@lynx-js/react
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | encoded-string-file:transform/dist/wasm.cjs | AI (source-diff): Base64-encoded WebAssembly binary (AGFzbQ = Wasm magic); expected artifact for a transform package shipping a .wasm file. | ai | |
| semgrep | semgrep:eval-usage | AI (semgrep): Documented webpack snapshot workaround with GitHub issue reference; guarded to non-production only. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Standard Proxy trap pattern using Reflect.get; not obfuscation. | ai |
Versions (showing 6 of 6)
| Version | Deps | Published |
|---|---|---|
| 0.121.1 | 1 / 3 | |
| 0.121.0 | 1 / 3 | |
| 0.120.0 | 1 / 3 | |
| 0.119.0 | 1 / 3 | |
| 0.118.0 | 1 / 3 | |
| 0.117.1 | 1 / 3 |
v0.121.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.121.0
2 findingsModified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.120.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.119.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.118.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.117.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.