xCO-S8.js | AI (source-diff): Standard Vite minified build output. | ai | |
| source-diff | obfuscated-file:build/assets/index-Dyj4L1M6.js | AI (source-diff): Standard Vite minified build output. | ai | |
| source-diff | obfuscated-file:build/assets/index-NPxZvI7J.js | AI (source-diff): Standard Vite minified build output. | ai | |
| source-diff | obfuscated-file:build/assets/IrisGrid-B39n3oQw.js | AI (source-diff): Standard Vite minified build output. | ai | |
| source-diff | obfuscated-file:build/assets/IrisGridModel-BMc1aL9l.js | AI (source-diff): Standard Vite minified build output. | ai | |
| source-diff | obfuscated-file:build/assets/IrisGridShortcuts-Dq08zjvW.js | AI (source-diff): Standard Vite minified build output. | ai | |
| source-diff | obfuscated-file:build/assets/IrisGridThemeProvider-C0E4JRrJ.js | AI (source-diff): Standard Vite minified build output. | ai | |
| source-diff | obfuscated-file:build/assets/LocalWorkspaceStorage-0jYLdQP7.js | AI (source-diff): Standard Vite minified build output. | ai | |
| source-diff | obfuscated-file:build/assets/MockChartModel-eKFrNG3K.js | AI (source-diff): Standard Vite build output for mock chart model. | ai | |
| source-diff | obfuscated-file:build/assets/AppRoot-NMo-Zlso.js | AI (source-diff): Standard Vite build output; minified React app bundle, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:build/assets/Chart-DTLrmMQR.js | AI (source-diff): Standard Vite build output for Deephaven chart component. | ai | |
| source-diff | obfuscated-file:build/assets/ControlType-aAfFvujo.js | AI (source-diff): Standard Vite build output for Deephaven control type component. | ai | |
| source-diff | obfuscated-file:build/assets/Grid-DMho49wj.js | AI (source-diff): Standard Vite build output for Deephaven grid component. | ai | |
| source-diff | obfuscated-file:build/assets/GridTokenMouseHandler-_sMp-3oP.js | AI (source-diff): Standard Vite build output for Deephaven grid mouse handler. | ai | |
| source-diff | obfuscated-file:build/assets/index-B5GSM_Gf.js | AI (source-diff): Standard Vite build output; normal React module imports visible. | ai | |
| source-diff | obfuscated-file:build/assets/index-C3GY9AgD.js | AI (source-diff): Standard Vite build output; modulepreload polyfill and React imports visible. | ai | |
| source-diff | obfuscated-file:build/assets/index-CIue_U7Z.js | AI (source-diff): Standard Vite build output for Deephaven index module. | ai | |
| source-diff | obfuscated-file:build/assets/IrisGrid-BIN4MxWT.js | AI (source-diff): Standard Vite build output for IrisGrid component. | ai | |
| source-diff | obfuscated-file:build/assets/IrisGridModel-D5t8PwBh.js | AI (source-diff): Standard Vite build output for IrisGridModel. | ai | |
| source-diff | obfuscated-file:build/assets/IrisGridShortcuts-CUFIxudN.js | AI (source-diff): Standard Vite build output for IrisGrid shortcuts. | ai | |
| source-diff | obfuscated-file:build/assets/IrisGridThemeProvider-CkWwnuUb.js | AI (source-diff): Standard Vite build output for IrisGrid theme provider. | ai | |
| source-diff | obfuscated-file:build/assets/LocalWorkspaceStorage-DXCun5wd.js | AI (source-diff): Standard Vite build output for local workspace storage. | ai | |
| source-diff | obfuscated-file:build/assets/MarkdownNotebook-Dri21Gmn.js | AI (source-diff): Standard Vite build output for markdown notebook component. | ai | |
| source-diff | obfuscated-file:build/assets/mathjax-DBtzGpr4.js | AI (source-diff): Standard Vite build output; MathJax is a well-known math rendering library. | ai | |
| source-diff | obfuscated-file:build/assets/MissingPartitionError-DClkHVxz.js | AI (source-diff): Standard Vite build output for error handling component. | ai | |
| source-diff | obfuscated-file:build/assets/plotly-x103-xtU.js | AI (source-diff): Standard Vite build output; Plotly is a well-known charting library. | ai | |
| source-diff | obfuscated-file:build/assets/StyleGuideRoot-xed9z_XO.js | AI (source-diff): Standard Vite build output for style guide component. | ai | |
| source-diff | net-exec-file:build/assets/vendor-V8Io1aAM.js | AI (source-diff): Vite modulepreload polyfill uses fetch(); standard browser optimization, not dropper behavior. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Monorepo app package; README and metadata style are consistent across all @deephaven/* releases. | ai | |
| phantom-deps | phantom-dep:react-dom | AI (phantom-deps): Same bundled-app pattern; stable false positive. | ai | |
| phantom-deps | phantom-dep:monaco-editor | AI (phantom-deps): Same bundled-app pattern; stable false positive. | ai | |
| phantom-deps | phantom-dep:pouchdb-browser | AI (phantom-deps): Same bundled-app pattern; stable false positive. | ai | |
| phantom-deps | phantom-dep:pouchdb-find | AI (phantom-deps): Same bundled-app pattern; stable false positive. | ai | |
| phantom-deps | phantom-dep:redux | AI (phantom-deps): Same bundled-app pattern; stable false positive. | ai | |
| phantom-deps | phantom-dep:react | AI (phantom-deps): Bundled app; deps consumed via build tooling, not direct imports. Stable pattern for this package. | ai |
v1.20.0
21 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.19.0
21 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.18.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.