@midscene/playground
Midscene playground utilities for web integration
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | net-exec-file:static/static/js/index.caeabfb7.js | AI (source-diff): Webpack main bundle for playground UI; network+exec pattern is a false positive on bundled frontend code. | ai | |
| source-diff | obfuscated-file:static/static/js/index.caeabfb7.js | AI (source-diff): Standard webpack minified bundle shipping Midscene model config constants; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:static/static/js/index.dde8032d.js | AI (source-diff): Standard webpack-minified React bundle for playground UI; license header and readable JSX patterns confirm legitimate build output. | ai | |
| source-diff | net-exec-file:static/static/js/index.dde8032d.js | AI (source-diff): Network calls and dynamic module resolution are normal webpack bundle patterns; no actual dropper behavior visible in the sample. | ai | |
| source-diff | net-exec-file:static/static/js/index.e1d6875b.js | AI (source-diff): Network calls and dynamic requires are normal browser bundle patterns (React, module loading); no dropper behavior visible. | ai | |
| source-diff | obfuscated-file:static/static/js/index.e1d6875b.js | AI (source-diff): Standard minified webpack/rspack browser bundle for the playground UI; not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:static/static/js/index.23755568.js | AI (source-diff): Main webpack bundle for playground UI; content matches Midscene AI config wiring. | ai | |
| source-diff | net-exec-file:static/static/js/index.23755568.js | AI (source-diff): Network+exec in main webpack bundle is expected for a browser-based AI playground app. | ai | |
| source-diff | net-exec-file:static/static/js/index.220d2fd1.js | AI (source-diff): webpack dynamic module loading in browser bundle; not malicious. | ai | |
| source-diff | obfuscated-file:static/static/js/index.220d2fd1.js | AI (source-diff): Main webpack bundle for playground UI; minified but content is AI config/debug tooling. | ai | |
| source-diff | net-exec-file:static/static/js/index.914d89c2.js | AI (source-diff): Network calls and dynamic requires are normal React app bundle patterns; no dropper behavior evident. | ai | |
| source-diff | obfuscated-file:static/static/js/index.914d89c2.js | AI (source-diff): Standard minified webpack/rspack frontend bundle for playground UI; not obfuscated malware. | ai | |
| source-diff | net-exec-file:static/static/js/index.bb390d06.js | AI (source-diff): Webpack bundle for browser playground; network+exec pattern is inherent to bundled frontend code. | ai | |
| source-diff | obfuscated-file:static/static/js/index.bb390d06.js | AI (source-diff): Main webpack bundle for playground UI; minification is expected for shipped static assets. | ai | |
| source-diff | net-exec-file:static/static/js/430.4af5d9bf.js | AI (source-diff): Webpack chunk for Ant Design/UI components; network+exec pattern is webpack module loader, not dropper. | ai | |
| source-diff | net-exec-file:static/static/js/index.7ce9f596.js | AI (source-diff): Webpack bundle for playground UI; dynamic require pattern is webpack's module resolution, not malicious loader. | ai | |
| source-diff | obfuscated-file:static/static/js/index.7ce9f596.js | AI (source-diff): Standard webpack-minified main bundle with source map; Midscene config constants visible in sample confirm legitimate build output. | ai | |
| source-diff | obfuscated-file:static/static/js/430.4af5d9bf.js | AI (source-diff): Standard webpack-minified frontend bundle with accompanying source map; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:static/static/js/index.c2eef2cb.js | AI (source-diff): Main webpack bundle for playground UI; minified but content matches Midscene AI config/debug utilities. | ai | |
| source-diff | net-exec-file:static/static/js/index.c2eef2cb.js | AI (source-diff): Webpack module loader pattern in playground frontend bundle; not dropper/loader malware. | ai | |
| source-diff | net-exec-file:static/static/js/382.f480feba.js | AI (source-diff): Network calls and dynamic requires are normal webpack module loading patterns in a bundled React app. | ai | |
| source-diff | obfuscated-file:static/static/js/index.5bb455e1.js | AI (source-diff): Standard webpack minified bundle for playground UI; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:static/static/js/382.f480feba.js | AI (source-diff): Standard webpack minified bundle for playground UI; not obfuscated malware. | ai | |
| source-diff | net-exec-file:static/static/js/index.5bb455e1.js | AI (source-diff): Network calls and dynamic requires are normal webpack module loading patterns in a bundled React app. | ai | |
| source-diff | net-exec-file:static/static/js/index.6becfe23.js | AI (source-diff): Same webpack bundle; network refs are CDN image URLs for the playground logo, not exfiltration. | ai | |
| source-diff | obfuscated-file:static/static/js/index.6becfe23.js | AI (source-diff): Main webpack bundle for playground UI; content is React/midscenejs logo code, not malicious. | ai | |
| source-diff | obfuscated-file:static/static/js/148.23cd9828.js | AI (source-diff): Standard webpack-minified frontend bundle (Ant Design + app code); not malicious obfuscation. | ai | |
| source-diff | net-exec-file:static/static/js/index.b06cefb6.js | AI (source-diff): Dynamic require/import patterns are webpack's standard module-loading mechanism, not dropper behavior. | ai | |
| source-diff | obfuscated-file:static/static/js/index.b06cefb6.js | AI (source-diff): Main webpack entry bundle for Midscene playground UI; minification is expected for a shipped SPA. | ai | |
| source-diff | net-exec-file:static/static/js/148.23cd9828.js | AI (source-diff): Network calls and dynamic requires are normal webpack chunk-loading patterns in a bundled SPA. | ai | |
| source-diff | net-exec-file:static/static/js/889.c8e2e995.js | AI (source-diff): Network refs and dynamic requires are normal webpack chunk-loading patterns in browser bundles. | ai | |
| source-diff | obfuscated-file:static/static/js/889.c8e2e995.js | AI (source-diff): Standard webpack minified browser bundle; not obfuscated malware. | ai | |
| source-diff | net-exec-file:static/static/js/index.19bb7176.js | AI (source-diff): Network refs and dynamic requires are normal webpack chunk-loading patterns in browser bundles. | ai | |
| source-diff | obfuscated-file:static/static/js/index.19bb7176.js | AI (source-diff): Standard webpack minified browser bundle; not obfuscated malware. | ai | |
| source-diff | net-exec-file:static/static/js/index.ef742dc1.js | AI (source-diff): Network refs are midscenejs.com/bytednsdoc CDN URLs; dynamic execution is webpack module system. | ai | |
| source-diff | obfuscated-file:static/static/js/index.ef742dc1.js | AI (source-diff): Standard webpack minified bundle; sample shows React/midscenejs UI code. | ai | |
| source-diff | obfuscated-file:static/static/js/index.aa579514.js | AI (source-diff): Standard webpack-minified main bundle for Midscene playground UI. | ai | |
| source-diff | net-exec-file:static/static/js/index.aa579514.js | AI (source-diff): Network+exec pattern fires on webpack dynamic import infrastructure, not malicious code. | ai | |
| source-diff | net-exec-file:static/static/js/index.5cac91aa.js | AI (source-diff): Bundled Midscene AI config/network calls; not exfiltration. | ai | |
| source-diff | obfuscated-file:static/static/js/index.5cac91aa.js | AI (source-diff): Main webpack entry bundle; expected for playground static assets. | ai | |
| source-diff | net-exec-file:static/static/js/463.9d3be433.js | AI (source-diff): Bundled UI code with standard network calls; not malicious. | ai | |
| source-diff | obfuscated-file:static/static/js/463.9d3be433.js | AI (source-diff): Webpack bundle for playground UI; stable pattern for this package. | ai | |
| source-diff | net-exec-file:static/static/js/index.5376f943.js | AI (source-diff): webpack dynamic require/chunk loading in a frontend bundle; not dropper behavior. | ai | |
| source-diff | obfuscated-file:static/static/js/index.5376f943.js | AI (source-diff): Main webpack bundle for playground UI; Midscene AI config references are expected. | ai | |
| source-diff | obfuscated-file:static/static/js/index.c0c59c1b.js | AI (source-diff): Main webpack bundle for Midscene playground UI; minified but clearly legitimate app code. | ai | |
| source-diff | net-exec-file:static/static/js/index.c0c59c1b.js | AI (source-diff): Dynamic require patterns are webpack module resolution boilerplate, not dropper behavior. | ai | |
| source-diff | net-exec-file:static/static/js/index.b87668f7.js | AI (source-diff): Network+exec fires on webpack dynamic require stubs; no exfiltration or dropper pattern. | ai | |
| source-diff | obfuscated-file:static/static/js/index.b87668f7.js | AI (source-diff): Midscene AI playground UI bundle; minified but content matches expected app logic. | ai | |
| source-diff | obfuscated-file:static/static/js/index.c01cf3b9.js | AI (source-diff): Main webpack bundle for playground UI; minified but content matches Midscene AI config/debug utilities. | ai | |
| source-diff | net-exec-file:static/static/js/index.c01cf3b9.js | AI (source-diff): Webpack module loader pattern in playground UI bundle; not a dropper. | ai | |
| source-diff | net-exec-file:static/static/js/index.cade0198.js | AI (source-diff): Network+exec in main webpack bundle is normal for browser playground; no malicious payload visible. | ai | |
| source-diff | obfuscated-file:static/static/js/index.cade0198.js | AI (source-diff): Main webpack bundle for playground; minification expected for shipped static assets. | ai | |
| source-diff | net-exec-file:static/static/js/index.ebcf9eee.js | AI (source-diff): Webpack module loader pattern in playground UI bundle; no exfiltration or dropper behavior visible. | ai | |
| source-diff | obfuscated-file:static/static/js/853.673222dd.js | AI (source-diff): Standard webpack-minified frontend bundle (Ant Design color utils); not malicious obfuscation. | ai | |
| source-diff | net-exec-file:static/static/js/853.673222dd.js | AI (source-diff): Webpack chunk with UI library code; network+eval pattern is webpack module loader, not dropper. | ai | |
| source-diff | obfuscated-file:static/static/js/index.ebcf9eee.js | AI (source-diff): Midscene playground main bundle; minified webpack output with AI config wiring, not obfuscated malware. | ai | |
| source-diff | obfuscated-file:static/static/js/index.42764323.js | AI (source-diff): Standard webpack-minified frontend bundle; minification is expected for this playground static asset. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher changed to GitHub Actions with SLSA provenance attestation; this is the expected CI/CD publishing pattern for this monorepo. | ai | |
| source-diff | net-exec-file:static/static/js/index.42764323.js | AI (source-diff): Network calls reference midscenejs.com/bytednsdoc CDN assets; webpack module system is not code execution malware. | ai | |
| source-diff | obfuscated-file:static/static/js/596.5426be9e.js | AI (source-diff): Standard webpack minified chunk (Ant Design color utils); not obfuscation. | ai | |
| source-diff | net-exec-file:static/static/js/index.a9399388.js | AI (source-diff): React app bundle; network calls are to midscenejs.com CDN for logo assets, not malicious. | ai | |
| source-diff | obfuscated-file:static/static/js/index.a9399388.js | AI (source-diff): Standard webpack minified entry bundle for the playground frontend. | ai | |
| source-diff | net-exec-file:static/static/js/596.5426be9e.js | AI (source-diff): Webpack bundle with network calls is expected for a browser playground UI; no dropper pattern. | ai | |
| source-diff | net-exec-file:static/static/js/index.7ff4baf8.js | AI (source-diff): Network calls and dynamic module loading are normal in a bundled frontend app; no dropper behavior evident. | ai | |
| source-diff | obfuscated-file:static/static/js/index.7ff4baf8.js | AI (source-diff): Standard webpack/rspack minified frontend bundle with source map; expected artifact for a playground UI package. | ai | |
| source-diff | obfuscated-file:static/static/js/259.5d781a39.js | AI (source-diff): Webpack bundle of Ant Design color utils and UI libs; standard minified output. | ai | |
| source-diff | net-exec-file:static/static/js/index.b4e7770b.js | AI (source-diff): Main app bundle with expected network + dynamic module patterns. | ai | |
| source-diff | net-exec-file:static/static/js/259.5d781a39.js | AI (source-diff): Webpack bundle with typical dynamic imports and fetch calls; not malicious. | ai | |
| source-diff | obfuscated-file:static/static/js/index.b4e7770b.js | AI (source-diff): Main webpack bundle for playground UI; standard minified output. | ai | |
| source-diff | obfuscated-file:static/static/js/async/985.b167d918.js | AI (source-diff): Webpack-bundled canvas fallback module; standard minified output. | ai | |
| source-diff | obfuscated-file:static/static/js/async/271.72510be8.js | AI (source-diff): Webpack-bundled WASM image processing bindings; standard minified output. | ai | |
| source-diff | obfuscated-file:static/static/js/async/236.a5d2c1b1.js | AI (source-diff): Webpack-bundled tinyH264 decoder; standard minified output for this playground package. | ai | |
| source-diff | net-exec-file:static/static/js/index.8f7b788e.js | AI (source-diff): Network calls and dynamic requires are part of the bundled React playground app, not dropper behavior. | ai | |
| source-diff | obfuscated-file:static/static/js/index.8f7b788e.js | AI (source-diff): Standard minified webpack/rslib frontend bundle for playground UI; not obfuscated malware. | ai | |
| source-diff | obfuscated-file:static/static/js/index.9d4846b6.js | AI (source-diff): This is a standard webpack minified bundle for the playground's frontend UI. A source map is included. Minification is expected for this package's static web assets. | ai | |
| source-diff | net-exec-file:static/static/js/index.9d4846b6.js | AI (source-diff): Network calls (AI API requests) and dynamic module loading (webpack runtime) are inherent to this playground UI bundle; not dropper behavior. | ai | |
| source-diff | obfuscated-file:static/static/js/index.41c1fa41.js | AI (source-diff): Standard webpack/rslib frontend bundle for the playground UI. Source map is included, confirming legitimate build tooling. Pattern is stable for this package. | ai | |
| source-diff | net-exec-file:static/static/js/index.41c1fa41.js | AI (source-diff): Network calls and dynamic module loading are expected in a frontend playground bundle. No malicious payload indicators; source map confirms legitimate build output. | ai | |
| source-diff | obfuscated-file:static/static/js/index.c1613c65.js | AI (source-diff): This is a standard webpack/rslib minified frontend bundle for the Midscene playground UI. Minification is expected build output; not intentional obfuscation. | ai | |
| source-diff | net-exec-file:static/static/js/index.c1613c65.js | AI (source-diff): Network calls and dynamic module loading are expected in a frontend playground bundle for an AI automation tool. No dropper/loader behavior present. | ai | |
| semgrep | semgrep:api-obfuscation-reflect | AI (semgrep): Reflect.get() usage is in bundled third-party static assets (LangChain library code). This is a common bundler/transpiler pattern, not malicious obfuscation. Stable false positive for this package. | ai | |
| source-diff | obfuscated-file:static/static/js/index.f46d8c1b.js | AI (source-diff): Main webpack bundle for browser playground UI; minification is expected and source maps are included. | ai | |
| source-diff | net-exec-file:static/static/js/index.f46d8c1b.js | AI (source-diff): Browser app bundle; network calls + webpack dynamic imports are standard for a browser-based playground UI. | ai | |
| source-diff | net-exec-file:static/static/js/index.96b6047b.js | AI (source-diff): Webpack bundle combining fetch calls (playground API) and dynamic imports is standard behavior. Code samples show legitimate React UI code, not malware patterns. | ai | |
| source-diff | obfuscated-file:static/static/js/603.d858267a.js | AI (source-diff): This is a standard webpack-minified frontend chunk (Ant Design color utilities). @midscene/playground ships a static UI; minified JS bundles are expected and benign for this package. | ai | |
| source-diff | net-exec-file:static/static/js/603.d858267a.js | AI (source-diff): Webpack bundles naturally combine network calls and dynamic module loading. This is standard frontend bundle behavior for a playground UI package, not dropper malware. | ai | |
| source-diff | obfuscated-file:static/static/js/index.96b6047b.js | AI (source-diff): Standard webpack-minified main bundle for the playground UI. Contains recognizable React components referencing midscenejs.com. Minification is expected for this package's static assets. | ai | |
| source-diff | net-exec-file:static/static/js/537.7bdd012b.js | AI (source-diff): Network calls and dynamic require() in a webpack bundle are expected for a web playground that integrates with AI APIs. No dropper/loader behavior present. | ai | |
| source-diff | obfuscated-file:static/static/js/537.7bdd012b.js | AI (source-diff): Webpack-minified frontend bundle asset in a playground package that ships static/ UI files. Long lines are minification artifacts, not obfuscation. | ai | |
| source-diff | net-exec-file:static/static/js/index.25ae0da0.js | AI (source-diff): Network + dynamic execution pattern in webpack bundle is expected for an AI playground making API calls. No malicious behavior in sampled code. | ai | |
| source-diff | obfuscated-file:static/static/js/index.25ae0da0.js | AI (source-diff): Webpack-minified main bundle for the playground UI. Content shows legitimate Midscene AI config code; minification is not obfuscation. | ai | |
| source-diff | obfuscated-file:static/static/js/index.3828a5f8.js | AI (source-diff): Standard webpack-minified frontend bundle for playground UI. Long lines are expected in webpack output; not obfuscation. | ai | |
| source-diff | net-exec-file:static/static/js/index.3828a5f8.js | AI (source-diff): Webpack bundle for a playground UI; network calls + dynamic module loading are standard webpack patterns, not dropper malware. | ai | |
| source-diff | obfuscated-file:static/static/js/async/985.c09263d7.js | AI (source-diff): Standard webpack async chunk for the playground UI. Canvas/image processing code is consistent with the package's documented purpose. | ai | |
| source-diff | net-exec-file:static/static/js/index.2e8111f6.js | AI (source-diff): Webpack bundle for a browser UI app; network calls + dynamic require() in webpack chunks is a stable false positive for this package type. | ai | |
| source-diff | obfuscated-file:static/static/js/index.2e8111f6.js | AI (source-diff): Main webpack entry bundle for the playground UI. Contains Midscene-specific AI config references consistent with the package's purpose. | ai | |
| source-diff | net-exec-file:static/static/js/830.aeaa53f9.js | AI (source-diff): Webpack bundle for a browser UI app; network calls + dynamic require() in webpack chunks is a stable false positive for this package type. | ai | |
| source-diff | obfuscated-file:static/static/js/830.aeaa53f9.js | AI (source-diff): Standard webpack-minified frontend bundle for the playground UI. Source maps are included. Pattern is consistent across all versions of this package. | ai | |
| dependencies | unvetted-dep:@midscene/core | AI (dependencies): First-party sibling package in the @midscene monorepo, co-published at the same version. Not an external unvetted dependency. | ai | |
| phantom-deps | phantom-dep:uuid | AI (phantom-deps): Declared as a pinned runtime dependency; used indirectly via config or build tooling. No security concern. | ai | |
| phantom-deps | phantom-dep:open | AI (phantom-deps): Declared as a pinned runtime dependency; used indirectly via config or build tooling. No security concern. | ai | |
| dependencies | unvetted-dep:@midscene/shared | AI (dependencies): First-party sibling package in the @midscene monorepo, co-published at the same version. Not an external unvetted dependency. | ai |
Versions (showing 48 of 48)
| Version | Deps | Published |
|---|---|---|
| 1.9.1 | 7 / 7 | |
| 1.9.0 | 7 / 7 | |
| 1.8.9 | 7 / 7 | |
| 1.8.7 | 7 / 7 | |
| 1.8.6 | 7 / 7 | |
| 1.8.5 | 7 / 7 | |
| 1.8.2 | 7 / 7 | |
| 1.7.10 | 7 / 7 | |
| 1.7.9 | 7 / 7 | |
| 1.7.6 | 7 / 7 | |
| 1.7.5 | 7 / 7 | |
| 1.7.4 | 7 / 7 | |
| 1.7.3 | 7 / 7 | |
| 1.7.2 | 7 / 7 | |
| 1.7.1 | 7 / 7 | |
| 1.7.0 | 7 / 7 | |
| 1.6.4 | 7 / 7 | |
| 1.6.3 | 7 / 7 | |
| 1.6.2 | 7 / 7 | |
| 1.6.1 | 7 / 7 | |
| 1.6.0 | 7 / 7 | |
| 1.5.8 | 7 / 7 | |
| 1.5.5 | 7 / 7 | |
| 1.4.9 | 7 / 7 | |
| 1.4.8 | 7 / 7 | |
| 1.4.5 | 7 / 7 | |
| 1.4.3 | 7 / 7 | |
| 1.4.1 | 7 / 7 | |
| 1.4.0 | 7 / 7 | |
| 1.3.11 | 7 / 7 | |
| 1.3.10 | 7 / 7 | |
| 1.3.9 | 7 / 7 | |
| 1.3.6 | 7 / 7 | |
| 1.3.5 | 7 / 7 | |
| 1.3.4 | 7 / 7 | |
| 1.3.1 | 7 / 7 | |
| 1.3.0 | 7 / 7 | |
| 1.2.1 | 7 / 7 | |
| 1.2.0 | 7 / 7 | |
| 1.1.0 | 7 / 7 | |
| 1.0.4 | 7 / 7 | |
| 1.0.3 | 7 / 7 | |
| 1.0.2 | 7 / 7 | |
| 1.0.1 | 7 / 7 | |
| 1.0.0 | 7 / 7 | |
| 0.30.10 | 7 / 7 | |
| 0.30.9 | 7 / 7 | |
| 0.30.8 | 7 / 7 |
v1.9.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.9.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.8.9
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.8.7
6 findingsThis version was published by a different npm account than previous versions on 2026-05-28. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.8.6
6 findingsThis version was published by a different npm account than previous versions on 2026-05-27. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.8.5
6 findingsThis version was published by a different npm account than previous versions on 2026-05-26. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.8.2
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.10
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.9
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.7.4
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.3
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.2
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.1
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.7.0
6 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.6.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.6.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.6.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.6.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.6.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.8
9 findingsThis version was published by a different npm account than previous versions on 2026-03-25. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.5.5
8 findingsThis version was published by a different npm account than previous versions on 2026-03-16. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.9
7 findingsThis version was published by a different npm account than previous versions on 2026-02-28. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.8
7 findingsThis version was published by a different npm account than previous versions on 2026-02-28. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.5
7 findingsThis version was published by a different npm account than previous versions on 2026-02-14. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.3
7 findingsThis version was published by a different npm account than previous versions on 2026-02-13. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.1
7 findingsThis version was published by a different npm account than previous versions on 2026-02-13. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.4.0
7 findingsThis version was published by a different npm account than previous versions on 2026-02-12. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.11
7 findingsThis version was published by a different npm account than previous versions on 2026-02-11. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.10
7 findingsThis version was published by a different npm account than previous versions on 2026-02-09. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.9
7 findingsThis version was published by a different npm account than previous versions on 2026-02-06. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.6
7 findingsThis version was published by a different npm account than previous versions on 2026-02-05. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.5
7 findingsThis version was published by a different npm account than previous versions on 2026-02-04. This could indicate a legitimate maintainer transition or an account compromise.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.4
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.1
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.3.0
5 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.2.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.1.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.0.3
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.1
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.0.0
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.30.10
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.30.9
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v0.30.8
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.