← Home

@eox/map

npm Repository Homepage

[Examples](https://eox-a.github.io/EOxElements/elements/map/examples/index.html)

4
Versions
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

silvester-parisantillandlubojrschpidistefanbrand

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff encoded-string-file:dist/eox-map-advanced-layers-and-sources.umd.cjs AI (source-diff): Long strings are minified WebGL shader source code, not encoded payloads. ai
source-diff obfuscated-file:dist/lz4-Csz5aoFA.js AI (source-diff): Emscripten WASM wrapper for numcodecs/lz4 codec; minified by design. ai
source-diff obfuscated-file:dist/zstd-Cttq39rt.js AI (source-diff): Minified zstddec streaming decoder from known upstream; not malicious. ai
source-diff obfuscated-file:dist/zstd-dJuUp1fl.js AI (source-diff): Emscripten WASM wrapper for numcodecs/zstd codec; minified by design. ai
source-diff obfuscated-file:dist/blosc-DL1kZHdE.js AI (source-diff): Emscripten WASM wrapper for numcodecs/blosc compression codec; minified by design. ai
source-diff obfuscated-file:dist/lerc-BRg84-C8.js AI (source-diff): Minified LERC/zstddec decoder bundle from known upstream packages; not malicious. ai
typosquat typosquat.levenshtein:yup AI (typosquat): Scoped package @eox/map; Levenshtein match to 'yup' is spurious, no squatting intent. ai
semgrep semgrep:eval-usage AI (semgrep): eval() used for documented serialize-javascript deserialization pattern; input is internally serialized layer config, not user-controlled arbitrary input. ai
typosquat typosquat.levenshtein:hapi AI (typosquat): Scoped package @eox/map; Levenshtein match to 'hapi' is spurious, no squatting intent. ai

Versions (showing 4 of 4)

Version Deps Published
2.6.0 10 / 2
2.5.1 10 / 2
2.5.0 10 / 2
2.4.0 10 / 2

v2.6.0

7 findings
HIGH New obfuscated file: dist/blosc-DL1kZHdE.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/lerc-BRg84-C8.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/lz4-Csz5aoFA.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/zstd-Cttq39rt.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/zstd-dJuUp1fl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH Long encoded string in modified file: dist/eox-map-advanced-layers-and-sources.umd.cjs source-diff

Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.5.1

7 findings
HIGH New obfuscated file: dist/blosc-DL1kZHdE.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/lerc-BRg84-C8.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/lz4-Csz5aoFA.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/zstd-Cttq39rt.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/zstd-dJuUp1fl.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH Long encoded string in modified file: dist/eox-map-advanced-layers-and-sources.umd.cjs source-diff

Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.5.0

2 findings
HIGH Long encoded string in modified file: dist/eox-map-advanced-layers-and-sources.umd.cjs source-diff

Modified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.