@everymatrix/player-bonus-history
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:components/PlayerBonusCard-CGxntrpq.cjs | AI (source-diff): Standard bundled Svelte component output with i18n strings; not obfuscated. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-BPTJa7VA.js | AI (source-diff): Vaadin dev-mode new Function() + fetch in UI component; not malicious. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-BC5ZS-3h.js | AI (source-diff): Vaadin dev-mode new Function() + fetch in UI component; not malicious. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-Cp0SoXmB.cjs | AI (source-diff): Vaadin dev-mode new Function() + fetch in UI component; not malicious. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-BPTJa7VA.js | AI (source-diff): Bundled Svelte ESM output; standard build artifact. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-BC5ZS-3h.js | AI (source-diff): Bundled Svelte ESM output; standard build artifact. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-Cp0SoXmB.cjs | AI (source-diff): Bundled Svelte CJS output; long lines from minification, not obfuscation. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-BL8oTuyG.cjs | AI (source-diff): Vaadin dev-mode new Function() + fetch in UI component; not malicious. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-CPI4qDOm.js | AI (source-diff): Same Vaadin dev-mode + fetch pattern; not malicious. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-CPI4qDOm.js | AI (source-diff): ESM bundle with i18n; standard build output. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-CmK1Rri5.js | AI (source-diff): Vaadin dev-mode pattern + fetch in UI component; not malicious. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-CmK1Rri5.js | AI (source-diff): ESM bundle with i18n; standard build output. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-BL8oTuyG.cjs | AI (source-diff): CJS bundle with i18n strings; minification is expected build output. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-CXJ32nqq.cjs | AI (source-diff): Bundled Svelte runtime + component code; long lines from minification, not obfuscation. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-FojWd9cl.js | AI (source-diff): Same benign Svelte runtime patterns in alternate build target. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-FojWd9cl.js | AI (source-diff): Another build target of same Svelte component; standard output. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-B4iMNr6v.js | AI (source-diff): ESM variant; same benign Svelte runtime patterns. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-B4iMNr6v.js | AI (source-diff): ESM variant of same bundled Svelte component; not obfuscated. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-CXJ32nqq.cjs | AI (source-diff): Svelte compiled output with fetch + Function patterns; no malicious payload. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-C50YCkyK.cjs | AI (source-diff): Standard Vite/Rollup bundled Svelte component output with i18n strings; not obfuscated. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-DHVfmVdW.js | AI (source-diff): Network calls and dynamic execution are expected in a frontend UI component bundle; no dropper indicators. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-DtaxrYhh.js | AI (source-diff): Frontend component bundle; network+exec pattern is benign in this context. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-DtaxrYhh.js | AI (source-diff): Same pattern as sibling file — minified Svelte bundle, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-DHVfmVdW.js | AI (source-diff): Minified Svelte/framework bundle output; readable structure, @__PURE__ annotations confirm standard build tooling. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-DYDPAsky.cjs | AI (source-diff): Network calls and dynamic code are standard Svelte runtime patterns (fetch + addEventListener), not dropper behavior. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-CKgXB5tw.cjs | AI (source-diff): Minified Svelte/Vite bundle output; readable i18n and DOM code, not obfuscation. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-DYDPAsky.cjs | AI (source-diff): Minified Svelte/Vite bundle output; standard component runtime helpers, not obfuscation. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-BKM8FQRN.js | AI (source-diff): Minified Svelte/Vite ESM bundle; readable structure, not obfuscation. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-BKM8FQRN.js | AI (source-diff): Standard Svelte runtime network+DOM patterns in a UI component bundle. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-DHnglXOD.js | AI (source-diff): Minified Svelte/Vite bundle; readable helper functions, not obfuscation. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-DHnglXOD.js | AI (source-diff): Standard Svelte runtime patterns; no dropper indicators in sampled code. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-AZoMiRUh.cjs | AI (source-diff): Standard Rollup/Vite minified build output for Svelte component; not obfuscation. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-EarPJwtH.js | AI (source-diff): Network calls and dynamic code are Svelte runtime patterns, not dropper behavior. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory--nIn73Vl.js | AI (source-diff): Network calls and dynamic code are Svelte runtime patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory--nIn73Vl.js | AI (source-diff): Standard Rollup/Vite minified build output; content is i18n strings and Svelte runtime. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-D2bsuLf4.js | AI (source-diff): Standard Rollup/Vite minified build output for Svelte component. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-EarPJwtH.js | AI (source-diff): Standard Rollup/Vite minified build output for Svelte component. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-CJivsjxP.js | AI (source-diff): Standard Rollup/Vite minified build output for Svelte component. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-L1IMmrg6.cjs | AI (source-diff): Network calls and dynamic code are Svelte/Vaadin runtime patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-L1IMmrg6.cjs | AI (source-diff): Standard Rollup/Vite minified build output; content is i18n strings and Svelte runtime. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-CATEo6os.cjs | AI (source-diff): Standard minified Svelte runtime bundle; no obfuscation indicators beyond minification. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-D1LjOTQU.js | AI (source-diff): DOM/fetch patterns in Svelte component; consistent with prior versions. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-D1LjOTQU.js | AI (source-diff): Minified Svelte bundle; readable runtime helpers visible in sample. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-BPA7vUbZ.js | AI (source-diff): Standard Svelte component network patterns; not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-BPA7vUbZ.js | AI (source-diff): Minified Svelte ESM bundle; same pattern as prior approved versions. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-CATEo6os.cjs | AI (source-diff): Network calls are DOM fetch/XHR patterns in Svelte component; no dropper behavior visible. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-C_Y0JHfR.cjs | AI (source-diff): Minified Svelte/Rollup build output; readable i18n strings and DOM APIs visible in sample. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-CJz1RBfF.cjs | AI (source-diff): Network calls are UI fetch; dynamic execution is Svelte runtime pattern, not dropper behavior. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-DpuXmWBS.cjs | AI (source-diff): Standard Vite/Svelte minified build output; consistent with prior versions of this package. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-ImKhkCU7.js | AI (source-diff): Network calls are UI fetch; dynamic execution is Svelte runtime pattern, not dropper behavior. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-ImKhkCU7.js | AI (source-diff): Standard Vite/Svelte minified build output. | ai | |
| source-diff | net-exec-file:components/PlayerBonusHistory-BLImQ91h.js | AI (source-diff): Network calls are UI fetch; dynamic execution is Svelte runtime pattern, not dropper behavior. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-BLImQ91h.js | AI (source-diff): Standard Vite/Svelte minified build output. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-CL3gHhi_.js | AI (source-diff): Standard Vite/Svelte minified build output. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusHistory-CJz1RBfF.cjs | AI (source-diff): Standard Vite/Svelte minified build output; consistent with prior versions of this package. | ai | |
| source-diff | obfuscated-file:components/PlayerBonusCard-ONInjr0K.js | AI (source-diff): Standard Vite/Svelte minified build output. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Scoped component library with 847 versions; missing metadata is a known pattern for this org. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): Fires inside Vaadin dev-mode detector utility; standard pattern, not malicious. | ai |
Versions (showing 51 of 204)
| Version | Deps | Published |
|---|---|---|
| 1.94.20 | 0 / 0 | |
| 1.94.19 | 0 / 0 | |
| 1.94.18 | 0 / 0 | |
| 1.94.17 | 0 / 0 | |
| 1.94.16 | 0 / 0 | |
| 1.94.15 | 0 / 0 | |
| 1.94.9 | 0 / 0 | |
| 1.94.8 | 0 / 0 | |
| 1.94.7 | 0 / 0 | |
| 1.94.6 | 0 / 0 | |
| 1.94.5 | 0 / 0 | |
| 1.94.4 | 0 / 0 | |
| 1.94.3 | 0 / 0 | |
| 1.94.2 | 0 / 0 | |
| 1.94.1 | 0 / 0 | |
| 1.94.0 | 0 / 0 | |
| 1.93.15 | 0 / 0 | |
| 1.93.14 | 0 / 0 | |
| 1.93.13 | 0 / 0 | |
| 1.93.12 | 0 / 0 | |
| 1.93.11 | 0 / 0 | |
| 1.93.10 | 0 / 0 | |
| 1.93.9 | 0 / 0 | |
| 1.93.8 | 0 / 0 | |
| 1.93.7 | 0 / 0 | |
| 1.93.6 | 0 / 0 | |
| 1.93.5 | 0 / 0 | |
| 1.93.4 | 0 / 0 | |
| 1.93.3 | 0 / 0 | |
| 1.93.2 | 0 / 0 | |
| 1.93.1 | 0 / 0 | |
| 1.93.0 | 0 / 0 | |
| 1.92.8 | 0 / 0 | |
| 1.92.7 | 0 / 0 | |
| 1.92.6 | 0 / 0 | |
| 1.92.5 | 0 / 0 | |
| 1.92.4 | 0 / 0 | |
| 1.92.3 | 0 / 0 | |
| 1.92.2 | 0 / 0 | |
| 1.92.1 | 0 / 0 | |
| 1.92.0 | 0 / 0 | |
| 1.91.2 | 0 / 0 | |
| 1.91.1 | 0 / 0 | |
| 1.90.37 | 0 / 0 | |
| 1.90.36 | 0 / 0 | |
| 1.90.35 | 0 / 0 | |
| 1.90.34 | 0 / 0 | |
| 1.90.33 | 0 / 0 | |
| 1.90.32 | 0 / 0 | |
| 1.90.31 | 0 / 0 | |
| 1.90.30 | 0 / 0 |
v1.94.20
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.94.19
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.94.18
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-05-28, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.17
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-05-27, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.16
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-05-26, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.15
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
This version was published by a different npm account (goe.suta) than the most recent previously approved version (adrian.pripon) on 2026-05-26, but goe.suta is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
v1.94.9
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.94.8
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.94.7
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.94.6
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.94.5
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.94.4
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.94.3
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.94.2
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.94.1
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.94.0
8 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.15
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.14
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.13
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.12
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.11
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.10
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.93.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.92.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.92.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.92.6
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.92.5
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.92.4
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.92.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.92.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.92.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.92.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.91.2
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.91.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.90.37
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.90.36
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.90.35
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.90.34
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.90.33
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.90.32
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.90.31
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.90.30
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.