@eide/foir-proto-ts
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:src/apps/v1/apps_pb.js | AI (source-diff): protoc-gen-es generated file; long lines are base64 proto descriptors, not obfuscation. | ai | |
| source-diff | encoded-string-file:src/queue/v1/queue_pb.js | AI (source-diff): Base64 proto file descriptor in protoc-gen-es generated code; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:src/placements/v1/placements_pb.js | AI (source-diff): protoc-gen-es generated file; long lines are base64 proto descriptors, not obfuscation. | ai | |
| source-diff | obfuscated-file:src/email/v1/email_pb.js | AI (source-diff): protoc-gen-es generated file; long lines are base64 proto descriptors, not obfuscation. | ai | |
| source-diff | obfuscated-file:src/apps/v1/apps_service_pb.js | AI (source-diff): protoc-gen-es generated file; long lines are base64 proto descriptors, not obfuscation. | ai | |
| source-diff | encoded-string-file:src/placements/v1/placements_pb.js | AI (source-diff): Standard protoc-gen-es fileDesc() base64 descriptor; stable pattern for this package. | ai | |
| source-diff | encoded-string-file:src/secrets/v1/secrets_pb.js | AI (source-diff): Standard protoc-gen-es fileDesc() base64 descriptor; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:src/deploy/v1/deploy_pb.js | AI (source-diff): protoc-gen-es generated file; long lines are base64 proto descriptors, not obfuscation. | ai | |
| source-diff | encoded-string-file:src/email/v1/email_pb.js | AI (source-diff): Base64 protobuf file descriptor generated by buf; stable pattern for this package. | ai | |
| source-diff | encoded-string-file:src/notifications/v1/notifications_pb.js | AI (source-diff): Base64 protobuf file descriptor generated by buf; stable pattern for this package. | ai | |
| source-diff | encoded-string-file:src/billing/v1/billing_pb.js | AI (source-diff): Base64 protobuf file descriptor generated by buf; stable pattern for this package. | ai | |
| source-diff | encoded-string-file:src/storage/v1/storage_pb.js | AI (source-diff): Base64 protobuf file descriptor from protoc-gen-es codegen; stable pattern for this package. | ai | |
| source-diff | encoded-string-file:src/hooks/v1/hooks_pb.js | AI (source-diff): Base64 protobuf file descriptor from protoc-gen-es codegen; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:src/integrations/v1/integrations_pb.js | AI (source-diff): protoc-gen-es generated file; long lines are base64 proto descriptors, not obfuscation. | ai | |
| source-diff | obfuscated-file:src/buf/validate/validate_pb.js | AI (source-diff): protoc-gen-es generated file from buf/validate; same pattern. | ai | |
| source-diff | encoded-string-file:src/segments/v1/segments_pb.js | AI (source-diff): Base64 protobuf file descriptor generated by buf; stable pattern for this package. | ai | |
| source-diff | encoded-string-file:src/experiments/v1/experiments_pb.js | AI (source-diff): protoc-gen-es generated fileDesc() base64 descriptor; stable false positive for this package. | ai | |
| source-diff | encoded-string-file:src/settings/v1/settings_pb.js | AI (source-diff): Standard protoc-gen-es fileDesc() base64 payload; stable pattern for this package. | ai | |
| source-diff | encoded-string-file:src/schedules/v1/schedules_pb.js | AI (source-diff): Standard protoc-gen-es fileDesc() base64 payload; stable pattern for this package. | ai | |
| source-diff | encoded-string-file:src/records/v1/records_pb.js | AI (source-diff): Standard protoc-gen-es fileDesc() base64 payload; stable pattern for this package. | ai | |
| source-diff | encoded-string-file:src/operations/v1/operations_pb.js | AI (source-diff): Standard protoc-gen-es fileDesc() base64 payload; stable pattern for this package. | ai | |
| source-diff | encoded-string-file:src/identity/v1/identity_pb.js | AI (source-diff): Standard protoc-gen-es fileDesc() base64 payload; stable pattern for this package. | ai | |
| source-diff | encoded-string-file:src/expressions/v1/expressions_pb.js | AI (source-diff): Standard protoc-gen-es fileDesc() base64 payload; stable pattern for this package. | ai | |
| source-diff | encoded-string-file:src/apps/v1/apps_service_pb.js | AI (source-diff): Standard protoc-gen-es fileDesc() base64 payload; stable pattern for this package. | ai | |
| source-diff | encoded-string-file:src/analytics/v1/analytics_pb.js | AI (source-diff): Standard protoc-gen-es fileDesc() base64 payload; stable pattern for this package. | ai | |
| source-diff | obfuscated-file:src/secrets/v1/secrets_pb.js | AI (source-diff): Base64 protobuf file descriptor generated by protoc-gen-es; not obfuscation. | ai | |
| source-diff | encoded-string-file:src/models/v1/models_pb.js | AI (source-diff): Standard protoc-gen-es fileDesc() base64 payload; stable pattern for this package. | ai | |
| phantom-deps | phantom-dep:@connectrpc/connect | AI (phantom-deps): ConnectRPC is a peer/runtime dep used by generated connect files; not directly imported in pb files. | ai | |
| source-diff | encoded-string-file:src/configs/v1/configs_pb.js | AI (source-diff): Base64 protobuf file descriptors are standard output of buf generate; stable pattern for this package. | ai |
Versions (showing 9 of 109)
| Version | Deps | Published |
|---|---|---|
| 0.3.7 | 2 / 0 | |
| 0.3.6 | 2 / 0 | |
| 0.3.5 | 2 / 0 | |
| 0.3.4 | 2 / 0 | |
| 0.3.3 | 2 / 0 | |
| 0.3.2 | 2 / 0 | |
| 0.3.1 | 2 / 0 | |
| 0.1.1 | 2 / 0 | |
| 0.1.0 | 2 / 0 |
v0.3.7
11 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.6
11 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.5
11 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.4
11 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.3
10 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.2
7 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.1
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.