@floegence/floe-webapp-core

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

jytang

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/assets/diff.worker-DCUP7uh3.js	AI (source-diff): Minified diff library worker; content is clearly the jsdiff algorithm, no malicious patterns.	ai	2026/05/17
source-diff	obfuscated-file:dist/components/ui/Charts.js	AI (source-diff): Readable SolidJS compiled output; minification is expected for a built UI component library.	ai	2026/05/17
source-diff	obfuscated-file:dist/index121.js	AI (source-diff): Vite-bundled minified output; sample shows readable marked.js parser code, not obfuscation.	ai	2026/05/17
source-diff	obfuscated-file:dist/index122.js	AI (source-diff): File is minified marked.js Markdown parser — recognizable regex patterns, no malicious code.	ai	2026/05/17
source-diff	obfuscated-file:dist/components/workbench/WorkbenchLayerObjects.js	AI (source-diff): SolidJS compiled output with long template literal lines; not obfuscation, stable pattern for this build toolchain.	ai	2026/05/17
source-diff	obfuscated-file:dist/components/notes/notesAppearance.js	AI (source-diff): Minified Vite/SolidJS build output; long lines are inlined SVG templates, not obfuscation.	ai	2026/05/17
source-diff	obfuscated-file:dist/components/notes/NotesOverlayLegacy.js	AI (source-diff): Minified Vite/SolidJS build output; readable imports and SVG patterns confirm legitimate bundled component.	ai	2026/05/17
phantom-deps	phantom-dep:shiki	AI (phantom-deps): Declared runtime dep in package.json; phantom-dep heuristic fires on config-file references in build tooling.	ai	2026/04/29
phantom-deps	phantom-dep:solid-motionone	AI (phantom-deps): Declared runtime dep in package.json; phantom-dep heuristic fires on config-file references in build tooling.	ai	2026/04/29
phantom-deps	phantom-dep:tailwind-merge	AI (phantom-deps): Declared runtime dep in package.json; phantom-dep heuristic fires on config-file references in build tooling.	ai	2026/04/29
phantom-deps	phantom-dep:mermaid	AI (phantom-deps): Declared runtime dep in package.json; phantom-dep heuristic fires on config-file references in build tooling.	ai	2026/04/29
phantom-deps	phantom-dep:marked	AI (phantom-deps): Declared runtime dep in package.json; phantom-dep heuristic fires on config-file references in build tooling.	ai	2026/04/29
phantom-deps	phantom-dep:diff	AI (phantom-deps): Declared runtime dep in package.json; phantom-dep heuristic fires on config-file references in build tooling.	ai	2026/04/29

Versions (showing 51 of 109)

View all versions

Version	Deps	Published
0.36.57	8 / 6	2026-05-26
0.36.56	8 / 6	2026-05-26
0.36.55	8 / 6	2026-05-22
0.36.54	8 / 6	2026-05-19
0.36.53	8 / 6	2026-05-18
0.36.52	8 / 6	2026-05-18
0.36.50	8 / 6	2026-05-18
0.36.49	8 / 6	2026-05-13
0.36.48	8 / 6	2026-05-13
0.36.47	8 / 6	2026-05-11
0.36.45	8 / 6	2026-05-11
0.36.44	8 / 6	2026-05-11
0.36.43	8 / 6	2026-05-11
0.36.42	8 / 6	2026-05-03
0.36.40	8 / 6	2026-04-28
0.36.39	8 / 6	2026-04-27
0.36.38	8 / 6	2026-04-27
0.36.37	8 / 6	2026-04-27
0.36.36	8 / 6	2026-04-26
0.36.35	8 / 6	2026-04-26
0.36.34	8 / 6	2026-04-26
0.36.33	8 / 6	2026-04-24
0.36.32	8 / 6	2026-04-24
0.36.31	8 / 6	2026-04-24
0.36.30	8 / 6	2026-04-24
0.36.28	8 / 6	2026-04-24
0.36.27	8 / 6	2026-04-23
0.36.26	8 / 6	2026-04-23
0.36.25	8 / 6	2026-04-22
0.36.24	8 / 6	2026-04-22
0.36.23	8 / 6	2026-04-22
0.36.22	8 / 6	2026-04-22
0.36.21	8 / 6	2026-04-22
0.36.20	8 / 6	2026-04-22
0.36.19	8 / 6	2026-04-22
0.36.18	8 / 6	2026-04-22
0.36.17	8 / 6	2026-04-21
0.36.16	8 / 6	2026-04-21
0.36.15	8 / 6	2026-04-21
0.36.13	8 / 6	2026-04-21
0.36.12	8 / 6	2026-04-21
0.36.11	8 / 6	2026-04-20
0.36.10	8 / 6	2026-04-20
0.36.9	8 / 6	2026-04-20
0.36.8	8 / 6	2026-04-20
0.36.7	8 / 6	2026-04-19
0.36.6	8 / 6	2026-04-19
0.36.5	8 / 6	2026-04-19
0.36.4	8 / 6	2026-04-19
0.36.3	8 / 6	2026-04-18
0.36.2	8 / 6	2026-04-18