@dineway-ai/admin
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/messages-V3guO_DP.js | AI (source-diff): Lingui-compiled i18n locale bundle; single-line JSON is expected output of lingui compile. | ai | |
| source-diff | obfuscated-file:dist/messages-rf9lZ42n.js | AI (source-diff): Lingui-compiled i18n locale bundle; single-line JSON is expected output of lingui compile. | ai | |
| source-diff | obfuscated-file:dist/messages-EqzQzjAO.js | AI (source-diff): Lingui-compiled i18n locale bundle; single-line JSON is expected output of lingui compile. | ai | |
| source-diff | obfuscated-file:dist/messages-Dy0fHBLM.js | AI (source-diff): Lingui-compiled i18n locale bundle; single-line JSON is expected output of lingui compile. | ai | |
| source-diff | obfuscated-file:dist/messages-DfBkF1wn.js | AI (source-diff): Lingui-compiled i18n locale bundle; single-line JSON is expected output of lingui compile. | ai | |
| source-diff | obfuscated-file:dist/messages-B7SE7IlC.js | AI (source-diff): Lingui-compiled i18n locale bundle; single-line JSON is expected output of lingui compile. | ai | |
| source-diff | obfuscated-file:dist/messages-BD0X8bF6.js | AI (source-diff): Lingui-compiled i18n locale bundle; single-line JSON is expected output of lingui compile. | ai | |
| source-diff | obfuscated-file:dist/messages-BEOU7GI3.js | AI (source-diff): Lingui-compiled i18n locale bundle; single-line JSON is expected output of lingui compile. | ai | |
| source-diff | obfuscated-file:dist/messages-CWUnMOGu.js | AI (source-diff): Lingui-compiled i18n locale bundle; single-line JSON is expected output of lingui compile. | ai | |
| source-diff | obfuscated-file:dist/messages-CXjLP0un.js | AI (source-diff): Lingui-compiled i18n locale bundle; single-line JSON is expected output of lingui compile. | ai | |
| source-diff | obfuscated-file:dist/messages-D19xRQFc.js | AI (source-diff): Lingui-compiled i18n locale bundle; single-line JSON is expected output of lingui compile. | ai | |
| source-diff | obfuscated-file:dist/messages-D4OpV_k1.js | AI (source-diff): Lingui-compiled i18n locale bundle; single-line JSON is expected output of lingui compile. | ai | |
| source-diff | obfuscated-file:dist/messages-DrjV4jY2.js | AI (source-diff): LinguiJS compiled locale bundle; single-line JSON.parse is standard build output. | ai | |
| source-diff | obfuscated-file:dist/messages-PwzGq1kL.js | AI (source-diff): LinguiJS compiled locale bundle; single-line JSON.parse is standard build output. | ai | |
| source-diff | obfuscated-file:dist/messages-r9Xvb8B7.js | AI (source-diff): LinguiJS compiled locale bundle; single-line JSON.parse is standard build output. | ai | |
| source-diff | obfuscated-file:dist/messages-VS-_5tBn.js | AI (source-diff): LinguiJS compiled locale bundle; single-line JSON.parse is standard build output. | ai | |
| source-diff | obfuscated-file:dist/locales/es-ES/messages.mjs | AI (source-diff): LinguiJS compiled locale bundle; single-line JSON.parse is standard build output. | ai | |
| source-diff | obfuscated-file:dist/locales/id/messages.mjs | AI (source-diff): LinguiJS compiled locale bundle; single-line JSON.parse is standard build output. | ai | |
| source-diff | obfuscated-file:dist/messages-hGvY1Zq1.js | AI (source-diff): LinguiJS compiled locale bundle; single-line JSON.parse is standard build output. | ai | |
| source-diff | obfuscated-file:dist/messages-4WeIkU4q.js | AI (source-diff): LinguiJS compiled locale bundle; single-line JSON.parse is standard build output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/messages-BFDklB02.js | AI (source-diff): LinguiJS compiled locale bundle; single-line JSON.parse is standard build output. | ai | |
| source-diff | obfuscated-file:dist/messages-Bkt0RgIe.js | AI (source-diff): LinguiJS compiled locale bundle; single-line JSON.parse is standard build output. | ai | |
| source-diff | obfuscated-file:dist/messages-CBaMPyz4.js | AI (source-diff): LinguiJS compiled locale bundle; single-line JSON.parse is standard build output. | ai | |
| source-diff | obfuscated-file:dist/messages-CgCsfkbG.js | AI (source-diff): LinguiJS compiled locale bundle; single-line JSON.parse is standard build output. | ai | |
| source-diff | obfuscated-file:dist/messages-cTPB1zis.js | AI (source-diff): LinguiJS compiled locale bundle; single-line JSON.parse is standard build output. | ai | |
| source-diff | obfuscated-file:dist/messages-CubX6isC.js | AI (source-diff): LinguiJS compiled locale bundle; single-line JSON.parse is standard build output. | ai | |
| source-diff | obfuscated-file:dist/messages-D56gYHPU.js | AI (source-diff): LinguiJS compiled locale bundle; single-line JSON.parse is standard build output. | ai | |
| source-diff | obfuscated-file:dist/messages-DaUmRAvI.js | AI (source-diff): LinguiJS compiled locale bundle; single-line JSON.parse is standard build output. | ai | |
| source-diff | obfuscated-file:dist/messages-DiiuHRTj.js | AI (source-diff): LinguiJS compiled locale bundle; single-line JSON.parse is standard build output. | ai | |
| source-diff | obfuscated-file:dist/messages-DpaW5ldd.js | AI (source-diff): LinguiJS compiled locale bundle; single-line JSON.parse is standard build output. | ai | |
| phantom-deps | phantom-dep:class-variance-authority | AI (phantom-deps): Declared dependency; used via config/plugin system, not direct imports. | ai | |
| phantom-deps | phantom-dep:@tiptap/extension-drag-handle | AI (phantom-deps): Declared dependency; used via config/plugin system, not direct imports. | ai | |
| phantom-deps | phantom-dep:@tiptap/extension-node-range | AI (phantom-deps): Declared dependency; used via config/plugin system, not direct imports. | ai | |
| phantom-deps | phantom-dep:@tiptap/extension-dropcursor | AI (phantom-deps): Declared dependency; used via config/plugin system, not direct imports. | ai | |
| phantom-deps | phantom-dep:@tiptap/extension-underline | AI (phantom-deps): Declared dependency; used via config/plugin system, not direct imports. | ai |
Versions (showing 10 of 10)
| Version | Deps | Published |
|---|---|---|
| 0.1.15 | 36 / 22 | |
| 0.1.14 | 36 / 22 | |
| 0.1.13 | 36 / 22 | |
| 0.1.12 | 36 / 22 | |
| 0.1.11 | 36 / 22 | |
| 0.1.10 | 32 / 22 | |
| 0.1.9 | 32 / 22 | |
| 0.1.7 | 34 / 22 | |
| 0.1.6 | 34 / 22 | |
| 0.1.3 | 34 / 22 |
v0.1.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.13
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: foodismai.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.12
20 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: foodismai.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.11
16 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: foodismai.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.7
2 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: foodismai.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.