@flemist/simple-utils
Simple simple utils
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:build/urlGet-DbWeQrBC.js | AI (source-diff): Minified Vite/Rollup bundle output; readable identifiers and known deps confirm no obfuscation. | ai | |
| source-diff | obfuscated-file:build/common-CiWE2CRr.js | AI (source-diff): Vite-generated minified bundle with content-hash filename; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:build/urlGet-C7hwvEdX.js | AI (source-diff): Vite/Rollup minified build output with hash-suffixed chunk names; not obfuscated, stable pattern for this package. | ai | |
| source-diff | obfuscated-file:build/common-QJ0Tsq_e.js | AI (source-diff): Standard minified Vite build output; code is readable and uses declared deps only. | ai | |
| source-diff | obfuscated-file:build/urlGet-Dj9qMwqQ.js | AI (source-diff): Vite/Rollup minified build output with hash-suffixed chunk names; not obfuscated, readable code with known deps. | ai | |
| source-diff | obfuscated-file:build/common-D3mRebv1.js | AI (source-diff): Vite-generated minified bundle; readable identifiers, no obfuscation or malicious patterns. | ai | |
| source-diff | obfuscated-file:build/urlGet-BGGcms7W.js | AI (source-diff): Vite/Rollup minified bundle output; long lines are standard minification, not obfuscation. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:build/common-C_qIJxes.js | AI (source-diff): Standard Vite minified bundle output; not obfuscated. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:build/urlGet-BTQm_5bz.js | AI (source-diff): Vite/Rollup minified build output with readable identifiers; not obfuscated. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:build/urlGet-PCdBWKdJ.js | AI (source-diff): Standard Vite/Rollup minified build artifact; hash-named output is expected for this package's build toolchain. | ai | |
| source-diff | obfuscated-file:build/urlGet-CUp6vwyz.js | AI (source-diff): Standard Vite minified build output; readable code, no malicious patterns. Stable for this package. | ai | |
| source-diff | obfuscated-file:build/urlGet-BN42B6Y6.js | AI (source-diff): Vite/Rollup minified build output; readable code with legitimate deps, no malicious patterns. | ai | |
| source-diff | obfuscated-file:build/urlGet-D7NCEfig.js | AI (source-diff): Standard Vite/Rollup minified build output; readable code with known deps, not obfuscated. | ai | |
| source-diff | obfuscated-file:build/urlGet-BQlcw6AE.js | AI (source-diff): Vite/Rollup minified bundle output; readable code with known deps, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:build/urlGet-ISCfHg00.js | AI (source-diff): Standard Vite/Rollup minified build output with hashed filename; content is readable minified JS using declared deps. | ai | |
| source-diff | obfuscated-file:build/urlGet-N7hDakmq.js | AI (source-diff): Minified Vite/Rollup bundle output with readable identifiers; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:build/urlGet-DNYHzFct.js | AI (source-diff): Vite/Rollup minified build output with hashed filename; not hand-obfuscated, stable pattern for this package. | ai | |
| source-diff | obfuscated-file:build/urlGet-DDKFAU2I.js | AI (source-diff): Vite/Rollup minified bundle output; content is legitimate utility code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:build/urlGet-BJeOaoEj.js | AI (source-diff): Vite/Rollup minified build artifact; content is readable and uses only declared deps. | ai | |
| source-diff | obfuscated-file:build/urlGet-Djk4ICHg.js | AI (source-diff): Minified Vite/Rollup build output with readable identifiers; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:build/urlGet-C97xGbyu.js | AI (source-diff): Vite/Rollup minified bundle output; code is readable utility logic, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:build/urlGet-D1XIOk8v.js | AI (source-diff): Minified Vite/Rollup build output; code is readable and uses package's own deps — not obfuscated malware. | ai | |
| source-diff | obfuscated-file:build/urlGet-CMjawSTa.js | AI (source-diff): Vite/Rollup minified chunk with hashed filename; content is readable utility code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:build/urlGet-CXLNh5qE.js | AI (source-diff): Vite/Rollup minified chunk; content is readable utility code using declared deps, not obfuscation. | ai | |
| source-diff | obfuscated-file:build/urlGet-Cp1N6cJB.js | AI (source-diff): Vite/Rollup minified build output; sample confirms legitimate utility code, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:build/urlGet-D6GHsjyJ.js | AI (source-diff): Minified Vite/Rollup bundle output; readable code, no encoded payloads. Stable pattern for this package. | ai | |
| license | uncommon-license:Unlimited Free | AI (license): Custom permissive license used consistently across this publisher's packages; not a security concern. | ai | |
| source-diff | obfuscated-file:build/urlGet-CZ8gk2sE.js | AI (source-diff): Minified Vite/Rollup build artifact; code is readable and uses only declared deps with no suspicious patterns. | ai | |
| provenance | no-provenance | AI (provenance): Consistent across all versions of this package; no other risk signals present. | ai | |
| phantom-deps | phantom-dep:@flemist/pairing-heap | AI (phantom-deps): Same-org scope; likely used transitively or in build output rather than direct import. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a common TypeScript runtime helper; declared as peer/implicit dep in compiled output. | ai |
Versions (showing 65 of 65)
| Version | Deps | Published |
|---|---|---|
| 2.4.7 | 11 / 29 | |
| 2.4.6 | 11 / 29 | |
| 2.4.5 | 11 / 29 | |
| 2.4.4 | 11 / 29 | |
| 2.4.3 | 11 / 29 | |
| 2.4.2 | 11 / 29 | |
| 2.4.1 | 11 / 29 | |
| 2.4.0 | 11 / 29 | |
| 2.3.10 | 10 / 27 | |
| 2.3.9 | 10 / 27 | |
| 2.3.8 | 10 / 27 | |
| 2.3.7 | 10 / 27 | |
| 2.3.6 | 10 / 27 | |
| 2.3.5 | 10 / 27 | |
| 2.3.4 | 10 / 27 | |
| 2.3.3 | 10 / 27 | |
| 2.3.2 | 10 / 27 | |
| 2.3.1 | 10 / 27 | |
| 2.2.17 | 10 / 27 | |
| 2.2.16 | 10 / 27 | |
| 2.2.15 | 10 / 27 | |
| 2.2.14 | 10 / 27 | |
| 2.2.13 | 10 / 27 | |
| 2.2.12 | 10 / 27 | |
| 2.2.11 | 10 / 27 | |
| 2.2.10 | 10 / 27 | |
| 2.2.9 | 10 / 27 | |
| 2.2.7 | 10 / 27 | |
| 2.2.6 | 10 / 27 | |
| 2.2.5 | 10 / 27 | |
| 2.2.3 | 10 / 27 | |
| 2.2.2 | 10 / 27 | |
| 2.2.1 | 9 / 28 | |
| 2.2.0 | 9 / 31 | |
| 2.1.20 | 10 / 30 | |
| 2.1.19 | 10 / 30 | |
| 2.1.18 | 10 / 30 | |
| 2.1.17 | 10 / 30 | |
| 2.1.16 | 10 / 30 | |
| 2.1.15 | 10 / 30 | |
| 2.1.14 | 10 / 30 | |
| 2.1.13 | 10 / 30 | |
| 2.1.12 | 10 / 30 | |
| 2.1.11 | 10 / 30 | |
| 2.1.10 | 10 / 30 | |
| 2.1.9 | 10 / 30 | |
| 2.1.8 | 10 / 30 | |
| 2.1.7 | 9 / 31 | |
| 2.1.6 | 9 / 31 | |
| 2.1.5 | 7 / 31 | |
| 2.1.4 | 7 / 31 | |
| 2.1.3 | 7 / 31 | |
| 2.1.2 | 7 / 31 | |
| 2.1.1 | 7 / 31 | |
| 2.1.0 | 7 / 31 | |
| 2.0.2 | 7 / 31 | |
| 2.0.1 | 7 / 31 | |
| 2.0.0 | 7 / 31 | |
| 1.0.7 | 7 / 31 | |
| 1.0.6 | 7 / 31 | |
| 1.0.4 | 7 / 31 | |
| 1.0.3 | 7 / 31 | |
| 1.0.2 | 7 / 31 | |
| 1.0.1 | 7 / 31 | |
| 1.0.0 | 7 / 31 |
v2.4.7
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.6
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.5
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.4
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.4.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.10
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.9
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.8
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.7
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.6
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.5
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.4
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.3
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.2
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.3.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.17
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.16
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.15
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.14
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.13
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.12
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.11
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.10
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.9
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.7
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.6
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.5
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.3
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.2
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.2.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.20
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.1.18
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.17
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.16
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.15
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.13
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.11
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.4
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.3
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.