← Home

@iiif/parser

npm Repository Homepage
11
Versions
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

sdellisedsilv-adminmejackreedstephenwfadamjarlingdemiankatzglen.robson

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/presentation-3-D1A0JbRL.cjs AI (source-diff): Standard minified bundler output for IIIF parser; no malicious patterns in sampled code. ai
source-diff obfuscated-file:dist/presentation-3-B8bH8x_s.js AI (source-diff): Standard minified ESM bundler output; content matches expected IIIF parsing logic. ai
source-diff obfuscated-file:dist/upgrader-DPOh8IT5.js AI (source-diff): Standard minified ESM build output; IIIF upgrader logic visible in sample. ai
source-diff obfuscated-file:dist/presentation-3-DlZ7RrH4.cjs AI (source-diff): Standard minified build output from tsdown bundler; IIIF domain logic visible in sample. ai
source-diff obfuscated-file:dist/upgrader-CqoAy0t1.cjs AI (source-diff): Standard minified build output from tsdown bundler; IIIF upgrader logic visible in sample. ai
source-diff obfuscated-file:dist/presentation-3-_8L-WLGU.js AI (source-diff): Standard minified ESM build output; IIIF domain logic visible in sample. ai
source-diff obfuscated-file:dist/presentation-3-sAnB7vhe.js AI (source-diff): Standard bundler minification output; IIIF domain logic visible in sample, no malicious patterns. ai
source-diff obfuscated-file:dist/presentation-3-VW8mCvZy.cjs AI (source-diff): Standard bundler minification output; IIIF domain logic visible in sample, no malicious patterns. ai
source-diff obfuscated-file:dist/presentation-3-BHc3fWPk.cjs AI (source-diff): Standard bundler minification of IIIF parser logic; not obfuscation. ai
source-diff obfuscated-file:dist/upgrader-BHxZg3at.cjs AI (source-diff): Standard bundler minification of IIIF upgrader logic; not obfuscation. ai
source-diff obfuscated-file:dist/presentation-3-DKf1Nh0x.js AI (source-diff): Standard bundler minification of IIIF parser logic (ESM); not obfuscation. ai
source-diff obfuscated-file:dist/upgrader-BEInozLY.js AI (source-diff): Standard bundler minification of IIIF upgrader logic (ESM); not obfuscation. ai
source-diff obfuscated-file:dist/presentation-3-zc5h52Pm.cjs AI (source-diff): Standard minified bundler output (tsdown); readable IIIF logic, no malicious patterns. ai
source-diff obfuscated-file:dist/upgrader-Bj-3EPtU.cjs AI (source-diff): Standard minified bundler output; content is IIIF traversal logic, not obfuscated malware. ai
source-diff obfuscated-file:dist/presentation-3-CVizr4pP.js AI (source-diff): Standard minified ESM bundler output; matches CJS counterpart, no malicious patterns. ai
source-diff obfuscated-file:dist/upgrader-CLIWMWVn.js AI (source-diff): Standard minified ESM bundler output; IIIF upgrader logic, no malicious patterns. ai
source-diff obfuscated-file:dist/presentation-3-DaAK6vwJ.cjs AI (source-diff): Standard minified bundler output (tsdown/Rollup); IIIF domain logic is readable in samples. ai
source-diff obfuscated-file:dist/upgrader-COt9uDsU.cjs AI (source-diff): Standard minified bundler output; no obfuscation, just minification. ai
source-diff obfuscated-file:dist/presentation-3-5gTv8t7j.js AI (source-diff): Standard minified bundler output; ESM variant of the same IIIF parser code. ai
source-diff obfuscated-file:dist/upgrader-B_UKjFib.js AI (source-diff): Standard minified bundler output; ESM variant of the upgrader module. ai
phantom-deps phantom-dep:@types/geojson AI (phantom-deps): @types/geojson is a type-only dependency used for TypeScript type declarations, not a runtime import. ai
typosquat typosquat.levenshtein:parcel AI (typosquat): @iiif/parser is a scoped IIIF ecosystem package; Levenshtein match to 'parcel' is a false positive. ai

Versions (showing 11 of 11)

Version Deps Published
2.2.10 4 / 9
2.2.9 4 / 9
2.2.8 4 / 9
2.2.7 4 / 9
2.2.6 4 / 9
2.2.5 4 / 9
2.2.4 4 / 9
2.2.3 4 / 9
2.2.2 4 / 9
2.2.1 4 / 9
2.2.0 4 / 9

v2.2.10

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.2.9

5 findings
HIGH New obfuscated file: dist/presentation-3-DlZ7RrH4.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/upgrader-CqoAy0t1.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/presentation-3-_8L-WLGU.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/upgrader-DPOh8IT5.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.8

5 findings
HIGH New obfuscated file: dist/presentation-3-zc5h52Pm.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/upgrader-Bj-3EPtU.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/presentation-3-CVizr4pP.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/upgrader-CLIWMWVn.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.7

5 findings
HIGH New obfuscated file: dist/presentation-3-D1A0JbRL.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/upgrader-Bj-3EPtU.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/presentation-3-B8bH8x_s.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/upgrader-CLIWMWVn.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.6

5 findings
HIGH New obfuscated file: dist/presentation-3-DaAK6vwJ.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/upgrader-COt9uDsU.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/presentation-3-5gTv8t7j.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/upgrader-B_UKjFib.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.5

5 findings
HIGH New obfuscated file: dist/presentation-3-BHc3fWPk.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/upgrader-BHxZg3at.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/presentation-3-DKf1Nh0x.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/upgrader-BEInozLY.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.4

3 findings
HIGH New obfuscated file: dist/presentation-3-VW8mCvZy.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/presentation-3-sAnB7vhe.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2.2.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.2.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.2.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.