@kong-ui-public/documentation

A set of Kong UI components for displaying documents.

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

konginc

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	net-exec-file:dist/index-CNUFa5l3.js	AI (source-diff): Network+exec pattern from bundled mermaid/markdown renderer, not dropper malware.	ai	2026/05/31
source-diff	obfuscated-file:dist/graphql-BSO8hVnT-C6Okg5tI.js	AI (source-diff): Vite-bundled syntax grammar JSON; not obfuscated malware.	ai	2026/05/31
source-diff	obfuscated-file:dist/go-DpaXbCNA-DqSXHrGo.js	AI (source-diff): Vite-bundled syntax grammar JSON; not obfuscated malware.	ai	2026/05/31
source-diff	obfuscated-file:dist/flowDiagram-I6XJVG4X-B23Smlxp-Em0XNk8h.js	AI (source-diff): Vite-bundled mermaid diagram chunk; standard minified output.	ai	2026/05/31
source-diff	obfuscated-file:dist/css-CJQ-rcMF-B_2PRTA_.js	AI (source-diff): Vite-bundled syntax grammar JSON; not obfuscated malware.	ai	2026/05/31
source-diff	obfuscated-file:dist/csharp-Cy04UeDC-OaGPefhL.js	AI (source-diff): Vite-bundled syntax grammar JSON; not obfuscated malware.	ai	2026/05/31
source-diff	obfuscated-file:dist/c4Diagram-AAUBKEIU-ftdwlfdB-BLRF4Pf5.js	AI (source-diff): Vite-bundled mermaid diagram chunk; standard minified output.	ai	2026/05/31
source-diff	obfuscated-file:dist/c-GOwUpV7U-DMPKLUI8.js	AI (source-diff): Vite-bundled syntax grammar JSON; not obfuscated malware.	ai	2026/05/31
source-diff	obfuscated-file:dist/astro-D8QEIUE9-nzvtSwAQ.js	AI (source-diff): Vite-bundled syntax grammar JSON; not obfuscated malware.	ai	2026/05/31
source-diff	obfuscated-file:dist/index-CNUFa5l3.js	AI (source-diff): Main Vite bundle for documentation component; minified but not malicious.	ai	2026/05/31
source-diff	obfuscated-file:dist/http-DRk-iX-V-DQ76ihB0.js	AI (source-diff): Vite-bundled syntax grammar JSON; not obfuscated malware.	ai	2026/05/31
source-diff	obfuscated-file:dist/html-DdIT5Pi9-C35UyBqr.js	AI (source-diff): Vite-bundled syntax grammar JSON; not obfuscated malware.	ai	2026/05/31
source-diff	obfuscated-file:dist/haskell-BDLr0yXS-BlmVjKNy.js	AI (source-diff): Vite-bundled syntax grammar JSON; not obfuscated malware.	ai	2026/05/31
source-diff	obfuscated-file:dist/handlebars-tnt1-4s--xVtJSIx5.js	AI (source-diff): Vite-bundled syntax grammar JSON; not obfuscated malware.	ai	2026/05/31
source-diff	obfuscated-file:dist/haml-DizLz-gS-BWwS-eha.js	AI (source-diff): Vite-bundled syntax grammar JSON; not obfuscated malware.	ai	2026/05/31
source-diff	obfuscated-file:dist/c4Diagram-AAMF2YG6-CKwlop6T-biDHxtgF.js	AI (source-diff): Standard Vite-minified Mermaid diagram bundle; content is readable diagram grammar, not obfuscated malware.	ai	2026/05/30
source-diff	obfuscated-file:dist/requirementDiagram-EGVEC5DT-CnnVFZwh-D9sZFwwg.js	AI (source-diff): Standard Vite-minified Mermaid diagram bundle; legitimate build output.	ai	2026/05/30
source-diff	obfuscated-file:dist/quadrantDiagram-YPSRARAO-BQtyf3HP-D7rZGp1l.js	AI (source-diff): Standard Vite-minified Mermaid diagram bundle; legitimate build output.	ai	2026/05/30
source-diff	obfuscated-file:dist/erDiagram-HZWUO2LU-DRB4Mbtv-CgU99FCL.js	AI (source-diff): Standard Vite-minified Mermaid diagram bundle; legitimate build output.	ai	2026/05/30
source-diff	obfuscated-file:dist/mermaid-parser.core-DRkTy7co-D3k_lOFL.js	AI (source-diff): Mermaid parser core bundle; minified but content is readable lodash/parser code.	ai	2026/05/30
source-diff	net-exec-file:dist/index-DeBlJN4f.js	AI (source-diff): Vue component bundle; network calls are API interactions, dynamic execution is Vue's reactivity system — not dropper behavior.	ai	2026/05/30
source-diff	obfuscated-file:dist/index-DeBlJN4f.js	AI (source-diff): Main Vite bundle with Vue imports and i18n strings; readable content confirms legitimate build output.	ai	2026/05/30
source-diff	obfuscated-file:dist/flowDiagram-THRYKUMA-Cca2217c-CyDxFUag.js	AI (source-diff): Standard Vite-minified Mermaid diagram bundle; legitimate build output.	ai	2026/05/30
source-diff	obfuscated-file:dist/sequenceDiagram-WFGC7UMF-ChsW9bN4-D52efQBS.js	AI (source-diff): Standard Vite-minified Mermaid diagram bundle; legitimate build output.	ai	2026/05/30
source-diff	obfuscated-file:dist/mermaid-parser.core-DtLRLmJt-Bs8fzU82.js	AI (source-diff): Minified mermaid parser bundle; legitimate build artifact.	ai	2026/05/30
source-diff	obfuscated-file:dist/c4Diagram-AHTNJAMY-D1CqyEQ6-B0R-a6pf.js	AI (source-diff): Minified mermaid diagram bundle; legitimate build artifact for this package.	ai	2026/05/30
source-diff	obfuscated-file:dist/erDiagram-SMLLAGMA-23hRKyIy-B-dChHLQ.js	AI (source-diff): Minified mermaid diagram bundle; legitimate build artifact.	ai	2026/05/30
source-diff	obfuscated-file:dist/flowDiagram-DWJPFMVM-BeSa8cQn-B2__M71K.js	AI (source-diff): Minified mermaid diagram bundle; legitimate build artifact.	ai	2026/05/30
source-diff	obfuscated-file:dist/index-Bh-wTBlD.js	AI (source-diff): Minified main bundle with Vue/i18n imports; legitimate build artifact.	ai	2026/05/30
source-diff	obfuscated-file:dist/quadrantDiagram-34T5L4WZ-Cfwapd1Q-CS_lKY3k.js	AI (source-diff): Minified mermaid diagram bundle; legitimate build artifact.	ai	2026/05/30
source-diff	obfuscated-file:dist/requirementDiagram-MS252O5E-Bimzbn3B-B-e5vK9F.js	AI (source-diff): Minified mermaid diagram bundle; legitimate build artifact.	ai	2026/05/30
source-diff	net-exec-file:dist/cytoscape.esm-BjnMFxuP-CWlRmT1g.js	AI (source-diff): Cytoscape.js graph library bundle; network+exec pattern is false positive for this visualization library.	ai	2026/05/30
source-diff	net-exec-file:dist/index-Bh-wTBlD.js	AI (source-diff): Main Vue component bundle; net+exec pattern is false positive for legitimate UI component.	ai	2026/05/30
source-diff	obfuscated-file:dist/requirementDiagram-MS252O5E-kbyTwFM7-uVRo-sbb.js	AI (source-diff): Standard Vite minified Mermaid diagram bundle; not obfuscated malware.	ai	2026/05/18
source-diff	obfuscated-file:dist/quadrantDiagram-34T5L4WZ-BGiKwrld-lckIOaIT.js	AI (source-diff): Standard Vite minified Mermaid diagram bundle; not obfuscated malware.	ai	2026/05/18
source-diff	obfuscated-file:dist/mermaid-parser.core-CyLOoIom-x9WJrfZ4.js	AI (source-diff): Standard Vite minified Mermaid parser bundle; not obfuscated malware.	ai	2026/05/18
source-diff	net-exec-file:dist/index-DQ-TXxrJ.js	AI (source-diff): False positive on Vite-bundled Vue component; no actual dropper/loader behavior in sample.	ai	2026/05/18
source-diff	obfuscated-file:dist/index-DQ-TXxrJ.js	AI (source-diff): Standard Vite minified main bundle with Vue/Kong imports; not obfuscated malware.	ai	2026/05/18
source-diff	obfuscated-file:dist/flowDiagram-DWJPFMVM-Hi4kVuUg-C0bJlM16.js	AI (source-diff): Standard Vite minified Mermaid diagram bundle; not obfuscated malware.	ai	2026/05/18
source-diff	obfuscated-file:dist/erDiagram-SMLLAGMA-DqpeRG8q-C6pwKkwF.js	AI (source-diff): Standard Vite minified Mermaid diagram bundle; not obfuscated malware.	ai	2026/05/18
source-diff	obfuscated-file:dist/c4Diagram-AHTNJAMY-CoIcDDlQ-DOuHA4wJ.js	AI (source-diff): Standard Vite minified Mermaid diagram bundle; not obfuscated malware.	ai	2026/05/18
source-diff	obfuscated-file:dist/sequenceDiagram-FGHM5R23-eJlHKiCJ-CHkqRjjz.js	AI (source-diff): Standard Vite minified Mermaid diagram bundle; not obfuscated malware.	ai	2026/05/18
source-diff	obfuscated-file:dist/c4Diagram-AHTNJAMY-CoIcDDlQ-mAGkT4bn.js	AI (source-diff): Minified mermaid diagram renderer bundle; expected output for this package.	ai	2026/05/01
source-diff	net-exec-file:dist/index-BHz_s4bq.js	AI (source-diff): False positive on bundled Vue component code; no actual dropper/loader behavior present.	ai	2026/05/01
source-diff	obfuscated-file:dist/index-BHz_s4bq.js	AI (source-diff): Standard Vite/Rollup minified bundle output for a Vue component library; not malicious obfuscation.	ai	2026/05/01
source-diff	large-new-source-files	AI (source-diff): New mermaid diagram type bundles added; expected growth pattern for this package.	ai	2026/05/01
source-diff	encoded-string-file:dist/documentation.umd.js	AI (source-diff): Long encoded strings in UMD bundle are expected from Vite build output for this component library.	ai	2026/05/01
source-diff	obfuscated-file:dist/requirementDiagram-MS252O5E-kbyTwFM7-BxWs0bV9.js	AI (source-diff): Minified mermaid diagram renderer bundle; expected output for this package.	ai	2026/05/01
source-diff	obfuscated-file:dist/quadrantDiagram-34T5L4WZ-BGiKwrld-B1OMDwUy.js	AI (source-diff): Minified mermaid diagram renderer bundle; expected output for this package.	ai	2026/05/01
source-diff	obfuscated-file:dist/flowDiagram-DWJPFMVM-Hi4kVuUg-inYUChHw.js	AI (source-diff): Minified mermaid diagram renderer bundle; expected output for this package.	ai	2026/05/01
source-diff	obfuscated-file:dist/erDiagram-SMLLAGMA-DqpeRG8q-DV4bMkrn.js	AI (source-diff): Minified mermaid diagram renderer bundle; expected output for this package.	ai	2026/05/01
source-diff	obfuscated-file:dist/sequenceDiagram-FGHM5R23-eJlHKiCJ-BoJqtc1E.js	AI (source-diff): Minified mermaid diagram renderer bundle; expected output for this package.	ai	2026/05/01
source-diff	obfuscated-file:dist/mermaid-parser.core-CyLOoIom-CwJC_DlH.js	AI (source-diff): Minified mermaid parser bundle; expected output for this package.	ai	2026/05/01
dependencies	unvetted-dep:@kong/markdown	AI (dependencies): Same Kong org dependency; consistent across versions of this package.	ai	2026/04/30
phantom-deps	phantom-dep:@kong-ui-public/entities-shared	AI (phantom-deps): Same org scope; phantom-dep heuristic unreliable for Vue component packages with template-only usage.	ai	2026/04/29
phantom-deps	phantom-dep:@kong/icons	AI (phantom-deps): Same-org Kong dep; likely used in templates/config rather than direct JS imports — stable false positive for this package.	ai	2026/04/29

Versions (showing 44 of 44)

Version	Deps	Published
1.5.52	3 / 5	2026-06-01
1.5.51	3 / 5	2026-05-28
1.5.50	3 / 5	2026-05-28
1.5.49	3 / 5	2026-05-27
1.5.48	3 / 5	2026-05-25
1.5.47	3 / 5	2026-05-19
1.5.46	3 / 5	2026-05-15
1.5.45	3 / 5	2026-05-15
1.5.43	3 / 5	2026-05-13
1.5.42	3 / 5	2026-05-13
1.5.41	3 / 5	2026-05-13
1.5.39	3 / 5	2026-05-11
1.5.38	3 / 5	2026-05-11
1.5.37	3 / 5	2026-05-08
1.5.36	3 / 5	2026-05-08
1.5.35	3 / 5	2026-05-08
1.5.34	3 / 5	2026-05-07
1.5.33	3 / 5	2026-05-07
1.5.32	3 / 5	2026-05-05
1.5.31	3 / 5	2026-05-02
1.5.30	3 / 5	2026-05-01
1.5.29	3 / 5	2026-05-01
1.5.28	3 / 5	2026-05-01
1.5.27	3 / 5	2026-04-30
1.5.26	3 / 5	2026-04-29
1.5.25	3 / 5	2026-04-28
1.5.24	3 / 5	2026-04-26
1.5.23	3 / 5	2026-04-25
1.5.22	3 / 5	2026-04-25
1.5.21	3 / 5	2026-04-25
1.5.20	3 / 5	2026-04-23
1.5.19	3 / 5	2026-04-22
1.5.18	3 / 5	2026-04-22
1.5.17	3 / 5	2026-04-21
1.5.16	3 / 5	2026-04-20
1.5.15	3 / 5	2026-04-17
1.5.14	3 / 5	2026-04-17
1.5.13	3 / 5	2026-04-15
1.5.12	3 / 5	2026-04-10
1.5.11	3 / 5	2026-04-09
1.5.10	3 / 5	2026-04-09
1.5.9	3 / 5	2026-04-08
1.5.8	3 / 5	2026-04-08
1.5.7	3 / 5	2026-03-31

v1.5.52

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.51

16 findings

HIGH New obfuscated file: dist/astro-D8QEIUE9-nzvtSwAQ.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/c-GOwUpV7U-DMPKLUI8.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/c4Diagram-AAUBKEIU-ftdwlfdB-BLRF4Pf5.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/csharp-Cy04UeDC-OaGPefhL.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/css-CJQ-rcMF-B_2PRTA_.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/flowDiagram-I6XJVG4X-B23Smlxp-Em0XNk8h.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/go-DpaXbCNA-DqSXHrGo.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/graphql-BSO8hVnT-C6Okg5tI.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/haml-DizLz-gS-BWwS-eha.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/handlebars-tnt1-4s--xVtJSIx5.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/haskell-BDLr0yXS-BlmVjKNy.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/html-DdIT5Pi9-C35UyBqr.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/http-DRk-iX-V-DQ76ihB0.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-CNUFa5l3.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/index-CNUFa5l3.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.50