@everymatrix/player-elevate-points-history

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

clokzeoleksandr.v.stepanovtaras.maksymivnatalya.anisimovaemfe_releasemariana.gheorgheadrian.priponandriizadvirnyiraulvasileemstrulea.sebastianstefan.vladgoe.sutadragos.bodeamaria.bumbarstefanaotong.woodtikarncatalinpoclidcristi.ungureanuliviuclement.everymatrixmihaibalanfrankie24

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/player-elevate-points-history/locale.utils-10bf5b6c.js	AI (source-diff): Minified locale string bundle; no obfuscation or malicious content — stable pattern for this package.	ai	2026/04/30
source-diff	obfuscated-file:dist/player-elevate-points-history/player-elevate-card-items-7ee425c6.js	AI (source-diff): Minified component bundle with date-fns utilities; standard build artifact for this package.	ai	2026/04/30
bogus-package	bogus-package	AI (bogus-package): Large @everymatrix org with 416 versions; sparse metadata is a consistent pattern for internal scoped components, not spam.	ai	2026/04/29
npm-metadata	no-description	AI (npm-metadata): Consistent with @everymatrix org publishing pattern across many versions.	ai	2026/04/29
provenance	no-provenance	AI (provenance): No provenance is common; no other risk signals present.	ai	2026/04/29

Versions (showing 10 of 220)

Version	Deps	Published
1.69.3	0 / 0	2025-05-21
1.69.2	0 / 0	2025-05-20
1.69.0	0 / 0	2025-05-13
1.68.0	0 / 0	2025-05-12
1.67.3	0 / 0	2025-05-11
1.67.0	0 / 0	2025-05-07
1.66.2	0 / 0	2025-05-06
1.66.1	0 / 0	2025-05-05
1.66.0	0 / 0	2025-04-30
1.65.3	0 / 0	2025-04-28