← Home

@gentleduck/docs

npm Repository Homepage

Shared docs app kit used by the gentleduck/ui docs apps.

14
Versions
MIT
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

wildduck

Keywords

gentleduckdocsdocumentationmdxnextjs

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff large-new-source-files AI (source-diff): Docs kit with many UI components; large file count expected for this package type. ai
source-diff obfuscated-file:dist/icons-BczxfLsa.js AI (source-diff): Standard minified React component bundle output from tsdown build tool. ai
source-diff obfuscated-file:dist/dropdown-menu-DYiM8COh.js AI (source-diff): Standard minified React component bundle output from tsdown build tool. ai
source-diff obfuscated-file:dist/drawer-05tN_Xdp.js AI (source-diff): Standard minified React component bundle output from tsdown build tool. ai
source-diff obfuscated-file:dist/docs-toc-oDLRpfBi.js AI (source-diff): Standard minified React component bundle output from tsdown build tool. ai
source-diff obfuscated-file:dist/docs-sidebar-CQ6ieEvV.js AI (source-diff): Standard minified React component bundle output from tsdown build tool. ai
source-diff obfuscated-file:dist/docs-copy-page-BjCHLC98.js AI (source-diff): Standard minified React component bundle output from tsdown build tool. ai
source-diff obfuscated-file:dist/dialog-WKxDI8AJ.js AI (source-diff): Standard minified React component bundle output from tsdown build tool. ai
source-diff obfuscated-file:dist/component-preview-AFsWULeq.js AI (source-diff): Standard minified React component bundle output from tsdown build tool. ai
source-diff obfuscated-file:dist/command-menu-BAD7s_Xg.js AI (source-diff): Standard minified React component bundle output from tsdown build tool. ai
source-diff obfuscated-file:dist/code-preview-DplOXYJF.js AI (source-diff): Standard minified React component bundle output from tsdown build tool. ai
source-diff obfuscated-file:dist/arrow-Bg-ND295-CYJP0_qg.js AI (source-diff): Standard Rollup/Vite minified bundle output; readable React component code, not malicious obfuscation. ai
source-diff obfuscated-file:dist/button-DIHa5N0D.js AI (source-diff): Standard Rollup/Vite minified bundle output; readable React component code. ai
source-diff obfuscated-file:dist/icons-DkcViqOH.js AI (source-diff): Standard Rollup/Vite minified bundle output; readable React component code. ai
source-diff obfuscated-file:dist/dropdown-menu-D7-fzei2.js AI (source-diff): Standard Rollup/Vite minified bundle output; readable React component code. ai
source-diff obfuscated-file:dist/drawer-B-JmWoa3.js AI (source-diff): Standard Rollup/Vite minified bundle output; readable React component code. ai
source-diff obfuscated-file:dist/docs-toc-CYLfhX1O.js AI (source-diff): Standard Rollup/Vite minified bundle output; readable React component code. ai
source-diff obfuscated-file:dist/docs-sidebar-DQY5T1Ic.js AI (source-diff): Standard Rollup/Vite minified bundle output; readable React component code. ai
source-diff obfuscated-file:dist/docs-copy-page-_jaCFqTH.js AI (source-diff): Standard Rollup/Vite minified bundle output; readable React component code. ai
source-diff obfuscated-file:dist/dialog-C_mQKlW-.js AI (source-diff): Standard Rollup/Vite minified bundle output; readable React component code. ai
source-diff obfuscated-file:dist/component-preview-yWcmbOD7.js AI (source-diff): Standard Rollup/Vite minified bundle output; readable React component code. ai
source-diff obfuscated-file:dist/command-menu-Kvnq8ElM.js AI (source-diff): Standard Rollup/Vite minified bundle output; readable React component code. ai
source-diff obfuscated-file:dist/code-preview-Dittg33f.js AI (source-diff): Standard Rollup/Vite minified bundle output; readable React component code. ai
source-diff obfuscated-file:dist/arrow-CU5T6t_D-BA13FgoC.js AI (source-diff): Standard minified Vite/tsdown bundle output; readable imports, no malicious patterns. ai
source-diff obfuscated-file:dist/mdx-components-ui-Cp73cCYd.js AI (source-diff): Standard minified Vite/tsdown bundle output; readable imports, no malicious patterns. ai
source-diff obfuscated-file:dist/icons-dASZ3daW.js AI (source-diff): Standard minified Vite/tsdown bundle output; readable imports, no malicious patterns. ai
source-diff obfuscated-file:dist/drawer-kwSiurIF.js AI (source-diff): Standard minified Vite/tsdown bundle output; readable imports, no malicious patterns. ai
source-diff obfuscated-file:dist/docs-toc-Bjmkbd6l.js AI (source-diff): Standard minified Vite/tsdown bundle output; readable imports, no malicious patterns. ai
source-diff obfuscated-file:dist/docs-sidebar-DY2ybOuM.js AI (source-diff): Standard minified Vite/tsdown bundle output; readable imports, no malicious patterns. ai
source-diff obfuscated-file:dist/docs-copy-page-QXgUbioW.js AI (source-diff): Standard minified Vite/tsdown bundle output; readable imports, no malicious patterns. ai
source-diff obfuscated-file:dist/dialog-68QLl2rI.js AI (source-diff): Standard minified Vite/tsdown bundle output; readable imports, no malicious patterns. ai
source-diff obfuscated-file:dist/component-preview-g-CoGwuu.js AI (source-diff): Standard minified Vite/tsdown bundle output; readable imports, no malicious patterns. ai
source-diff obfuscated-file:dist/command-menu-BY4dKRHx.js AI (source-diff): Standard minified Vite/tsdown bundle output; readable imports, no malicious patterns. ai
source-diff obfuscated-file:dist/code-preview-CosZjiht.js AI (source-diff): Standard minified Vite/tsdown bundle output; readable imports, no malicious patterns. ai
source-diff obfuscated-file:dist/button-BPQ9zanb.js AI (source-diff): Standard minified Vite/tsdown bundle output; readable imports, no malicious patterns. ai
source-diff obfuscated-file:dist/mdx-components-ui-D4ah94HK.js AI (source-diff): Standard tsdown/rollup chunked ESM output with hashed filename; code is readable React components, not obfuscated. ai
source-diff obfuscated-file:dist/command-menu-BYWVu7O7.js AI (source-diff): Standard minified React component bundle; no malicious patterns in samples. ai
source-diff obfuscated-file:dist/mdx-BytZ4deL.js AI (source-diff): Standard minified React component bundle; no malicious patterns in samples. ai
source-diff obfuscated-file:dist/icons-CRYTp4x9.js AI (source-diff): Standard bundler minification; readable SVG icon definitions in sample. ai
source-diff obfuscated-file:dist/dropdown-menu-CbK2ioAt.js AI (source-diff): Standard bundler minification; readable Radix dropdown + color regex map in sample. ai
source-diff obfuscated-file:dist/docs-copy-page-CUBmgypz.js AI (source-diff): Standard bundler minification; readable clipboard/AI-link component in sample. ai
source-diff obfuscated-file:dist/component-preview-Bc8FAVzP.js AI (source-diff): Standard bundler minification; readable React component code in sample. ai
source-diff obfuscated-file:dist/command-menu-Dz8Cy4W4.js AI (source-diff): Standard bundler minification; readable Next.js router/theme code in sample. ai
source-diff obfuscated-file:dist/command-D1QwvvDI.js AI (source-diff): Standard bundler minification; readable DOM/React utility code in sample. ai
source-diff obfuscated-file:dist/code-preview-CH2PwR53.js AI (source-diff): Standard bundler minification; readable React component code in sample. ai
source-diff obfuscated-file:dist/button-CR_OZcLS.js AI (source-diff): Standard bundler minification of React/Radix UI components; not obfuscation. ai
source-diff obfuscated-file:dist/scroll-area-DOM4NPU1.js AI (source-diff): Standard bundler minification of scroll area component. ai
source-diff obfuscated-file:dist/registry-colors-data-BauG7f6N.js AI (source-diff): Standard bundler minification of color registry data. ai
source-diff obfuscated-file:dist/popover-fCKP1e-n.js AI (source-diff): Standard bundler minification of Radix popover component. ai
source-diff obfuscated-file:dist/mdx-0SRpwcYy.js AI (source-diff): Standard bundler minification of MDX rendering code. ai
source-diff obfuscated-file:dist/popover-DBuHxfGT.js AI (source-diff): Standard bundler minification output for popover component. ai
source-diff obfuscated-file:dist/mermaid-block-BlCALvQ4.js AI (source-diff): Standard bundler minification output for mermaid block component. ai
source-diff obfuscated-file:dist/mdx-Bc39yJEk.js AI (source-diff): Standard bundler minification output for MDX component. ai
source-diff obfuscated-file:dist/icons-CiCgiCYy.js AI (source-diff): Standard bundler minification output for icons component. ai
source-diff obfuscated-file:dist/dropdown-menu-Cf4PnvE4.js AI (source-diff): Standard bundler minification output for dropdown menu component. ai
source-diff obfuscated-file:dist/drawer-DVVyDJ2D.js AI (source-diff): Standard bundler minification output; readable React/Radix drawer code in sample. ai
source-diff obfuscated-file:dist/docs-copy-page-DZDkcR09.js AI (source-diff): Standard bundler minification output; readable React component code in sample. ai
source-diff obfuscated-file:dist/dialog-BJXRFGlQ.js AI (source-diff): Standard bundler minification output; readable React/Radix dialog code in sample. ai
source-diff obfuscated-file:dist/component-preview-InhzN4h1.js AI (source-diff): Standard bundler minification output; readable React component code in sample. ai
source-diff obfuscated-file:dist/command-menu-Db8sDulu.js AI (source-diff): Standard bundler minification output; readable React component code in sample. ai
source-diff obfuscated-file:dist/command-2PGkRCUM.js AI (source-diff): Standard bundler minification output; readable React component code in sample. ai
source-diff obfuscated-file:dist/code-preview-DTVYDNkK.js AI (source-diff): Standard bundler minification output; readable React component code in sample. ai
source-diff obfuscated-file:dist/button-Ao0Egplu.js AI (source-diff): Standard bundler minification output; readable React/Radix code in sample. ai
semgrep semgrep:new-function-constructor AI (semgrep): Standard MDX compiled-code execution pattern; input is pre-compiled MDX, not user-supplied arbitrary code. ai
phantom-deps phantom-dep:@tanstack/react-virtual AI (phantom-deps): Virtualization dep; likely used in docs search/list components via config. ai
phantom-deps phantom-dep:react-remove-scroll AI (phantom-deps): UI utility; likely used transitively or via config. ai
phantom-deps phantom-dep:tw-animate-css AI (phantom-deps): CSS utility; likely imported via CSS config, not JS import. ai
phantom-deps phantom-dep:mdast-util-toc AI (phantom-deps): Table-of-contents utility for MDX docs; config-referenced pattern. ai
phantom-deps phantom-dep:unist-builder AI (phantom-deps): AST utility used in MDX/remark pipeline; config-referenced pattern. ai
phantom-deps phantom-dep:@types/unist AI (phantom-deps): Type-only package; framework-scoped, loaded by convention. ai
semgrep semgrep:base64-decode AI (semgrep): Decoding Mermaid diagram JSON from Chromium headless output; benign and expected for this package. ai
phantom-deps phantom-dep:aria-hidden AI (phantom-deps): UI accessibility dep; likely used transitively or via config. ai
phantom-deps phantom-dep:tabbable AI (phantom-deps): UI accessibility dep; likely used transitively or via config. ai
phantom-deps phantom-dep:remark AI (phantom-deps): Remark used in MDX pipeline via config; phantom-dep heuristic false positive. ai
phantom-deps phantom-dep:lunr AI (phantom-deps): Docs toolkit; lunr used for search, likely loaded by convention or config. ai
typosquat typosquat.levenshtein:cors AI (typosquat): Scoped package @gentleduck/docs; no relation to cors. Levenshtein match is spurious. ai

Versions (showing 14 of 14)

Version Deps Published
2.0.0 22 / 25
1.0.1 22 / 25
0.2.13 22 / 25
0.2.12 22 / 25
0.2.11 22 / 25
0.2.9 22 / 25
0.2.7 22 / 25
0.2.6 22 / 25
0.2.2 22 / 24
0.1.1 22 / 24
0.1.0 22 / 23
0.0.16 22 / 23
0.0.13 20 / 27
0.0.1 20 / 29

v2.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.13

2 findings
HIGH New obfuscated file: dist/mdx-components-ui-D4ah94HK.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.12

2 findings
HIGH New obfuscated file: dist/mdx-components-ui-D4ah94HK.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.11

2 findings
HIGH New obfuscated file: dist/mdx-components-ui-D4ah94HK.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.7

13 findings
HIGH New obfuscated file: dist/arrow-Bg-ND295-CYJP0_qg.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/button-DIHa5N0D.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/code-preview-Dittg33f.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/command-menu-Kvnq8ElM.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/component-preview-yWcmbOD7.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/dialog-C_mQKlW-.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/docs-copy-page-_jaCFqTH.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/docs-sidebar-DQY5T1Ic.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/docs-toc-CYLfhX1O.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/drawer-B-JmWoa3.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/dropdown-menu-D7-fzei2.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/icons-DkcViqOH.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.6

13 findings
HIGH New obfuscated file: dist/arrow-Bg-ND295-CYJP0_qg.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/button-DIHa5N0D.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/code-preview-Dittg33f.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/command-menu-Kvnq8ElM.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/component-preview-yWcmbOD7.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/dialog-C_mQKlW-.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/docs-copy-page-_jaCFqTH.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/docs-sidebar-DQY5T1Ic.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/docs-toc-CYLfhX1O.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/drawer-B-JmWoa3.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/dropdown-menu-D7-fzei2.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/icons-DkcViqOH.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.2.2

13 findings
HIGH New obfuscated file: dist/arrow-CU5T6t_D-BA13FgoC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/button-BPQ9zanb.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/code-preview-DplOXYJF.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/command-menu-BAD7s_Xg.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/component-preview-AFsWULeq.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/dialog-WKxDI8AJ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/docs-copy-page-BjCHLC98.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/docs-sidebar-CQ6ieEvV.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/docs-toc-oDLRpfBi.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/drawer-05tN_Xdp.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/dropdown-menu-DYiM8COh.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/icons-BczxfLsa.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.1

13 findings
HIGH New obfuscated file: dist/arrow-CU5T6t_D-BA13FgoC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/button-BPQ9zanb.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/code-preview-CosZjiht.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/command-menu-BY4dKRHx.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/component-preview-g-CoGwuu.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/dialog-68QLl2rI.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/docs-copy-page-QXgUbioW.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/docs-sidebar-DY2ybOuM.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/docs-toc-Bjmkbd6l.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/drawer-kwSiurIF.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/icons-dASZ3daW.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/mdx-components-ui-Cp73cCYd.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.1.0

13 findings
HIGH New obfuscated file: dist/arrow-CU5T6t_D-BA13FgoC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/button-BPQ9zanb.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/code-preview-CosZjiht.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/command-menu-BY4dKRHx.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/component-preview-g-CoGwuu.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/dialog-68QLl2rI.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/docs-copy-page-QXgUbioW.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/docs-sidebar-DY2ybOuM.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/docs-toc-Bjmkbd6l.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/drawer-kwSiurIF.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/icons-dASZ3daW.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/mdx-components-ui-Cp73cCYd.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.16

13 findings
HIGH New obfuscated file: dist/arrow-CU5T6t_D-BA13FgoC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/button-BPQ9zanb.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/code-preview-CosZjiht.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/command-menu-BY4dKRHx.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/component-preview-g-CoGwuu.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/dialog-68QLl2rI.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/docs-copy-page-QXgUbioW.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/docs-sidebar-DY2ybOuM.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/docs-toc-Bjmkbd6l.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/drawer-kwSiurIF.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/icons-dASZ3daW.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/mdx-components-ui-Cp73cCYd.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.13

14 findings
HIGH New obfuscated file: dist/button-Ao0Egplu.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/code-preview-DTVYDNkK.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/command-2PGkRCUM.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/command-menu-Db8sDulu.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/component-preview-InhzN4h1.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/dialog-BJXRFGlQ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/docs-copy-page-DZDkcR09.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/drawer-DVVyDJ2D.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/dropdown-menu-Cf4PnvE4.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/icons-CiCgiCYy.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/mdx-Bc39yJEk.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/mermaid-block-BlCALvQ4.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/popover-DBuHxfGT.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.