@midscene/android-playground
Android playground for Midscene
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | net-exec-file:static/static/js/index.6ac408f8.js | AI (source-diff): Network calls and dynamic requires are part of the bundled React frontend; no dropper behavior present. | ai | |
| source-diff | obfuscated-file:static/static/js/index.6ac408f8.js | AI (source-diff): Standard webpack/Rslib minified SPA bundle for the playground UI; not malicious obfuscation. | ai | |
| source-diff | net-exec-file:static/static/js/index.bbc0e3c8.js | AI (source-diff): Network calls and dynamic requires are normal browser bundle patterns (React lazy loading, fetch for API); no dropper behavior. | ai | |
| source-diff | obfuscated-file:static/static/js/index.bbc0e3c8.js | AI (source-diff): Standard webpack/Rslib minified frontend bundle for the playground UI; not obfuscation. | ai | |
| source-diff | obfuscated-file:static/static/js/index.3e56d29c.js | AI (source-diff): Standard webpack-minified frontend bundle for playground UI; not obfuscated malware. | ai | |
| source-diff | net-exec-file:static/static/js/index.3e56d29c.js | AI (source-diff): Network calls and dynamic requires are normal SPA bundle patterns; no dropper behavior evident. | ai | |
| source-diff | net-exec-file:static/static/js/index.c7e3dfef.js | AI (source-diff): Network calls and dynamic requires in a React SPA bundle are normal; no dropper/exfiltration pattern present. | ai | |
| source-diff | obfuscated-file:static/static/js/index.c7e3dfef.js | AI (source-diff): Standard webpack-minified frontend bundle for the playground UI; minification is expected and benign here. | ai | |
| source-diff | net-exec-file:static/static/js/index.f309e077.js | AI (source-diff): Network calls and dynamic requires are normal React SPA bundle patterns; no dropper behavior evident. | ai | |
| source-diff | obfuscated-file:static/static/js/index.f309e077.js | AI (source-diff): Standard webpack/Rsbuild SPA bundle with companion source map; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:static/static/js/index.ee910128.js | AI (source-diff): Standard webpack-minified React frontend bundle with source map; not obfuscated malware. | ai | |
| source-diff | net-exec-file:static/static/js/index.ee910128.js | AI (source-diff): Network calls and dynamic requires are normal React/webpack bundle patterns; no dropper behavior evident. | ai | |
| source-diff | net-exec-file:static/static/js/index.994ed8c4.js | AI (source-diff): Network refs are CDN image URLs and webpack dynamic imports, not code execution from remote sources. | ai | |
| source-diff | obfuscated-file:static/static/js/index.994ed8c4.js | AI (source-diff): Standard webpack minified frontend bundle for the playground UI; midscenejs.com branding visible in sample. | ai | |
| source-diff | net-exec-file:static/static/js/index.0e21f9d3.js | AI (source-diff): Webpack bundle with Promise.resolve() module stubs and CDN image URLs; not a dropper. | ai | |
| source-diff | obfuscated-file:static/static/js/index.0e21f9d3.js | AI (source-diff): Standard webpack-minified React SPA entry bundle; expected for a playground web app. | ai | |
| source-diff | net-exec-file:static/static/js/index.f5db5516.js | AI (source-diff): Network refs are CDN image URLs; dynamic code is webpack module loader, not dropper behavior. | ai | |
| source-diff | obfuscated-file:static/static/js/index.f5db5516.js | AI (source-diff): Webpack-bundled frontend asset; minification is expected for this UI package. | ai | |
| source-diff | net-exec-file:static/static/js/index.8c0b297f.js | AI (source-diff): Network calls are to midscenejs.com/bytednsdoc CDN for logo assets; normal for a playground UI. | ai | |
| source-diff | obfuscated-file:static/static/js/index.8c0b297f.js | AI (source-diff): Standard webpack-minified frontend bundle; content is clearly a React/Ant Design UI. | ai | |
| source-diff | net-exec-file:static/static/js/index.66f394c1.js | AI (source-diff): Same webpack bundle pattern; network refs are CDN image URLs for the Midscene logo, not exfiltration. | ai | |
| source-diff | obfuscated-file:static/static/js/index.66f394c1.js | AI (source-diff): Standard webpack minified bundle; sample shows legitimate React/midscene UI code. | ai | |
| source-diff | obfuscated-file:static/static/js/index.ec2e7bb4.js | AI (source-diff): Standard webpack-minified React frontend bundle; license header and readable JSX confirm legitimate build artifact. | ai | |
| source-diff | net-exec-file:static/static/js/index.ec2e7bb4.js | AI (source-diff): Network calls and dynamic module resolution are normal webpack bundle patterns for a React UI; no malicious payload evident. | ai | |
| source-diff | net-exec-file:static/static/js/889.1aa3f200.js | AI (source-diff): Network refs are CDN image URLs; dynamic execution is webpack module system boilerplate. | ai | |
| source-diff | net-exec-file:static/static/js/index.1fd1f893.js | AI (source-diff): Network refs are midscenejs.com/bytednsdoc CDN image URLs; dynamic execution is webpack module system boilerplate. | ai | |
| source-diff | obfuscated-file:static/static/js/889.1aa3f200.js | AI (source-diff): Standard webpack-minified frontend bundle with license header and source map; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:static/static/js/index.1fd1f893.js | AI (source-diff): Standard webpack-minified frontend bundle with license header and source map; not obfuscated malware. | ai | |
| source-diff | net-exec-file:static/static/js/index.494bc140.js | AI (source-diff): Network calls and dynamic requires are normal in a bundled React SPA; no dropper behavior evident in sample. | ai | |
| source-diff | obfuscated-file:static/static/js/index.494bc140.js | AI (source-diff): Standard webpack-minified React bundle with license header and source map; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:static/static/js/index.6b5632c5.js | AI (source-diff): Webpack-minified main bundle for android-playground UI; Midscene state management code visible in sample. | ai | |
| source-diff | net-exec-file:static/static/js/index.6b5632c5.js | AI (source-diff): Same webpack bundle; dynamic code execution pattern is from module resolution stubs, not malicious loader. | ai | |
| source-diff | obfuscated-file:static/static/js/index.18c51501.js | AI (source-diff): Main webpack bundle for midscene playground UI; minification is expected for this package type. | ai | |
| source-diff | net-exec-file:static/static/js/index.18c51501.js | AI (source-diff): Webpack bundle with localStorage/URL param reads for UI config; no dropper behavior evident. | ai | |
| source-diff | net-exec-file:static/static/js/index.e25252f8.js | AI (source-diff): Network refs are midscenejs.com logo CDN URLs; dynamic code is webpack require() stub. | ai | |
| source-diff | obfuscated-file:static/static/js/382.16a3f73f.js | AI (source-diff): Standard webpack-minified frontend bundle; Ant Design color utilities visible in sample. | ai | |
| source-diff | net-exec-file:static/static/js/382.16a3f73f.js | AI (source-diff): Network refs are CDN asset URLs; dynamic code is webpack module loader, not dropper behavior. | ai | |
| source-diff | obfuscated-file:static/static/js/index.e25252f8.js | AI (source-diff): Standard webpack-minified React frontend bundle for the playground UI. | ai | |
| source-diff | obfuscated-file:static/static/js/index.73f8834d.js | AI (source-diff): Main webpack bundle for midscene playground UI; minified React app, not obfuscated malware. | ai | |
| source-diff | net-exec-file:static/static/js/index.73f8834d.js | AI (source-diff): Webpack module loader pattern in React SPA bundle; not a dropper. | ai | |
| source-diff | obfuscated-file:static/static/js/index.0136fbda.js | AI (source-diff): Main webpack bundle for midscene playground UI; minified but clearly legitimate app code. | ai | |
| source-diff | net-exec-file:static/static/js/index.0136fbda.js | AI (source-diff): Network+exec in webpack bundle for browser UI; localStorage/URL param handling, not malicious. | ai | |
| source-diff | net-exec-file:static/static/js/index.369ca451.js | AI (source-diff): App bundle; false positive for net-exec heuristic in bundled frontend code. | ai | |
| source-diff | obfuscated-file:static/static/js/index.369ca451.js | AI (source-diff): Main app webpack bundle for midscene playground UI; minification expected. | ai | |
| source-diff | obfuscated-file:static/static/js/lib-react.8a6eecf7.js | AI (source-diff): Minified React vendor bundle; expected for this package type. | ai | |
| source-diff | obfuscated-file:static/static/js/index.2987ac9e.js | AI (source-diff): Midscene UI bundle; sample shows localStorage/URLSearchParams usage consistent with playground app. | ai | |
| source-diff | net-exec-file:static/static/js/index.2987ac9e.js | AI (source-diff): webpack dynamic import pattern in frontend bundle; not dropper behavior. | ai | |
| source-diff | net-exec-file:static/static/js/index.5cd8c3f0.js | AI (source-diff): Webpack bundle with fetch calls is expected for a browser-based Android playground UI. | ai | |
| source-diff | obfuscated-file:static/static/js/index.5cd8c3f0.js | AI (source-diff): Standard webpack minified frontend bundle for Midscene playground UI; not obfuscated malware. | ai | |
| source-diff | net-exec-file:static/static/js/index.162d8944.js | AI (source-diff): Dynamic module loading is webpack's standard chunk-loading mechanism in the app bundle. | ai | |
| source-diff | obfuscated-file:static/static/js/index.162d8944.js | AI (source-diff): Main React app bundle for midscene playground UI; standard webpack minification. | ai | |
| source-diff | obfuscated-file:static/static/js/index.2422c47b.js | AI (source-diff): Standard webpack-minified React frontend bundle for the playground UI. | ai | |
| source-diff | net-exec-file:static/static/js/index.2422c47b.js | AI (source-diff): Network calls are static CDN image URLs (bytednsdoc.com); dynamic requires are webpack module loading. | ai | |
| source-diff | net-exec-file:static/static/js/596.47507087.js | AI (source-diff): Network calls and dynamic requires are webpack module loading patterns in a browser UI bundle. | ai | |
| source-diff | obfuscated-file:static/static/js/596.47507087.js | AI (source-diff): Standard webpack-minified frontend bundle; content is Ant Design color utilities, not malware. | ai | |
| source-diff | net-exec-file:static/static/js/index.ec1bc2db.js | AI (source-diff): Main app bundle with socket.io/express; expected for playground server. | ai | |
| source-diff | obfuscated-file:static/static/js/index.ec1bc2db.js | AI (source-diff): Main app webpack bundle; standard minified build output. | ai | |
| source-diff | net-exec-file:static/static/js/970.9cfb21be.js | AI (source-diff): Ant Design UI bundle; no malicious network/exec patterns. | ai | |
| source-diff | obfuscated-file:static/static/js/970.9cfb21be.js | AI (source-diff): Ant Design color utilities webpack chunk; standard minified output. | ai | |
| source-diff | obfuscated-file:static/static/js/index.a7b8c412.js | AI (source-diff): Main webpack bundle for midscene playground UI; standard minified frontend output. | ai | |
| source-diff | net-exec-file:static/static/js/index.a7b8c412.js | AI (source-diff): Webpack bundle for playground UI; net+exec pattern is a false positive for bundled SPA code. | ai | |
| source-diff | net-exec-file:static/static/js/183.c6e158ba.js | AI (source-diff): Webpack chunk with UI library code; net+exec pattern is false positive for bundled frontend assets. | ai | |
| source-diff | net-exec-file:static/static/js/index.ef610ecb.js | AI (source-diff): Playground UI bundle; net+exec false positive for standard SPA webpack output. | ai | |
| source-diff | obfuscated-file:static/static/js/index.ef610ecb.js | AI (source-diff): Main webpack bundle for midscene playground UI; minification is expected. | ai | |
| source-diff | obfuscated-file:static/static/js/183.c6e158ba.js | AI (source-diff): Standard webpack-minified frontend bundle (Ant Design color utils); not malicious obfuscation. | ai | |
| source-diff | net-exec-file:static/static/js/index.2b64a7a3.js | AI (source-diff): Network calls and dynamic requires are part of the React/webpack SPA bundle, not dropper behavior. | ai | |
| source-diff | obfuscated-file:static/static/js/index.2b64a7a3.js | AI (source-diff): Standard webpack-minified frontend bundle with accompanying source map; consistent with this package's playground UI pattern. | ai | |
| source-diff | net-exec-file:static/static/js/index.06f12dd0.js | AI (source-diff): Browser-side webpack bundle; network/exec pattern is from normal browser APIs in a frontend playground UI, not dropper behavior. | ai | |
| source-diff | obfuscated-file:static/static/js/index.06f12dd0.js | AI (source-diff): Main webpack bundle for the playground frontend. Content-hashed, has accompanying .js.map source map, contains midscene UI state management code — legitimate build artifact. | ai | |
| source-diff | obfuscated-file:static/static/js/index.4fd271a2.js | AI (source-diff): Main webpack bundle for the playground SPA. Midscene-specific localStorage keys visible in sample confirm legitimate origin. | ai | |
| source-diff | net-exec-file:static/static/js/index.4fd271a2.js | AI (source-diff): False positive; network+exec pattern triggered by standard browser APIs (fetch, dynamic imports) in a legitimate webpack SPA bundle. | ai | |
| source-diff | net-exec-file:static/static/js/index.03645a37.js | AI (source-diff): False positive: webpack bundle's dynamic module loading and fetch calls are standard React app patterns, not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:static/static/js/index.03645a37.js | AI (source-diff): Main webpack bundle for Midscene playground frontend. Contains Midscene-specific localStorage keys and standard React app patterns — clearly legitimate. | ai | |
| source-diff | net-exec-file:static/static/js/index.60642267.js | AI (source-diff): Browser-side webpack bundle; network+exec pattern is webpack dynamic imports. Samples confirm legitimate Midscene playground UI code. | ai | |
| source-diff | obfuscated-file:static/static/js/index.60642267.js | AI (source-diff): Main webpack bundle for the playground UI. Samples show Midscene-specific UI state management code, not malicious content. | ai | |
| source-diff | net-exec-file:static/static/js/index.c419c788.js | AI (source-diff): Network+exec pattern is webpack dynamic imports and Promise-based module resolution, not malicious. Standard for this type of bundled frontend app. | ai | |
| source-diff | obfuscated-file:static/static/js/index.c419c788.js | AI (source-diff): Main webpack bundle for the playground frontend. Contains Midscene-specific UI code (localStorage keys visible). Minification is expected. | ai | |
| source-diff | net-exec-file:static/static/js/index.6fb0c17c.js | AI (source-diff): Network+exec pattern is webpack dynamic imports and localStorage access in a browser UI context. Not malicious. | ai | |
| source-diff | obfuscated-file:static/static/js/index.6fb0c17c.js | AI (source-diff): Main webpack bundle for the midscene playground frontend. Contains midscene-specific UI state management. Minified build artifact with accompanying source map. | ai | |
| source-diff | obfuscated-file:static/static/js/index.51a9f5b0.js | AI (source-diff): Main webpack bundle for the Android playground frontend. Content shows Midscene-specific UI state management code, not obfuscation. | ai | |
| provenance | publisher-changed | AI (provenance): New publisher quanru has 24 approved packages and 0 rejected, consistent with a legitimate @midscene org team member. Coordinated monorepo release at v1.4.6 across all @midscene packages. | ai | |
| source-diff | net-exec-file:static/static/js/index.51a9f5b0.js | AI (source-diff): Webpack bundle with standard dynamic module loading patterns. Content is clearly a React playground app, not a dropper. | ai | |
| source-diff | obfuscated-file:static/static/js/index.3254c132.js | AI (source-diff): Webpack-bundled main app chunk with Midscene UI state management; minification is expected for frontend static assets in this playground package. | ai | |
| source-diff | net-exec-file:static/static/js/index.3254c132.js | AI (source-diff): False positive; webpack dynamic imports trigger net-exec rule but are standard code-splitting patterns in bundled frontend apps. | ai | |
| source-diff | net-exec-file:static/static/js/index.cf2517ed.js | AI (source-diff): False positive: main webpack bundle for a web UI. Network calls and dynamic imports are standard webpack patterns, not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:static/static/js/index.cf2517ed.js | AI (source-diff): Main webpack bundle for the playground UI. Minification is expected; code shows Midscene UI state management, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:static/static/js/index.ee404645.js | AI (source-diff): Main webpack bundle for the playground UI; contains Midscene-specific UI strings confirming legitimate origin. | ai | |
| source-diff | net-exec-file:static/static/js/index.ee404645.js | AI (source-diff): Network+exec pattern is standard webpack chunk loading and localStorage-based UI state management, not malicious behavior. | ai | |
| source-diff | net-exec-file:static/static/js/index.36596af4.js | AI (source-diff): Dynamic module loading via webpack in a browser UI bundle is not malicious code execution; pattern is standard for SPAs. | ai | |
| source-diff | obfuscated-file:static/static/js/index.36596af4.js | AI (source-diff): Main webpack bundle with Midscene-specific localStorage keys and UI logic. Source maps shipped alongside. Expected minified frontend output. | ai | |
| source-diff | obfuscated-file:static/static/js/index.b27f99e0.js | AI (source-diff): Webpack-bundled Midscene frontend playground code; minification is expected for static web UI assets. | ai | |
| source-diff | net-exec-file:static/static/js/index.b27f99e0.js | AI (source-diff): Standard webpack bundle for the playground UI; network calls are for API communication, dynamic patterns are webpack module resolution. | ai | |
| source-diff | net-exec-file:static/static/js/index.32bac5c1.js | AI (source-diff): Main SPA bundle with fetch/dynamic imports is expected for a React frontend. No exfiltration or dropper patterns in the sampled code. | ai | |
| source-diff | obfuscated-file:static/static/js/index.32bac5c1.js | AI (source-diff): Main webpack bundle for the android-playground frontend. Contains Midscene-specific UI state management code. Normal minified SPA output. | ai | |
| source-diff | net-exec-file:static/static/js/index.c454ef12.js | AI (source-diff): False positive: webpack dynamic imports + UI network calls in a legitimate SPA. Source maps present; code is clearly the Midscene playground frontend. | ai | |
| source-diff | obfuscated-file:static/static/js/index.c454ef12.js | AI (source-diff): Midscene playground UI bundle with recognizable midscene-* localStorage keys. Standard webpack output with source maps included. | ai | |
| source-diff | net-exec-file:static/static/js/index.2d876d54.js | AI (source-diff): Network+exec pattern is webpack dynamic module loading, not dropper behavior. Bundled web UI asset for the android playground. | ai | |
| source-diff | obfuscated-file:static/static/js/index.2d876d54.js | AI (source-diff): Standard webpack-minified frontend bundle. Content shows midscene playground UI state management code, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:static/static/js/async/236.a5d2c1b1.js | AI (source-diff): tinyH264 Emscripten-compiled H.264 decoder. Standard WASM/Emscripten minified output pattern for video decoding in browser. | ai | |
| source-diff | obfuscated-file:static/static/js/lib-react.ed140d90.js | AI (source-diff): React library bundle — standard minified React distribution. Stable false positive for this package. | ai | |
| source-diff | net-exec-file:static/static/js/index.03360f08.js | AI (source-diff): webpack app bundle for Midscene playground. Network calls are to configured AI model endpoints (OpenAI etc.), not malicious exfiltration. | ai | |
| source-diff | obfuscated-file:static/static/js/index.03360f08.js | AI (source-diff): Main Midscene playground app bundle. References MIDSCENE_DEBUG_MODEL_PROFILE, openaiApiKey config — consistent with documented Midscene AI automation tool. | ai | |
| source-diff | obfuscated-file:static/static/js/async/985.5e49bd21.js | AI (source-diff): Canvas fallback module for image processing. Standard minified frontend code with no malicious patterns. | ai | |
| source-diff | obfuscated-file:static/static/js/async/271.fab7ea08.js | AI (source-diff): WASM image processing binding (crop, resize, seam_carve). Standard wasm-bindgen generated JS glue code. | ai | |
| source-diff | net-exec-file:static/static/js/async/195.cb0ab30e.js | AI (source-diff): WASM glue code for Photon image library. XHR usage is standard Emscripten pattern for loading .wasm binary, not malicious network activity. | ai | |
| source-diff | obfuscated-file:static/static/js/async/195.cb0ab30e.js | AI (source-diff): Photon image processing WASM wrapper — standard minified WASM JS glue code. All exports are documented Photon API functions. | ai | |
| source-diff | net-exec-file:static/static/js/155.960ba7df.js | AI (source-diff): webpack chunk push pattern + Ant Design color utils. No actual network exfiltration or dynamic code execution beyond standard module loading. | ai | |
| source-diff | obfuscated-file:static/static/js/155.960ba7df.js | AI (source-diff): Standard webpack-minified Ant Design color utility bundle. Content is clearly legitimate UI library code. | ai | |
| source-diff | net-exec-file:static/static/js/index.d57624d3.js | AI (source-diff): Webpack bundle naturally contains both network calls and dynamic requires; false positive for bundled web apps. | ai | |
| source-diff | obfuscated-file:static/static/js/index.d57624d3.js | AI (source-diff): Webpack main bundle for playground UI; standard minified build output with source maps. | ai | |
| source-diff | obfuscated-file:static/static/js/898.7945e2bd.js | AI (source-diff): Webpack production bundle for playground UI; content-hashed filename, license header, source maps included. Standard build output. | ai | |
| source-diff | net-exec-file:static/static/js/898.7945e2bd.js | AI (source-diff): Webpack bundle naturally contains both network calls and dynamic requires; false positive for bundled web apps. | ai | |
| source-diff | net-exec-file:static/static/js/index.af0d1f5b.js | AI (source-diff): Same rationale as 633.45bef187.js — standard webpack SPA bundle with network and dynamic module patterns, not malware. | ai | |
| source-diff | obfuscated-file:static/static/js/index.af0d1f5b.js | AI (source-diff): Webpack-bundled main entry for the playground UI. Minification expected; content references Midscene-specific localStorage keys confirming legitimate origin. | ai | |
| source-diff | net-exec-file:static/static/js/633.45bef187.js | AI (source-diff): Webpack bundle's dynamic require() pattern triggers net-exec rule as false positive. No actual malicious network+exec behavior present. | ai | |
| source-diff | net-exec-file:static/static/js/index.cdbb64d9.js | AI (source-diff): Webpack bundle's dynamic require() pattern triggers net-exec rule as false positive. No actual malicious network+exec behavior present. | ai | |
| source-diff | obfuscated-file:static/static/js/index.cdbb64d9.js | AI (source-diff): Standard webpack-minified frontend bundle for Midscene playground UI. Source maps included. Expected artifact for this package. | ai | |
| source-diff | obfuscated-file:static/static/js/633.45bef187.js | AI (source-diff): Standard webpack-minified frontend bundle (Ant Design color utilities). Source maps included. Expected artifact for a web playground package. | ai | |
| source-diff | obfuscated-file:static/static/js/index.860ebe39.js | AI (source-diff): Webpack production bundle for the playground React app; content-hashed filename changes each build. Standard bundled output. | ai | |
| source-diff | net-exec-file:static/static/js/index.860ebe39.js | AI (source-diff): Webpack bundle of a web app using Express/Socket.IO/React; network+exec co-occurrence is expected, not malicious. | ai | |
| source-diff | obfuscated-file:static/static/js/883.91ca0de7.js | AI (source-diff): Webpack production chunk for Ant Design color utilities; content-hashed filename changes each build. Standard bundled output for this playground package. | ai | |
| source-diff | net-exec-file:static/static/js/883.91ca0de7.js | AI (source-diff): Webpack bundle naturally combines dynamic require patterns with network code from bundled deps (Express, Socket.IO). Not malicious. | ai | |
| source-diff | net-exec-file:static/static/js/index.5e058f55.js | AI (source-diff): Network calls and dynamic module loading in a frontend playground bundle are expected and benign. No malicious payload patterns observed in the sample. | ai | |
| source-diff | obfuscated-file:static/static/js/index.5e058f55.js | AI (source-diff): This is a standard webpack/rslib minified frontend bundle for a playground UI. Source maps are included alongside, confirming legitimate build artifact. Pattern is stable for this package. | ai | |
| source-diff | obfuscated-file:static/static/js/index.801a3267.js | AI (source-diff): This is a webpack-minified frontend bundle for the playground UI, confirmed by accompanying .map source files. Minification is expected for production builds in this package. | ai | |
| source-diff | net-exec-file:static/static/js/index.801a3267.js | AI (source-diff): Network calls and dynamic module loading in this file are standard webpack bundle patterns for the playground's frontend UI, not dropper/loader behavior. | ai | |
| source-diff | net-exec-file:static/static/js/index.cb24053b.js | AI (source-diff): Network + dynamic execution pattern is a false positive for webpack browser bundles served as static UI assets by the Express server in this playground package. | ai | |
| source-diff | obfuscated-file:static/static/js/index.cb24053b.js | AI (source-diff): This is a standard webpack-bundled frontend asset for the playground UI, not obfuscated malware. Source maps are included. Pattern is stable for this package. | ai | |
| source-diff | obfuscated-file:static/static/js/index.6b0a989a.js | AI (source-diff): This is a standard webpack-bundled frontend asset for the playground UI. Minified JS bundles are expected in this package's static/ directory and are not obfuscation for malicious purposes. | ai | |
| source-diff | net-exec-file:static/static/js/index.6b0a989a.js | AI (source-diff): Network calls and dynamic module loading in a browser-side webpack bundle are normal web app behavior, not dropper/loader malware. The sample confirms standard webpack boilerplate and Midscene UI code. | ai | |
| source-diff | obfuscated-file:static/static/js/index.1118c496.js | AI (source-diff): This is a webpack-bundled frontend playground UI asset. Minified JS with source maps is the expected build output for @midscene/android-playground's static web interface. | ai | |
| source-diff | net-exec-file:static/static/js/index.1118c496.js | AI (source-diff): Network calls + dynamic module loading in a bundled frontend app is standard webpack behavior, not dropper/loader malware. Consistent with a browser-based playground UI. | ai | |
| source-diff | obfuscated-file:static/static/js/async/985.39436e58.js | AI (source-diff): Standard webpack-minified async chunk for the playground frontend. Content is canvas/image processing utilities, consistent with Android screen mirroring UI. | ai | |
| source-diff | obfuscated-file:static/static/js/index.cf9fbf10.js | AI (source-diff): Standard webpack-minified main bundle for Midscene playground UI. Content references midscene-specific localStorage keys confirming legitimate origin. | ai | |
| source-diff | net-exec-file:static/static/js/index.cf9fbf10.js | AI (source-diff): Network calls in a browser-based playground UI bundle. Webpack module loading pattern, not malware. Content is clearly Midscene playground frontend code. | ai | |
| source-diff | obfuscated-file:static/static/js/552.24371a76.js | AI (source-diff): Standard webpack-minified frontend bundle for the Midscene Android playground UI. Content is Ant Design color utilities and React components, not malware. | ai | |
| source-diff | net-exec-file:static/static/js/552.24371a76.js | AI (source-diff): Network calls and module loading in a webpack bundle for a browser-based playground UI. Not dropper/loader malware — standard frontend app pattern. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Findings are in bundled static frontend assets (LangChain UI code). Reflect.get() in minified bundles is a stable false positive for this package. | ai | |
| provenance | no-provenance | AI (provenance): Established @midscene monorepo package; absence of Sigstore provenance is common and not a risk signal for this publisher. | ai | |
| source-diff | net-exec-file:static/static/js/index.5b455c7f.js | AI (source-diff): Network refs are midscenejs.com logo CDN URLs; dynamic execution is webpack runtime. Legitimate SPA bundle. | ai | |
| source-diff | obfuscated-file:static/static/js/index.5b455c7f.js | AI (source-diff): Main webpack bundle for the playground SPA. Standard minified React/UI code, not obfuscated malware. | ai | |
| source-diff | net-exec-file:static/static/js/603.1304125f.js | AI (source-diff): Network refs are CDN image URLs; dynamic execution is webpack module system boilerplate. Not dropper/loader behavior. | ai | |
| source-diff | obfuscated-file:static/static/js/603.1304125f.js | AI (source-diff): Standard webpack-minified Ant Design UI bundle. Not obfuscated malware — legitimate frontend asset for the Android playground web UI. | ai | |
| source-diff | obfuscated-file:static/static/js/async/985.be190d99.js | AI (source-diff): Canvas image processing module (JPEG/PNG via canvas API). Standard minified async webpack chunk, not malware. | ai | |
| phantom-deps | phantom-dep:@inquirer/prompts | AI (phantom-deps): Playground package may use this transitively; phantom dep is acceptable for internal tools. | ai | |
| phantom-deps | phantom-dep:@midscene/core | AI (phantom-deps): Same-org monorepo dependency; transitive/peer dependency pattern is expected in this context. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Internal monorepo playground package; minimal README and no repo URL are expected for non-public tools. | ai |
Versions (showing 51 of 71)
| Version | Deps | Published |
|---|---|---|
| 1.9.1 | 14 / 6 | |
| 1.9.0 | 14 / 6 | |
| 1.8.11 | 14 / 6 | |
| 1.8.9 | 14 / 6 | |
| 1.8.8 | 14 / 6 | |
| 1.8.7 | 14 / 5 | |
| 1.8.6 | 14 / 5 | |
| 1.8.5 | 14 / 5 | |
| 1.8.4 | 14 / 5 | |
| 1.8.3 | 14 / 5 | |
| 1.8.2 | 14 / 5 | |
| 1.8.1 | 14 / 5 | |
| 1.8.0 | 14 / 5 | |
| 1.7.10 | 14 / 5 | |
| 1.7.9 | 14 / 5 | |
| 1.7.7 | 14 / 5 | |
| 1.7.6 | 14 / 5 | |
| 1.7.5 | 14 / 5 | |
| 1.7.4 | 14 / 6 | |
| 1.7.3 | 14 / 6 | |
| 1.7.2 | 14 / 6 | |
| 1.7.1 | 14 / 6 | |
| 1.7.0 | 14 / 6 | |
| 1.6.4 | 14 / 6 | |
| 1.6.3 | 14 / 6 | |
| 1.6.2 | 14 / 6 | |
| 1.6.1 | 14 / 6 | |
| 1.6.0 | 14 / 6 | |
| 1.5.8 | 14 / 6 | |
| 1.5.7 | 14 / 6 | |
| 1.5.6 | 14 / 6 | |
| 1.5.5 | 14 / 6 | |
| 1.5.4 | 14 / 6 | |
| 1.5.3 | 14 / 6 | |
| 1.5.2 | 14 / 6 | |
| 1.5.1 | 14 / 6 | |
| 1.5.0 | 14 / 6 | |
| 1.4.9 | 14 / 6 | |
| 1.4.8 | 14 / 6 | |
| 1.4.7 | 14 / 6 | |
| 1.4.6 | 14 / 6 | |
| 1.4.5 | 14 / 6 | |
| 1.4.4 | 14 / 6 | |
| 1.4.3 | 14 / 6 | |
| 1.4.2 | 14 / 6 | |
| 1.4.1 | 14 / 6 | |
| 1.4.0 | 14 / 6 | |
| 1.3.11 | 14 / 6 | |
| 1.3.10 | 14 / 6 | |
| 1.3.9 | 14 / 6 | |
| 1.3.8 | 14 / 6 |
v1.9.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.9.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.8.11
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.8.9
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.8.8
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.8.7
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-28. This could indicate a legitimate maintainer transition or an account compromise.
v1.8.6
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-27. This could indicate a legitimate maintainer transition or an account compromise.
v1.8.5
4 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-26. This could indicate a legitimate maintainer transition or an account compromise.
v1.8.4
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-21. This could indicate a legitimate maintainer transition or an account compromise.
v1.8.3
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.2
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.8.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.10
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.9
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.7
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.7.4
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.7.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.7.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.7.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.6.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.6.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.6.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.6.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.6.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.8
12 findingsThis version was published by a different npm account than previous versions on 2026-03-25. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.5.7
12 findingsThis version was published by a different npm account than previous versions on 2026-03-23. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.5.6
12 findingsThis version was published by a different npm account than previous versions on 2026-03-17. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.5.5
12 findingsThis version was published by a different npm account than previous versions on 2026-03-16. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.5.4
11 findingsThis version was published by a different npm account than previous versions on 2026-03-11. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.5.3
11 findingsThis version was published by a different npm account than previous versions on 2026-03-09. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.5.2
7 findingsThis version was published by a different npm account than previous versions on 2026-03-04. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.5.1
7 findingsThis version was published by a different npm account than previous versions on 2026-03-03. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.5.0
7 findingsThis version was published by a different npm account than previous versions on 2026-03-02. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.9
7 findingsThis version was published by a different npm account than previous versions on 2026-02-28. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.8
7 findingsThis version was published by a different npm account than previous versions on 2026-02-28. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.7
7 findingsThis version was published by a different npm account than previous versions on 2026-02-25. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.6
7 findingsThis version was published by a different npm account than previous versions on 2026-02-24. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.5
7 findingsThis version was published by a different npm account than previous versions on 2026-02-14. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.4
7 findingsThis version was published by a different npm account than previous versions on 2026-02-14. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.3
7 findingsThis version was published by a different npm account than previous versions on 2026-02-13. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.2
7 findingsThis version was published by a different npm account than previous versions on 2026-02-13. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.1
7 findingsThis version was published by a different npm account than previous versions on 2026-02-13. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.0
7 findingsThis version was published by a different npm account than previous versions on 2026-02-12. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.11
7 findingsThis version was published by a different npm account than previous versions on 2026-02-11. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.10
7 findingsThis version was published by a different npm account than previous versions on 2026-02-09. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.9
7 findingsThis version was published by a different npm account than previous versions on 2026-02-06. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.8
7 findingsThis version was published by a different npm account than previous versions on 2026-02-05. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.