@everymatrix/casino-challenges-player-history
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/cjs/casino-challenges-player-history-6b3eef26.js | AI (source-diff): CJS build output matching ESM counterpart; standard minification. | ai | |
| source-diff | obfuscated-file:dist/esm/casino-challenges-player-history-4eb420df.js | AI (source-diff): ESM build output with full readable source; no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/casino-challenges-player-history/casino-challenges-player-history-4eb420df.js | AI (source-diff): Standard Stencil/Rollup minified bundle; readable ESM counterpart confirms benign widget code. | ai | |
| source-diff | obfuscated-file:dist/cjs/casino-challenges-player-history-0b72d1de.js | AI (source-diff): Standard minified Stencil bundle output; consistent with this package's established build pattern. | ai | |
| source-diff | obfuscated-file:dist/esm/casino-challenges-player-history-dd714e91.js | AI (source-diff): Standard minified Stencil bundle output; consistent with this package's established build pattern. | ai | |
| source-diff | obfuscated-file:dist/casino-challenges-player-history/casino-challenges-player-history-dd714e91.js | AI (source-diff): Standard minified Stencil bundle output; consistent with this package's established build pattern. | ai | |
| source-diff | obfuscated-file:dist/esm/casino-challenges-player-history-2beb1518.js | AI (source-diff): Standard Stencil.js ESM minified bundle; no malicious patterns in sampled code. | ai | |
| source-diff | obfuscated-file:dist/cjs/casino-challenges-player-history-c2b8b466.js | AI (source-diff): Standard Stencil.js CJS minified bundle; no malicious patterns in sampled code. | ai | |
| source-diff | obfuscated-file:dist/casino-challenges-player-history/casino-challenges-player-history-2beb1518.js | AI (source-diff): Standard Stencil.js minified bundle output; consistent with this package's established build pattern. | ai | |
| source-diff | obfuscated-file:dist/casino-challenges-player-history/casino-challenges-player-history-f04fd681.js | AI (source-diff): Standard Stencil minified build output; no obfuscation or malicious payload. | ai | |
| source-diff | obfuscated-file:dist/esm/casino-challenges-player-history-f04fd681.js | AI (source-diff): Standard Stencil minified build output; no obfuscation or malicious payload. | ai | |
| source-diff | obfuscated-file:dist/cjs/casino-challenges-player-history-b731ef11.js | AI (source-diff): Standard Stencil minified build output; no obfuscation or malicious payload. | ai | |
| source-diff | obfuscated-file:dist/casino-challenges-player-history/casino-challenges-player-history-eef54e8f.js | AI (source-diff): Standard Rollup/Stencil minified bundle for this widget; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/cjs/casino-challenges-player-history-15f8b817.js | AI (source-diff): Standard Rollup/Stencil minified bundle for this widget; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/esm/casino-challenges-player-history-eef54e8f.js | AI (source-diff): Standard Rollup/Stencil minified bundle for this widget; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/cjs/casino-challenges-player-history-13840096.js | AI (source-diff): Standard Rollup/Stencil minified bundle for a UI widget; no malicious payload in sampled code. | ai | |
| source-diff | obfuscated-file:dist/esm/casino-challenges-player-history-99f318ba.js | AI (source-diff): Standard Rollup/Stencil minified bundle for a UI widget; no malicious payload in sampled code. | ai | |
| source-diff | obfuscated-file:dist/casino-challenges-player-history/casino-challenges-player-history-99f318ba.js | AI (source-diff): Standard Rollup/Stencil minified bundle for a UI widget; no malicious payload in sampled code. | ai | |
| source-diff | obfuscated-file:dist/casino-challenges-player-history/casino-challenges-player-history-25320a8a.js | AI (source-diff): Standard Rollup/Stencil minified bundle for this widget; consistent with all other @everymatrix packages. | ai | |
| source-diff | obfuscated-file:dist/casino-challenges-player-history/index-2238a5a2.js | AI (source-diff): Stencil runtime bundle; minified but not obfuscated, standard for this package family. | ai | |
| source-diff | obfuscated-file:dist/cjs/casino-challenges-player-history-72319c4f.js | AI (source-diff): CJS build output; same pattern as other @everymatrix widget bundles. | ai | |
| source-diff | obfuscated-file:dist/esm/casino-challenges-player-history-25320a8a.js | AI (source-diff): ESM build output with full JSDoc comments; not obfuscated, just minified. | ai | |
| source-diff | obfuscated-file:dist/esm/casino-challenges-player-history-63f25fa4.js | AI (source-diff): Standard Stencil.js minified bundle; ESM sample confirms readable source with JSDoc comments, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/cjs/casino-challenges-player-history-fd7918e9.js | AI (source-diff): Standard Stencil.js CJS minified bundle; sample confirms readable source with JSDoc comments, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/casino-challenges-player-history/casino-challenges-player-history-63f25fa4.js | AI (source-diff): Standard Stencil.js minified bundle; ESM sample confirms readable source with JSDoc comments, not obfuscation. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Established @everymatrix scoped component library with 228 versions; sparse metadata is typical for internal widget packages. | ai | |
| provenance | no-provenance | AI (provenance): Published via JFrog Artifactory; provenance attestation not expected for internal registry workflows. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Corporate internal package; missing description is consistent across the entire @everymatrix package family. | ai |
Versions (showing 40 of 144)
| Version | Deps | Published |
|---|---|---|
| 0.8.4 | 0 / 0 | |
| 0.8.3 | 0 / 0 | |
| 0.8.2 | 0 / 0 | |
| 0.8.1 | 0 / 0 | |
| 0.8.0 | 0 / 0 | |
| 0.7.3 | 0 / 0 | |
| 0.7.2 | 0 / 0 | |
| 0.7.1 | 0 / 0 | |
| 0.7.0 | 0 / 0 | |
| 0.6.12 | 0 / 0 | |
| 0.6.11 | 0 / 0 | |
| 0.6.10 | 0 / 0 | |
| 0.6.9 | 0 / 0 | |
| 0.6.8 | 0 / 0 | |
| 0.6.7 | 0 / 0 | |
| 0.6.6 | 0 / 0 | |
| 0.6.5 | 0 / 0 | |
| 0.6.4 | 0 / 0 | |
| 0.3.8 | 0 / 0 | |
| 0.3.7 | 0 / 0 | |
| 0.3.6 | 0 / 0 | |
| 0.3.5 | 0 / 0 | |
| 0.3.4 | 0 / 0 | |
| 0.3.3 | 0 / 0 | |
| 0.3.2 | 0 / 0 | |
| 0.3.1 | 0 / 0 | |
| 0.0.16 | 0 / 0 | |
| 0.0.15 | 0 / 0 | |
| 0.0.14 | 0 / 0 | |
| 0.0.13 | 0 / 0 | |
| 0.0.12 | 0 / 0 | |
| 0.0.11 | 0 / 0 | |
| 0.0.9 | 0 / 0 | |
| 0.0.8 | 0 / 0 | |
| 0.0.7 | 0 / 0 | |
| 0.0.6 | 0 / 0 | |
| 0.0.5 | 0 / 0 | |
| 0.0.3 | 0 / 0 | |
| 0.0.2 | 0 / 0 | |
| 0.0.1 | 0 / 0 |
v0.8.4
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.3
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.2
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.1
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.3
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.2
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.1
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.6.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.3.8
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.7
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.6
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.5
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.4
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.3
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.2
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.16
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.15
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.14
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.13
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.12
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.11
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.9
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.8
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.7
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.6
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.0.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.0.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.