@hyperframes/producer
HTML-to-video rendering engine using Chrome's BeginFrame API
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | encoded-string-file:dist/distributed.js | AI (source-diff): Base64 string is entities package htmlDecodeTree data, bundled by Bun — legitimate and stable for this package. | ai | |
| source-diff | obfuscated-file:dist/distributed.js | AI (source-diff): Standard esbuild bundle output; long lines are minified JS, not obfuscation. Matches documented distributed rendering entry point. | ai | |
| source-diff | net-exec-file:dist/distributed.js | AI (source-diff): Network + dynamic require in esbuild bundle is standard bundler shim pattern, not dropper behavior. | ai | |
| source-diff | encoded-string-file:dist/index.js | AI (source-diff): Long base64 string is the entities library HTML decode tree, a well-known benign pattern. | ai | |
| source-diff | encoded-string-file:dist/public-server.js | AI (source-diff): Same entities HTML decode tree base64 string; benign and stable across versions. | ai | |
| phantom-deps | phantom-dep:@fontsource/oswald | AI (phantom-deps): Font asset dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:@fontsource/outfit | AI (phantom-deps): Font asset dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:@fontsource/montserrat | AI (phantom-deps): Font asset dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:@fontsource/space-mono | AI (phantom-deps): Font asset dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:postcss | AI (phantom-deps): Font/CSS tooling dependency; referenced in config, not directly imported — stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@fontsource/archivo-black | AI (phantom-deps): Font asset dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:@fontsource/ibm-plex-mono | AI (phantom-deps): Font asset dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:@fontsource/league-gothic | AI (phantom-deps): Font asset dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:@fontsource/jetbrains-mono | AI (phantom-deps): Font asset dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:@fontsource/eb-garamond | AI (phantom-deps): Font asset dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:linkedom | AI (phantom-deps): HTML rendering dep used indirectly; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:puppeteer | AI (phantom-deps): Puppeteer used for headless Chrome rendering; loaded via config, not direct import — stable false positive. | ai | |
| phantom-deps | phantom-dep:@fontsource/inter | AI (phantom-deps): Font packages are runtime assets loaded by config, not direct imports — stable false positive for all @fontsource deps. | ai | |
| phantom-deps | phantom-dep:@fontsource/nunito | AI (phantom-deps): Font asset dep; stable false positive. | ai |
Versions (showing 20 of 145)
| Version | Deps | Published |
|---|---|---|
| 0.4.19 | 19 / 12 | |
| 0.4.17 | 19 / 12 | |
| 0.4.16 | 19 / 12 | |
| 0.4.14 | 19 / 12 | |
| 0.4.13 | 19 / 12 | |
| 0.4.12 | 19 / 12 | |
| 0.4.10 | 19 / 12 | |
| 0.4.9 | 19 / 12 | |
| 0.4.8 | 19 / 12 | |
| 0.4.7 | 19 / 12 | |
| 0.4.3 | 19 / 11 | |
| 0.2.5 | 19 / 11 | |
| 0.2.4 | 19 / 11 | |
| 0.2.3 | 19 / 11 | |
| 0.2.2 | 19 / 11 | |
| 0.2.1 | 19 / 4 | |
| 0.2.0 | 18 / 4 | |
| 0.1.15 | 18 / 4 | |
| 0.1.14 | 18 / 4 | |
| 0.1.13 | 18 / 4 |
v0.4.19
3 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.17
3 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.16
3 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.14
3 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.13
3 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.12
3 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.10
3 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.9
3 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.8
3 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.7
3 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.3
3 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.5
3 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.4
3 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.3
3 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.2
3 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.1
3 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.0
3 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.15
3 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.14
3 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.1.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.