@marimo-team/islands
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/input-CSVEkmaZ.js | AI (source-diff): Standard minified UI component bundle; matches declared deps pattern. | ai | |
| source-diff | net-exec-file:dist/zod-W5ZEjzaE.js | AI (source-diff): Zod is a declared schema validation dependency; any net/exec pattern is a false positive. | ai | |
| source-diff | net-exec-file:dist/react-vega-DBwal82H.js | AI (source-diff): Vega loads data from URLs by design; not malicious. | ai | |
| source-diff | net-exec-file:dist/Plot-CK0oVgQL.js | AI (source-diff): Plotly.js bundle includes fetch for data loading; standard charting library behavior. | ai | |
| source-diff | net-exec-file:dist/ConnectedDataExplorerComponent-P92i6wYx.js | AI (source-diff): Data explorer component using vega-loader for data fetching; legitimate UI feature. | ai | |
| source-diff | obfuscated-file:dist/react-vega-DBwal82H.js | AI (source-diff): Minified react-vega/vega bundle, a declared dependency. | ai | |
| source-diff | obfuscated-file:dist/process-output-Bekznt_B.js | AI (source-diff): Minified marimo process-output component bundle; standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/Plot-CK0oVgQL.js | AI (source-diff): Minified plotly.js bundle, a declared dependency; long lines are expected. | ai | |
| source-diff | obfuscated-file:dist/process-output-D_uZ0o1x.js | AI (source-diff): Minified Vite build output; long lines are bundled ES module code, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/ConnectedDataExplorerComponent-D08JKcQg.js | AI (source-diff): Standard Vite bundle chunk for a data explorer UI component; imports are named ES module re-exports, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/c4Diagram-YG6GDRKO-C2hc6ne8.js | AI (source-diff): Standard Mermaid C4 diagram parser bundle; minified JS from a known OSS library, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/reveal-component-CFuofbBD.js | AI (source-diff): Standard Vite minified bundle output; readable import structure confirms legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/slide-form-DgMI37ES.js | AI (source-diff): Standard Vite minified bundle output; readable import structure confirms legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/html-to-image-DBosi5GK.js | AI (source-diff): Standard Vite minified bundle output; readable import structure confirms legitimate build artifact. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Large visualization library bundles (Plot, vega, cytoscape) are expected for this UI-heavy package. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): radix-ui is the official consolidated Radix package replacing individual @radix-ui/* packages; well-known upstream change. | ai | |
| source-diff | obfuscated-file:dist/c4Diagram-YG6GDRKO-CZSU4uqU.js | AI (source-diff): Standard mermaid c4Diagram parser bundle; minified parser tables are expected, not malicious. | ai | |
| source-diff | net-exec-file:dist/ConnectedDataExplorerComponent-PmilQqXR.js | AI (source-diff): Data explorer component using vega/network calls for data loading; no malicious payload pattern. | ai | |
| source-diff | obfuscated-file:dist/code-visibility-DNiCvIcQ.js | AI (source-diff): Standard Vite minified bundle output; consistent with marimo's build pipeline across versions. | ai | |
| source-diff | obfuscated-file:dist/glide-data-editor-CvlvtPWJ.js | AI (source-diff): Standard Vite minified bundle output for glide-data-grid component. | ai | |
| source-diff | obfuscated-file:dist/html-to-image-hMMPiNe_.js | AI (source-diff): Standard Vite minified bundle output for html-to-image component. | ai | |
| source-diff | obfuscated-file:dist/input-BAOe64zx.js | AI (source-diff): Standard Vite minified bundle output for input component. | ai | |
| source-diff | obfuscated-file:dist/reveal-component-BSwl7P64.js | AI (source-diff): Standard Vite minified bundle output for reveal.js component. | ai | |
| source-diff | obfuscated-file:dist/assets/worker-Bfy15ViQ.js | AI (source-diff): Standard Vite minified web worker bundle; RPC transport pattern is normal for worker communication. | ai | |
| source-diff | net-exec-file:dist/assets/worker-Bfy15ViQ.js | AI (source-diff): Web worker with RPC transport; network+exec pattern is expected for worker communication. | ai | |
| phantom-deps | phantom-dep:@types/humanize-duration | AI (phantom-deps): Type-only dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:htm | AI (phantom-deps): Build/config-referenced dep in a large monorepo; stable false positive. | ai | |
| phantom-deps | phantom-dep:tailwindcss-animate | AI (phantom-deps): CSS build plugin; config-only reference. | ai | |
| phantom-deps | phantom-dep:@tailwindcss/postcss | AI (phantom-deps): PostCSS plugin; config-only reference. | ai | |
| phantom-deps | phantom-dep:@tailwindcss/typography | AI (phantom-deps): Tailwind plugin; config-only reference. | ai | |
| phantom-deps | phantom-dep:@codemirror/theme-one-dark | AI (phantom-deps): Config-referenced theme; stable false positive. | ai | |
| phantom-deps | phantom-dep:@types/jsdom | AI (phantom-deps): Type-only dep; framework-scoped, stable false positive. | ai | |
| phantom-deps | phantom-dep:@types/js-cookie | AI (phantom-deps): Type-only dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:loro-codemirror | AI (phantom-deps): Config-referenced; stable false positive. | ai | |
| phantom-deps | phantom-dep:vscode-jsonrpc | AI (phantom-deps): Config-referenced LSP dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:react-markdown | AI (phantom-deps): Config-referenced; stable false positive. | ai | |
| phantom-deps | phantom-dep:@mui/material | AI (phantom-deps): Config-referenced UI dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:vega-parser | AI (phantom-deps): Config-referenced vega dep; stable false positive. | ai | |
| phantom-deps | phantom-dep:remark-gfm | AI (phantom-deps): Config-referenced markdown plugin; stable false positive. | ai | |
| phantom-deps | phantom-dep:js-cookie | AI (phantom-deps): Config-referenced; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@lezer/lr | AI (phantom-deps): CodeMirror build dep; config-only reference. | ai | |
| phantom-deps | phantom-dep:cssnano | AI (phantom-deps): PostCSS build tool; config-only reference, not a runtime import. | ai | |
| source-diff | obfuscated-file:dist/code-visibility-DSoiGc1g.js | AI (source-diff): Standard Vite/Rollup minified bundle output; samples show readable ES module imports, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/reveal-component-BamtQ9kx.js | AI (source-diff): Standard Vite/Rollup minified bundle output; samples show readable ES module imports, not malicious obfuscation. | ai | |
| source-diff | encoded-string-file:dist/main.js | AI (source-diff): UMALQURA_DATA is a known Islamic calendar lookup table from @internationalized/date; not a malicious payload. | ai | |
| semgrep | semgrep:etc-passwd-access | AI (semgrep): Appears in a test file checking that /etc/passwd URLs are blocked by URL sanitization logic — not credential harvesting. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): Fires in test fixtures for IP URL handling tests, not production network calls. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get used in a test proxy to validate hotkey configuration — standard JS pattern, not obfuscation. | ai | |
| install-scripts | install-script:preinstall | AI (install-scripts): only-allow pnpm is a standard package manager enforcement script, not malicious. | ai |
Versions (showing 15 of 15)
| Version | Deps | Published |
|---|---|---|
| 0.23.8 | 142 / 42 | |
| 0.23.7 | 142 / 42 | |
| 0.23.6 | 142 / 42 | |
| 0.23.5 | 142 / 42 | |
| 0.23.4 | 142 / 42 | |
| 0.23.3 | 142 / 42 | |
| 0.23.2 | 142 / 42 | |
| 0.23.1 | 140 / 42 | |
| 0.23.0 | 140 / 42 | |
| 0.22.5 | 140 / 42 | |
| 0.22.4 | 140 / 42 | |
| 0.22.3 | 140 / 42 | |
| 0.22.2 | 140 / 42 | |
| 0.22.1 | 140 / 42 | |
| 0.22.0 | 163 / 52 |
v0.23.8
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.23.7
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.23.6
9 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.23.5
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Modified file contains 1 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.23.3
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.23.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.23.1
10 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.23.0
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.5
3 findingsNewly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.3
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.2
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.1
2 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.