@fortawesome/angular-fontawesome
Angular Fontawesome, an Angular library
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:esm2022/stack/stack.component.mjs | AI (source-diff): Standard Angular ESM2022 compiled output with inline base64 sourcemaps; not obfuscated. | ai | |
| source-diff | obfuscated-file:esm2022/layers/layers.component.mjs | AI (source-diff): Standard Angular compiler output with inline base64 sourcemaps; fully readable component code. | ai | |
| source-diff | obfuscated-file:esm2022/layers/layers-text.component.mjs | AI (source-diff): Standard Angular compiler output with inline base64 sourcemaps; fully readable component code. | ai | |
| source-diff | obfuscated-file:esm2022/layers/layers-counter.component.mjs | AI (source-diff): Standard Angular compiler output with inline base64 sourcemaps; fully readable component code. | ai | |
| source-diff | obfuscated-file:esm2022/icon/icon.component.mjs | AI (source-diff): Standard Angular compiler output with inline base64 sourcemaps; fully readable component code. | ai | |
| source-diff | obfuscated-file:esm2022/icon-library.mjs | AI (source-diff): Standard Angular compiler output with inline base64 sourcemaps; fully readable service code. | ai | |
| source-diff | obfuscated-file:esm2022/shared/utils/classlist.util.mjs | AI (source-diff): Standard Angular compiler output with inline base64 sourcemaps causing long lines; fully readable code. | ai | |
| source-diff | obfuscated-file:esm2022/icon/duotone-icon.component.mjs | AI (source-diff): Standard Angular compiler output with inline base64 sourcemaps; fully readable component code. | ai | |
| source-diff | obfuscated-file:esm2020/shared/utils/classlist.util.mjs | AI (source-diff): Standard Angular esm2020 compiler output with inline base64 sourcemaps causing long lines. Not obfuscated. | ai | |
| source-diff | obfuscated-file:esm2020/layers/layers-text.component.mjs | AI (source-diff): Angular compiler output with inline source maps; long lines are from ɵɵngDeclare* metadata, not obfuscation. | ai | |
| source-diff | obfuscated-file:esm2020/layers/layers.component.mjs | AI (source-diff): Angular compiler output with inline source maps; long lines are from ɵɵngDeclare* metadata, not obfuscation. | ai | |
| source-diff | obfuscated-file:esm2020/icon/duotone-icon.component.mjs | AI (source-diff): Angular compiler output with inline source maps; long lines are from ɵɵngDeclare* metadata, not obfuscation. | ai | |
| source-diff | obfuscated-file:esm2020/icon-library.mjs | AI (source-diff): Angular compiler output with inline source maps; long lines are from ɵɵngDeclare* metadata, not obfuscation. | ai | |
| source-diff | obfuscated-file:esm2020/icon/icon.component.mjs | AI (source-diff): Angular compiler output with inline source maps; long lines are from ɵɵngDeclare* metadata, not obfuscation. | ai | |
| source-diff | obfuscated-file:esm2020/layers/layers-counter.component.mjs | AI (source-diff): Angular compiler output with inline source maps; long lines are from ɵɵngDeclare* metadata, not obfuscation. | ai | |
| source-diff | obfuscated-file:esm5/config.js | AI (source-diff): Standard Angular library build output with inline source maps; not obfuscated. | ai | |
| source-diff | obfuscated-file:esm5/stack/stack.component.js | AI (source-diff): Standard Angular AOT/tsickle build output; long lines are an artifact of ng-packagr, not obfuscation. | ai | |
| source-diff | large-new-source-files | AI (source-diff): New features (duotone icons, icon library) across Angular's multiple module formats; expected growth. | ai | |
| source-diff | obfuscated-file:esm5/icon-library.js | AI (source-diff): Standard Angular AOT/tsickle build output; long lines are an artifact of ng-packagr, not obfuscation. | ai | |
| source-diff | obfuscated-file:esm5/icon/duotone-icon.component.js | AI (source-diff): Standard Angular AOT/tsickle build output; long lines are an artifact of ng-packagr, not obfuscation. | ai | |
| source-diff | obfuscated-file:esm2015/stack/stack.component.js | AI (source-diff): Standard Angular ESM2015 compiled output with inline source maps; not obfuscated. | ai | |
| source-diff | obfuscated-file:esm2015/icon/duotone-icon.component.js | AI (source-diff): Standard Angular ESM2015 compiled output with inline source maps; not obfuscated. | ai | |
| source-diff | obfuscated-file:esm2015/config.js | AI (source-diff): Standard Angular ESM2015 compiled output with inline source maps; not obfuscated. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): devoto13 and jrjohnson are known FortAwesome contributors; legitimate team change. | ai | |
| source-diff | obfuscated-file:esm2015/icon-library.js | AI (source-diff): Standard Angular ESM2015 compiled output with inline source maps; not obfuscated. | ai | |
| provenance | publisher-changed | AI (provenance): Both robmadole and mwilkerson are listed contributors on the FortAwesome team; legitimate maintainer transition within the org. | ai | |
| provenance | no-provenance | AI (provenance): Package predates Sigstore provenance; no provenance is expected for 2018-era publishes from this org. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a standard TypeScript runtime helper; its use as an implicit dependency is normal for Angular libraries compiled with the Angular compiler. | ai | |
| dependencies | unvetted-dep:@fortawesome/fontawesome-svg-core | AI (dependencies): This is the official Font Awesome SVG core library from the same FortAwesome org — a legitimate and expected dependency of this Angular wrapper. | ai |
Versions (showing 30 of 30)
| Version | Deps | Published |
|---|---|---|
| 4.0.0 | 2 / 0 | |
| 3.0.0 | 2 / 0 | |
| 2.0.1 | 2 / 0 | |
| 2.0.0 | 2 / 0 | |
| 1.0.0 | 2 / 0 | |
| 0.15.0 | 2 / 0 | |
| 0.14.1 | 1 / 0 | |
| 0.14.0 | 1 / 0 | |
| 0.13.0 | 1 / 0 | |
| 0.12.1 | 1 / 0 | |
| 0.12.0 | 1 / 0 | |
| 0.11.1 | 1 / 0 | |
| 0.11.0 | 1 / 0 | |
| 0.10.2 | 1 / 0 | |
| 0.10.1 | 1 / 0 | |
| 0.10.0 | 1 / 0 | |
| 0.9.0 | 1 / 0 | |
| 0.8.2 | 1 / 0 | |
| 0.8.1 | 1 / 0 | |
| 0.8.0 | 1 / 0 | |
| 0.7.0 | 1 / 0 | |
| 0.6.1 | 0 / 0 | |
| 0.6.0 | 0 / 0 | |
| 0.5.0 | 1 / 33 | |
| 0.4.0 | 1 / 0 | |
| 0.3.0 | 1 / 0 | |
| 0.2.1 | 1 / 0 | |
| 0.2.0 | 1 / 0 | |
| 0.1.1 | 1 / 0 | |
| 0.1.0 | 1 / 0 |
v3.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v2.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v2.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.15.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.14.1
10 findingsThis version was published by a different npm account than previous versions on 2023-12-23. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.14.0
10 findingsThis version was published by a different npm account than previous versions on 2023-11-08. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.13.0
9 findingsThis version was published by a different npm account than previous versions on 2023-05-04. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.1
9 findingsThis version was published by a different npm account than previous versions on 2023-01-09. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.12.0
8 findingsThis version was published by a different npm account than previous versions on 2022-11-18. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.1
8 findingsThis version was published by a different npm account than previous versions on 2022-06-16. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.11.0
8 findingsThis version was published by a different npm account than previous versions on 2022-06-03. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.2
8 findingsThis version was published by a different npm account than previous versions on 2022-03-20. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.1
8 findingsThis version was published by a different npm account than previous versions on 2021-11-13. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.10.0
8 findingsThis version was published by a different npm account than previous versions on 2021-11-03. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.9.0
5 findingsThis version was published by a different npm account than previous versions on 2021-05-13. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.2
5 findingsThis version was published by a different npm account than previous versions on 2021-02-03. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.1
5 findingsThis version was published by a different npm account than previous versions on 2020-12-11. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.8.0
6 findingsThis version was published by a different npm account than previous versions on 2020-11-12. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.7.0
6 findingsThis version was published by a different npm account than previous versions on 2020-07-08. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.1
10 findingsThis version was published by a different npm account than previous versions on 2020-03-27. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.6.0
10 findingsThis version was published by a different npm account than previous versions on 2020-02-08. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.5.0
8 findingsThis version was published by a different npm account than previous versions on 2019-08-11. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.4.0
2 findingsThis version was published by a different npm account than previous versions on 2019-05-28. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.3.0
2 findingsThis version was published by a different npm account than previous versions on 2018-10-23. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.1
2 findingsThis version was published by a different npm account than previous versions on 2018-10-08. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.2.0
2 findingsThis version was published by a different npm account than previous versions on 2018-09-07. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.1
2 findingsThis version was published by a different npm account than previous versions on 2018-06-26. This could indicate a legitimate maintainer transition or an account compromise.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.1.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.