@galaxy-tool-util/gxwf-web
Galaxy workflow development HTTP server — validate, lint, clean, convert workflows
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| dependencies | unvetted-dep:@galaxy-tool-util/connection-validation | AI (dependencies): Same-org monorepo sibling at matching version 1.2.0; consistent with package family pattern. | ai | |
| source-diff | obfuscated-file:public/assets/diagram-G4DWMVQ6-BhUB45RQ.js | AI (source-diff): Vite-bundled mermaid diagram asset; minification expected. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Web UI bundle addition explains large file count; consistent with package purpose. | ai | |
| source-diff | obfuscated-file:public/assets/dagre-BxiFovGJ.js | AI (source-diff): Vite-bundled dagre layout library; minification expected. | ai | |
| source-diff | obfuscated-file:public/assets/arc-Cwod2qo3.js | AI (source-diff): Vite-bundled static asset (d3-arc); minification is expected for web UI bundles in this package. | ai | |
| source-diff | obfuscated-file:public/assets/architectureDiagram-Q4EWVU46-jinf4bpr.js | AI (source-diff): Vite-bundled mermaid architecture diagram asset; minification expected. | ai | |
| source-diff | obfuscated-file:public/assets/blockDiagram-DXYQGD6D-DyH9QtyX.js | AI (source-diff): Vite-bundled mermaid block diagram asset; minification expected. | ai | |
| source-diff | obfuscated-file:public/assets/browser-DVDf39JZ.js | AI (source-diff): Vite-bundled yaml browser bundle; minification expected. | ai | |
| source-diff | obfuscated-file:public/assets/c4Diagram-AHTNJAMY-eIaaNFF5.js | AI (source-diff): Vite-bundled mermaid C4 diagram asset; minification expected. | ai | |
| source-diff | obfuscated-file:public/assets/cose-bilkent-S5V4N54A-D4wikFr1.js | AI (source-diff): Vite-bundled cytoscape layout plugin; minification expected. | ai | |
| source-diff | obfuscated-file:public/assets/cytoscape-dagre-CO2HNyOd.js | AI (source-diff): Vite-bundled cytoscape-dagre plugin; minification expected. | ai | |
| source-diff | obfuscated-file:public/assets/cytoscape-popper-D30IDL9Y.js | AI (source-diff): Vite-bundled cytoscape-popper plugin; minification expected. | ai | |
| source-diff | obfuscated-file:public/assets/cytoscape.esm-Cj_wycbY.js | AI (source-diff): Vite-bundled cytoscape ESM bundle; minification expected. | ai | |
| source-diff | obfuscated-file:public/assets/dagre-KV5264BT-1zSgR5z0.js | AI (source-diff): Vite-bundled dagre variant; minification expected. | ai | |
| source-diff | obfuscated-file:public/assets/defaultLocale-Du1XY3Dp.js | AI (source-diff): Vite-bundled locale data; minification expected. | ai | |
| npm-metadata | suspicious-initial-version | AI (npm-metadata): 0.0.0 is the intentional initial release of this scoped org package; not a throwaway. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Fires in bundled Vite/Vue frontend asset; standard minified output, not intentional obfuscation. | ai |
Versions (showing 7 of 7)
| Version | Deps | Published |
|---|---|---|
| 1.4.0 | 6 / 2 | |
| 1.3.0 | 6 / 2 | |
| 1.2.0 | 6 / 2 | |
| 1.1.0 | 5 / 2 | |
| 1.0.0 | 5 / 2 | |
| 0.4.0 | 5 / 2 | |
| 0.0.0 | 5 / 2 |
v1.4.0
14 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.0
14 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.2.0
14 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.