@milaboratories/milaboratories.ui-examples.ui
Supply chain provenance
Status for the latest visible version.
Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | net-exec-file:dist/assets/index-mJmryNMo.js | AI (source-diff): Network calls (fetch for modulepreload) and dynamic code in a browser bundle are standard Vite output, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/index-mJmryNMo.js | AI (source-diff): Vite-minified browser bundle; minification is expected for this UI package across all versions. | ai | |
| source-diff | net-exec-file:dist/assets/index-CKVa3wBs.js | AI (source-diff): fetch() and dynamic module loading are normal browser UI bundle patterns from Vite. | ai | |
| source-diff | obfuscated-file:dist/assets/index-CKVa3wBs.js | AI (source-diff): Standard Vite-minified bundle for a UI package; not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/assets/index-DtvlFIlB.js | AI (source-diff): Vite-minified browser bundle; standard output for this UI package across versions. | ai | |
| source-diff | net-exec-file:dist/assets/index-DtvlFIlB.js | AI (source-diff): Network calls are browser fetch() for modulepreload; no dynamic code execution beyond normal Vue runtime. | ai | |
| source-diff | obfuscated-file:dist/assets/index-Bt2Z8j_A.js | AI (source-diff): Standard Vite-minified frontend bundle for a UI package; not obfuscation. | ai | |
| source-diff | net-exec-file:dist/assets/index-Bt2Z8j_A.js | AI (source-diff): fetch() calls are modulepreload polyfill in Vite bundle; no dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/index-VKbu3cuK.js | AI (source-diff): Standard Vite/Vue3 minified bundle; this package always ships minified dist assets. | ai | |
| source-diff | net-exec-file:dist/assets/index-VKbu3cuK.js | AI (source-diff): Network calls are modulepreload fetch polyfill; dynamic code is Vue reactivity runtime — benign for this UI package. | ai | |
| source-diff | net-exec-file:dist/assets/index-CecnGnFx.js | AI (source-diff): Browser bundle with fetch() for modulepreload; not a dropper — stable pattern for this Vite UI package. | ai | |
| source-diff | obfuscated-file:dist/assets/index-CecnGnFx.js | AI (source-diff): Standard Vite-minified browser bundle; minification is expected for this UI package across all versions. | ai | |
| source-diff | net-exec-file:dist/assets/index-CHTvXLWQ.js | AI (source-diff): fetch() + dynamic module loading is normal Vite browser bundle behavior; not dropper/loader malware. | ai | |
| source-diff | obfuscated-file:dist/assets/index-CHTvXLWQ.js | AI (source-diff): Standard Vite-minified browser bundle for a Vue UI library; minification is expected and stable for this package. | ai | |
| source-diff | net-exec-file:dist/assets/index-BiNa-1V5.js | AI (source-diff): fetch() and dynamic module loading in a Vite browser bundle are standard browser APIs, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/index-BiNa-1V5.js | AI (source-diff): Vite-minified frontend bundle; minification is expected for this UI package across all versions. | ai | |
| source-diff | obfuscated-file:dist/assets/index-Jvf3tRAG.js | AI (source-diff): Vite-minified Vue 3 SPA bundle; minification is expected for this UI package across all versions. | ai | |
| source-diff | net-exec-file:dist/assets/index-Jvf3tRAG.js | AI (source-diff): Network calls are browser fetch() for modulepreload; dynamic code is Vue reactivity runtime — standard SPA pattern. | ai | |
| source-diff | obfuscated-file:dist/assets/index-Bl61j56-.js | AI (source-diff): Vite-minified Vue 3 bundle; minification is expected for this UI package across all versions. | ai | |
| source-diff | net-exec-file:dist/assets/index-Bl61j56-.js | AI (source-diff): fetch() and dynamic module loading are standard Vite/Vue browser runtime patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/index-BVGypcwV.js | AI (source-diff): Vite-minified frontend bundle; minification is expected for this UI package. | ai | |
| source-diff | net-exec-file:dist/assets/index-BVGypcwV.js | AI (source-diff): fetch() is used for modulepreload polyfill in Vite bundle; no malicious network+exec pattern present. | ai | |
| source-diff | net-exec-file:dist/assets/index-32HybT4X.js | AI (source-diff): Network calls are fetch() for modulepreload; dynamic code is Vue reactivity runtime — standard browser bundle pattern. | ai | |
| source-diff | obfuscated-file:dist/assets/index-32HybT4X.js | AI (source-diff): Vite-minified Vue 3 browser bundle; minification is expected for this UI package. | ai | |
| source-diff | obfuscated-file:dist/assets/index-Cox15iLw.js | AI (source-diff): Standard Vite-minified frontend bundle; minification is expected for this UI package across all versions. | ai | |
| source-diff | net-exec-file:dist/assets/index-Cox15iLw.js | AI (source-diff): fetch() used for modulepreload polyfill in Vite bundle; not dropper behavior, stable pattern for this package. | ai | |
| source-diff | obfuscated-file:dist/assets/index-CbnzkB95.js | AI (source-diff): Vite-minified Vue 3 bundle; minification is expected for this UI package across all versions. | ai | |
| source-diff | net-exec-file:dist/assets/index-CbnzkB95.js | AI (source-diff): fetch() in modulepreload polyfill + Vue reactivity; standard Vite SPA output, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/index-BnjXyoiq.js | AI (source-diff): Standard Vite-minified frontend bundle; minification is expected for this UI package across all versions. | ai | |
| source-diff | net-exec-file:dist/assets/index-BnjXyoiq.js | AI (source-diff): Network calls (fetch for modulepreload) and dynamic code in a browser UI bundle are normal Vite build output, not dropper behavior. | ai | |
| source-diff | net-exec-file:dist/assets/index-D9H46by1.js | AI (source-diff): Network calls and dynamic module loading are normal browser UI bundle patterns (fetch + modulepreload); not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/index-D9H46by1.js | AI (source-diff): Standard Vite-minified browser bundle; minification is expected for this UI package. | ai | |
| source-diff | obfuscated-file:dist/assets/index-A1sXP30o.js | AI (source-diff): Standard Vite-minified browser bundle; minification is expected for this UI package. | ai | |
| source-diff | net-exec-file:dist/assets/index-A1sXP30o.js | AI (source-diff): Network calls (fetch for modulepreload) and dynamic code in Vite browser bundle are normal frontend patterns, not dropper behavior. | ai | |
| source-diff | net-exec-file:dist/assets/index-BN3xQFpE.js | AI (source-diff): Network calls (fetch for modulepreload) and dynamic code in a browser UI bundle are normal Vite output, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/index-BN3xQFpE.js | AI (source-diff): Standard Vite-minified Vue 3 bundle; long-line minification is expected for this UI package. | ai | |
| source-diff | net-exec-file:dist/assets/index-Dq5n-wKZ.js | AI (source-diff): Browser fetch/MutationObserver in a Vite bundle; not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/index-Dq5n-wKZ.js | AI (source-diff): Standard Vite minified bundle for a Vue UI library; not obfuscation. | ai | |
| source-diff | net-exec-file:dist/assets/index-vopseDBr.js | AI (source-diff): Network calls (fetch for modulepreload) and dynamic code in a browser UI bundle are normal Vue/Vite patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/index-vopseDBr.js | AI (source-diff): Standard Vite-minified frontend bundle; minification is expected for this UI package. | ai | |
| source-diff | obfuscated-file:dist/assets/index-0FZ8eZW_.js | AI (source-diff): Vite-minified frontend bundle; expected artifact for this UI package across all versions. | ai | |
| source-diff | net-exec-file:dist/assets/index-0FZ8eZW_.js | AI (source-diff): Network calls are browser fetch() for modulepreload; no server-side or install-time code execution. | ai | |
| source-diff | net-exec-file:dist/assets/index-D69JnEhU.js | AI (source-diff): Network calls (fetch for modulepreload) and dynamic code in a browser UI bundle are normal Vite/Vue runtime patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/index-D69JnEhU.js | AI (source-diff): Standard Vite-minified frontend bundle; minification is expected for this UI package. | ai | |
| source-diff | obfuscated-file:dist/assets/index-CQQqIsrJ.js | AI (source-diff): Vite-minified frontend bundle; long lines are standard minification output, not obfuscation. | ai | |
| source-diff | net-exec-file:dist/assets/index-CQQqIsrJ.js | AI (source-diff): Network calls are modulepreload polyfill fetch(); no dynamic code execution beyond normal Vue runtime. | ai | |
| source-diff | net-exec-file:dist/assets/index-j3OX2Lxd.js | AI (source-diff): Network calls are modulepreload fetch() in Vite bundle; no dynamic code execution beyond normal Vue runtime. | ai | |
| source-diff | obfuscated-file:dist/assets/index-j3OX2Lxd.js | AI (source-diff): Standard Vite-minified frontend bundle; this package always ships bundled UI assets. | ai | |
| source-diff | obfuscated-file:dist/assets/index-DM02fY6Z.js | AI (source-diff): Standard Vite minified bundle for a Vue 3 SPA; not obfuscation, stable pattern for this package. | ai | |
| source-diff | net-exec-file:dist/assets/index-DM02fY6Z.js | AI (source-diff): Network calls are modulepreload fetch() in Vite runtime; no dynamic code execution beyond normal browser module loading. | ai | |
| source-diff | net-exec-file:dist/assets/index-eN1uwY0l.js | AI (source-diff): fetch() + dynamic module loading in a Vite browser bundle is expected; not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/index-eN1uwY0l.js | AI (source-diff): Standard Vite-minified frontend bundle; minification pattern is stable for this UI package. | ai | |
| source-diff | net-exec-file:dist/assets/index-z8PydwUH.js | AI (source-diff): fetch() calls are modulepreload polyfill in Vite bundle; not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/index-z8PydwUH.js | AI (source-diff): Vite-minified browser bundle; standard output for this UI package across versions. | ai | |
| source-diff | obfuscated-file:dist/assets/index-Bnp3RTnK.js | AI (source-diff): Standard Vite-minified frontend bundle; Vue 3 runtime visible in sample. Not obfuscation. | ai | |
| source-diff | net-exec-file:dist/assets/index-Bnp3RTnK.js | AI (source-diff): Network calls are fetch() for modulepreload; dynamic execution is Vue reactivity. Canonical Vite bundle pattern. | ai | |
| source-diff | obfuscated-file:dist/assets/index-DjAFkE4f.js | AI (source-diff): Vite-minified frontend bundle; expected output for this UI package across all versions. | ai | |
| source-diff | net-exec-file:dist/assets/index-DjAFkE4f.js | AI (source-diff): fetch() in Vite modulepreload polyfill + Vue runtime; not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/index-C6TjpWwH.js | AI (source-diff): Standard Vite minified bundle for a Vue 3 SPA; not obfuscation, just minification. Stable pattern for this package. | ai | |
| source-diff | net-exec-file:dist/assets/index-C6TjpWwH.js | AI (source-diff): Network calls are browser fetch() for modulepreload; dynamic code execution is Vue reactivity runtime. Normal SPA bundle pattern. | ai | |
| source-diff | obfuscated-file:dist/assets/index-DYuib4d8.js | AI (source-diff): Vite-minified frontend bundle; minification is expected for this UI package across all versions. | ai | |
| source-diff | net-exec-file:dist/assets/index-DYuib4d8.js | AI (source-diff): fetch() calls are browser modulepreload polyfill in Vite bundle; not dropper behavior. | ai | |
| source-diff | net-exec-file:dist/assets/index-n1pStzXC.js | AI (source-diff): fetch() + dynamic module loading is standard Vite SPA pattern; not dropper behavior for this UI package. | ai | |
| source-diff | obfuscated-file:dist/assets/index-n1pStzXC.js | AI (source-diff): Standard Vite-minified frontend bundle; minification is expected for this UI package across all versions. | ai | |
| source-diff | net-exec-file:dist/assets/index-Be7Kq3wM.js | AI (source-diff): Network calls (fetch for modulepreload) and dynamic code are normal browser UI bundle patterns, not dropper behavior. | ai | |
| source-diff | obfuscated-file:dist/assets/index-Be7Kq3wM.js | AI (source-diff): Standard Vite/Vue3 minified bundle; minification pattern is stable for this UI package. | ai | |
| npm-metadata | no-description | AI (npm-metadata): Consistent across 349 versions of this internal package; not a malware signal. | ai | |
| phantom-deps | phantom-dep:@platforma-sdk/model | AI (phantom-deps): Referenced in config files per finding; stable false positive for this package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Internal SDK UI package in a large versioned series; missing metadata is a style issue, not a spam/malware indicator. | ai |
Versions (showing 40 of 40)
| Version | Deps | Published |
|---|---|---|
| 1.11.19 | 3 / 11 | |
| 1.11.17 | 3 / 11 | |
| 1.11.16 | 3 / 11 | |
| 1.11.15 | 3 / 11 | |
| 1.11.14 | 3 / 11 | |
| 1.11.13 | 3 / 11 | |
| 1.11.12 | 3 / 11 | |
| 1.11.11 | 3 / 11 | |
| 1.11.10 | 3 / 11 | |
| 1.11.9 | 3 / 11 | |
| 1.11.8 | 3 / 11 | |
| 1.11.7 | 3 / 11 | |
| 1.11.6 | 3 / 11 | |
| 1.11.5 | 3 / 11 | |
| 1.11.4 | 3 / 11 | |
| 1.11.3 | 3 / 11 | |
| 1.11.2 | 3 / 11 | |
| 1.11.1 | 3 / 11 | |
| 1.11.0 | 3 / 11 | |
| 1.10.8 | 3 / 11 | |
| 1.10.7 | 3 / 11 | |
| 1.10.6 | 3 / 11 | |
| 1.10.5 | 3 / 11 | |
| 1.10.4 | 3 / 11 | |
| 1.10.3 | 3 / 11 | |
| 1.10.2 | 3 / 11 | |
| 1.10.1 | 3 / 11 | |
| 1.10.0 | 3 / 11 | |
| 1.9.15 | 3 / 11 | |
| 1.9.14 | 3 / 11 | |
| 1.9.13 | 3 / 11 | |
| 1.9.12 | 3 / 11 | |
| 1.9.11 | 3 / 11 | |
| 1.9.10 | 3 / 11 | |
| 1.9.9 | 3 / 11 | |
| 1.9.8 | 3 / 11 | |
| 1.9.7 | 3 / 11 | |
| 1.9.6 | 3 / 11 | |
| 1.9.5 | 3 / 11 | |
| 1.9.4 | 3 / 11 |
v1.11.19
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.17
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.16
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.15
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.14
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.13
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.12
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.11
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.10
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.9
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.8
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.7
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.6
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.5
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.11.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.8
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.7
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.10.6
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.5
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.4
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.3
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.2
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.1
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.10.0
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.15
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.14
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.13
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.12
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.11
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.10
3 findingsNewly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.9
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.8
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.7
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v1.9.6
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.9.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.