@gram-ai/elements — Greenflagged

Gram Elements is a library of UI primitives for building chat-like experiences for MCP Servers.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

speakeasy-quinnadam-speakeasyghaidar-speakeasysimplesagarthomasrooneyspeakeasyspeakeasyapi

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
phantom-deps	phantom-dep:@gram-ai/sdk	AI (phantom-deps): Same org dep; likely used indirectly via re-exports in bundled dist.	ai	2026/05/28
phantom-deps	phantom-dep:sdk	AI (phantom-deps): link: alias to @types/@modelcontextprotocol/sdk; not a real import, bundled dist pattern.	ai	2026/05/28
source-diff	obfuscated-file:dist/index-C-HNx5jq.cjs	AI (source-diff): Standard Vite minified bundle output for a React UI library; not obfuscated malware.	ai	2026/05/18
source-diff	obfuscated-file:dist/index-DHZOpLmV.js	AI (source-diff): Standard Vite ESM bundle for React UI components; not obfuscated malware.	ai	2026/05/18
source-diff	obfuscated-file:dist/startRecording-RhwhAuu_.cjs	AI (source-diff): Session recording bundle (rrweb-style); standard Datadog RUM functionality.	ai	2026/05/18
source-diff	obfuscated-file:dist/profiler-hSIwi81u.cjs	AI (source-diff): Datadog RUM profiler bundle; legitimate telemetry code, not malware.	ai	2026/05/18
source-diff	obfuscated-file:dist/index-d983oB4d.cjs	AI (source-diff): Standard minified React UI bundle; samples show tailwind-merge, radix-ui, react patterns — not obfuscation.	ai	2026/05/18
source-diff	net-exec-file:dist/index-DPvsLSiy.js	AI (source-diff): ESM bundle with react/radix-ui/assistant-ui; network calls are UI library fetch patterns, not dropper.	ai	2026/05/18
source-diff	obfuscated-file:dist/index-C2i7R8R4.js	AI (source-diff): ESM variant of the same UI bundle; standard vite build output.	ai	2026/05/18
source-diff	obfuscated-file:dist/startRecording-Bu-GoQ7F.cjs	AI (source-diff): Datadog session replay recording bundle; minified DOM event capture code, not malware.	ai	2026/05/18
source-diff	obfuscated-file:dist/profiler-HGfBsyH2.cjs	AI (source-diff): Datadog browser RUM profiler bundle; minified but clearly telemetry/profiling code.	ai	2026/05/18
source-diff	obfuscated-file:dist/index-xXZAaORp.cjs	AI (source-diff): Minified UI component bundle; samples show assistant-ui, motion, zustand imports — legitimate.	ai	2026/05/18
source-diff	net-exec-file:dist/index-d983oB4d.cjs	AI (source-diff): Network calls are from datadog RUM / fetch APIs in a UI library bundle; no dropper pattern.	ai	2026/05/18
phantom-deps	phantom-dep:ai	AI (phantom-deps): Bundled library; deps compiled into dist rather than directly imported at source level.	ai	2026/05/14
phantom-deps	phantom-dep:lucide-react	AI (phantom-deps): Icon library re-exported or used in build config; stable false positive for this UI component package.	ai	2026/05/14
phantom-deps	phantom-dep:@ai-sdk/mcp	AI (phantom-deps): Bundled UI lib; @ai-sdk/mcp referenced in config, stable false positive.	ai	2026/05/14
source-diff	obfuscated-file:dist/startRecording-jSovclaq.cjs	AI (source-diff): Session recording bundle (rrweb-style); minification expected, no malicious patterns.	ai	2026/05/14
source-diff	obfuscated-file:dist/profiler-CjNa3A1d.cjs	AI (source-diff): Datadog RUM profiler bundle; minification is expected, no malicious patterns.	ai	2026/05/14
source-diff	obfuscated-file:dist/index-CtZz13Cf.js	AI (source-diff): Standard Vite ESM bundle output; imports are well-known React ecosystem packages.	ai	2026/05/14
source-diff	obfuscated-file:dist/index-BmTGnEaV.cjs	AI (source-diff): Standard Vite/Rollup minified bundle output for a React UI library; not malicious obfuscation.	ai	2026/05/14
source-diff	obfuscated-file:dist/startRecording-YENzw_0G.cjs	AI (source-diff): Datadog RUM session recording bundle; minified but recognizable DOM event listener code.	ai	2026/05/14
source-diff	obfuscated-file:dist/index-COzPF-WM.cjs	AI (source-diff): Standard Vite/Rollup minified bundle; code samples show React/Radix UI patterns, not obfuscation.	ai	2026/05/14
source-diff	obfuscated-file:dist/index-fVcTljYT.cjs	AI (source-diff): Standard Vite/Rollup minified bundle; code samples show assistant-ui/react patterns.	ai	2026/05/14
source-diff	obfuscated-file:dist/profiler-KLtVMM14.cjs	AI (source-diff): Datadog RUM profiler bundle; minified but recognizable telemetry code.	ai	2026/05/14
source-diff	obfuscated-file:dist/index-QUz5guSg.js	AI (source-diff): Standard Vite/Rollup minified ESM bundle; code samples show React/assistant-ui patterns.	ai	2026/05/14
source-diff	net-exec-file:dist/index-COzPF-WM.cjs	AI (source-diff): Network calls and dynamic code in Datadog RUM/React bundle are expected; not dropper behavior.	ai	2026/05/14
source-diff	net-exec-file:dist/index-CRhpKl-G.js	AI (source-diff): Network calls and dynamic code in React UI bundle are expected; not dropper behavior.	ai	2026/05/14
source-diff	obfuscated-file:dist/index-A17b62wR.cjs	AI (source-diff): Standard Vite/Rollup minified bundle; content is recognizable React/UI library code.	ai	2026/05/14
source-diff	obfuscated-file:dist/index-Dm2wLFTN.js	AI (source-diff): Standard Vite/Rollup minified ESM bundle of UI components.	ai	2026/05/14
source-diff	net-exec-file:dist/index-D93pV0_o.js	AI (source-diff): ESM bundle of React/UI components; network calls are Datadog RUM, not malicious.	ai	2026/05/14
source-diff	obfuscated-file:dist/startRecording-Eb5f7wqP.cjs	AI (source-diff): Datadog session replay recording bundle; standard minified output.	ai	2026/05/14
source-diff	obfuscated-file:dist/profiler-Cbbf4eEX.cjs	AI (source-diff): Datadog browser-rum profiler bundle; standard minified output.	ai	2026/05/14
source-diff	net-exec-file:dist/index-C4bFBGfl.cjs	AI (source-diff): Network calls are Datadog RUM SDK; dynamic code execution is standard module pattern, not dropper behavior.	ai	2026/05/14
source-diff	obfuscated-file:dist/index-C4bFBGfl.cjs	AI (source-diff): Standard Vite/Rollup minified bundle; content is recognizable React/Tailwind code.	ai	2026/05/14
phantom-deps	phantom-dep:tailwind-merge	AI (phantom-deps): Referenced in config files; false positive for this package's build setup.	ai	2026/05/08
phantom-deps	phantom-dep:@openrouter/ai-sdk-provider	AI (phantom-deps): Referenced in config files; false positive for this package's build setup.	ai	2026/05/08
phantom-deps	phantom-dep:@radix-ui/react-slot	AI (phantom-deps): Referenced in config files; false positive for this package's build setup.	ai	2026/05/08
phantom-deps	phantom-dep:assistant-stream	AI (phantom-deps): Referenced in config files; false positive for this package's build setup.	ai	2026/05/08
phantom-deps	phantom-dep:zod	AI (phantom-deps): Referenced in config files; false positive for this package's build setup.	ai	2026/05/08
phantom-deps	phantom-dep:@chromatic-com/storybook	AI (phantom-deps): Chromatic storybook integration referenced in config; not a runtime import.	ai	2026/05/05
phantom-deps	phantom-dep:@storybook/addon-themes	AI (phantom-deps): Storybook addon referenced in .storybook config, not source imports.	ai	2026/05/05
phantom-deps	phantom-dep:vega-interpreter	AI (phantom-deps): Companion to vega; config-only reference is expected.	ai	2026/05/05
phantom-deps	phantom-dep:tw-shimmer	AI (phantom-deps): tw-shimmer referenced in config files; legitimate CSS utility dep.	ai	2026/05/05
phantom-deps	phantom-dep:vite-plugin-externalize-deps	AI (phantom-deps): Vite plugin referenced in build config; phantom-dep heuristic false positive.	ai	2026/05/05
phantom-deps	phantom-dep:vega	AI (phantom-deps): Vega is a visualization dep referenced in config/build; phantom-dep heuristic fires on config-only usage.	ai	2026/05/05

Versions (showing 17 of 17)

Version	Deps	Published
1.31.0	26 / 38	2026-05-08
1.30.1	26 / 38	2026-04-30
1.30.0	26 / 38	2026-04-24
1.28.0	26 / 38	2026-04-17
1.27.6	26 / 38	2026-04-06
1.18.8	17 / 33	2026-01-13
1.18.5	17 / 33	2026-01-12
1.18.2	17 / 32	2026-01-09
1.18.0	17 / 32	2026-01-09
1.16.3	16 / 36	2026-01-05
1.13.9	16 / 36	2025-12-23
1.13.7	16 / 36	2025-12-22
1.12.0	17 / 36	2025-12-18
1.2.4	14 / 37	2025-12-10
1.0.9	13 / 37	2025-12-10
1.0.4	8 / 32	2025-12-04
1.0.3	8 / 32	2025-12-04

v1.31.0

8 findings

HIGH New obfuscated file: dist/index-d983oB4d.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-d983oB4d.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/index-xXZAaORp.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/profiler-HGfBsyH2.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/startRecording-Bu-GoQ7F.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-C2i7R8R4.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-DPvsLSiy.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.30.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.30.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.28.0

8 findings

HIGH New obfuscated file: dist/index-BmTGnEaV.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-C4bFBGfl.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-C4bFBGfl.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/profiler-CjNa3A1d.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/startRecording-jSovclaq.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-CtZz13Cf.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-D93pV0_o.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.27.6

8 findings

HIGH New obfuscated file: dist/index-A17b62wR.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-C4bFBGfl.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-C4bFBGfl.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/profiler-Cbbf4eEX.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/startRecording-Eb5f7wqP.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-D93pV0_o.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/index-Dm2wLFTN.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.18.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.18.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.18.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.18.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.16.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.13.9

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.13.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.12.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.2.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.9

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.0.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.