@everymatrix/casino-challenges-overlay-modal
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/casino-challenges-overlay-modal/casino-challenges-overlay-modal-db247915.js | AI (source-diff): Standard Stencil.js minified build output; ESM counterpart shows identical benign widget code with full comments. | ai | |
| source-diff | obfuscated-file:dist/esm/casino-challenges-overlay-modal-db247915.js | AI (source-diff): Readable ESM build of the same widget; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/cjs/casino-challenges-overlay-modal-dc6a3d2b.js | AI (source-diff): CJS build output from Stencil compiler; content matches the readable ESM source. | ai | |
| source-diff | obfuscated-file:dist/cjs/casino-challenges-overlay-modal-9c6d5914.js | AI (source-diff): Standard Stencil.js minified build output; consistent with this package's established release pattern. | ai | |
| source-diff | obfuscated-file:dist/esm/casino-challenges-overlay-modal-c6c434fc.js | AI (source-diff): Standard Stencil.js minified build output; consistent with this package's established release pattern. | ai | |
| source-diff | obfuscated-file:dist/casino-challenges-overlay-modal/casino-challenges-overlay-modal-c6c434fc.js | AI (source-diff): Standard Stencil.js minified build output; consistent with this package's established release pattern. | ai | |
| source-diff | obfuscated-file:dist/esm/casino-challenges-overlay-modal-c2779f9d.js | AI (source-diff): Readable ESM build with full JSDoc; minification is normal for this package's build pipeline. | ai | |
| source-diff | obfuscated-file:dist/casino-challenges-overlay-modal/index-f13cfc58.js | AI (source-diff): Stencil runtime bundle; minified but consistent with the framework's known output pattern. | ai | |
| source-diff | obfuscated-file:dist/cjs/casino-challenges-overlay-modal-f175177e.js | AI (source-diff): CJS build output matching the ESM source; standard Stencil.js artifact. | ai | |
| source-diff | obfuscated-file:dist/casino-challenges-overlay-modal/casino-challenges-overlay-modal-c2779f9d.js | AI (source-diff): Standard Stencil.js minified build output; readable ESM counterpart confirms benign UI widget code. | ai | |
| source-diff | obfuscated-file:dist/cjs/casino-challenges-overlay-modal-51feec57.js | AI (source-diff): Standard Rollup/Stencil minified bundle output; consistent pattern across all @everymatrix widget packages. | ai | |
| source-diff | obfuscated-file:dist/casino-challenges-overlay-modal/casino-challenges-overlay-modal-e822a04e.js | AI (source-diff): Standard Rollup/Stencil minified bundle output; consistent pattern across all @everymatrix widget packages. | ai | |
| source-diff | obfuscated-file:dist/esm/casino-challenges-overlay-modal-e822a04e.js | AI (source-diff): Standard Rollup/Stencil minified bundle output; consistent pattern across all @everymatrix widget packages. | ai | |
| source-diff | obfuscated-file:dist/cjs/casino-challenges-overlay-modal-fab551cf.js | AI (source-diff): Readable commented CJS build artifact, not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/casino-challenges-overlay-modal/casino-challenges-overlay-modal-d2385e9a.js | AI (source-diff): Standard minified Stencil build output; ESM/CJS counterparts confirm legitimate readable source. | ai | |
| source-diff | obfuscated-file:dist/esm/casino-challenges-overlay-modal-d2385e9a.js | AI (source-diff): Readable commented ESM build artifact, not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/cjs/casino-challenges-overlay-modal-12648731.js | AI (source-diff): Standard Rollup/Stencil build output with long bundled lines; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/esm/casino-challenges-overlay-modal-b880b02b.js | AI (source-diff): Standard Stencil ESM build artifact; readable source with JSDoc comments, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/casino-challenges-overlay-modal/casino-challenges-overlay-modal-b880b02b.js | AI (source-diff): Standard minified ESM bundle from Stencil build pipeline; content is benign UI component code. | ai | |
| source-diff | obfuscated-file:dist/cjs/casino-challenges-overlay-modal-5004ed4a.js | AI (source-diff): Standard Rollup/Stencil minified bundle; no malicious patterns in samples. | ai | |
| source-diff | obfuscated-file:dist/casino-challenges-overlay-modal/index-603664b0.js | AI (source-diff): Standard Stencil runtime bundle; minification pattern consistent with legitimate build tooling. | ai | |
| source-diff | obfuscated-file:dist/esm/casino-challenges-overlay-modal-a6da84b6.js | AI (source-diff): Standard Rollup/Stencil minified bundle; no malicious patterns in samples. | ai | |
| source-diff | obfuscated-file:dist/casino-challenges-overlay-modal/casino-challenges-overlay-modal-a6da84b6.js | AI (source-diff): Standard Rollup/Stencil minified bundle; no malicious patterns in samples. | ai | |
| source-diff | obfuscated-file:dist/cjs/casino-challenges-overlay-modal-3fbdf2d7.js | AI (source-diff): Standard Rollup CJS bundle output for this Stencil widget; long lines are minified but not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/esm/casino-challenges-overlay-modal-f5be3740.js | AI (source-diff): Standard Rollup ESM bundle output; same pattern as other @everymatrix widget packages. | ai | |
| source-diff | obfuscated-file:dist/casino-challenges-overlay-modal/casino-challenges-overlay-modal-f5be3740.js | AI (source-diff): Standard Stencil IIFE bundle; minified but readable widget code, no malicious patterns. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Scoped org package with 216 versions; sparse metadata is typical for internal widget components published via Artifactory. | ai |
Versions (showing 51 of 143)
| Version | Deps | Published |
|---|---|---|
| 0.17.32 | 0 / 0 | |
| 0.17.31 | 0 / 0 | |
| 0.17.30 | 0 / 0 | |
| 0.17.29 | 0 / 0 | |
| 0.17.28 | 0 / 0 | |
| 0.17.27 | 0 / 0 | |
| 0.17.26 | 0 / 0 | |
| 0.17.25 | 0 / 0 | |
| 0.17.24 | 0 / 0 | |
| 0.17.23 | 0 / 0 | |
| 0.17.22 | 0 / 0 | |
| 0.17.21 | 0 / 0 | |
| 0.17.20 | 0 / 0 | |
| 0.17.19 | 0 / 0 | |
| 0.17.18 | 0 / 0 | |
| 0.17.17 | 0 / 0 | |
| 0.17.16 | 0 / 0 | |
| 0.17.15 | 0 / 0 | |
| 0.17.9 | 0 / 0 | |
| 0.17.8 | 0 / 0 | |
| 0.17.7 | 0 / 0 | |
| 0.17.6 | 0 / 0 | |
| 0.17.5 | 0 / 0 | |
| 0.17.4 | 0 / 0 | |
| 0.17.3 | 0 / 0 | |
| 0.17.2 | 0 / 0 | |
| 0.17.1 | 0 / 0 | |
| 0.17.0 | 0 / 0 | |
| 0.16.15 | 0 / 0 | |
| 0.16.14 | 0 / 0 | |
| 0.16.13 | 0 / 0 | |
| 0.16.12 | 0 / 0 | |
| 0.16.11 | 0 / 0 | |
| 0.16.10 | 0 / 0 | |
| 0.16.9 | 0 / 0 | |
| 0.16.8 | 0 / 0 | |
| 0.16.7 | 0 / 0 | |
| 0.16.6 | 0 / 0 | |
| 0.16.5 | 0 / 0 | |
| 0.16.4 | 0 / 0 | |
| 0.16.3 | 0 / 0 | |
| 0.16.2 | 0 / 0 | |
| 0.16.1 | 0 / 0 | |
| 0.16.0 | 0 / 0 | |
| 0.15.8 | 0 / 0 | |
| 0.15.7 | 0 / 0 | |
| 0.15.6 | 0 / 0 | |
| 0.15.5 | 0 / 0 | |
| 0.15.4 | 0 / 0 | |
| 0.15.3 | 0 / 0 | |
| 0.15.2 | 0 / 0 |
v0.17.32
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.31
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.30
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.29
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.28
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.27
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.26
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.25
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.24
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.23
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.22
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.21
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.18
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.17
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.16
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.15
2 findingsPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-05-26, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.17.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.7
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.6
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.5
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.4
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.3
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.2
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.1
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.17.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.15
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.14
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.13
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.12
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.2
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.1
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.16.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.8
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.7
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.6
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.5
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.4
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.3
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.2
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.