@lukso/web-components
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/index-V6wvb6SH.js | AI (source-diff): Standard Vite/Rollup minified bundle output; LitElement source visible in sample. Normal for this package. | ai | |
| source-diff | obfuscated-file:dist/index-D8IqXWcZ.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; LitElement source visible in sample. Normal for this package. | ai | |
| source-diff | obfuscated-file:dist/index-DkfODalz.cjs | AI (source-diff): CJS counterpart of the same minified bundle; same reasoning as the ESM file. | ai | |
| source-diff | obfuscated-file:dist/index-C9vH8YlV.js | AI (source-diff): Standard Vite/Rollup minified bundle output for a web-components library; LitElement license headers confirm legitimate build artifact. | ai | |
| source-diff | obfuscated-file:tools/axe-HmsG1pWb.cjs | AI (source-diff): File is a bundled copy of [email protected] (accessibility library); minification is expected, not malicious. | ai | |
| source-diff | net-exec-file:tools/axe-HmsG1pWb.cjs | AI (source-diff): axe-core legitimately uses dynamic code execution for accessibility rule evaluation; not a dropper pattern. | ai | |
| source-diff | obfuscated-file:dist/index-sTnZd0lm.cjs | AI (source-diff): CJS equivalent of the same minified Lit bundle; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/index-ai1JMlH_.js | AI (source-diff): Standard minified Lit/web-components build output with license headers; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/index-KrWvJ44l.cjs | AI (source-diff): Minified Lit/LitElement framework bundle (CJS variant); standard build output for this web-components package. | ai | |
| source-diff | obfuscated-file:dist/index-BWp0TAbf.js | AI (source-diff): Minified Lit/LitElement framework bundle; standard build output for this web-components package. | ai | |
| source-diff | obfuscated-file:tools/axe-Njf3Jvxk.cjs | AI (source-diff): Bundled [email protected] minified distribution; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:tools/axe-RWGhQLPE.js | AI (source-diff): Bundled [email protected] ESM distribution; not obfuscated malware. | ai | |
| source-diff | net-exec-file:tools/axe-Njf3Jvxk.cjs | AI (source-diff): axe-core accessibility library bundle; network/exec pattern is from its legitimate browser API usage. | ai | |
| source-diff | net-exec-file:tools/axe-RWGhQLPE.js | AI (source-diff): axe-core accessibility library bundle; network/exec pattern is from its legitimate browser API usage. | ai | |
| source-diff | obfuscated-file:dist/index-DKXUCmZ9.cjs | AI (source-diff): Standard Vite/Rollup minified bundle output; LitElement license headers visible; not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/index-LyJ1o9RN.js | AI (source-diff): Standard Vite/Rollup minified bundle output; LitElement license headers visible; not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/components/lukso-markdown/index.js | AI (source-diff): Minified build output of the marked markdown parser; standard bundling for this UI component library. | ai | |
| source-diff | obfuscated-file:dist/components/lukso-markdown/index.cjs | AI (source-diff): Minified build output of the marked markdown parser; standard bundling for this UI component library. | ai | |
| source-diff | obfuscated-file:dist/index-Ga3DorGn.js | AI (source-diff): Standard minified Lit framework bundle output; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/index-C1D2PVva.cjs | AI (source-diff): Standard minified Lit framework bundle output; not obfuscated malware. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Scoped org package bundles deps; missing metadata signals are false positives for this established library. | ai | |
| source-diff | obfuscated-file:dist/index-CuduEaB2.cjs | AI (source-diff): Standard minified build output (LitElement/BSD-3-Clause); not obfuscation. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/index-DqZeY5Ft.js | AI (source-diff): Standard minified build output (LitElement/BSD-3-Clause); not obfuscation. Stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/index-ClAf3gfo.cjs | AI (source-diff): Standard Rollup/Vite minified bundle output with readable LitElement source; not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/index-DFCjzim8.js | AI (source-diff): Standard Rollup/Vite minified bundle output with readable LitElement source; not obfuscated. | ai | |
| provenance | publisher-changed | AI (provenance): Transition to GitHub Actions CI publishing with SLSA provenance; legitimate automation migration. | ai | |
| source-diff | net-exec-file:tools/axe-Dj3cSaX8.cjs | AI (source-diff): axe-core uses network APIs for accessibility testing; not dropper behavior. | ai | |
| source-diff | obfuscated-file:tools/axe-Dj3cSaX8.cjs | AI (source-diff): Bundled axe-core v4.11.1 accessibility library; minified by design, copyright header confirms identity. | ai | |
| phantom-deps | phantom-dep:tailwind-merge | AI (phantom-deps): Declared and used; phantom-dep heuristic is false positive for this package. | ai | |
| phantom-deps | phantom-dep:ethereum-blockies-base64 | AI (phantom-deps): Declared and used; phantom-dep heuristic is false positive for this package. | ai | |
| phantom-deps | phantom-dep:tailwind-variants | AI (phantom-deps): Declared and used; phantom-dep heuristic is false positive for this package. | ai | |
| phantom-deps | phantom-dep:web3-utils | AI (phantom-deps): Declared and used; phantom-dep heuristic is false positive for this package. | ai | |
| phantom-deps | phantom-dep:tippy.js | AI (phantom-deps): Declared and used; phantom-dep heuristic is false positive for this package. | ai | |
| dependencies | unvetted-dep:@lukso/lsp-smart-contracts | AI (dependencies): First-party LUKSO dependency; expected and stable for this package across versions. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Long-lived official LUKSO package; missing description is a cosmetic issue, not a risk indicator. | ai |
Versions (showing 51 of 74)
| Version | Deps | Published |
|---|---|---|
| 1.203.4 | 16 / 0 | |
| 1.203.3 | 16 / 0 | |
| 1.203.2 | 16 / 0 | |
| 1.203.1 | 16 / 0 | |
| 1.203.0 | 16 / 0 | |
| 1.202.0 | 16 / 0 | |
| 1.201.2 | 16 / 0 | |
| 1.201.1 | 16 / 0 | |
| 1.201.0 | 16 / 0 | |
| 1.200.1 | 16 / 0 | |
| 1.200.0 | 16 / 0 | |
| 1.199.0 | 16 / 0 | |
| 1.198.0 | 16 / 0 | |
| 1.197.1 | 16 / 0 | |
| 1.197.0 | 16 / 0 | |
| 1.196.0 | 16 / 0 | |
| 1.195.0 | 16 / 0 | |
| 1.194.1 | 16 / 0 | |
| 1.194.0 | 16 / 0 | |
| 1.192.1 | 16 / 0 | |
| 1.192.0 | 16 / 0 | |
| 1.191.1 | 16 / 0 | |
| 1.191.0 | 16 / 0 | |
| 1.190.0 | 16 / 0 | |
| 1.189.0 | 16 / 0 | |
| 1.188.0 | 16 / 0 | |
| 1.156.1 | 0 / 0 | |
| 1.156.0 | 0 / 0 | |
| 1.155.1 | 0 / 0 | |
| 1.155.0 | 0 / 0 | |
| 1.154.0 | 0 / 0 | |
| 1.153.0 | 0 / 0 | |
| 1.152.0 | 0 / 0 | |
| 1.151.0 | 0 / 0 | |
| 1.150.0 | 0 / 0 | |
| 1.149.1 | 0 / 0 | |
| 1.149.0 | 0 / 0 | |
| 1.148.0 | 0 / 0 | |
| 1.147.1 | 0 / 0 | |
| 1.147.0 | 0 / 0 | |
| 1.146.0 | 0 / 0 | |
| 1.145.1 | 0 / 0 | |
| 1.145.0 | 0 / 0 | |
| 1.144.1 | 0 / 0 | |
| 1.144.0 | 0 / 0 | |
| 1.143.0 | 0 / 0 | |
| 1.142.3 | 0 / 0 | |
| 1.142.2 | 0 / 0 | |
| 1.142.1 | 0 / 0 | |
| 1.142.0 | 0 / 0 | |
| 1.141.1 | 0 / 0 |
v1.203.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.203.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.203.2
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.203.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.203.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.202.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.201.2
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.201.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.201.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.200.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.200.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.199.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.198.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.197.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.197.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.194.1
4 findingsThis version was published by a different npm account than previous versions on 2026-04-27. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.194.0
4 findingsThis version was published by a different npm account than previous versions on 2026-04-24. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.192.1
4 findingsThis version was published by a different npm account than previous versions on 2026-04-22. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.192.0
4 findingsThis version was published by a different npm account than previous versions on 2026-04-21. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.191.1
4 findingsThis version was published by a different npm account than previous versions on 2026-04-21. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.191.0
4 findingsThis version was published by a different npm account than previous versions on 2026-04-20. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.190.0
4 findingsThis version was published by a different npm account than previous versions on 2026-04-16. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.189.0
4 findingsThis version was published by a different npm account than previous versions on 2026-04-16. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.188.0
4 findingsThis version was published by a different npm account than previous versions on 2026-04-09. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.156.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.156.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.155.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.155.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.154.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.153.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.152.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.151.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.150.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.149.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.149.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.148.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.147.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.147.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.146.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.145.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.145.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.144.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.144.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.143.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.142.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.142.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.142.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.142.0
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.141.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.