← Home

@fluojs/studio

npm Repository Homepage

File-first diagnostics viewer for Fluo runtime platform snapshot and timing JSON exports.

7
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

ayden94

Keywords

fluostudiodiagnosticsviewermodule-graphdevtools

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/assets/index-BOSlyIRm.js AI (source-diff): Vite build output; minified bundle is expected for this frontend diagnostics viewer package. ai
source-diff obfuscated-file:dist/assets/index-OyEXCK_E.js AI (source-diff): Vite-bundled React devtool viewer; minification is expected for this package's ./viewer export. ai
source-diff source-size-tripled AI (source-diff): Size increase is from bundling React into the viewer asset; expected for this package type. ai
phantom-deps phantom-dep:react-dom AI (phantom-deps): react-dom is bundled into the Vite dist asset, not directly imported in source files. ai
source-diff obfuscated-file:dist/assets/index-AjSkQOVN.js AI (source-diff): Vite-bundled React viewer asset; minification is expected for this package's dist output. ai
phantom-deps phantom-dep:react AI (phantom-deps): react is bundled into the Vite dist asset, not directly imported in source files. ai
provenance slsa-provenance AI (provenance): Package consistently published via CI/CD with Sigstore attestation; stable signal for this package. ai

Versions (showing 7 of 7)

Version Deps Published
1.0.6 3 / 5
1.0.5 3 / 5
1.0.4 1 / 3
1.0.3 1 / 3
1.0.2 1 / 3
1.0.1 1 / 3
1.0.0 1 / 3

v1.0.6

2 findings
HIGH New obfuscated file: dist/assets/index-AjSkQOVN.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.5

2 findings
HIGH New obfuscated file: dist/assets/index-OyEXCK_E.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.4

2 findings
HIGH New obfuscated file: dist/assets/index-BOSlyIRm.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.3

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.0.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.