@imtbl/audience
Immutable Audience — consent-aware event tracking and identity management
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/cdn/imtbl-audience.global.js | AI (source-diff): Standard minified CDN bundle produced by tsup/esbuild; consistent with added transpile:cdn build script. | ai |
Versions (showing 7 of 7)
| Version | Deps | Published |
|---|---|---|
| 2.20.0 | 0 / 14 | |
| 2.19.0 | 0 / 14 | |
| 2.18.0 | 0 / 14 | |
| 2.17.1 | 0 / 14 | |
| 2.17.0 | 0 / 14 | |
| 2.16.0 | 0 / 14 | |
| 2.15.0 | 0 / 14 |
v2.20.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.19.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.18.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.17.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.17.0
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.16.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v2.15.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.