@kenkaiiii/gg-pixel
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/browser.iife.global.js | AI (source-diff): Standard minified IIFE build output; code is readable error-tracking logic, not obfuscated malware. | ai |
Versions (showing 43 of 43)
| Version | Deps | Published |
|---|---|---|
| 4.3.101 | 4 / 5 | |
| 4.3.100 | 4 / 5 | |
| 4.3.99 | 4 / 5 | |
| 4.3.98 | 4 / 5 | |
| 4.3.97 | 4 / 5 | |
| 4.3.96 | 4 / 5 | |
| 4.3.95 | 4 / 5 | |
| 4.3.94 | 4 / 5 | |
| 4.3.93 | 4 / 5 | |
| 4.3.92 | 1 / 5 | |
| 4.3.91 | 0 / 5 | |
| 4.3.90 | 0 / 5 | |
| 4.3.89 | 0 / 5 | |
| 4.3.88 | 1 / 4 | |
| 4.3.87 | 1 / 4 | |
| 4.3.86 | 1 / 4 | |
| 4.3.85 | 1 / 4 | |
| 4.3.84 | 1 / 4 | |
| 4.3.83 | 1 / 4 | |
| 4.3.82 | 1 / 4 | |
| 4.3.81 | 1 / 4 | |
| 4.3.80 | 1 / 4 | |
| 4.3.79 | 1 / 4 | |
| 4.3.78 | 1 / 4 | |
| 4.3.77 | 1 / 4 | |
| 4.3.76 | 1 / 4 | |
| 4.3.75 | 1 / 4 | |
| 4.3.74 | 1 / 4 | |
| 4.3.73 | 1 / 4 | |
| 4.3.72 | 1 / 4 | |
| 4.3.71 | 1 / 4 | |
| 4.3.70 | 1 / 4 | |
| 4.3.69 | 1 / 4 | |
| 4.3.68 | 1 / 4 | |
| 4.3.67 | 1 / 4 | |
| 4.3.66 | 1 / 4 | |
| 4.3.65 | 1 / 4 | |
| 4.3.64 | 1 / 4 | |
| 4.3.63 | 1 / 4 | |
| 4.3.62 | 1 / 4 | |
| 4.3.61 | 1 / 4 | |
| 4.3.60 | 1 / 4 | |
| 4.3.59 | 1 / 4 |
v4.3.101
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.100
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.99
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.98
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.97
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.96
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.95
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.94
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.93
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.92
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.91
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.90
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.89
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.88
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.87
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.86
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.85
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.3.84
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.