@everymatrix/pam-player-addresses

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

clokzeoleksandr.v.stepanovtaras.maksymivnatalya.anisimovaemfe_releasemariana.gheorgheadrian.priponandriizadvirnyiraulvasileemstrulea.sebastianstefan.vladgoe.sutadragos.bodeamaria.bumbarstefanaotong.woodtikarncatalinpoclidcristi.ungureanuliviuclement.everymatrixmihaibalanfrankie24

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
maintainer-change	maintainer-removed	AI (maintainer-change): Internal org maintainer rotation within @everymatrix scope.	ai	2026/05/30
source-diff	obfuscated-file:dist/esm/pam-player-addresses-332397c8.js	AI (source-diff): Standard Stencil/Rollup minified build output for a UI widget; not obfuscated malware.	ai	2026/05/29
source-diff	obfuscated-file:dist/cjs/pam-player-addresses-e50ecf06.js	AI (source-diff): Standard Stencil/Rollup minified build output for a UI widget; not obfuscated malware.	ai	2026/05/29
source-diff	obfuscated-file:dist/pam-player-addresses/pam-player-addresses-332397c8.js	AI (source-diff): Standard Stencil/Rollup minified build output for a UI widget; not obfuscated malware.	ai	2026/05/29
source-diff	obfuscated-file:dist/esm/pam-player-addresses-287fea32.js	AI (source-diff): Standard Stencil.js minified ESM bundle; benign address-form UI code, no obfuscation.	ai	2026/05/20
source-diff	obfuscated-file:dist/pam-player-addresses/pam-player-addresses-287fea32.js	AI (source-diff): Standard Stencil.js minified bundle; benign address-form UI code, no obfuscation.	ai	2026/05/20
source-diff	obfuscated-file:dist/cjs/pam-player-addresses-6802661b.js	AI (source-diff): Standard Stencil.js minified CJS bundle; benign address-form UI code, no obfuscation.	ai	2026/05/20
source-diff	obfuscated-file:dist/cjs/pam-player-addresses-99543e1e.js	AI (source-diff): Standard minified Stencil build output; readable source comments visible, no malicious patterns.	ai	2026/05/19
source-diff	obfuscated-file:dist/esm/pam-player-addresses-e32c3939.js	AI (source-diff): Standard minified Stencil ESM build output; no malicious patterns.	ai	2026/05/19
source-diff	obfuscated-file:dist/pam-player-addresses/pam-player-addresses-e32c3939.js	AI (source-diff): Standard minified Stencil dist output; content is i18n strings and styling helpers, no malicious patterns.	ai	2026/05/19
provenance	publisher-changed	AI (provenance): adrian.pripon is an established publisher (11k+ approvals) within the same @everymatrix org; transition appears legitimate.	ai	2026/05/16
bogus-package	bogus-package	AI (bogus-package): Internal scoped component package; missing metadata is org-wide pattern across 284 versions, not a spam/malware indicator.	ai	2026/04/29
provenance	no-provenance	AI (provenance): No provenance is consistent across all versions of this internal org package.	ai	2026/04/29
npm-metadata	no-description	AI (npm-metadata): Consistent with org-wide pattern for @everymatrix internal component packages.	ai	2026/04/29

Versions (showing 12 of 322)

Version	Deps	Published
1.74.2	0 / 0	2025-07-04
1.74.1	0 / 0	2025-06-30
1.74.0	0 / 0	2025-06-27
1.73.2	0 / 0	2025-06-26
1.73.1	0 / 0	2025-06-25
1.73.0	0 / 0	2025-06-20
1.72.2	0 / 0	2025-06-18
1.72.1	0 / 0	2025-06-13
1.72.0	0 / 0	2025-06-11
1.71.1	0 / 0	2025-06-06
1.71.0	0 / 0	2025-06-03
1.70.1	0 / 0	2025-05-29