@memberjunction/ng-artifacts

MemberJunction: Artifact viewer plugin system for rendering different artifact types (JSON, Code, Markdown, HTML, SVG, Components)

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

craig.adam.bcethan-bcjordanfanapourcaeleb.balanesiianzygmuntanag123hiltongrjosue-garcia-bcrkihm-bc

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/lib/components/plugins/image-artifact-viewer.component.js	AI (source-diff): Angular compiler output (ivy template functions, decorators); long lines are normal for ngc-compiled dist files in this package.	ai	2026/05/31
maintainer-change	maintainer-added	AI (maintainer-change): Package published via GitHub Actions with SLSA provenance; maintainer addition consistent with org growth, not compromise.	ai	2026/05/12
source-diff	obfuscated-file:dist/lib/components/plugins/component-feedback-panel/component-feedback-panel.component.js	AI (source-diff): Angular ngc compiled output; long lines are template factory functions, not obfuscation. Stable pattern for this package.	ai	2026/05/07
publish-pattern	new-deps-added	AI (publish-pattern): New dep is same-org @memberjunction scoped package at matching version; consistent with monorepo release pattern.	ai	2026/05/07
source-diff	obfuscated-file:dist/lib/components/plugins/save-query-dialog.component.js	AI (source-diff): Angular ngc compiler output; same pattern as above.	ai	2026/05/07
source-diff	obfuscated-file:dist/lib/components/plugins/data-artifact-viewer.component.js	AI (source-diff): Angular ngc compiler output; long lines are inline template functions, not obfuscation. Stable pattern for this package.	ai	2026/05/07
dependencies	unvetted-peer-dep:ag-grid-angular	AI (dependencies): Peer dependency; consumer app responsible for vetting. Stable constraint.	ai	2026/05/07
source-diff	obfuscated-file:dist/lib/components/plugins/data-requirements-viewer/data-requirements-viewer.component.js	AI (source-diff): Angular ngc compiled output; long lines are standard ivy template instructions, not obfuscation.	ai	2026/05/05
dependencies	unvetted-dep:xlsx	AI (dependencies): xlsx is a standard spreadsheet library; its use is consistent with this artifact-viewer package's document-rendering purpose.	ai	2026/05/01
phantom-deps	phantom-dep:marked	AI (phantom-deps): Config-referenced markdown parser; stable pattern for this package.	ai	2026/05/01
dependencies	unvetted-dep:@memberjunction/ng-notifications	AI (dependencies): Same-org sibling package, pinned to matching version.	ai	2026/04/29
dependencies	unvetted-dep:@memberjunction/ng-export-service	AI (dependencies): Same-org sibling package, pinned to matching version.	ai	2026/04/29
dependencies	unvetted-dep:@memberjunction/ng-shared-generic	AI (dependencies): Same-org sibling package, pinned to matching version.	ai	2026/04/29
dependencies	unvetted-dep:@memberjunction/graphql-dataprovider	AI (dependencies): Same-org sibling package, pinned to matching version.	ai	2026/04/29
dependencies	unvetted-dep:@memberjunction/core	AI (dependencies): Same-org sibling package, pinned to matching version; stable pattern across this monorepo.	ai	2026/04/29
phantom-deps	phantom-dep:tslib	AI (phantom-deps): tslib is a well-known Angular/TypeScript implicit runtime dep; not a real phantom.	ai	2026/04/29
phantom-deps	phantom-dep:@angular/cdk	AI (phantom-deps): Angular CDK loaded by convention in Angular libraries; stable false positive.	ai	2026/04/29
phantom-deps	phantom-dep:@memberjunction/ng-base-types	AI (phantom-deps): Same-org dep; phantom detection is a false positive for monorepo packages.	ai	2026/04/29
phantom-deps	phantom-dep:@memberjunction/ng-export-service	AI (phantom-deps): Same-org dep; phantom detection is a false positive for monorepo packages.	ai	2026/04/29
dependencies	unvetted-dep:@memberjunction/interactive-component-types	AI (dependencies): Same-org sibling package, pinned to matching version.	ai	2026/04/29
dependencies	unvetted-dep:@memberjunction/global	AI (dependencies): Same-org sibling package, pinned to matching version.	ai	2026/04/29
dependencies	unvetted-dep:@memberjunction/ng-react	AI (dependencies): Same-org sibling package, pinned to matching version.	ai	2026/04/29
dependencies	unvetted-dep:@memberjunction/ng-trees	AI (dependencies): Same-org sibling package, pinned to matching version.	ai	2026/04/29
dependencies	unvetted-dep:@memberjunction/ng-markdown	AI (dependencies): Same-org sibling package, pinned to matching version.	ai	2026/04/29
dependencies	unvetted-dep:@memberjunction/core-entities	AI (dependencies): Same-org sibling package, pinned to matching version.	ai	2026/04/29
dependencies	unvetted-dep:@memberjunction/ng-base-types	AI (dependencies): Same-org sibling package, pinned to matching version.	ai	2026/04/29
dependencies	unvetted-dep:@memberjunction/ng-pagination	AI (dependencies): Same-org sibling package, pinned to matching version.	ai	2026/04/29
dependencies	unvetted-dep:@memberjunction/ng-code-editor	AI (dependencies): Same-org sibling package, pinned to matching version.	ai	2026/04/29
dependencies	unvetted-dep:@memberjunction/ng-query-viewer	AI (dependencies): Same-org sibling package, pinned to matching version.	ai	2026/04/29

Versions (showing 51 of 76)

View all versions

Version	Deps	Published
5.38.0	24 / 4	2026-05-30
5.37.0	22 / 4	2026-05-24
5.34.0	22 / 4	2026-05-14
5.33.0	22 / 4	2026-05-08
5.32.0	22 / 4	2026-05-04
5.31.0	22 / 4	2026-05-03
5.30.1	22 / 4	2026-04-27
5.30.0	22 / 4	2026-04-27
5.29.0	22 / 4	2026-04-22
5.28.0	22 / 4	2026-04-20
5.27.1	22 / 4	2026-04-19
5.27.0	22 / 4	2026-04-18
5.26.0	22 / 4	2026-04-13
5.25.0	22 / 4	2026-04-13
5.24.0	18 / 4	2026-04-07
5.23.0	18 / 4	2026-04-04
5.22.0	18 / 4	2026-04-02
5.21.0	19 / 4	2026-03-29
5.20.0	19 / 4	2026-03-27
5.19.0	19 / 4	2026-03-27
5.18.0	19 / 4	2026-03-26
5.17.0	19 / 4	2026-03-24
5.16.0	19 / 4	2026-03-24
5.15.0	19 / 4	2026-03-23
5.14.0	19 / 4	2026-03-20
5.13.0	19 / 4	2026-03-17
5.12.0	19 / 4	2026-03-16
5.11.0	18 / 4	2026-03-12
5.10.1	18 / 4	2026-03-11
5.10.0	18 / 4	2026-03-10
5.9.0	18 / 4	2026-03-08
5.8.0	18 / 4	2026-03-06
5.7.0	18 / 4	2026-03-04
5.6.0	18 / 4	2026-03-03
5.5.0	18 / 4	2026-03-02
5.4.1	18 / 4	2026-02-27
5.4.0	18 / 4	2026-02-27
5.3.1	18 / 4	2026-02-24
5.3.0	18 / 4	2026-02-24
5.2.0	18 / 4	2026-02-20
5.1.0	15 / 4	2026-02-18
4.4.0	15 / 4	2026-02-12
4.3.1	15 / 4	2026-02-12
4.3.0	15 / 4	2026-02-12
4.2.0	15 / 3	2026-02-10
4.1.0	15 / 3	2026-02-09
3.4.0	15 / 3	2026-02-01
3.3.0	15 / 3	2026-01-27
3.2.0	15 / 3	2026-01-22
3.1.1	15 / 3	2026-01-22
3.1.0	15 / 3	2026-01-21

v5.38.0

2 findings

HIGH New obfuscated file: dist/lib/components/plugins/image-artifact-viewer.component.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.37.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.34.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.33.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.32.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.31.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.30.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.29.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.28.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.27.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.27.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.26.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.25.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.24.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.23.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.22.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.21.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.20.0

5 findings

HIGH New obfuscated file: dist/lib/components/plugins/component-feedback-panel/component-feedback-panel.component.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/lib/components/plugins/data-artifact-viewer.component.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/lib/components/plugins/data-requirements-viewer/data-requirements-viewer.component.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/lib/components/plugins/save-query-dialog.component.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v5.19.0