@flusys/ng-iam
Identity and Access Management (IAM) for Angular - Independent from ng-auth through Provider Interface Pattern
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:fesm2022/flusys-ng-iam-role-list-page.component-BHB8X5r7.mjs | AI (source-diff): Standard Angular FESM2022 bundled output; long lines are minified Angular templates, not obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/flusys-ng-iam-flusys-ng-iam-Co4ot9My.mjs | AI (source-diff): Standard Angular FESM2022 bundled output; long lines are minified Angular templates, not obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/flusys-ng-iam-flusys-ng-iam-CnVOy_4s.mjs | AI (source-diff): Standard Angular FESM2022 bundle output; long lines are minified templates, not obfuscation. | ai | |
| source-diff | obfuscated-file:fesm2022/flusys-ng-iam-role-list-page.component-C7GVYYIn.mjs | AI (source-diff): Standard Angular FESM2022 bundle output; readable component code with normal imports. | ai | |
| source-diff | obfuscated-file:fesm2022/flusys-ng-iam-role-list-page.component-D4J1by6Q.mjs | AI (source-diff): Standard Angular fesm2022 bundle output; same pattern as above, no malicious content. | ai | |
| source-diff | obfuscated-file:fesm2022/flusys-ng-iam-flusys-ng-iam-CJAQT60K.mjs | AI (source-diff): Standard Angular fesm2022 bundle output; long lines are minified but readable Angular/RxJS code, not obfuscation. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a declared runtime dependency used implicitly by Angular compiler output; stable false positive for this package. | ai |
Versions (showing 12 of 12)
| Version | Deps | Published |
|---|---|---|
| 5.0.3 | 1 / 0 | |
| 5.0.1 | 1 / 0 | |
| 5.0.0 | 1 / 0 | |
| 4.1.1 | 1 / 0 | |
| 4.1.0 | 1 / 0 | |
| 4.0.2 | 1 / 0 | |
| 4.0.1 | 1 / 0 | |
| 3.0.1 | 1 / 0 | |
| 3.0.0 | 1 / 0 | |
| 1.1.0 | 1 / 0 | |
| 1.0.1 | 1 / 0 | |
| 1.0.0 | 1 / 0 |
v5.0.3
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v5.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.1.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.1.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.0.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.1
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.