@inkeep/open-knowledge
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:yazl | AI (phantom-deps): Same as above — CLI tool pattern. | ai | |
| source-diff | obfuscated-file:dist/public/assets/dagre-D2_448Gx.js | AI (source-diff): Vite-bundled dagre graph layout library; standard minified build output. | ai | |
| source-diff | obfuscated-file:dist/public/assets/cytoscape.esm-4jw_vW_Q.js | AI (source-diff): Vite-bundled cytoscape.js library; standard minified build output. | ai | |
| source-diff | obfuscated-file:dist/public/assets/cose-bilkent-S5V4N54A-6FB6GAoi.js | AI (source-diff): Vite-bundled cytoscape layout algorithm; standard minified build output. | ai | |
| source-diff | obfuscated-file:dist/public/assets/ConsentDialogBody-CM1Lm4n9.js | AI (source-diff): Vite-bundled app component; standard minified build output. | ai | |
| source-diff | obfuscated-file:dist/public/assets/config-validation-events-BDwfLsPI.js | AI (source-diff): Vite-bundled app chunk; standard minified build output. | ai | |
| source-diff | obfuscated-file:dist/public/assets/checkbox-Co7Tjlri.js | AI (source-diff): Vite-bundled Radix UI checkbox component; standard minified build output. | ai | |
| source-diff | obfuscated-file:dist/public/assets/c4Diagram-AHTNJAMY-D58kKzW4.js | AI (source-diff): Vite-bundled mermaid C4 diagram chunk; standard minified build output. | ai | |
| source-diff | obfuscated-file:dist/public/assets/ActivityPanelDiffView-DgtknSgX.js | AI (source-diff): Vite-bundled app component; standard minified build output. | ai | |
| source-diff | obfuscated-file:dist/public/assets/blockDiagram-DXYQGD6D-CuxUJ8VP.js | AI (source-diff): Vite-bundled mermaid block diagram chunk; standard minified build output. | ai | |
| source-diff | obfuscated-file:dist/public/assets/architectureDiagram-Q4EWVU46-Du5oNRD5.js | AI (source-diff): Vite-bundled mermaid architecture diagram chunk; standard minified build output. | ai | |
| source-diff | obfuscated-file:dist/public/assets/arc-DoxD41WW.js | AI (source-diff): Vite-bundled d3-arc chunk; standard minified build output. | ai | |
| source-diff | obfuscated-file:dist/public/assets/_baseFor-CVV1DSgL.js | AI (source-diff): Vite-bundled lodash chunk; standard minified build output. | ai | |
| source-diff | obfuscated-file:dist/public/assets/ActivityModeContent-B3qvj_3C.js | AI (source-diff): Vite-bundled app component; standard minified build output. | ai | |
| phantom-deps | phantom-dep:@inquirer/select | AI (phantom-deps): Same as above — CLI tool pattern. | ai | |
| phantom-deps | phantom-dep:pino | AI (phantom-deps): CLI tool with many deps used at runtime via dynamic dispatch; phantom-dep heuristic unreliable here. | ai | |
| phantom-deps | phantom-dep:just-bash | AI (phantom-deps): Bundled by tsdown; declared dep used at build time. | ai | |
| phantom-deps | phantom-dep:picomatch | AI (phantom-deps): Bundled by tsdown; declared dep used at build time. | ai | |
| phantom-deps | phantom-dep:simple-git | AI (phantom-deps): Bundled by tsdown; declared dep used at build time. | ai | |
| phantom-deps | phantom-dep:shell-quote | AI (phantom-deps): Bundled by tsdown; declared dep used at build time. | ai | |
| phantom-deps | phantom-dep:@clack/prompts | AI (phantom-deps): Bundled by tsdown; declared dep used at build time. | ai | |
| phantom-deps | phantom-dep:@hocuspocus/provider | AI (phantom-deps): Bundled by tsdown; declared dep used at build time. | ai | |
| phantom-deps | phantom-dep:ws | AI (phantom-deps): CLI tool bundles deps via tsdown; declared deps referenced at build time. | ai | |
| phantom-deps | phantom-dep:chokidar | AI (phantom-deps): Bundled by tsdown; declared dep used at build time. | ai | |
| source-diff | obfuscated-file:dist/public/assets/collapsible-L2bca9Ur.js | AI (source-diff): Vite-bundled frontend asset; minification expected. | ai | |
| source-diff | obfuscated-file:dist/public/assets/_baseFor-B3FCzyNW.js | AI (source-diff): Vite-bundled frontend asset (lodash); minification is expected for this package's web app dist. | ai | |
| source-diff | obfuscated-file:dist/public/assets/ActivityModeContent-B8J4OFHO.js | AI (source-diff): Vite-bundled frontend asset; minification expected. | ai | |
| source-diff | obfuscated-file:dist/public/assets/ActivityPanelDiffView-d4ec9M69.js | AI (source-diff): Vite-bundled frontend asset; minification expected. | ai | |
| source-diff | obfuscated-file:dist/public/assets/agent-presence-8VSgL2U2.js | AI (source-diff): Vite-bundled frontend asset; minification expected. | ai | |
| source-diff | obfuscated-file:dist/public/assets/arc-GOD6SLHR.js | AI (source-diff): Vite-bundled frontend asset (d3 arc); minification expected. | ai | |
| source-diff | obfuscated-file:dist/public/assets/architectureDiagram-Q4EWVU46-CIVh0TLx.js | AI (source-diff): Vite-bundled mermaid/cytoscape asset; minification expected. | ai | |
| source-diff | obfuscated-file:dist/public/assets/blockDiagram-DXYQGD6D-Cg-UHasz.js | AI (source-diff): Vite-bundled mermaid asset; minification expected. | ai | |
| source-diff | obfuscated-file:dist/public/assets/button-DBLnjjvQ.js | AI (source-diff): Vite-bundled React DOM asset; minification expected. | ai | |
| source-diff | obfuscated-file:dist/public/assets/c4Diagram-AHTNJAMY-KFeHAAOO.js | AI (source-diff): Vite-bundled mermaid asset; minification expected. | ai | |
| source-diff | obfuscated-file:dist/public/assets/checkbox-kroC1jEP.js | AI (source-diff): Vite-bundled frontend asset; minification expected. | ai | |
| source-diff | obfuscated-file:dist/public/assets/config-validation-events-BtPgkHlf.js | AI (source-diff): Vite-bundled frontend asset; minification expected. | ai | |
| source-diff | obfuscated-file:dist/public/assets/ConsentDialogBody-Dfx6N7pC.js | AI (source-diff): Vite-bundled frontend asset; minification expected. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Package bundles a full web app (dist/public); large file count is structural, not injected. | ai | |
| install-scripts | install-script:postinstall | AI (install-scripts): Simple `node scripts/postinstall.mjs` invocation in a SLSA-attested CLI package; consistent with legitimate setup. | ai | |
| phantom-deps | phantom-dep:@octokit/auth-oauth-device | AI (phantom-deps): CLI tool with bundled dist; deps referenced in config/build files, not direct imports. | ai | |
| phantom-deps | phantom-dep:@modelcontextprotocol/sdk | AI (phantom-deps): CLI tool with bundled dist; deps referenced in config/build files, not direct imports. | ai | |
| phantom-deps | phantom-dep:@inquirer/password | AI (phantom-deps): CLI tool with bundled dist; deps referenced in config/build files, not direct imports. | ai | |
| phantom-deps | phantom-dep:@inquirer/checkbox | AI (phantom-deps): CLI tool with bundled dist; deps referenced in config/build files, not direct imports. | ai | |
| phantom-deps | phantom-dep:@octokit/request | AI (phantom-deps): CLI tool with bundled dist; deps referenced in config/build files, not direct imports. | ai | |
| phantom-deps | phantom-dep:@napi-rs/keyring | AI (phantom-deps): CLI tool with bundled dist; deps referenced in config/build files, not direct imports. | ai | |
| phantom-deps | phantom-dep:@octokit/rest | AI (phantom-deps): CLI tool with bundled dist; deps referenced in config/build files, not direct imports. | ai | |
| phantom-deps | phantom-dep:picocolors | AI (phantom-deps): CLI tool with bundled dist; deps referenced in config/build files, not direct imports. | ai | |
| phantom-deps | phantom-dep:smol-toml | AI (phantom-deps): CLI tool with bundled dist; deps referenced in config/build files, not direct imports. | ai | |
| phantom-deps | phantom-dep:commander | AI (phantom-deps): CLI tool with bundled dist; deps referenced in config/build files, not direct imports. | ai | |
| phantom-deps | phantom-dep:cli-boxes | AI (phantom-deps): CLI tool with bundled dist; deps referenced in config/build files, not direct imports. | ai | |
| phantom-deps | phantom-dep:yaml | AI (phantom-deps): CLI tool with bundled dist; deps referenced in config/build files, not direct imports. | ai | |
| phantom-deps | phantom-dep:sirv | AI (phantom-deps): CLI tool with bundled dist; deps referenced in config/build files, not direct imports. | ai |
Versions (showing 10 of 10)
| Version | Deps | Published |
|---|---|---|
| 0.9.0 | 18 / 9 | |
| 0.8.1 | 17 / 9 | |
| 0.8.0 | 17 / 9 | |
| 0.7.0 | 15 / 8 | |
| 0.6.0 | 15 / 8 | |
| 0.5.0 | 15 / 8 | |
| 0.4.1 | 15 / 8 | |
| 0.4.0 | 15 / 8 | |
| 0.2.0 | 19 / 9 | |
| 0.1.1 | 15 / 9 |
v0.9.0
14 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.1
31 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.8.0
31 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.0
36 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.0
37 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
14 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.1
2 findingsScript: node scripts/postinstall.mjs
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.4.0
2 findingsScript: node scripts/postinstall.mjs
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.1.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.