@kong/kongponents — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

konginc

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/kongponents260.cjs	AI (source-diff): Standard Vite/Rollup minified CJS chunk; expected build output for this Vue component library.	ai	2026/06/06
source-diff	obfuscated-file:dist/kongponents264.cjs	AI (source-diff): Standard Vite/Rollup minified CJS chunk; expected build output for this Vue component library.	ai	2026/06/06
source-diff	obfuscated-file:dist/kongponents277.cjs	AI (source-diff): Standard Vite/Rollup minified build output for a Vue component library; not malicious obfuscation.	ai	2026/06/05
source-diff	obfuscated-file:dist/kongponents355.cjs	AI (source-diff): Standard Vite/Rollup minified CJS chunk; lodash-es environment detection pattern, not malware.	ai	2026/06/04
source-diff	net-exec-file:dist/kongponents.es355.js	AI (source-diff): Same lodash-es global detection in ESM build chunk; not a dropper.	ai	2026/06/04
source-diff	net-exec-file:dist/kongponents355.cjs	AI (source-diff): Function('return this')() is lodash-es global detection; no actual network+exec dropper pattern.	ai	2026/06/04
source-diff	obfuscated-file:dist/kongponents274.cjs	AI (source-diff): Standard Vite/Rollup minified CJS chunk; readable Vue component logic visible in sample.	ai	2026/06/04
source-diff	obfuscated-file:dist/kongponents261.cjs	AI (source-diff): Minified Vite/Rollup CJS bundle output; normal for this package's build process across all versions.	ai	2026/06/04
source-diff	obfuscated-file:dist/kongponents204.cjs	AI (source-diff): Standard Vite/Rollup minified CJS chunk; normal build output for this Vue component library.	ai	2026/06/04
source-diff	net-exec-file:dist/kongponents369.cjs	AI (source-diff): Function('return this') is a lodash globalThis polyfill pattern, not a dropper; no actual network calls.	ai	2026/06/04
source-diff	net-exec-file:dist/kongponents.es369.js	AI (source-diff): Same lodash globalThis polyfill in ES module build; legitimate bundled dependency.	ai	2026/06/04
source-diff	obfuscated-file:dist/kongponents369.cjs	AI (source-diff): Contains lodash/focus-trap minified; legitimate build artifact from Vite bundling.	ai	2026/06/04
source-diff	obfuscated-file:dist/kongponents171.cjs	AI (source-diff): Vite/Rollup minified build output for a Vue component library; sample shows SVG/component code, not obfuscation.	ai	2026/06/03
source-diff	net-exec-file:dist/kongponents.es357.js	AI (source-diff): ESM chunk from Vite build; same pattern as CJS chunk, no malicious indicators.	ai	2026/06/03
source-diff	net-exec-file:dist/kongponents357.cjs	AI (source-diff): Minified Vue/lodash bundle; network refs are fetch API usage in UI components, not dropper behavior.	ai	2026/06/03
source-diff	obfuscated-file:dist/kongponents357.cjs	AI (source-diff): Vite-generated minified chunk; normal build output for this Vue component library.	ai	2026/06/03
source-diff	obfuscated-file:dist/kongponents250.cjs	AI (source-diff): Standard Vite/Rollup minified CJS chunk; CalendarWrapper component code, not obfuscated malware.	ai	2026/06/01
source-diff	obfuscated-file:dist/kongponents255.cjs	AI (source-diff): Standard Vite CJS chunk containing focus-trap library with MIT license header.	ai	2026/06/01
source-diff	obfuscated-file:dist/kongponents186.cjs	AI (source-diff): Standard Vite CJS chunk; readable Vue component code, not obfuscated.	ai	2026/06/01
source-diff	obfuscated-file:dist/kongponents259.cjs	AI (source-diff): Standard Vite/Rollup minified CJS chunk with bundled focus-trap; not obfuscated. Stable pattern for this package.	ai	2026/06/01
source-diff	obfuscated-file:dist/kongponents271.cjs	AI (source-diff): Contains recognizable floating-ui positioning logic; minified CJS chunk from Vite build, not obfuscation.	ai	2026/06/01
source-diff	obfuscated-file:dist/kongponents106.cjs	AI (source-diff): Standard Vite CJS build chunk for Kong component library.	ai	2026/05/31
source-diff	obfuscated-file:dist/kongponents300.cjs	AI (source-diff): Standard Vite CJS build chunk for Kong component library.	ai	2026/05/31
source-diff	obfuscated-file:dist/kongponents265.cjs	AI (source-diff): Standard Vite CJS build chunk for Kong component library.	ai	2026/05/31
source-diff	obfuscated-file:dist/kongponents148.cjs	AI (source-diff): Standard Vite CJS build chunk for Kong component library.	ai	2026/05/31
source-diff	obfuscated-file:dist/kongponents144.cjs	AI (source-diff): Standard Vite CJS build chunk for Kong component library.	ai	2026/05/31
source-diff	obfuscated-file:dist/kongponents133.cjs	AI (source-diff): Standard Vite CJS build chunk for Kong component library.	ai	2026/05/31
source-diff	obfuscated-file:dist/kongponents129.cjs	AI (source-diff): Standard Vite CJS build chunk for Kong component library.	ai	2026/05/31
source-diff	obfuscated-file:dist/kongponents127.cjs	AI (source-diff): Standard Vite CJS build chunk for Kong component library.	ai	2026/05/31
source-diff	obfuscated-file:dist/kongponents125.cjs	AI (source-diff): Standard Vite CJS build chunk for Kong component library.	ai	2026/05/31
source-diff	obfuscated-file:dist/kongponents123.cjs	AI (source-diff): Standard Vite CJS build chunk for Kong component library.	ai	2026/05/31
source-diff	obfuscated-file:dist/kongponents120.cjs	AI (source-diff): Standard Vite CJS build chunk for Kong component library.	ai	2026/05/31
source-diff	obfuscated-file:dist/kongponents116.cjs	AI (source-diff): Standard Vite CJS build chunk for Kong component library.	ai	2026/05/31
source-diff	obfuscated-file:dist/kongponents110.cjs	AI (source-diff): Standard Vite CJS build chunk for Kong component library.	ai	2026/05/31
source-diff	obfuscated-file:dist/kongponents108.cjs	AI (source-diff): Standard Vite CJS build chunk for Kong component library.	ai	2026/05/31
source-diff	obfuscated-file:dist/kongponents100.cjs	AI (source-diff): Standard Vite CJS build chunk for Kong component library; minified but not malicious.	ai	2026/05/31
source-diff	obfuscated-file:dist/kongponents249.cjs	AI (source-diff): Standard Vite CJS chunk output; readable Vue component (ColumnVisibilityMenu) logic.	ai	2026/05/31
source-diff	obfuscated-file:dist/kongponents306.cjs	AI (source-diff): Standard Vite CJS chunk output; floating-ui DOM utilities, not obfuscated malware.	ai	2026/05/31
source-diff	obfuscated-file:dist/kongponents241.cjs	AI (source-diff): Standard Vite CJS chunk output; CalendarWrapper component code, not malicious.	ai	2026/05/30
source-diff	obfuscated-file:dist/kongponents263.cjs	AI (source-diff): Standard Vite/Rollup minified CJS chunk; readable Vue component code, not obfuscated.	ai	2026/05/30
source-diff	large-new-source-files	AI (source-diff): Component library with many Vite build chunks; large file count is expected for this package.	ai	2026/05/30
source-diff	obfuscated-file:dist/kongponents362.cjs	AI (source-diff): Standard Vite CJS chunk; contains readable date-fns parsing code, not malicious obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/kongponents280.cjs	AI (source-diff): Standard Vite CJS chunk; contains readable tabbable 6.4.0 source, not malicious obfuscation.	ai	2026/05/30
source-diff	obfuscated-file:dist/kongponents332.cjs	AI (source-diff): Standard Vite/Rollup minified CJS chunk containing vue-draggable-next/sortablejs; no malicious content.	ai	2026/05/30
source-diff	obfuscated-file:dist/kongponents164.cjs	AI (source-diff): Standard Vite minified CJS chunk; readable Vue component code.	ai	2026/05/30
source-diff	obfuscated-file:dist/kongponents161.cjs	AI (source-diff): Standard Vite minified CJS chunk; readable Vue component code.	ai	2026/05/30
source-diff	obfuscated-file:dist/kongponents159.cjs	AI (source-diff): Standard Vite minified CJS chunk; readable Vue component code.	ai	2026/05/30
source-diff	obfuscated-file:dist/kongponents157.cjs	AI (source-diff): Standard Vite minified CJS chunk; readable Vue component code, not obfuscated malware.	ai	2026/05/30
source-diff	obfuscated-file:dist/kongponents246.cjs	AI (source-diff): Standard Vite minified CJS chunk; readable Vue component code.	ai	2026/05/30
source-diff	obfuscated-file:dist/kongponents257.cjs	AI (source-diff): Standard Vite minified CJS chunk; focus-trap library code with MIT license header.	ai	2026/05/30
source-diff	obfuscated-file:dist/kongponents22.cjs	AI (source-diff): Standard Vite minified CJS chunk; readable Vue component code.	ai	2026/05/30
source-diff	obfuscated-file:dist/kongponents258.cjs	AI (source-diff): Minified Vite/Rollup CJS build chunk; standard for this component library's build output.	ai	2026/05/29
provenance	publisher-changed	AI (provenance): Kong migrated to GitHub Actions CI publishing with SLSA attestation; this is the expected publisher going forward.	ai	2026/05/15
source-diff	obfuscated-file:dist/kongponents327.cjs	AI (source-diff): Minified Rollup/Vite bundle of declared deps (vue-draggable-next, sortablejs); not obfuscation.	ai	2026/05/15
source-diff	obfuscated-file:dist/kongponents267.cjs	AI (source-diff): Standard Vite/Rollup minified CJS chunk; not obfuscated. Stable pattern for this package.	ai	2026/05/15
source-diff	obfuscated-file:dist/kongponents252.cjs	AI (source-diff): Standard Vite/Rollup minified CJS chunk; not obfuscated. Stable pattern for this package.	ai	2026/05/15
source-diff	obfuscated-file:dist/kongponents201.cjs	AI (source-diff): Standard Vite/Rollup minified CJS chunk; content is Vue component + SVG icon code, not malicious.	ai	2026/05/15
source-diff	obfuscated-file:dist/kongponents285.cjs	AI (source-diff): Standard Vite/Rollup minified CJS chunk; content is date-fns formatting logic, not malicious.	ai	2026/05/15
source-diff	obfuscated-file:dist/kongponents244.cjs	AI (source-diff): Standard Vite/Rollup minified bundle output; content is readable floating-ui DOM utilities, not obfuscated malware.	ai	2026/05/15
source-diff	obfuscated-file:dist/kongponents273.cjs	AI (source-diff): Standard Vite/Rollup minified CJS chunk output for a Vue component library; not obfuscation.	ai	2026/05/15
source-diff	obfuscated-file:dist/kongponents269.cjs	AI (source-diff): Standard Vite/Rollup minified CJS chunk output for a Vue component library; not obfuscation.	ai	2026/05/15
source-diff	obfuscated-file:dist/kongponents254.cjs	AI (source-diff): Standard Vite/Rollup minified bundle output; focus-trap attribution visible in file header. Normal for this package.	ai	2026/05/15
source-diff	obfuscated-file:dist/kongponents251.cjs	AI (source-diff): Standard Vite/Rollup minified CJS chunk; readable Vue component code, not malicious obfuscation.	ai	2026/04/30
source-diff	obfuscated-file:dist/kongponents247.cjs	AI (source-diff): Standard Vite/Rollup minified CJS chunk; readable Vue component code, not malicious obfuscation.	ai	2026/04/30
source-diff	obfuscated-file:dist/kongponents253.cjs	AI (source-diff): Standard Vite/Rollup minified CJS chunk; readable Vue component code, not malicious obfuscation.	ai	2026/04/30
phantom-deps	phantom-dep:@popperjs/core	AI (phantom-deps): Large component library; deps used indirectly or via config/build tooling.	ai	2026/04/29
phantom-deps	phantom-dep:date-fns-tz	AI (phantom-deps): Large component library; deps used indirectly or via config/build tooling.	ai	2026/04/29
phantom-deps	phantom-dep:@kong/icons	AI (phantom-deps): Same org scope; used indirectly in component library.	ai	2026/04/29
phantom-deps	phantom-dep:sortablejs	AI (phantom-deps): Large component library; deps used indirectly or via config/build tooling.	ai	2026/04/29
phantom-deps	phantom-dep:lodash-es	AI (phantom-deps): Large component library; deps used indirectly or via config/build tooling.	ai	2026/04/29
phantom-deps	phantom-dep:date-fns	AI (phantom-deps): Large component library; deps used indirectly or via config/build tooling.	ai	2026/04/29
phantom-deps	phantom-dep:nanoid	AI (phantom-deps): Large component library; deps used indirectly or via config/build tooling, not direct imports.	ai	2026/04/29
phantom-deps	phantom-dep:virtua	AI (phantom-deps): Large component library; deps used indirectly or via config/build tooling.	ai	2026/04/29
phantom-deps	phantom-dep:vue-draggable-next	AI (phantom-deps): Large component library; deps used indirectly or via config/build tooling.	ai	2026/04/29
phantom-deps	phantom-dep:@floating-ui/vue	AI (phantom-deps): Large component library; deps used indirectly or via config/build tooling.	ai	2026/04/29
phantom-deps	phantom-dep:focus-trap-vue	AI (phantom-deps): Large component library; deps used indirectly or via config/build tooling.	ai	2026/04/29

Versions (showing 51 of 170)

View all versions

Version	Deps	Published
9.57.0	14 / 57	2026-06-04
9.56.2	14 / 57	2026-06-02
9.56.1	14 / 57	2026-05-28
9.56.0	14 / 57	2026-05-27
9.55.3	14 / 57	2026-05-25
9.55.2	14 / 57	2026-05-21
9.55.1	14 / 57	2026-05-15
9.55.0	14 / 57	2026-05-14
9.54.3	14 / 57	2026-05-14
9.54.2	14 / 57	2026-05-12
9.54.1	14 / 57	2026-05-11
9.54.0	14 / 57	2026-05-06
9.53.3	14 / 57	2026-05-05
9.53.2	14 / 57	2026-05-01
9.53.1	14 / 57	2026-05-01
9.53.0	14 / 57	2026-05-01
9.52.13	14 / 57	2026-04-29
9.52.12	14 / 57	2026-04-28
9.52.11	14 / 57	2026-04-23
9.52.10	14 / 57	2026-04-14
9.52.9	14 / 57	2026-03-31
9.52.8	14 / 57	2026-03-31
9.52.7	14 / 57	2026-03-30
9.52.6	14 / 57	2026-03-23
9.52.5	14 / 57	2026-03-17
9.52.4	14 / 57	2026-03-13
9.52.3	14 / 57	2026-03-13
9.52.2	14 / 57	2026-03-09
9.52.1	14 / 57	2026-03-07
9.52.0	14 / 57	2026-03-03
9.51.2	14 / 57	2026-03-03
9.51.1	14 / 57	2026-03-03
9.51.0	14 / 57	2026-02-26
9.50.7	14 / 57	2026-02-26
9.50.6	14 / 57	2026-02-25
9.50.5	14 / 57	2026-02-09
9.50.4	14 / 57	2026-02-04
9.50.3	14 / 57	2026-02-04
9.50.2	14 / 57	2026-02-03
9.50.1	14 / 57	2026-01-28
9.50.0	14 / 57	2026-01-23
9.49.9	14 / 57	2026-01-23
9.49.8	14 / 57	2026-01-20
9.49.7	14 / 57	2026-01-16
9.49.6	14 / 57	2026-01-15
9.49.5	14 / 57	2026-01-13
9.49.4	14 / 57	2026-01-13
9.49.3	14 / 57	2026-01-13
9.49.2	14 / 57	2026-01-07
9.49.1	14 / 57	2026-01-07
9.49.0	14 / 57	2026-01-06

v9.57.0

3 findings

HIGH New obfuscated file: dist/kongponents260.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents264.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.56.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.56.1

2 findings

HIGH New obfuscated file: dist/kongponents277.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.56.0

2 findings

HIGH New obfuscated file: dist/kongponents250.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.55.3

7 findings

HIGH New obfuscated file: dist/kongponents259.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents263.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents265.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents369.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/kongponents369.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New file with network + code execution: dist/kongponents.es369.js source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.55.2

3 findings

HIGH New obfuscated file: dist/kongponents280.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents362.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.55.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.55.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.54.3

4 findings

HIGH New obfuscated file: dist/kongponents249.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents263.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents274.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.54.2

3 findings

HIGH New obfuscated file: dist/kongponents269.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents273.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.54.1

4 findings

HIGH New obfuscated file: dist/kongponents252.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents267.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents285.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.54.0

4 findings

HIGH New obfuscated file: dist/kongponents252.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents271.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents285.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.53.3

3 findings

HIGH New obfuscated file: dist/kongponents254.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents265.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.53.2

2 findings

HIGH New obfuscated file: dist/kongponents269.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.53.1

2 findings

HIGH New obfuscated file: dist/kongponents254.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.53.0

3 findings

HIGH New obfuscated file: dist/kongponents201.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents285.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.52.13

4 findings

HIGH New obfuscated file: dist/kongponents247.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents251.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents253.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.52.12

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.52.6

19 findings

HIGH New obfuscated file: dist/kongponents100.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents106.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents108.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents110.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents116.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents120.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents123.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents125.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents127.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents129.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents133.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents144.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents148.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents22.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents246.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents249.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents265.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/kongponents271.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v9.52.5

18 findings