@doist/todoist-ai
A collection of tools for Todoist using AI
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/mcp-server-CyfuDwZZ.js | AI (source-diff): Vite-bundled output with readable imports; long lines are minified but not obfuscated. Normal for this build toolchain. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-RtvDgXJL.js | AI (source-diff): Vite-bundled MCP server entry; minified but readable, no obfuscation indicators in sample. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-DxuxnYdP.js | AI (source-diff): Vite-bundled output; sample shows readable, expected imports — minified not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-CmK25-kD.js | AI (source-diff): Vite-bundled MCP server output; long lines are minification, not obfuscation. Imports are from known legitimate packages. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-DbJt0ye-.js | AI (source-diff): Vite-bundled MCP server output; readable imports, no obfuscation or malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-WZSyKBI3.js | AI (source-diff): Vite-bundled/minified output from official Doist repo; SLSA provenance confirmed; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-DGzZmcM0.js | AI (source-diff): Vite-bundled MCP server output; minified but readable source with no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-BVQebUMI.js | AI (source-diff): Vite-bundled MCP server output; readable imports and logic, no obfuscation or malicious payload. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-joQwu-al.js | AI (source-diff): Vite-bundled MCP server output; readable imports visible in sample, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-B2UZESHN.js | AI (source-diff): Vite build output with content-hash filename; readable imports and logic, not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-Cp8MQfjN.js | AI (source-diff): Vite-bundled MCP server output; readable imports visible in sample, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-CpknpMVT.js | AI (source-diff): Vite-bundled MCP server output; readable imports and logic, no encoding/eval obfuscation patterns. | ai | |
| provenance | slsa-provenance | AI (provenance): SLSA provenance via Sigstore confirms CI/CD publish; explains GitHub Actions as publisher. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-BSq1aDGV.js | AI (source-diff): Vite-bundled output; readable imports and logic visible in sample, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-XMbKjXzn.js | AI (source-diff): Vite-bundled MCP server; minified but readable, imports known deps, not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-BnBFhyza.js | AI (source-diff): Vite-bundled MCP server output; readable imports, no obfuscation or payload — minification is expected for this build toolchain. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-BxuJ84xm.js | AI (source-diff): Vite-bundled output; readable imports confirm legitimate minification, not obfuscation. Stable pattern for this build toolchain. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-C9Fh8cFk.js | AI (source-diff): Vite-bundled MCP server; sample shows readable minified code from known deps, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-BzVo9eGr.js | AI (source-diff): Vite-bundled MCP server; sample shows readable code with known imports, not obfuscated payload. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-CseMVkwa.js | AI (source-diff): Vite build output (minified, not obfuscated); sample shows clean readable imports from known packages. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-DhEtPePv.js | AI (source-diff): Vite-bundled MCP server output; long lines are minification artifacts, not obfuscation. Stable pattern for this package. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Dynamic require is used to resolve package.json path for bin launcher — benign pattern in @doist/todoist-mcp. | ai | |
| source-diff | source-size-dropped | AI (source-diff): Package is an intentional deprecation stub redirecting to @doist/todoist-mcp; minimal size is expected. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-BjgwY4SD.js | AI (source-diff): Vite-bundled MCP server output; readable imports confirm legitimate minification, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-Ci-o1OeT.js | AI (source-diff): Vite-bundled MCP server output; sample shows readable imports, not obfuscation. Expected pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-CedV8jUV.js | AI (source-diff): Vite-bundled MCP server; sample shows readable minified code with legitimate imports, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-DJK_AbsH.js | AI (source-diff): Vite-bundled MCP server output; readable imports, no obfuscation or payload — minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-BxHvudlC.js | AI (source-diff): Standard Vite bundle output; readable minified JS with legitimate imports, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-BTYWubVl.js | AI (source-diff): Vite-bundled MCP server output; readable imports confirm minified not obfuscated. Expected for this package's build process. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-7Fd5IHPC.js | AI (source-diff): File is a standard Vite/Rollup bundle with readable imports; long lines are minified but not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-DMDtV98X.js | AI (source-diff): Standard Vite minified bundle with readable imports; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-BhctkyAa.js | AI (source-diff): File is minified build output (readable identifiers, no encoding/eval); SLSA provenance confirms CI build integrity. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-BrftnFt9.js | AI (source-diff): Vite-bundled MCP server output; sample shows readable legitimate code, not obfuscation. | ai | |
| source-diff | large-new-source-files | AI (source-diff): New files are Vite build artifacts for MCP server feature addition. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-Ho6OHmZE.js | AI (source-diff): Vite-bundled MCP server output; readable imports and logic visible in sample, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-BoYlFxsR.js | AI (source-diff): Vite-bundled MCP server output; readable imports and no malicious patterns in sample. Expected build artifact for this package. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase explained by inlining @modelcontextprotocol/sdk (moved from runtime dep to peer dep + bundled). Expected for this package. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-DYc-KMKy.js | AI (source-diff): Vite-bundled output with readable imports; long lines are minified bundle, not obfuscation. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-B9j96GQ2.js | AI (source-diff): Vite-bundled MCP server output; sample shows readable imports, not obfuscation. Long lines are minified bundle, not malicious payload. | ai | |
| source-diff | obfuscated-file:dist/mcp-server-BhXFK7dP.js | AI (source-diff): Vite-bundled MCP server output; sample shows clean readable code from known deps, not obfuscation. | ai | |
| phantom-deps | phantom-dep:date-fns | AI (phantom-deps): date-fns is a declared runtime dep; phantom-dep false positive for this package. | ai | |
| phantom-deps | phantom-dep:dompurify | AI (phantom-deps): dompurify is a declared runtime dependency; phantom-dep is a false positive for this package. | ai |
Versions (showing 51 of 74)
| Version | Deps | Published |
|---|---|---|
| 9.0.0 | 1 / 0 | |
| 8.12.3 | 7 / 30 | |
| 8.12.2 | 7 / 30 | |
| 8.12.1 | 7 / 29 | |
| 8.12.0 | 7 / 29 | |
| 8.11.1 | 7 / 29 | |
| 8.11.0 | 7 / 29 | |
| 8.10.0 | 7 / 29 | |
| 8.9.2 | 7 / 29 | |
| 8.9.1 | 7 / 29 | |
| 8.9.0 | 7 / 29 | |
| 8.8.8 | 7 / 29 | |
| 8.8.7 | 7 / 29 | |
| 8.8.6 | 7 / 29 | |
| 8.8.5 | 7 / 28 | |
| 8.8.4 | 7 / 28 | |
| 8.8.3 | 7 / 28 | |
| 8.8.2 | 7 / 28 | |
| 8.8.1 | 7 / 28 | |
| 8.8.0 | 7 / 28 | |
| 8.7.2 | 7 / 28 | |
| 8.7.1 | 7 / 28 | |
| 8.7.0 | 7 / 28 | |
| 8.6.0 | 6 / 25 | |
| 8.5.0 | 6 / 25 | |
| 8.4.2 | 6 / 21 | |
| 8.4.1 | 6 / 21 | |
| 8.4.0 | 6 / 21 | |
| 8.3.0 | 6 / 21 | |
| 8.2.0 | 6 / 21 | |
| 8.1.0 | 6 / 21 | |
| 8.0.2 | 6 / 21 | |
| 8.0.1 | 6 / 21 | |
| 8.0.0 | 6 / 21 | |
| 7.16.0 | 6 / 21 | |
| 7.15.0 | 6 / 21 | |
| 7.14.0 | 6 / 21 | |
| 7.13.0 | 6 / 21 | |
| 7.12.0 | 6 / 21 | |
| 7.11.2 | 6 / 21 | |
| 7.11.1 | 6 / 21 | |
| 7.11.0 | 6 / 21 | |
| 7.10.1 | 6 / 21 | |
| 7.10.0 | 6 / 21 | |
| 7.9.0 | 6 / 21 | |
| 7.8.1 | 6 / 21 | |
| 7.8.0 | 6 / 21 | |
| 7.7.0 | 6 / 21 | |
| 7.6.0 | 6 / 21 | |
| 7.5.1 | 6 / 21 | |
| 7.5.0 | 6 / 21 |
v9.0.0
2 findingsThis version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.
This version was published by a different npm account than previous versions on 2026-05-14. This could indicate a legitimate maintainer transition or an account compromise.
v8.12.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.12.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.12.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.12.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.11.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.11.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.9.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.7.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.7.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.5.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.4.2
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.4.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.4.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.3.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.2.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.1.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.0.2
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.0.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v8.0.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.16.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.15.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.14.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.13.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.12.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.11.2
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.11.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.11.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.10.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.10.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.9.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.8.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.8.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.7.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.6.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.5.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v7.5.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.