@hyperframes/studio — Greenflagged

Browser-based composition editor UI for Hyperframes. Provides a visual timeline, code editor, and live preview for building video compositions.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

vancejsmiguel.sierrajrusso1020

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/assets/index-CZNoIjSE.js	AI (source-diff): Standard Vite/React minified bundle; React JSX runtime license header visible. Stable false positive.	ai	2026/06/08
source-diff	obfuscated-file:dist/assets/hyperframes-player-ItPxPpgM.js	AI (source-diff): Standard Vite minified bundle with readable CSS/HTML structure; consistent with normal build output.	ai	2026/06/08
source-diff	obfuscated-file:dist/assets/index-BkBbJZGa.js	AI (source-diff): Standard Vite minified bundle; React license headers visible in sample confirm legitimate build output.	ai	2026/06/08
source-diff	obfuscated-file:dist/assets/index-Dc2HfqON.js	AI (source-diff): Standard Vite minified bundle with React license headers; expected build artifact for this package.	ai	2026/06/08
source-diff	obfuscated-file:dist/assets/index-C-kAqQVb.js	AI (source-diff): Standard Vite/React minified bundle output; React license headers visible in sample confirm legitimate build artifact.	ai	2026/06/08
source-diff	obfuscated-file:dist/assets/index-H0HcrQX6.js	AI (source-diff): Standard Vite minified bundle with React license headers; consistent with normal build output.	ai	2026/06/08
source-diff	obfuscated-file:dist/assets/hyperframes-player-WXAuftNy.js	AI (source-diff): Standard Vite minified bundle; readable logic visible in sample, no malicious indicators.	ai	2026/06/08
source-diff	obfuscated-file:dist/assets/index-yjhGJAes.js	AI (source-diff): Standard Vite minified bundle with React license headers; normal build artifact.	ai	2026/06/08
source-diff	obfuscated-file:dist/assets/index-CveQve6o.js	AI (source-diff): Standard Vite minified bundle with React JSX runtime and license headers. Not malicious obfuscation.	ai	2026/06/07
source-diff	obfuscated-file:dist/assets/index-Bs6NmE0o.js	AI (source-diff): Standard Vite-bundled React app output; sample shows React JSX runtime and modulepreload polyfill.	ai	2026/06/06
source-diff	obfuscated-file:dist/assets/index-D6EwK2hA.js	AI (source-diff): Standard Vite/React minified bundle; React JSX runtime visible in sample confirms legitimate build artifact.	ai	2026/06/06
source-diff	obfuscated-file:dist/assets/index-RzXlAX2g.js	AI (source-diff): Standard Vite minified bundle containing React production build; recognizable React internals in sample.	ai	2026/06/06
source-diff	obfuscated-file:dist/assets/index-DxwbBcYY.js	AI (source-diff): Standard Vite/React minified build output; readable license headers and library code confirm no obfuscation.	ai	2026/06/06
source-diff	obfuscated-file:dist/assets/index-4xujzzbu.js	AI (source-diff): Standard Vite/rollup minified bundle with React runtime; not obfuscated.	ai	2026/06/06
source-diff	obfuscated-file:dist/assets/index-960mgQMI.js	AI (source-diff): Standard Vite minified bundle; React license header visible in sample. Not obfuscation.	ai	2026/06/06
source-diff	obfuscated-file:dist/assets/hyperframes-player-CEnWY28J.js	AI (source-diff): Standard Vite minified output with readable CSS and JS patterns. Not obfuscation.	ai	2026/06/06
source-diff	obfuscated-file:dist/assets/index-gfyAaaaA.js	AI (source-diff): Standard Vite minified bundle with visible React license headers; not obfuscated malware.	ai	2026/06/06
source-diff	obfuscated-file:dist/assets/hyperframes-player-DOFETgjy.js	AI (source-diff): Standard Vite build output with readable CSS and JS patterns; not obfuscated.	ai	2026/06/05
source-diff	obfuscated-file:dist/assets/index-DUqUmaoH.js	AI (source-diff): Standard Vite/React production bundle; minified but not obfuscated — React license headers visible in sample.	ai	2026/06/05
source-diff	obfuscated-file:dist/assets/hyperframes-player-DvTKPzaI.js	AI (source-diff): Standard Vite/rollup minified output for a web component player; samples show CSS and normal JS patterns.	ai	2026/06/05
source-diff	obfuscated-file:dist/assets/index-DKII_C6N.js	AI (source-diff): Standard Vite bundle with React production build; Facebook license header visible in sample, no malicious indicators.	ai	2026/06/05
source-diff	obfuscated-file:dist/assets/hyperframes-player-BP6jGdt0.js	AI (source-diff): Standard Vite minified bundle of the hyperframes player; readable source logic visible in sample.	ai	2026/06/05
source-diff	obfuscated-file:dist/assets/index-B4Cr7MVx.js	AI (source-diff): Standard Vite minified bundle including React runtime; MPL/MIT license headers visible in sample.	ai	2026/06/05
source-diff	obfuscated-file:dist/assets/index-Yvtxngdi.js	AI (source-diff): Standard Vite bundle with React license headers; minification is expected for this build tool package.	ai	2026/06/05
source-diff	obfuscated-file:dist/assets/index-BdDNthf4.js	AI (source-diff): Vite bundle containing React runtime (Meta license header visible); normal build artifact.	ai	2026/06/05
source-diff	obfuscated-file:dist/assets/hyperframes-player-DOZ3POPj.js	AI (source-diff): Standard Vite minified bundle of @hyperframes/player; content matches declared dep, not obfuscated malware.	ai	2026/06/05
source-diff	obfuscated-file:dist/assets/index-CqiisJmo.js	AI (source-diff): Standard Vite minified build output with visible React license header; not malicious obfuscation.	ai	2026/06/05
source-diff	obfuscated-file:dist/assets/hyperframes-player-CoI5h1xv.js	AI (source-diff): Standard Vite minified build output; not malicious obfuscation.	ai	2026/06/05
source-diff	obfuscated-file:dist/assets/index-D4-n3yWG.js	AI (source-diff): Standard Vite/React production bundle; minification is expected for this UI component package.	ai	2026/06/05
source-diff	obfuscated-file:dist/assets/index-BV9ymBm4.js	AI (source-diff): Standard Vite/React production bundle; React license header and recognizable React internals visible in sample.	ai	2026/06/04
source-diff	obfuscated-file:dist/assets/index-CGWN-iUB.js	AI (source-diff): Standard Vite minified bundle; sample shows React/JSX runtime and modulepreload polyfill.	ai	2026/06/04
source-diff	obfuscated-file:dist/assets/hyperframes-player-D0Yi3xMP.js	AI (source-diff): Standard Vite minified bundle; sample shows legitimate iframe/playback adapter code, not obfuscation.	ai	2026/06/04
source-diff	obfuscated-file:dist/assets/index-18P_dZeo.js	AI (source-diff): Standard Vite/React production bundle; minified output is expected for this UI component package.	ai	2026/06/04
source-diff	obfuscated-file:dist/assets/index-DpPtpTye.js	AI (source-diff): Standard Vite bundle with React production build; React license header visible, consistent with normal build output.	ai	2026/06/04
source-diff	obfuscated-file:dist/assets/hyperframes-player-Cd8vYWxP.js	AI (source-diff): Standard Vite minified build output; CSS and component code visible in sample, not malicious obfuscation.	ai	2026/06/04
source-diff	obfuscated-file:dist/assets/hyperframes-player-fBd_vNld.js	AI (source-diff): Standard Vite minified bundle output; React/player code clearly visible in sample.	ai	2026/06/04
source-diff	obfuscated-file:dist/assets/index-DsFKgqkT.js	AI (source-diff): Standard Vite minified bundle with React license headers; not malicious obfuscation.	ai	2026/06/04
source-diff	obfuscated-file:dist/assets/index-D2Zs8pHU.js	AI (source-diff): Standard Vite bundle with React production build; sample shows normal module preload polyfill and React internals.	ai	2026/06/04
source-diff	obfuscated-file:dist/assets/index-Do0kAMcy.js	AI (source-diff): Standard Vite minified bundle output; React JSX runtime visible in sample.	ai	2026/06/03
source-diff	obfuscated-file:dist/assets/index-DYjmgXgg.js	AI (source-diff): Standard Vite/React minified bundle output; React license header visible in sample. Not malicious obfuscation.	ai	2026/06/03
source-diff	obfuscated-file:dist/assets/index-DmiO2Ufp.js	AI (source-diff): Standard Vite minified bundle (React + app code); not obfuscation. Stable pattern for this package.	ai	2026/06/03
semgrep	semgrep:new-function-constructor	AI (semgrep): Used for JS syntax validation in a code editor component; try/catch pattern confirms intent is parsing, not execution of untrusted code.	ai	2026/06/03
source-diff	obfuscated-file:dist/assets/index-C55KfVpx.js	AI (source-diff): Standard Vite/React production bundle; React JSX runtime visible in sample.	ai	2026/06/02
source-diff	obfuscated-file:dist/assets/hyperframes-player-CWb0VPYD.js	AI (source-diff): Standard Vite minified bundle of the package's own player code; not obfuscation.	ai	2026/06/02
source-diff	obfuscated-file:dist/assets/index-Dzq4sUj7.js	AI (source-diff): Standard Vite/React production bundle; minification is expected for this package's dist output.	ai	2026/06/02
source-diff	obfuscated-file:dist/assets/index-hYc4aP7M.js	AI (source-diff): Standard Vite minified bundle with React runtime; clearly legitimate build artifact.	ai	2026/06/02
source-diff	obfuscated-file:dist/assets/hyperframes-player-CzwFysqv.js	AI (source-diff): Standard Vite minified bundle output; readable logic visible in sample, no malicious patterns.	ai	2026/06/02
source-diff	obfuscated-file:dist/assets/hyperframes-player-C6QOH12J.js	AI (source-diff): Minified web component bundle with readable CSS; standard build output.	ai	2026/06/01
provenance	publisher-changed	AI (provenance): Changed to GitHub Actions with SLSA attestation; legitimate CI migration.	ai	2026/06/01
source-diff	obfuscated-file:dist/assets/index-BLIJTYAJ.js	AI (source-diff): Standard Vite/React production bundle output; not obfuscated.	ai	2026/06/01
provenance	missing-githead	AI (provenance): Expected when migrating to GitHub Actions CI publish with SLSA provenance.	ai	2026/06/01
source-diff	obfuscated-file:dist/assets/index-DSLrl2tB.js	AI (source-diff): MPL-2.0 licensed media library (mediabunny) minified bundle; expected for this package.	ai	2026/05/31
source-diff	obfuscated-file:dist/assets/index-CaRE7VOD.js	AI (source-diff): Standard Vite/React minified bundle output; not malicious obfuscation.	ai	2026/05/31
source-diff	obfuscated-file:dist/assets/index-CAscydDF.js	AI (source-diff): Standard Vite/React production bundle; sample shows React license header and modulepreload polyfill.	ai	2026/05/30
source-diff	obfuscated-file:dist/assets/hyperframes-player-vibA20NC.js	AI (source-diff): Standard Vite minified build output; CSS and player component code visible in sample, not malicious obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/assets/index-D0VntLIQ.js	AI (source-diff): Standard Vite/React production bundle with Facebook license header; minification is expected for this build tool.	ai	2026/05/30
source-diff	obfuscated-file:dist/assets/index-DAQNCMgC.js	AI (source-diff): Standard Vite minified build output; React license header visible in sample, not malicious obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/assets/hyperframes-player-CB8_cuLZ.js	AI (source-diff): Readable CSS and web component code in sample; minified by bundler, not obfuscated malware.	ai	2026/05/30
source-diff	obfuscated-file:dist/assets/hyperframes-player-Zx0MOyMy.js	AI (source-diff): Standard Vite minified build output; readable CSS/JS structure with license headers, not obfuscated malware.	ai	2026/05/28
source-diff	obfuscated-file:dist/assets/index-FSgUtn41.js	AI (source-diff): Standard Vite minified bundle including React; license header and readable structure confirm legitimate build artifact.	ai	2026/05/28
semgrep	semgrep:api-obfuscation-reflect	AI (semgrep): Reflect.get used for dynamic method dispatch in a playback helper; no obfuscation intent.	ai	2026/05/24
phantom-deps	phantom-dep:motion	AI (phantom-deps): motion is a declared runtime dep referenced in config; phantom-dep heuristic false positive for this package.	ai	2026/05/23
semgrep	semgrep:shady-links-raw-ip	AI (semgrep): Raw IP is 127.0.0.1 in a test fixture URL; not a live exfiltration endpoint.	ai	2026/05/23
phantom-deps	phantom-dep:@hyperframes/core	AI (phantom-deps): Same-org dep; phantom-dep heuristic false positive for this monorepo package.	ai	2026/05/23
phantom-deps	phantom-dep:codemirror	AI (phantom-deps): codemirror is a declared runtime dep referenced in config; phantom-dep heuristic false positive for this package.	ai	2026/05/23

Versions (showing 100 of 108)

Version	Deps	Published
0.6.77	14 / 12	2026-06-06
0.6.73	14 / 12	2026-06-04
0.6.72	14 / 12	2026-06-04
0.6.70	14 / 12	2026-06-03
0.6.65	14 / 12	2026-06-01
0.6.64	14 / 12	2026-05-31
0.6.63	14 / 12	2026-05-30
0.6.62	14 / 12	2026-05-30
0.6.61	14 / 12	2026-05-30
0.6.57	14 / 12	2026-05-29
0.6.56	14 / 12	2026-05-29
0.6.55	14 / 12	2026-05-29
0.6.53	14 / 12	2026-05-28
0.6.50	14 / 12	2026-05-27
0.6.49	14 / 12	2026-05-27
0.6.45	14 / 12	2026-05-25
0.6.44	14 / 12	2026-05-25
0.6.43	14 / 12	2026-05-25
0.6.42	14 / 12	2026-05-24
0.6.41	14 / 12	2026-05-24
0.6.40	14 / 12	2026-05-23
0.6.39	14 / 12	2026-05-23
0.6.38	14 / 12	2026-05-23
0.6.31	14 / 12	2026-05-21
0.6.29	14 / 12	2026-05-20
0.6.28	14 / 12	2026-05-20
0.6.27	13 / 12	2026-05-19
0.6.15	15 / 12	2026-05-16
0.6.14	15 / 12	2026-05-16
0.6.13	15 / 12	2026-05-16
0.6.12	15 / 12	2026-05-16
0.6.9	15 / 12	2026-05-16
0.6.7	15 / 12	2026-05-15
0.6.5	15 / 12	2026-05-13
0.6.4	15 / 12	2026-05-13
0.6.3	15 / 12	2026-05-13
0.6.2	15 / 12	2026-05-13
0.6.1	15 / 12	2026-05-13
0.6.0	15 / 12	2026-05-12
0.5.5	15 / 12	2026-05-08
0.5.4	15 / 12	2026-05-08
0.5.3	15 / 12	2026-05-06
0.5.2	15 / 12	2026-05-06
0.5.1	15 / 12	2026-05-06
0.5.0	15 / 12	2026-05-06
0.4.45	15 / 12	2026-05-05
0.4.44	15 / 12	2026-05-04
0.4.43	15 / 12	2026-05-04
0.4.42	15 / 12	2026-05-02
0.4.41	15 / 12	2026-05-01
0.4.40	15 / 12	2026-04-30
0.4.39	15 / 12	2026-04-30
0.4.38	15 / 12	2026-04-30
0.4.37	15 / 12	2026-04-29
0.4.36	15 / 12	2026-04-29
0.4.34	15 / 12	2026-04-28
0.4.33	15 / 12	2026-04-28
0.4.32	15 / 12	2026-04-28
0.4.31	15 / 12	2026-04-26
0.4.28	15 / 12	2026-04-25
0.4.27	15 / 12	2026-04-25
0.4.26	15 / 12	2026-04-25
0.4.25	15 / 12	2026-04-25
0.4.24	15 / 12	2026-04-25
0.4.23	15 / 12	2026-04-24
0.4.22	15 / 12	2026-04-24
0.4.21	15 / 12	2026-04-24
0.4.20	15 / 12	2026-04-24
0.4.19	15 / 12	2026-04-24
0.4.18	15 / 12	2026-04-24
0.4.16	15 / 12	2026-04-23
0.4.15	15 / 12	2026-04-23
0.4.11	15 / 12	2026-04-20
0.4.10	15 / 12	2026-04-20
0.4.9	15 / 12	2026-04-20
0.4.8	15 / 12	2026-04-20
0.4.7	15 / 12	2026-04-19
0.4.6	15 / 12	2026-04-18
0.4.5	15 / 12	2026-04-18
0.4.4	15 / 12	2026-04-18
0.4.3	15 / 12	2026-04-17
0.4.2	15 / 12	2026-04-16
0.4.0	15 / 12	2026-04-16
0.3.2	15 / 12	2026-04-16
0.3.1	15 / 12	2026-04-15
0.3.0	15 / 12	2026-04-13
0.2.8	15 / 12	2026-04-13
0.2.7	15 / 12	2026-04-13
0.2.6	15 / 12	2026-04-13
0.2.5	15 / 12	2026-04-13
0.2.4	14 / 12	2026-04-09
0.2.0	14 / 11	2026-04-01
0.1.15	14 / 11	2026-03-31
0.1.14	14 / 11	2026-03-31
0.1.13	14 / 11	2026-03-30
0.1.12	14 / 11	2026-03-29
0.1.11	14 / 11	2026-03-28
0.1.10	13 / 8	2026-03-28
0.1.9	13 / 8	2026-03-27
0.1.8	13 / 8	2026-03-27

Showing 100 of 108 Next page →

v0.6.77

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-WXAuftNy.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-H0HcrQX6.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.73

2 findings

HIGH New obfuscated file: dist/assets/index-Dc2HfqON.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.72

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-DOZ3POPj.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-CveQve6o.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.70

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-DOZ3POPj.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-yjhGJAes.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.65

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-DOZ3POPj.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-gfyAaaaA.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.64

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-DOZ3POPj.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-gfyAaaaA.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.63

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-DOZ3POPj.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-gfyAaaaA.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.62

4 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-DOZ3POPj.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-BdDNthf4.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DSLrl2tB.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.61

4 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-DOZ3POPj.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-BdDNthf4.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DSLrl2tB.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.57

4 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-BP6jGdt0.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-D6EwK2hA.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DSLrl2tB.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.56

4 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-BP6jGdt0.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-D6EwK2hA.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DSLrl2tB.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.55

4 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-BP6jGdt0.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-D6EwK2hA.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DSLrl2tB.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.53

4 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-BP6jGdt0.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-CZNoIjSE.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DSLrl2tB.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.50

4 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-BP6jGdt0.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-B4Cr7MVx.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DSLrl2tB.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.49

4 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-BP6jGdt0.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-B4Cr7MVx.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DSLrl2tB.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.45

3 findings

HIGH New obfuscated file: dist/assets/index-CaRE7VOD.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DSLrl2tB.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.44

3 findings

HIGH New obfuscated file: dist/assets/index-CaRE7VOD.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DSLrl2tB.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.43

3 findings

HIGH New obfuscated file: dist/assets/index-DmiO2Ufp.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DSLrl2tB.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.42

3 findings

HIGH New obfuscated file: dist/assets/index-DmiO2Ufp.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DSLrl2tB.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.41

3 findings

HIGH New obfuscated file: dist/assets/index-DmiO2Ufp.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DSLrl2tB.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.40

3 findings

HIGH New obfuscated file: dist/assets/index-DmiO2Ufp.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DSLrl2tB.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.39

4 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-CWb0VPYD.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-C55KfVpx.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DSLrl2tB.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.38

4 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-CWb0VPYD.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-C55KfVpx.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DSLrl2tB.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.31

4 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-CWb0VPYD.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-Do0kAMcy.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DSLrl2tB.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.29

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-CWb0VPYD.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-C-kAqQVb.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.28

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.27

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-CWb0VPYD.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DYjmgXgg.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.15

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-fBd_vNld.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-4xujzzbu.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.14

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-fBd_vNld.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-4xujzzbu.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.13

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-fBd_vNld.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DsFKgqkT.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.12

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-fBd_vNld.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DsFKgqkT.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.9

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-D0Yi3xMP.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-CGWN-iUB.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.7

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-D0Yi3xMP.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-Yvtxngdi.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.5

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-CzwFysqv.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-Bs6NmE0o.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.2

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-CzwFysqv.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-hYc4aP7M.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.1

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-CzwFysqv.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-hYc4aP7M.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.6.0

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-DOFETgjy.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DUqUmaoH.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.5.5

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-CEnWY28J.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-960mgQMI.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.5.4

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-CEnWY28J.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-960mgQMI.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.5.3

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-ItPxPpgM.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-BkBbJZGa.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.5.2

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-CoI5h1xv.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-CqiisJmo.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.5.1

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-CoI5h1xv.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-CqiisJmo.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.5.0

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-CoI5h1xv.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-CqiisJmo.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.45

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-Cd8vYWxP.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DpPtpTye.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.44

3 findings

HIGH New obfuscated file: dist/assets/hyperframes-player-Cd8vYWxP.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DpPtpTye.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.43

2 findings

HIGH New obfuscated file: dist/assets/index-Dzq4sUj7.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.42

2 findings

HIGH New obfuscated file: dist/assets/index-Dzq4sUj7.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.41

2 findings

HIGH New obfuscated file: dist/assets/index-D4-n3yWG.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.40

2 findings

HIGH New obfuscated file: dist/assets/index-D4-n3yWG.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.39

2 findings

HIGH New obfuscated file: dist/assets/index-D4-n3yWG.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.38

2 findings

HIGH New obfuscated file: dist/assets/index-18P_dZeo.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.37

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.34

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-vibA20NC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-BV9ymBm4.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.33

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-vibA20NC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DxwbBcYY.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.32

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-vibA20NC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DxwbBcYY.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.31

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.28

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-vibA20NC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-CAscydDF.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.27

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-vibA20NC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-CAscydDF.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.26

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-vibA20NC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-CAscydDF.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.25

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-vibA20NC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-CAscydDF.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.24

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-vibA20NC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-CAscydDF.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.23

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-vibA20NC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-D0VntLIQ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.22

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-vibA20NC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-D0VntLIQ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.21

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-vibA20NC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-D0VntLIQ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.20

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-vibA20NC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-D0VntLIQ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.19

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-vibA20NC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-D0VntLIQ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.18

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-vibA20NC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-D0VntLIQ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.16

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-vibA20NC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-RzXlAX2g.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.15

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-vibA20NC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-RzXlAX2g.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.11

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-Zx0MOyMy.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-FSgUtn41.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.10

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-Zx0MOyMy.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-FSgUtn41.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.9

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-Zx0MOyMy.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-FSgUtn41.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.8

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-Zx0MOyMy.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-FSgUtn41.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.7

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-Zx0MOyMy.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-FSgUtn41.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.6

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-Zx0MOyMy.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-FSgUtn41.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.5

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-Zx0MOyMy.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-FSgUtn41.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.4

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-Zx0MOyMy.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-FSgUtn41.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.3

4 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH New obfuscated file: dist/assets/hyperframes-player-CB8_cuLZ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DAQNCMgC.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.2

5 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH Publisher changed: miguel.sierra → GitHub Actions (on 2026-04-16) provenance

This version was published by a different npm account than previous versions on 2026-04-16. This could indicate a legitimate maintainer transition or an account compromise.

HIGH New obfuscated file: dist/assets/hyperframes-player-DvTKPzaI.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-DKII_C6N.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.0

5 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH Publisher changed: miguel.sierra → GitHub Actions (on 2026-04-16) provenance

This version was published by a different npm account than previous versions on 2026-04-16. This could indicate a legitimate maintainer transition or an account compromise.

HIGH New obfuscated file: dist/assets/hyperframes-player-C6QOH12J.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-D2Zs8pHU.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.2

5 findings

HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

HIGH Publisher changed: miguel.sierra → GitHub Actions (on 2026-04-16) provenance

This version was published by a different npm account than previous versions on 2026-04-16. This could indicate a legitimate maintainer transition or an account compromise.

HIGH New obfuscated file: dist/assets/hyperframes-player-C6QOH12J.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/assets/index-BLIJTYAJ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.8

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.6

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.2.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.15

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.14

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.13

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.12

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.11

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.