@hh.ru/magritte-ui-table
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:cell-ryforLb_.js | AI (source-diff): CSS module map generated by standard bundler; long lines are dense JSON, not obfuscated code. | ai | |
| source-diff | obfuscated-file:table-CDEeuIcf.js | AI (source-diff): CSS module map generated by standard bundler; long lines are dense JSON, not obfuscated code. | ai | |
| source-diff | obfuscated-file:cell-CaM2wubO.js | AI (source-diff): CSS module map with hashed class names; standard bundler output for this UI library. | ai | |
| source-diff | obfuscated-file:table-Drv14lIJ.js | AI (source-diff): CSS module map with hashed class names; standard bundler output for this UI library. | ai | |
| source-diff | obfuscated-file:table-u76Vdytz.js | AI (source-diff): Standard minified CSS-modules bundle from hh.ru Magritte UI build pipeline; not obfuscation. | ai | |
| source-diff | obfuscated-file:cell-D15nzsih.js | AI (source-diff): Standard minified CSS-modules bundle from hh.ru Magritte UI build pipeline; not obfuscation. | ai | |
| source-diff | obfuscated-file:cell-UnN3BaQN.js | AI (source-diff): Minified CSS module map from standard UI library build; no executable payload. | ai | |
| source-diff | obfuscated-file:table-rBp-Zjce.js | AI (source-diff): Minified CSS module map from standard UI library build; no executable payload. | ai | |
| source-diff | obfuscated-file:table-BJ74-y3T.js | AI (source-diff): Same pattern: CSS module map with hashed class names from standard bundler output. | ai | |
| source-diff | obfuscated-file:cell-Db_oZDXV.js | AI (source-diff): Bundler-generated CSS module map; long lines are hashed class name dictionaries, not obfuscated logic. | ai | |
| source-diff | obfuscated-file:cell-DXAs4eiM.js | AI (source-diff): Minified CSS module map from standard UI build pipeline; no executable payload. | ai | |
| source-diff | obfuscated-file:table-C2GCJhVK.js | AI (source-diff): Minified CSS module map from standard UI build pipeline; no executable payload. | ai | |
| source-diff | obfuscated-file:table-DHzAD4wg.js | AI (source-diff): Same pattern: CSS module class-name map from UI component build; benign minified output. | ai | |
| source-diff | obfuscated-file:cell-CP79SFkP.js | AI (source-diff): CSS module class-name map from UI component build; long lines are expected minified output, not obfuscation. | ai | |
| source-diff | obfuscated-file:cell-DObGLKic.js | AI (source-diff): Vite/Rollup build output with hashed CSS module maps; not obfuscated malicious code. | ai | |
| source-diff | obfuscated-file:table-C7x76pv6.js | AI (source-diff): Same pattern — hashed CSS module map from standard bundler output. | ai | |
| source-diff | obfuscated-file:cell-DTVSTtQK.js | AI (source-diff): Long-line content is a CSS modules class-name map from bundler output, not obfuscated malicious code. | ai | |
| source-diff | obfuscated-file:table-Dx3GxzJV.js | AI (source-diff): Same pattern: bundler-generated CSS modules map; stable false positive for this package. | ai | |
| source-diff | obfuscated-file:table-CN1ksfwX.js | AI (source-diff): Same pattern — CSS module map output from build tooling; benign for this package. | ai | |
| source-diff | obfuscated-file:cell-BbdUyeIu.js | AI (source-diff): Standard Vite/Rollup bundle with CSS module class-name maps; long lines are CSS token objects, not obfuscation. | ai | |
| source-diff | obfuscated-file:table-4z9-a-4r.js | AI (source-diff): Same CSS-modules bundler output pattern; not malicious. | ai | |
| source-diff | obfuscated-file:cell-CkLXIIoB.js | AI (source-diff): Long lines are CSS-modules class-name maps from bundler output, not obfuscation; stable pattern for this UI component package. | ai | |
| source-diff | obfuscated-file:table-D3TciDvD.js | AI (source-diff): Same CSS-module bundler output pattern; not malicious. | ai | |
| source-diff | obfuscated-file:cell-B7UMFuJS.js | AI (source-diff): Long lines are CSS-module class-name maps from bundler output, not obfuscation. Stable pattern for this UI component package. | ai | |
| source-diff | obfuscated-file:table-CuwXeYEW.js | AI (source-diff): Same pattern: bundler-generated CSS modules map, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:cell-CaDjA4_8.js | AI (source-diff): Long-line content is a CSS modules class-name map from bundler output, not obfuscation. | ai | |
| source-diff | obfuscated-file:table-DkbHaPA9.js | AI (source-diff): Same pattern: bundler-generated CSS module map with scoped class names, not obfuscated executable code. | ai | |
| source-diff | obfuscated-file:cell-CXTCStm3.js | AI (source-diff): Bundler-generated CSS module map; long lines are JSON key-value pairs of scoped class names, not obfuscated code. | ai | |
| source-diff | obfuscated-file:table-NSrhzEAK.js | AI (source-diff): CSS module classname map; long lines are structural, not obfuscation. Stable for this package. | ai | |
| source-diff | obfuscated-file:cell-DGAw2ui4.js | AI (source-diff): CSS module classname map; long lines are structural, not obfuscation. Stable for this package. | ai | |
| source-diff | obfuscated-file:cell-BAegh3Ap.js | AI (source-diff): CSS module class-name map from build tooling; long lines are JSON key-value pairs, not obfuscated executable code. | ai | |
| source-diff | obfuscated-file:table-67536hxS.js | AI (source-diff): Same pattern: CSS module class-name map, no executable payload. | ai | |
| source-diff | obfuscated-file:table-nRLkTX5c.js | AI (source-diff): Minified CSS module map from build tooling; no executable payload, stable pattern for this UI library. | ai | |
| source-diff | obfuscated-file:cell-Djg4nVe-.js | AI (source-diff): Minified CSS module map from build tooling; no executable payload, stable pattern for this UI library. | ai | |
| source-diff | obfuscated-file:cell-DGaQ6c8B.js | AI (source-diff): Long lines are CSS-modules class-name maps from bundler output, not obfuscation. | ai | |
| source-diff | obfuscated-file:table-CCyijihW.js | AI (source-diff): Same pattern: CSS-modules scoped class-name JSON map, benign bundler artifact. | ai | |
| source-diff | obfuscated-file:table-Bm9WPHKO.js | AI (source-diff): Same CSS modules classname map pattern; benign bundler artifact for this package. | ai | |
| source-diff | obfuscated-file:cell-9MJvhJkj.js | AI (source-diff): Long-line content is a CSS modules classname map from bundler output, not obfuscation. Stable pattern for this UI component package. | ai | |
| source-diff | obfuscated-file:table-DCGiTlL0.js | AI (source-diff): Same pattern: Vite/Rollup CSS module output; no executable obfuscation. | ai | |
| source-diff | obfuscated-file:cell-CmFhtUuZ.js | AI (source-diff): Bundler-generated CSS module map; long lines are JSON key-value pairs, not obfuscated logic. | ai | |
| source-diff | obfuscated-file:table-XyGk1cfl.js | AI (source-diff): Same pattern: bundler CSS module output with hashed class names, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:cell-DnZj0dDu.js | AI (source-diff): Bundler-generated CSS module map; long lines are JSON class-name dictionaries, not obfuscation. | ai | |
| source-diff | obfuscated-file:table-CXRIwLtU.js | AI (source-diff): Same pattern: bundler-emitted CSS module map with hashed class names. | ai | |
| source-diff | obfuscated-file:cell-B7XqtbHW.js | AI (source-diff): Bundler-generated CSS module map; long lines are hashed class name dictionaries, not obfuscated logic. | ai | |
| source-diff | obfuscated-file:table-Mm1UbAXr.js | AI (source-diff): Same pattern: bundled CSS modules map; benign for this UI component package. | ai | |
| source-diff | obfuscated-file:cell-CVbO631x.js | AI (source-diff): Long-line content is a CSS modules class-name map from bundler output, not obfuscation or malware. | ai | |
| source-diff | obfuscated-file:table-CXQx3dBJ.js | AI (source-diff): Same pattern: bundler CSS module map with hashed class names, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:cell-Baoizg3U.js | AI (source-diff): Bundler-generated CSS module map; long lines are JSON key-value pairs, not obfuscated logic. | ai | |
| source-diff | obfuscated-file:table-CtMzBcsF.js | AI (source-diff): Minified CSS-modules bundle from standard UI library build; not obfuscated malicious code. | ai | |
| source-diff | obfuscated-file:cell-DZZP6Ot4.js | AI (source-diff): Minified CSS-modules bundle from standard UI library build; not obfuscated malicious code. | ai |
Versions (showing 30 of 30)
| Version | Deps | Published |
|---|---|---|
| 3.2.9 | 9 / 0 | |
| 3.2.8 | 9 / 0 | |
| 3.2.7 | 9 / 0 | |
| 3.2.6 | 9 / 0 | |
| 3.2.5 | 9 / 0 | |
| 3.2.3 | 9 / 0 | |
| 3.2.2 | 9 / 0 | |
| 3.2.1 | 9 / 0 | |
| 3.2.0 | 9 / 0 | |
| 3.1.16 | 9 / 0 | |
| 3.1.14 | 9 / 0 | |
| 3.1.12 | 9 / 0 | |
| 3.1.11 | 9 / 0 | |
| 3.1.10 | 9 / 0 | |
| 3.1.9 | 9 / 0 | |
| 3.1.8 | 9 / 0 | |
| 3.1.7 | 9 / 0 | |
| 3.1.6 | 9 / 0 | |
| 3.1.5 | 9 / 0 | |
| 3.1.4 | 9 / 0 | |
| 3.1.3 | 9 / 0 | |
| 3.1.2 | 9 / 0 | |
| 3.1.1 | 9 / 0 | |
| 3.1.0 | 9 / 0 | |
| 3.0.7 | 8 / 0 | |
| 3.0.5 | 8 / 0 | |
| 3.0.4 | 8 / 0 | |
| 3.0.3 | 8 / 0 | |
| 3.0.1 | 8 / 0 | |
| 3.0.0 | 8 / 0 |
v3.2.9
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.8
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.7
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.6
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.5
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.2.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.16
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.14
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.12
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.11
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.10
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v3.1.5
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.1.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.7
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.5
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v3.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.