@hyperframes/studio
Browser-based composition editor UI for Hyperframes. Provides a visual timeline, code editor, and live preview for building video compositions.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/assets/index-CveQve6o.js | AI (source-diff): Standard Vite minified bundle with React JSX runtime and license headers. Not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/assets/index-Bs6NmE0o.js | AI (source-diff): Standard Vite-bundled React app output; sample shows React JSX runtime and modulepreload polyfill. | ai | |
| source-diff | obfuscated-file:dist/assets/index-D6EwK2hA.js | AI (source-diff): Standard Vite/React minified bundle; React JSX runtime visible in sample confirms legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/assets/index-RzXlAX2g.js | AI (source-diff): Standard Vite minified bundle containing React production build; recognizable React internals in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/index-DxwbBcYY.js | AI (source-diff): Standard Vite/React minified build output; readable license headers and library code confirm no obfuscation. | ai | |
| source-diff | obfuscated-file:dist/assets/index-4xujzzbu.js | AI (source-diff): Standard Vite/rollup minified bundle with React runtime; not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/assets/index-960mgQMI.js | AI (source-diff): Standard Vite minified bundle; React license header visible in sample. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/assets/hyperframes-player-CEnWY28J.js | AI (source-diff): Standard Vite minified output with readable CSS and JS patterns. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/assets/index-gfyAaaaA.js | AI (source-diff): Standard Vite minified bundle with visible React license headers; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/hyperframes-player-DOFETgjy.js | AI (source-diff): Standard Vite build output with readable CSS and JS patterns; not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/assets/index-DUqUmaoH.js | AI (source-diff): Standard Vite/React production bundle; minified but not obfuscated — React license headers visible in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/index-DKII_C6N.js | AI (source-diff): Standard Vite bundle with React production build; Facebook license header visible in sample, no malicious indicators. | ai | |
| source-diff | obfuscated-file:dist/assets/hyperframes-player-DvTKPzaI.js | AI (source-diff): Standard Vite/rollup minified output for a web component player; samples show CSS and normal JS patterns. | ai | |
| source-diff | obfuscated-file:dist/assets/hyperframes-player-BP6jGdt0.js | AI (source-diff): Standard Vite minified bundle of the hyperframes player; readable source logic visible in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/index-B4Cr7MVx.js | AI (source-diff): Standard Vite minified bundle including React runtime; MPL/MIT license headers visible in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/index-Yvtxngdi.js | AI (source-diff): Standard Vite bundle with React license headers; minification is expected for this build tool package. | ai | |
| source-diff | obfuscated-file:dist/assets/hyperframes-player-DOZ3POPj.js | AI (source-diff): Standard Vite minified bundle of @hyperframes/player; content matches declared dep, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/index-BdDNthf4.js | AI (source-diff): Vite bundle containing React runtime (Meta license header visible); normal build artifact. | ai | |
| source-diff | obfuscated-file:dist/assets/index-CqiisJmo.js | AI (source-diff): Standard Vite minified build output with visible React license header; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/assets/hyperframes-player-CoI5h1xv.js | AI (source-diff): Standard Vite minified build output; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/assets/index-D4-n3yWG.js | AI (source-diff): Standard Vite/React production bundle; minification is expected for this UI component package. | ai | |
| source-diff | obfuscated-file:dist/assets/index-BV9ymBm4.js | AI (source-diff): Standard Vite/React production bundle; React license header and recognizable React internals visible in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/index-CGWN-iUB.js | AI (source-diff): Standard Vite minified bundle; sample shows React/JSX runtime and modulepreload polyfill. | ai | |
| source-diff | obfuscated-file:dist/assets/hyperframes-player-D0Yi3xMP.js | AI (source-diff): Standard Vite minified bundle; sample shows legitimate iframe/playback adapter code, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/assets/index-18P_dZeo.js | AI (source-diff): Standard Vite/React production bundle; minified output is expected for this UI component package. | ai | |
| source-diff | obfuscated-file:dist/assets/index-DpPtpTye.js | AI (source-diff): Standard Vite bundle with React production build; React license header visible, consistent with normal build output. | ai | |
| source-diff | obfuscated-file:dist/assets/hyperframes-player-Cd8vYWxP.js | AI (source-diff): Standard Vite minified build output; CSS and component code visible in sample, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/assets/index-DsFKgqkT.js | AI (source-diff): Standard Vite minified bundle with React license headers; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/assets/hyperframes-player-fBd_vNld.js | AI (source-diff): Standard Vite minified bundle output; React/player code clearly visible in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/index-D2Zs8pHU.js | AI (source-diff): Standard Vite bundle with React production build; sample shows normal module preload polyfill and React internals. | ai | |
| source-diff | obfuscated-file:dist/assets/index-Do0kAMcy.js | AI (source-diff): Standard Vite minified bundle output; React JSX runtime visible in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/index-DYjmgXgg.js | AI (source-diff): Standard Vite/React minified bundle output; React license header visible in sample. Not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/assets/index-DmiO2Ufp.js | AI (source-diff): Standard Vite minified bundle (React + app code); not obfuscation. Stable pattern for this package. | ai | |
| semgrep | semgrep:new-function-constructor | AI (semgrep): Used for JS syntax validation in a code editor component; try/catch pattern confirms intent is parsing, not execution of untrusted code. | ai | |
| source-diff | obfuscated-file:dist/assets/index-C55KfVpx.js | AI (source-diff): Standard Vite/React production bundle; React JSX runtime visible in sample. | ai | |
| source-diff | obfuscated-file:dist/assets/hyperframes-player-CWb0VPYD.js | AI (source-diff): Standard Vite minified bundle of the package's own player code; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/assets/index-Dzq4sUj7.js | AI (source-diff): Standard Vite/React production bundle; minification is expected for this package's dist output. | ai | |
| source-diff | obfuscated-file:dist/assets/hyperframes-player-CzwFysqv.js | AI (source-diff): Standard Vite minified bundle output; readable logic visible in sample, no malicious patterns. | ai | |
| source-diff | obfuscated-file:dist/assets/index-hYc4aP7M.js | AI (source-diff): Standard Vite minified bundle with React runtime; clearly legitimate build artifact. | ai | |
| provenance | missing-githead | AI (provenance): Expected when migrating to GitHub Actions CI publish with SLSA provenance. | ai | |
| provenance | publisher-changed | AI (provenance): Changed to GitHub Actions with SLSA attestation; legitimate CI migration. | ai | |
| source-diff | obfuscated-file:dist/assets/index-BLIJTYAJ.js | AI (source-diff): Standard Vite/React production bundle output; not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/assets/hyperframes-player-C6QOH12J.js | AI (source-diff): Minified web component bundle with readable CSS; standard build output. | ai | |
| source-diff | obfuscated-file:dist/assets/index-DSLrl2tB.js | AI (source-diff): MPL-2.0 licensed media library (mediabunny) minified bundle; expected for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/index-CaRE7VOD.js | AI (source-diff): Standard Vite/React minified bundle output; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/assets/index-CAscydDF.js | AI (source-diff): Standard Vite/React production bundle; sample shows React license header and modulepreload polyfill. | ai | |
| source-diff | obfuscated-file:dist/assets/index-D0VntLIQ.js | AI (source-diff): Standard Vite/React production bundle with Facebook license header; minification is expected for this build tool. | ai | |
| source-diff | obfuscated-file:dist/assets/hyperframes-player-vibA20NC.js | AI (source-diff): Standard Vite minified build output; CSS and player component code visible in sample, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/assets/index-DAQNCMgC.js | AI (source-diff): Standard Vite minified build output; React license header visible in sample, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/assets/hyperframes-player-CB8_cuLZ.js | AI (source-diff): Readable CSS and web component code in sample; minified by bundler, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/hyperframes-player-Zx0MOyMy.js | AI (source-diff): Standard Vite minified build output; readable CSS/JS structure with license headers, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/assets/index-FSgUtn41.js | AI (source-diff): Standard Vite minified bundle including React; license header and readable structure confirm legitimate build artifact. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get used for dynamic method dispatch in a playback helper; no obfuscation intent. | ai | |
| phantom-deps | phantom-dep:motion | AI (phantom-deps): motion is a declared runtime dep referenced in config; phantom-dep heuristic false positive for this package. | ai | |
| phantom-deps | phantom-dep:@hyperframes/core | AI (phantom-deps): Same-org dep; phantom-dep heuristic false positive for this monorepo package. | ai | |
| phantom-deps | phantom-dep:codemirror | AI (phantom-deps): codemirror is a declared runtime dep referenced in config; phantom-dep heuristic false positive for this package. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): Raw IP is 127.0.0.1 in a test fixture URL; not a live exfiltration endpoint. | ai |
Versions (showing 51 of 102)
| Version | Deps | Published |
|---|---|---|
| 0.6.72 | 14 / 12 | |
| 0.6.65 | 14 / 12 | |
| 0.6.64 | 14 / 12 | |
| 0.6.63 | 14 / 12 | |
| 0.6.62 | 14 / 12 | |
| 0.6.61 | 14 / 12 | |
| 0.6.57 | 14 / 12 | |
| 0.6.56 | 14 / 12 | |
| 0.6.55 | 14 / 12 | |
| 0.6.50 | 14 / 12 | |
| 0.6.49 | 14 / 12 | |
| 0.6.45 | 14 / 12 | |
| 0.6.44 | 14 / 12 | |
| 0.6.43 | 14 / 12 | |
| 0.6.42 | 14 / 12 | |
| 0.6.41 | 14 / 12 | |
| 0.6.40 | 14 / 12 | |
| 0.6.39 | 14 / 12 | |
| 0.6.38 | 14 / 12 | |
| 0.6.31 | 14 / 12 | |
| 0.6.28 | 14 / 12 | |
| 0.6.27 | 13 / 12 | |
| 0.6.15 | 15 / 12 | |
| 0.6.14 | 15 / 12 | |
| 0.6.13 | 15 / 12 | |
| 0.6.12 | 15 / 12 | |
| 0.6.9 | 15 / 12 | |
| 0.6.7 | 15 / 12 | |
| 0.6.5 | 15 / 12 | |
| 0.6.4 | 15 / 12 | |
| 0.6.3 | 15 / 12 | |
| 0.6.2 | 15 / 12 | |
| 0.6.1 | 15 / 12 | |
| 0.6.0 | 15 / 12 | |
| 0.5.5 | 15 / 12 | |
| 0.5.4 | 15 / 12 | |
| 0.5.2 | 15 / 12 | |
| 0.5.1 | 15 / 12 | |
| 0.5.0 | 15 / 12 | |
| 0.4.45 | 15 / 12 | |
| 0.4.44 | 15 / 12 | |
| 0.4.43 | 15 / 12 | |
| 0.4.42 | 15 / 12 | |
| 0.4.41 | 15 / 12 | |
| 0.4.40 | 15 / 12 | |
| 0.4.39 | 15 / 12 | |
| 0.4.38 | 15 / 12 | |
| 0.4.37 | 15 / 12 | |
| 0.4.36 | 15 / 12 | |
| 0.4.34 | 15 / 12 | |
| 0.4.33 | 15 / 12 |
v0.6.72
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.65
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.64
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.63
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.62
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.61
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.57
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.56
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.55
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.50
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.49
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.45
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.44
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.43
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.42
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.41
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.40
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.39
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.38
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.31
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.28
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.27
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.15
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.14
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.13
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.12
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.9
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.7
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.5
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.5
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.45
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.44
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.43
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.42
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.41
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.40
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.39
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.38
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.37
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.34
4 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.33
4 findingsThis version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.