@everymatrix/lottery-oddsbom-ticket-result
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| maintainer-change | maintainer-removed | AI (maintainer-change): Internal org maintainer rotation within @everymatrix. | ai | |
| provenance | publisher-changed | AI (provenance): Internal @everymatrix org publisher rotation; both accounts publish org-scoped packages. | ai | |
| source-diff | obfuscated-file:dist/esm/lottery-oddsbom-ticket-result-f2597018.js | AI (source-diff): Standard ESM build output from Stencil compiler; stable for this package. | ai | |
| source-diff | obfuscated-file:dist/lottery-oddsbom-ticket-result/lottery-oddsbom-ticket-result-f2597018.js | AI (source-diff): Minified lazy-load bundle from Stencil; stable for this package. | ai | |
| source-diff | obfuscated-file:dist/cjs/lottery-oddsbom-ticket-result-c45be7fd.js | AI (source-diff): Standard CJS build output from Stencil compiler; stable for this package. | ai | |
| source-diff | obfuscated-file:dist/cjs/lottery-oddsbom-ticket-result-1af52317.js | AI (source-diff): Standard minified Stencil bundle output; long lines are minified JS, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/esm/lottery-oddsbom-ticket-result-752aef79.js | AI (source-diff): Standard minified Stencil ESM bundle; same pattern as CJS counterpart. | ai | |
| source-diff | obfuscated-file:dist/lottery-oddsbom-ticket-result/lottery-oddsbom-ticket-result-752aef79.js | AI (source-diff): Minified widget bundle for unpkg/CDN distribution; expected artifact for this package. | ai | |
| source-diff | obfuscated-file:dist/cjs/lottery-oddsbom-ticket-result-9c4f0592.js | AI (source-diff): Standard minified CJS bundle; samples show readable utility code, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/esm/lottery-oddsbom-ticket-result-65e9c8f5.js | AI (source-diff): Standard minified Stencil/Rollup ESM bundle; no malicious content in samples. | ai | |
| source-diff | obfuscated-file:dist/lottery-oddsbom-ticket-result/lottery-oddsbom-ticket-result-65e9c8f5.js | AI (source-diff): Standard minified bundle variant; same benign content as ESM counterpart. | ai | |
| source-diff | obfuscated-file:dist/lottery-oddsbom-ticket-result/lottery-oddsbom-ticket-result-b0c12185.js | AI (source-diff): Standard minified Stencil dist bundle; consistent pattern across all @everymatrix widget packages. | ai | |
| source-diff | obfuscated-file:dist/esm/lottery-oddsbom-ticket-result-b0c12185.js | AI (source-diff): Standard minified Stencil ESM build bundle; consistent pattern across all @everymatrix widget packages. | ai | |
| source-diff | obfuscated-file:dist/cjs/lottery-oddsbom-ticket-result-08d2687d.js | AI (source-diff): Standard minified Stencil build bundle; consistent pattern across all @everymatrix widget packages. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Internal @everymatrix widget component; missing metadata is expected for private enterprise packages published via JFrog Artifactory. | ai | |
| provenance | no-provenance | AI (provenance): Published via private JFrog Artifactory registry; provenance attestation not expected for internal packages. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Internal component package; missing description is consistent across the @everymatrix package family. | ai |
Versions (showing 51 of 194)
| Version | Deps | Published |
|---|---|---|
| 0.14.28 | 0 / 0 | |
| 0.14.27 | 0 / 0 | |
| 0.14.26 | 0 / 0 | |
| 0.14.25 | 0 / 0 | |
| 0.14.24 | 0 / 0 | |
| 0.14.23 | 0 / 0 | |
| 0.14.22 | 0 / 0 | |
| 0.14.21 | 0 / 0 | |
| 0.14.20 | 0 / 0 | |
| 0.14.19 | 0 / 0 | |
| 0.14.18 | 0 / 0 | |
| 0.14.17 | 0 / 0 | |
| 0.14.16 | 0 / 0 | |
| 0.14.15 | 0 / 0 | |
| 0.14.9 | 0 / 0 | |
| 0.14.8 | 0 / 0 | |
| 0.14.7 | 0 / 0 | |
| 0.14.6 | 0 / 0 | |
| 0.14.5 | 0 / 0 | |
| 0.14.4 | 0 / 0 | |
| 0.14.3 | 0 / 0 | |
| 0.14.2 | 0 / 0 | |
| 0.14.1 | 0 / 0 | |
| 0.14.0 | 0 / 0 | |
| 0.13.15 | 0 / 0 | |
| 0.13.14 | 0 / 0 | |
| 0.13.13 | 0 / 0 | |
| 0.13.12 | 0 / 0 | |
| 0.13.11 | 0 / 0 | |
| 0.13.10 | 0 / 0 | |
| 0.13.9 | 0 / 0 | |
| 0.13.8 | 0 / 0 | |
| 0.13.7 | 0 / 0 | |
| 0.13.6 | 0 / 0 | |
| 0.13.5 | 0 / 0 | |
| 0.13.4 | 0 / 0 | |
| 0.13.3 | 0 / 0 | |
| 0.13.2 | 0 / 0 | |
| 0.13.1 | 0 / 0 | |
| 0.13.0 | 0 / 0 | |
| 0.12.8 | 0 / 0 | |
| 0.12.7 | 0 / 0 | |
| 0.12.6 | 0 / 0 | |
| 0.12.5 | 0 / 0 | |
| 0.12.4 | 0 / 0 | |
| 0.12.3 | 0 / 0 | |
| 0.12.2 | 0 / 0 | |
| 0.12.1 | 0 / 0 | |
| 0.12.0 | 0 / 0 | |
| 0.11.2 | 0 / 0 | |
| 0.11.1 | 0 / 0 |
v0.14.28
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.27
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.26
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.25
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.24
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.23
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.22
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.21
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.20
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.19
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.18
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.17
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.16
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.15
2 findings[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-05-26, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v0.14.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.15
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.14
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.13
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.12
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.11
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.10
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.9
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.8
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.5
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.