← Home

@hh.ru/magritte-ui-date-picker

npm
48
Versions
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

hhru

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:date-picker-62cuCLSI.js AI (source-diff): Long lines are minified CSS-modules class-name maps in a UI component bundle; not obfuscation. ai
source-diff obfuscated-file:date-picker-tjj8herG.js AI (source-diff): Minified UI bundle with CSS module class names; standard build output for this component library. ai
source-diff obfuscated-file:date-picker-9dP17TJ5.js AI (source-diff): Minified output is a normal build artifact for this UI component library; content is CSS class name maps, not obfuscated logic. ai
source-diff obfuscated-file:date-picker--XobxkWu.js AI (source-diff): Minified build artifact from UI component library; content is CSS module mappings, not obfuscated malicious code. ai
source-diff obfuscated-file:date-picker-DpZP-HzU.js AI (source-diff): Long lines are CSS-modules hashed class name maps in a bundled UI component — standard build artifact for this org's packages. ai
source-diff obfuscated-file:date-picker-CmBqIfXG.js AI (source-diff): Bundled CSS-modules output with hashed class names; standard build artifact for this UI component package. ai
source-diff obfuscated-file:date-picker-CzDWCU9v.js AI (source-diff): Minified bundle is standard build output for this UI component library; CSS module class names confirm legitimate origin. ai
source-diff obfuscated-file:date-picker-DZKLYRG1.js AI (source-diff): Long lines are CSS-modules class-name maps from the build process; consistent pattern across all versions of this package. ai
source-diff obfuscated-file:date-picker-IwtgzJ8P.js AI (source-diff): Minified UI component bundle with CSS module mappings; standard build output for this package family. ai
source-diff obfuscated-file:date-picker-DwNvnflT.js AI (source-diff): Long lines are CSS module maps and minified UI bundle output, consistent with this package's build process across all versions. ai
source-diff obfuscated-file:date-picker-DoPpAMtP.js AI (source-diff): Minified CSS-modules bundle with hashed class names; standard build output for this UI component package. ai
provenance no-provenance AI (provenance): Provenance adoption is sparse; not a disqualifier for established packages. ai
source-diff obfuscated-file:date-picker-cT66-Dm5.js AI (source-diff): Minified CSS-module bundle output; consistent with this UI component library's build process across all versions. ai
source-diff obfuscated-file:date-picker-DFzONwNt.js AI (source-diff): Minified bundle output from a UI component library; content is CSS module mappings, not obfuscated malicious code. ai
source-diff obfuscated-file:date-picker-ByZ-lafp.js AI (source-diff): Long lines are CSS module hashed class name maps from the build process, not malicious obfuscation. Stable pattern for this package. ai
npm-metadata no-description AI (npm-metadata): Same org-wide pattern; not indicative of malicious intent for this package family. ai
dependencies unvetted-dep:@hh.ru/magritte-ui-tooltip AI (dependencies): Same-org monorepo component; consistent pattern across all hh.ru magritte packages. ai
dependencies unvetted-dep:@hh.ru/magritte-ui-bottom-sheet AI (dependencies): Same-org monorepo component; consistent pattern across all hh.ru magritte packages. ai
dependencies unvetted-dep:@hh.ru/magritte-ui-navigation-bar AI (dependencies): Same-org monorepo component; consistent pattern across all hh.ru magritte packages. ai
bogus-package bogus-package AI (bogus-package): Internal monorepo UI package; missing metadata is cosmetic, not indicative of malice. ai
phantom-deps phantom-dep:@hh.ru/magritte-ui-tooltip AI (phantom-deps): Same-org monorepo dep; indirect import pattern is stable for this package family. ai
phantom-deps phantom-dep:@hh.ru/magritte-ui-navigation-bar AI (phantom-deps): Same-org monorepo dep; indirect import pattern is stable for this package family. ai
phantom-deps phantom-dep:@hh.ru/magritte-ui-spacing AI (phantom-deps): Same-org monorepo dep; indirect import pattern is stable for this package family. ai
phantom-deps phantom-dep:@hh.ru/magritte-ui-bottom-sheet AI (phantom-deps): Same-org monorepo dep; indirect import pattern is stable for this package family. ai
phantom-deps phantom-dep:@hh.ru/magritte-design-tokens AI (phantom-deps): Same-org monorepo dep; indirect import pattern is stable for this package family. ai
phantom-deps phantom-dep:@hh.ru/magritte-ui-mock-component AI (phantom-deps): Same-org monorepo dep; indirect import pattern is stable for this package family. ai

Versions (showing 48 of 48)

Version Deps Published
6.1.50 16 / 0
6.1.47 16 / 0
6.1.46 16 / 0
6.1.44 16 / 0
6.1.42 16 / 0
6.1.41 16 / 0
6.1.40 16 / 0
6.1.37 16 / 0
6.1.33 16 / 0
6.1.31 16 / 0
6.1.30 16 / 0
6.1.25 16 / 0
6.1.24 16 / 0
6.1.23 16 / 0
6.1.22 16 / 0
6.1.15 16 / 0
6.1.14 16 / 0
6.1.9 16 / 0
6.1.8 16 / 0
6.1.7 16 / 0
6.1.6 16 / 0
6.1.5 16 / 0
6.1.4 16 / 0
6.1.3 16 / 0
6.0.3 16 / 0
6.0.0 16 / 0
5.2.4 16 / 0
5.2.2 16 / 0
5.2.1 16 / 0
5.2.0 16 / 0
5.1.57 16 / 0
5.1.55 16 / 0
5.1.54 16 / 0
5.1.51 16 / 0
5.1.50 16 / 0
5.1.44 16 / 0
5.1.43 16 / 0
5.1.41 16 / 0
5.1.40 16 / 0
5.1.39 16 / 0
5.1.38 16 / 0
5.1.37 16 / 0
5.1.36 16 / 0
5.1.35 16 / 0
5.1.34 16 / 0
5.1.33 16 / 0
5.1.31 16 / 0
5.1.30 16 / 0

v6.1.50

2 findings
HIGH New obfuscated file: date-picker-DwNvnflT.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.1.47

2 findings
HIGH New obfuscated file: date-picker-DZKLYRG1.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.1.46

2 findings
HIGH New obfuscated file: date-picker--XobxkWu.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.1.44

2 findings
HIGH New obfuscated file: date-picker-DpZP-HzU.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.1.42

2 findings
HIGH New obfuscated file: date-picker-tjj8herG.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.1.41

2 findings
HIGH New obfuscated file: date-picker-DFzONwNt.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.1.40

2 findings
HIGH New obfuscated file: date-picker-DoPpAMtP.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.1.37

2 findings
HIGH New obfuscated file: date-picker-9dP17TJ5.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.1.33

2 findings
HIGH New obfuscated file: date-picker-IwtgzJ8P.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.1.31

2 findings
HIGH New obfuscated file: date-picker-CzDWCU9v.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.1.30

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.1.25

2 findings
HIGH New obfuscated file: date-picker-62cuCLSI.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.1.24

2 findings
HIGH New obfuscated file: date-picker-ByZ-lafp.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.1.23

2 findings
HIGH New obfuscated file: date-picker-CmBqIfXG.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.1.22

2 findings
HIGH New obfuscated file: date-picker-cT66-Dm5.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v6.1.15

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.1.14

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.1.9

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.1.8

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.1.7

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.1.6

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.1.5

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.1.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.1.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.0.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v6.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.2.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.2.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.2.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.1.57

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.1.55

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.1.54

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.1.51

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.1.50

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.1.44

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.1.43

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.1.41

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.1.40

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.1.39

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.1.38

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.1.37

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.1.36

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.1.35

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.1.34

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.1.33

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.1.31

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v5.1.30

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.