@matter-server/dashboard
Dashboard for OHF Matter Server
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:dist/web/js/fire_event-DmJTXjDw.js | AI (source-diff): Minified rollup bundle output; license headers and readable structure confirm legitimate build artifact. | ai | |
| source-diff | net-exec-file:dist/web/js/matter-dashboard-app-CRf1z2eY.js | AI (source-diff): Network calls and dynamic patterns are standard frontend dashboard behavior, not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:dist/web/js/matter-dashboard-app-CRf1z2eY.js | AI (source-diff): Minified rollup bundle output; Apache-2.0 headers and readable code structure confirm legitimate build artifact. | ai | |
| source-diff | obfuscated-file:dist/web/js/matter-dashboard-app-XUWBcruM.js | AI (source-diff): Standard Rollup bundle with Apache-2.0 licensed OSS code; minification is expected for this frontend dashboard package. | ai | |
| source-diff | net-exec-file:dist/web/js/matter-dashboard-app-XUWBcruM.js | AI (source-diff): Network calls and dynamic patterns are part of the Matter IoT dashboard UI bundle, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/web/js/fire_event-CChLgSiV.js | AI (source-diff): Standard Rollup bundle of Lit/Material Web components; minified output is expected for this frontend dashboard package. | ai | |
| source-diff | obfuscated-file:dist/web/js/settings-dialog-BZwpJ82T.js | AI (source-diff): Standard Rollup-minified frontend bundle with Apache-2.0 license headers; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/web/js/fire_event-CfuDUSb7.js | AI (source-diff): Standard Rollup-minified frontend bundle with Apache-2.0 license headers; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/web/js/matter-dashboard-app-Dh-6FL-7.js | AI (source-diff): Standard Rollup-minified frontend bundle with Apache-2.0 license headers; not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/web/js/matter-dashboard-app-Dh-6FL-7.js | AI (source-diff): Dashboard app bundle legitimately makes network calls (WebSocket client) and uses dynamic patterns typical of Lit/web-components; no dropper behavior evident. | ai | |
| source-diff | net-exec-file:dist/web/js/matter-dashboard-app-CsfodxrZ.js | AI (source-diff): Network calls and dynamic code in a dashboard web app bundle are expected; no dropper/loader indicators in sampled code. | ai | |
| source-diff | obfuscated-file:dist/web/js/fire_event-CHUm89fP.js | AI (source-diff): Rollup-bundled frontend chunk with readable, license-attributed code; long lines are minification artifacts. | ai | |
| source-diff | obfuscated-file:dist/web/js/settings-dialog-D6XV-qva.js | AI (source-diff): Rollup-bundled settings dialog chunk; readable, license-attributed, expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/web/js/matter-dashboard-app-CsfodxrZ.js | AI (source-diff): Main Rollup bundle for dashboard app; readable code with proper OSS license headers. | ai | |
| source-diff | obfuscated-file:dist/web/js/matter-dashboard-app-C9zTE5uH.js | AI (source-diff): Rollup+Terser minified bundle output; standard for this dashboard package across versions. | ai | |
| source-diff | net-exec-file:dist/web/js/matter-dashboard-app-C9zTE5uH.js | AI (source-diff): Network calls and dynamic code in a browser dashboard bundle are expected; no dropper pattern evident in sampled code. | ai | |
| source-diff | obfuscated-file:dist/web/js/settings-dialog-BMFhom0W.js | AI (source-diff): Rollup+Terser minified bundle output; standard for this dashboard package across versions. | ai | |
| source-diff | obfuscated-file:dist/web/js/fire_event-BPhROjTC.js | AI (source-diff): Rollup+Terser minified bundle output; standard for this dashboard package across versions. | ai | |
| source-diff | obfuscated-file:dist/web/js/matter-dashboard-app-mEIOY8EU.js | AI (source-diff): Standard Rollup minified bundle output; readable licensed component code, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web/js/settings-dialog-O59ya3fT.js | AI (source-diff): Standard Rollup minified bundle output; readable licensed component code, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/web/js/matter-dashboard-app-mEIOY8EU.js | AI (source-diff): Network calls and dynamic code in a dashboard web app bundle are expected; no dropper/loader patterns visible. | ai | |
| source-diff | obfuscated-file:dist/web/js/fire_event-B6A87_wN.js | AI (source-diff): Standard Rollup minified bundle output; readable licensed component code, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web/js/fire_event-BstgNPuh.js | AI (source-diff): Standard Rollup minified bundle output for a web dashboard; not obfuscated malware. | ai | |
| source-diff | net-exec-file:dist/web/js/matter-dashboard-app-Cj88TtbZ.js | AI (source-diff): Network calls and dynamic code in a web dashboard bundle are expected; no dropper/loader pattern visible in samples. | ai | |
| source-diff | obfuscated-file:dist/web/js/settings-dialog-Cs2xMsXb.js | AI (source-diff): Standard Rollup minified bundle output for a web dashboard; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/web/js/matter-dashboard-app-Cj88TtbZ.js | AI (source-diff): Standard Rollup minified bundle output for a web dashboard; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/web/js/fire_event-2ZxL-AHZ.js | AI (source-diff): Minified Rollup bundle chunk for a web dashboard; content-addressed filename is standard Rollup output. Sample shows legitimate Google LLC licensed web component code. | ai | |
| source-diff | obfuscated-file:dist/web/js/log-level-dialog-D4hubdib.js | AI (source-diff): Minified Rollup bundle chunk; sample shows standard Material Web component patterns with proper Apache-2.0/BSD-3-Clause license headers. Expected build artifact. | ai | |
| source-diff | obfuscated-file:dist/web/js/matter-dashboard-app-BtHTmAPq.js | AI (source-diff): Main 2.1MB Rollup bundle for the dashboard web app. Sample shows readable Open Home Foundation / Google LLC licensed code. Minification via @rollup/plugin-terser is documented in package.json. | ai | |
| source-diff | net-exec-file:dist/web/js/matter-dashboard-app-BtHTmAPq.js | AI (source-diff): Network calls and dynamic patterns in a 2.1MB web dashboard bundle are expected (WebSocket/fetch for Matter Server UI). No dropper/loader indicators in the sample; SLSA provenance attestation confirms CI/CD build integrity. | ai | |
| source-diff | net-exec-file:dist/web/js/matter-dashboard-app-CJAvDfru.js | AI (source-diff): Frontend web app bundle legitimately contains network calls (WebSocket/fetch to Matter server) and dynamic patterns. SLSA provenance confirms clean CI build. Not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/web/js/matter-dashboard-app-CJAvDfru.js | AI (source-diff): Main 2.1MB Rollup bundle for a web dashboard; contains readable OHF/Google licensed code. Minification by design, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web/js/log-level-dialog-Dlvacuei.js | AI (source-diff): Rollup+terser bundled frontend chunk; code is readable Apache-2.0 licensed Material Web components. Expected minification artifact. | ai | |
| source-diff | obfuscated-file:dist/web/js/fire_event-CpzR8zJR.js | AI (source-diff): Rollup+terser bundled frontend web app; long lines are minified but readable Google Material Web component code. Not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web/js/log-level-dialog-C8ShKyM-.js | AI (source-diff): Standard minified Rollup bundle output for a web dashboard SPA. Code samples show legitimate Apache-2.0 licensed Material Web / Lit components. | ai | |
| source-diff | obfuscated-file:dist/web/js/matter-dashboard-app-RhdgrsIF.js | AI (source-diff): Main SPA bundle; minified output is expected. Code samples show OHF/Google/Lit licensed code. SLSA provenance attestation confirms build integrity. | ai | |
| source-diff | net-exec-file:dist/web/js/matter-dashboard-app-RhdgrsIF.js | AI (source-diff): A web dashboard SPA bundle legitimately contains both network calls (WebSocket/fetch to Matter server) and dynamic rendering (Lit/web components). Not a dropper pattern. | ai | |
| source-diff | obfuscated-file:dist/web/js/fire_event-BrFXV5bJ.js | AI (source-diff): This package ships a Rollup-bundled web dashboard SPA; minified JS output in dist/web/js/ is expected and benign. SLSA provenance attestation confirms CI/CD build integrity. | ai | |
| source-diff | obfuscated-file:dist/web/js/log-level-dialog-BheZgiD2.js | AI (source-diff): Minified/bundled frontend JS for a web dashboard app. Code samples show legitimate Apache-2.0/BSD licensed Material Web component code. Standard Rollup build output. | ai | |
| source-diff | obfuscated-file:dist/web/js/fire_event-DTKKR48v.js | AI (source-diff): Minified/bundled frontend JS for a web dashboard app. Code samples show legitimate Apache-2.0/BSD licensed UI component code. Content-hashed filenames are standard Rollup build output. | ai | |
| source-diff | net-exec-file:dist/web/js/matter-dashboard-app-Dq3JvQBw.js | AI (source-diff): Frontend dashboard app legitimately makes network calls (WebSocket to Matter server) and renders dynamic UI. Not dropper/loader behavior. SLSA provenance confirms CI/CD build integrity. | ai | |
| source-diff | obfuscated-file:dist/web/js/matter-dashboard-app-Dq3JvQBw.js | AI (source-diff): Main 2.1MB bundled frontend app JS. Code samples show legitimate Open Home Foundation / Google LLC licensed code. Standard Rollup build output for a dashboard app. | ai | |
| source-diff | obfuscated-file:dist/web/js/matter-dashboard-app-B7GUghkC.js | AI (source-diff): Minified Rollup bundle of legitimate frontend code (Material Web, LitElement, OHF dashboard). Long lines are standard build artifact, not obfuscation. SLSA provenance confirmed. | ai | |
| source-diff | obfuscated-file:dist/web/js/log-level-dialog-TXkma-7Z.js | AI (source-diff): Minified Rollup chunk containing Google LLC Apache-2.0 Material Web components. Standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/web/js/fire_event-DRpOSjJR.js | AI (source-diff): Minified Rollup chunk with Google LLC Apache-2.0 Material Web progress components. Standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/web/js/outlined-text-field-D1DyKQY-.js | AI (source-diff): Minified Rollup chunk with Google LLC Apache-2.0 Material Web text field styles. Standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/web/js/prevent_default-BPgSQsuY.js | AI (source-diff): Minified Rollup chunk with Google LLC Apache-2.0 event dispatching utilities. Standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/web/js/validator-C735j770.js | AI (source-diff): Minified Rollup chunk with Google LLC Apache-2.0 Material Web form validation components. Standard build artifact. | ai | |
| source-diff | obfuscated-file:dist/web/js/log-level-dialog-Cr3PfX1X.js | AI (source-diff): Standard Rollup+Terser minified frontend bundle. Sample shows readable Material Web component code with Apache-2.0 license headers. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web/js/matter-dashboard-app-BuCe_Jxf.js | AI (source-diff): Standard Rollup+Terser minified frontend bundle for a web dashboard. Samples show readable Lit/Material Web component code with proper license headers. Not obfuscation. | ai | |
| source-diff | net-exec-file:dist/web/js/matter-dashboard-app-BuCe_Jxf.js | AI (source-diff): Main application bundle for a web dashboard. Network calls and dynamic code execution are expected in frontend web app bundles. Sample shows standard Lit web component code, not malware. | ai | |
| source-diff | obfuscated-file:dist/web/js/prevent_default-D4FX_PIh.js | AI (source-diff): Standard Rollup+Terser minified frontend bundle. Sample shows readable Material Web dialog animation code with Apache-2.0 license headers. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web/js/fire_event-BczBMT8E.js | AI (source-diff): Standard Rollup+Terser minified frontend bundle. Sample shows readable Lit/Material Web component code with Apache-2.0 license headers. Not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web/js/matter-dashboard-app-Dr-IYMsD.js | AI (source-diff): Main Rollup bundle chunk for the dashboard app; contains Open Home Foundation and Google LLC licensed code. Standard minified frontend output. | ai | |
| source-diff | obfuscated-file:dist/web/js/log-level-dialog-BVxKJJ49.js | AI (source-diff): Minified Rollup bundle output; content is recognizable Material Web/Lit component code with Apache-2.0 license headers. Not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/web/js/fire_event-oVtV3_P5.js | AI (source-diff): Minified Rollup bundle output for a web dashboard; long lines are CSS-in-JS and minified Material Web components, not obfuscation. SLSA provenance confirms CI build. | ai | |
| source-diff | obfuscated-file:dist/web/js/validator-muF28wYx.js | AI (source-diff): Minified Rollup chunk for form validation components; recognizable Lit/Material Web Field class. Not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/web/js/prevent_default-tLhqZmsK.js | AI (source-diff): Minified Rollup chunk containing redispatchEvent and Material Web animation utilities. Standard bundled frontend code. | ai | |
| source-diff | obfuscated-file:dist/web/js/outlined-text-field-BVcHUxiS.js | AI (source-diff): Minified Material Web outlined text field component bundle; CSS custom properties in template literals cause long lines. Not obfuscated. | ai | |
| source-diff | obfuscated-file:dist/web/js/matter-dashboard-app-CrBHT4fT.js | AI (source-diff): Standard Rollup/Vite minified bundle output for a web dashboard. Samples show readable licensed code with no obfuscation. Long lines are from bundler output, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web/js/log-level-dialog-Bc32kZVw.js | AI (source-diff): Standard Rollup/Vite minified bundle output. Samples show Lit/Material Web component code with Apache-2.0 license headers. Not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web/js/fire_event-mDYWi2sw.js | AI (source-diff): Standard Rollup/Vite minified bundle output. Samples show Google Material Web progress component code with proper license headers. | ai | |
| source-diff | net-exec-file:dist/web/js/matter-dashboard-app-CrBHT4fT.js | AI (source-diff): Web dashboard app bundle legitimately makes network calls (WebSocket to Matter server) and uses dynamic rendering (Lit templates). Not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:dist/web/js/fire_event-B13DcOc9.js | AI (source-diff): Rollup-bundled Material Web / Lit component code with license headers; minified long lines are expected build output, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web/js/matter-dashboard-app-CU3-L2nl.js | AI (source-diff): Main Rollup bundle for the dashboard app; minified output from a documented build pipeline, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:dist/web/js/outlined-text-field-CtlEkpbk.js | AI (source-diff): Rollup-bundled Material Web text field component with Apache-2.0 license headers; minification is expected for this package. | ai | |
| source-diff | obfuscated-file:dist/web/js/prevent_default-Dw7ifAL-.js | AI (source-diff): Rollup-bundled utility file with clear, readable event dispatch logic and Apache-2.0 license; long lines are from minification, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web/js/matter-dashboard-app-D7YWrgXj.js | AI (source-diff): Hashed-filename bundler output (Rollup/Vite) for a web dashboard app. Samples show readable Apache-2.0/BSD-3-Clause licensed code. Long lines are standard minified bundle output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web/js/log-level-dialog-J0gFiLLM.js | AI (source-diff): Hashed-filename bundler output for a web dashboard app. Samples show readable Material Web Components code with proper license headers. Standard minified bundle, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web/js/fire_event-B63oGTcK.js | AI (source-diff): Hashed-filename bundler output for a web dashboard app. Samples show readable Lit/Material Web Components code with Apache-2.0 license headers. Standard minified bundle, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/web/js/matter-dashboard-app-D7YWrgXj.js | AI (source-diff): Web dashboard app bundle naturally contains network calls (WebSocket to Matter Server) and dynamic rendering (Lit web components). Not dropper/loader malware — expected behavior for this package type. | ai | |
| source-diff | obfuscated-file:dist/web/js/outlined-text-field-DwmSQzCx.js | AI (source-diff): Minified Rollup/Vite build artifact with Google LLC Apache-2.0 licensed Material Web component code. Standard frontend bundle output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web/js/matter-dashboard-app-BrrI804e.js | AI (source-diff): Minified Rollup/Vite build artifact with Open Home Foundation / Google LLC Apache-2.0 licensed code. Standard frontend bundle output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web/js/log-level-dialog-CO5YoPgN.js | AI (source-diff): Minified Rollup/Vite build artifact with Google LLC Apache-2.0 licensed Material Web component code. Standard frontend bundle output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web/js/fire_event-CtgWQuh0.js | AI (source-diff): Minified Rollup/Vite build artifact with Google LLC Apache-2.0 licensed Material Web component code. Standard frontend bundle output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web/js/prevent_default-BCNFIsLL.js | AI (source-diff): Minified Rollup/Vite build artifact with Google LLC Apache-2.0 licensed Material Web component code. Standard frontend bundle output, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/web/js/validator-DpwNYslY.js | AI (source-diff): Minified Rollup/Vite build artifact with Google LLC Apache-2.0 licensed Material Web component code. Standard frontend bundle output, not obfuscation. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Frontend dashboard app that ships bundled dist artifacts; growth in file count between versions is expected for a web UI package. | ai | |
| source-diff | obfuscated-file:dist/web/js/matter-dashboard-app-Dpr9EPlS.js | AI (source-diff): Standard Rollup-bundled frontend app with legitimate copyright headers (Google LLC, Open Home Foundation). Minification is expected for a web dashboard build artifact. | ai | |
| source-diff | net-exec-file:dist/web/js/matter-dashboard-app-Dpr9EPlS.js | AI (source-diff): Frontend dashboard app bundle; network calls are WebSocket client for Matter server, dynamic execution is standard DOM/web component patterns. SLSA provenance confirms legitimate CI build. | ai | |
| source-diff | obfuscated-file:dist/web/js/log-level-dialog-ChcYXgfz.js | AI (source-diff): Bundled Lit/Material Web component code with legitimate copyright headers. Standard minified frontend build output. | ai | |
| source-diff | obfuscated-file:dist/web/js/fire_event-D_gZK7cY.js | AI (source-diff): Bundled Material Web component code with Apache-2.0 Google LLC copyright. Standard minified frontend build output. | ai | |
| source-diff | obfuscated-file:dist/web/js/fire_event-DeIob0oA.js | AI (source-diff): Frontend dashboard package ships Rollup-bundled JS chunks; minified lines are expected build output, not obfuscation. SLSA provenance confirms CI/CD origin. | ai | |
| source-diff | obfuscated-file:dist/web/js/log-level-dialog-80vv5QbH.js | AI (source-diff): Bundled Material Web / Lit component chunk with proper Apache-2.0/BSD license headers. Minification is expected for this frontend dashboard package. | ai | |
| source-diff | obfuscated-file:dist/web/js/matter-dashboard-app-CQLky8BQ.js | AI (source-diff): Main Rollup bundle for the dashboard app. Sample shows legitimate OHF/Google-licensed code. Minified output is expected; SLSA provenance confirms build integrity. | ai | |
| source-diff | net-exec-file:dist/web/js/matter-dashboard-app-CQLky8BQ.js | AI (source-diff): Frontend dashboard bundle legitimately contains network calls (WebSocket/fetch for Matter server) and dynamic patterns (Lit rendering). Not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:dist/web/js/log-level-dialog-Cli8wukh.js | AI (source-diff): Rollup-bundled web UI asset with readable Material Web component code and Google LLC Apache-2.0 headers. Standard minified bundle output for this dashboard package. | ai | |
| source-diff | net-exec-file:dist/web/js/matter-dashboard-app-nMzexef3.js | AI (source-diff): A Matter server dashboard necessarily makes WebSocket network calls and uses dynamic JS patterns (Lit templates). Network+exec in a web UI bundle is expected, not malicious. | ai | |
| source-diff | obfuscated-file:dist/web/js/matter-dashboard-app-nMzexef3.js | AI (source-diff): Main Rollup bundle for the dashboard web app. Sample shows readable, licensed code from Open Home Foundation and Google. Long lines are expected minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/web/js/fire_event-BL-qtWHq.js | AI (source-diff): Rollup-bundled web UI asset with readable code and Apache-2.0 license headers. Long lines are minification artifacts, not obfuscation. Stable pattern for this dashboard package. | ai | |
| source-diff | obfuscated-file:dist/web/js/log-level-dialog-Bpt-9T42.js | AI (source-diff): Minified Rollup/Vite bundle output for a web dashboard SPA. Long lines are standard bundler output, not obfuscation. SLSA provenance confirms legitimate CI/CD build. | ai | |
| source-diff | net-exec-file:dist/web/js/matter-dashboard-app-D9iOhimm.js | AI (source-diff): Web SPA bundle inherently combines network calls (API) and dynamic rendering. No dropper/loader patterns visible in samples. SLSA provenance confirms legitimate build. | ai | |
| source-diff | obfuscated-file:dist/web/js/matter-dashboard-app-D9iOhimm.js | AI (source-diff): Minified Rollup/Vite bundle output for a web dashboard SPA. Long lines are standard bundler output, not obfuscation. SLSA provenance confirms legitimate CI/CD build. | ai | |
| source-diff | obfuscated-file:dist/web/js/fire_event-ZsNu_mOn.js | AI (source-diff): Minified Rollup/Vite bundle output for a web dashboard SPA. Long lines are standard bundler output, not obfuscation. SLSA provenance confirms legitimate CI/CD build. | ai | |
| source-diff | obfuscated-file:dist/web/js/matter-dashboard-app-DwI2RvT1.js | AI (source-diff): Standard Rollup-bundled web frontend output containing Lit framework and context API code (BSD-3-Clause). Normal minified bundle for a web dashboard package. | ai | |
| source-diff | obfuscated-file:dist/web/js/prevent_default--haJaAsZ.js | AI (source-diff): Standard Rollup-bundled web utility code (redispatchEvent helper). Apache-2.0 licensed, no malicious patterns, normal bundler output. | ai | |
| source-diff | obfuscated-file:dist/web/js/outlined-text-field-DeeCilzP.js | AI (source-diff): Standard Rollup-bundled Material Web Components text field. Apache-2.0 licensed Google code, normal minified bundle output. | ai | |
| source-diff | obfuscated-file:dist/web/js/fire_event-CdvT7FSP.js | AI (source-diff): Standard Rollup-bundled web frontend output with Google Material Web Components (Apache-2.0). Content-hashed filenames are normal bundler output. No malicious patterns. | ai | |
| dependencies | unvetted-dep:vis-network | AI (dependencies): vis-network is a popular, established network visualization library. No security concerns; unvetted status reflects registry gap only. | ai | |
| dependencies | unvetted-dep:@material/web | AI (dependencies): @material/web is Google's Material Design web components library. No security concerns; unvetted status reflects registry gap only. | ai | |
| dependencies | unvetted-dep:lit | AI (dependencies): lit is Google's official web components library, widely used and well-maintained. No security concerns; unvetted status is a registry gap, not a risk signal. | ai | |
| provenance | slsa-provenance | AI (provenance): Package is consistently published via GitHub Actions CI/CD with Sigstore SLSA provenance attestation — stable supply chain integrity signal for this package. | ai | |
| phantom-deps | phantom-dep:@matter-server/custom-clusters | AI (phantom-deps): Same-org monorepo sibling package; phantom dep finding is expected and benign in a monorepo context. | ai | |
| phantom-deps | phantom-dep:tslib | AI (phantom-deps): tslib is a well-known implicit TypeScript runtime dependency; its presence as a phantom dep is expected and benign for TypeScript-compiled packages. | ai |
Versions (showing 50 of 50)
| Version | Deps | Published |
|---|---|---|
| 0.7.1 | 8 / 11 | |
| 0.7.0 | 8 / 11 | |
| 0.6.8 | 8 / 11 | |
| 0.6.7 | 8 / 11 | |
| 0.6.6 | 8 / 11 | |
| 0.6.5 | 8 / 11 | |
| 0.6.4 | 8 / 11 | |
| 0.6.3 | 8 / 11 | |
| 0.6.2 | 8 / 11 | |
| 0.6.1 | 8 / 11 | |
| 0.6.0 | 8 / 11 | |
| 0.5.15 | 8 / 11 | |
| 0.5.14 | 8 / 11 | |
| 0.5.13 | 8 / 11 | |
| 0.5.12 | 8 / 11 | |
| 0.5.11 | 8 / 11 | |
| 0.5.10 | 8 / 11 | |
| 0.5.9 | 8 / 11 | |
| 0.5.8 | 8 / 11 | |
| 0.5.7 | 8 / 11 | |
| 0.5.6 | 8 / 11 | |
| 0.5.5 | 8 / 11 | |
| 0.5.4 | 8 / 11 | |
| 0.5.3 | 8 / 11 | |
| 0.5.2 | 8 / 11 | |
| 0.5.1 | 8 / 11 | |
| 0.5.0 | 8 / 11 | |
| 0.4.3 | 8 / 11 | |
| 0.4.2 | 8 / 11 | |
| 0.4.1 | 8 / 11 | |
| 0.4.0 | 8 / 11 | |
| 0.3.8 | 8 / 11 | |
| 0.3.7 | 8 / 11 | |
| 0.3.6 | 8 / 11 | |
| 0.3.5 | 8 / 11 | |
| 0.3.4 | 8 / 11 | |
| 0.3.3 | 8 / 11 | |
| 0.3.2 | 7 / 11 | |
| 0.3.1 | 7 / 11 | |
| 0.3.0 | 7 / 11 | |
| 0.2.9 | 7 / 11 | |
| 0.2.8 | 7 / 11 | |
| 0.2.7 | 7 / 11 | |
| 0.2.6 | 7 / 11 | |
| 0.2.5 | 7 / 11 | |
| 0.2.4 | 7 / 11 | |
| 0.2.3 | 6 / 11 | |
| 0.2.2 | 6 / 11 | |
| 0.2.1 | 6 / 11 | |
| 0.2.0 | 6 / 11 |
v0.7.1
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.7.0
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.8
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.7
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.6
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.5
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.4
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.3
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.2
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.6.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.14
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.13
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.12
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.11
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.10
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.9
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.8
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.